BlockThreat - Week 28, 2020

Bitcoin Gold | Cashaa | Ravencoin | Ledger

Continuing with the blockchain exploitation trend from last week, Bitcoin Gold has almost suffered a 51% attack if not for developers learning of a massive mining operation. Check out a thrilling incident report by Ravencoin folks racing against the clock to kick out attackers exploiting an inflation bug. Cashaa exchange had a few million dollars worth of crypto stolen and other news in this edition of BlockThreat.

Hacks

Vulnerabilities

  • Kraken Security Labs published two attacks for the newer Ledger Nano X hardware wallets. Both attacks rely on an insecure supply chain where a malicious party reflashes Ledger’s firmware. In the first scenario, Kraken researchers have reprogrammed Ledger to act as a keyboard to launch Kraken.com before booting into regular firmware. In the second scenario, a malicious firmware could turn off the display to aid in a social engineering attack. In both cases Ledger Live app reported device as genuine.

Research

Tools

Fun

  • What could be better than snakes on a plane? How about a 90s style flick about a billion dollars in crypto on an armored plane circling around the world while hosting an illegal gambling ring. Trailer.

Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news through the week.

-Peter