BlockThreat - Week 16, 2021
Thodex | Vebitcoin | EasiFi | EToken2 | SafeMoon
Something is afoot in Turkey with two crypto exchanges shutting down with one of the founders on the run. Another DeFi founder’s computer was hacked leading to a massive $60M theft. This week’s edition features lot’s of amazing write-ups on responsibly disclosed vulnerabilities and research papers. In other news, Faketoshi’s funds were apparently stolen after he got hacked by a Pineapple.
CEO of Turkish exchange Thodex flees the country with $2B in customer funds. The same week Turkish authorities detained several Vebitcoin employees on fraud charges shortly after the exchange seized its operations. Both incidents follow Turkey’s ban on crypto payments a week prior.
Seven USDC wallet addresses were blacklisted. Remember that many smart contracts including USDC, USDT, PAX include asset freezing functionality.
The Incredible Rise of North Korea’s Hacking Army by Ed Caesar (The New Yorker) is an incredible read about Lazarus group’s may criminal enterprises including cryptocurrency exchange heists and ransomware attacks.
How the Kremlin provides a safe harbor for ransomware by Frank Bajak (AP News) links Russian security services with Evil Corp and other ransomware groups.
Blockchain Hackers V - DeFi Security meetup in Dubai on April 28th.
New NFT scam called sleepminting tricks users into purchasing unauthorized copies of legitimate NFTs on popular marketplaces.
SafeMoon likely going to exit scam after half of its liquidity got locked.
On April 19th, 2021 EasiFi’s founder’s computer was compromised resulting in the theft of contract private keys to drain about $60M worth of stablecoins and EASY tokens. While the post-mortem implies a highly targeted attack on the founder, it is concerning that a single private key stored in Metamask had so much access to both assets and smart contracts.
Ambisafe EToken2 platform vulnerability which could allow backdooring new users’ accounts was patched after a responsible disclosure by samczsun. The vulnerability affected SOLVE, RFR, UBT, CHSB, and other tokens using the EToken2 implementation. Check out the awesome bug hunting writeup!
A vulnerable user on Primitive Finance was helped to lock down their funds after the threat was responsibly disclosed by Amber Group developers.
Maker patched multiple bugs in emergency shutdown and end modules.
OpenEthereum Berlin consensus bug post-mortem exposes gaps in current fuzzing and testing frameworks used in the project.
Reports of Prometei botnet targeting vulnerable Microsoft Exchange servers to install mining software.
Crypto-Asset Exchange Security Guidelines by CSA has several nice threat models useful for both exchange operators and users.
Smart Contract Security for Pentesters by iosiro is an introductory text on attack vectors and sources of bugs in smart contracts aimed at traditional application security professionals.
MEV and coordination by Samuel Shadrach explores main actors and their incentives to coordinate in transaction ordering.
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.
Thanks for joining me in another week of blockchain security, the industry that never stops to amaze me. See you all next week!
- Peter Kacherginsky (iphelix)