BlockThreat - Week 26, 2020

Balancer | Atomic Loans | CryptoCore | Docker

Another week, another DeFi exploit or two. Unfortunately, this time the bad folks were able to steal $500k worth of tokens. It’s too bad Balancer devs dismissed an earlier bug bounty report. ClearSky released a detailed report on CryptoCore APT which is dedicated to breaking into cryptocurrency exchanges. On a more fun side checkout someone almost getting caught by a honeypot smart contract and submit your blockchain security related talk to Defcon’s Blockchain Village.

Vulnerabilities

  • Two Balancer multi-token pools were exploited resulting in a loss of $500k. The attacker used a flash loan to exploit a vulnerability in the way Balancer deals with deflationary tokens. In the incident report by Balancer, the team revealed that the issue was reported to their bug bounty but dismissed as impractical to exploit.

  • Two vulnerabilities were reported in Atomic Loans smart contracts which could allow a malicious borrower to unlock their BTC collateral without repaying their loan by front-running a loan cancellation transaction. The vulnerability was responsibly disclosed and patched by the developer.

Events

  • Defcon’s Blockchain Village is back this year and its CFP is now open. Last year, the village featured a number of excellent blockchain security related talks and multiple CTF competitions.

Malware

  • Another day, another XMR cryptojacking malware. Palo Alto published a report on two variants of Lucipher malware which use an arsenal of exploits targeting Windows hosts.

  • A more stealth approach to cryptojacking uses malicious Docker images to mine Monero.

Crime

Research

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter