BlockThreat - Week 26, 2020
Balancer | Atomic Loans | CryptoCore | Docker
|Peter Kacherginsky||Jul 8, 2020||3|
Another week, another DeFi exploit or two. Unfortunately, this time the bad folks were able to steal $500k worth of tokens. It’s too bad Balancer devs dismissed an earlier bug bounty report. ClearSky released a detailed report on CryptoCore APT which is dedicated to breaking into cryptocurrency exchanges. On a more fun side checkout someone almost getting caught by a honeypot smart contract and submit your blockchain security related talk to Defcon’s Blockchain Village.
Two Balancer multi-token pools were exploited resulting in a loss of $500k. The attacker used a flash loan to exploit a vulnerability in the way Balancer deals with deflationary tokens. In the incident report by Balancer, the team revealed that the issue was reported to their bug bounty but dismissed as impractical to exploit.
Two vulnerabilities were reported in Atomic Loans smart contracts which could allow a malicious borrower to unlock their BTC collateral without repaying their loan by front-running a loan cancellation transaction. The vulnerability was responsibly disclosed and patched by the developer.
A more stealth approach to cryptojacking uses malicious Docker images to mine Monero.
CryptoCore APT threat intelligence report by ClearSky Security provides an in-depth analysis of group’s tactics, infrastructure, and indicators. CryptoCore has stolen approximately $200M over the last two years while attacking exchanges in United States, Japan, and other countries. The group is unique in its focus on cryptocurrency exchanges as opposed to more general financial APTs.
Gone Phishing with Malware and Bitcoin analyzes DOJ’s forfeiture complaint against 113 cryptocurrency accounts used in a mass phishing campaign to spread North Korean Fallchill malware and infiltrate an exchange.
A fun writeup on a honeypot contract found on Ethereum.
Double spend attacks in the PoS network is an interesting exploration of this common attack pattern on staking network.
That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.