It didn’t take too long to see more layer one blockchain attacks. Firo 51% attack is particularly interesting due to a new precedent where asset issuers were held responsible for compensating a double spent exchange. Tendermint fixed a yet unreported critical vulnerability and Nano was slammed with a spam attack. On the DeFi side, LivePeer fixed a staking vulnerability. This week’s edition features plenty of excellent research papers and article for your reading pleasure.

Events

• January 28-31, 2021 - Anti-Human Trafficking Cryptocurrency Consortium (ATCC) Virtual Summit featuring multiple panels. Free admission.

• February 2, 2021 - Unchained - Blockchain Security Conference CFP deadline.

Hacks

• On January 19, 2021 Firo (formely Zcoin) suffered from a 51% attack where for 25 hours 306 blocks were reorged. Firo team published a post-mortem report which revealed Binance as the target with 866K FIRO ($4M worth) double spent. The Firo team took advantage of Lelantus emergency switch to freeze attacker’s funds. As a new precedent, Firo team will likely compensate Binance by mining the same amount of Firo as locked in the attacker’s account and sending those funds to the exchange.

• On January 19, 2021 Saddle Finance DeFi project suffered from multiple arbitrage incidents due to high slippage.

• On January 21, 2021 Nano network suffered from a spam attack resulting in the network slow down.

Vulnerabilities

• LivePeer DeFi project fixed a staking vulnerability which could allow attackers to withdraw more LPT and ETH than expected.

• Tendermint fixed a high-severity vulnerability details of which will be published later next week.

• Griefing attacks against Lightning Network continue to plague the experimental network.

Crime

• California man lost $27K in BTC in a SIM swapping scam.

• 30 arrested in Japan in relation to Coincheck hack.

• Increase in DDoS extortion scams reported by Radware and Black Lotus Labs.

• Janet Yellen expressed “a particular concern” with terrorist financing using cryptocurrencies.

Malware

• MrbMiner cryptominer traced to Iran. The malware targets MSSQL servers.

• IObit software forum hacked to distribute DeroHE ransomware.

Research

• Chainalysis report on cryptocurrency crime in 2020 identifies multi-billion Ponzi schemes like PlusToken as the largest source of theft. Ransomware profits increased by 311% over previous year netting evildoers $350 million.

• MyCrypto report on major blockchain security incidents in 2020 discusses major scammer campaigns and DeFi/exchange hacks.

• Was there a Bitcoin double-spend on Jan 20, 2021? Explanation of the recent FUD which caused multiple sell-offs.

• Quantifying Blockchain Extractable Value: How dark is the forest?

• The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts.

• The Good, the Bad and the Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts.

• The Cryptographic Complexity of Anonymous Coins: A Systematic Exploration.

• Writing Properties - A new approach to testing by Joran Honig on smart contract audits using Scribble.

• DeFi Sandwich Attacks by Christoph Michel.

• Making DeFi SAFU by Secureum.

Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Stay informed, stay healthy, and see you next week!

- Peter Kacherginsky (iphelix)