BlockThreat - Week 35, 2020
ETC | Lazarus | DeFi | OpenEthereum
|Sep 3|| 2|
Never a dull week in blockchain security! ETC got 51% attacked yet again. DoJ filed a complaint targeting 280 Lazarus Group cryptocurrency accounts. Yam, Chicken, YFV, and many other DeFi projects are getting deployed with unintentional and sometimes intentional vulnerabilities.
DoJ seizes 280 cryptocurrency accounts associated with Lazarus Group.
Empire Market exit scams with ~2638 BTC ($30.2M).
CipherTrace announces Monero tracing capabilities.
On August 29, 2020 ETC has suffered another 51% attack with massive 7000+ blocks getting reorged. Looking deeper into the attack, 800K ETC (~$5M USD worth) were double spent in seven transactions. This is the third such attacker in the last month, with the first two covered here and here where additional 1.26M ETC were successfully double spent.
0xf0624560be4f73137C0DA1a2D4905fCF29067A82 0xDBbF2416C3764c91e7F2b04386ae72A1b1a939eA 0xbEc6BDA9C054263638676A7651f11Ea968128E58 0x1405DC84dB1c199C4E64a70976719747aF8580C1 0x7fCb1f635ADe333B6EC859C7Df53168cf132Ff7f 0x23373e0B840b24b241B00915D9962E759B9af287
0xeA8Cb86636eCE0155e69e796e4e1cb0238011289 0x98635d4A1E4143c757E6658A3F0AAEd93797b605 0x09dB3ee9f58d2E0152B9e41a8b91C5bbF8aF3a86 0xb4e4D72039658c3aAcBE7833D50597941e8f6EE7 0xb73f91FD456e96cF4C73632BF8581F93A91542C1
0x241128df91fe0954c569d25fe87b0c984ce2fa6efd63d54eb80449c1b4e887bf 0x9dc9b47fab62bdc1936a22d9d8e884481c2d121092416c83f286a5f741908b89 0x57907961230ecc0e5298d1725e43f2d936b9ed0c9daace61f9e758530f927cd4
0x6962ee8506bbfd491d504bda0c8e0720fe48770b3789c6cf6e59fcfcf32103f4 0xe83fe7c979c836acef98ed8e6f65fda460d52a42cfb55b8fab567a746f0eb0d1 0x5614fe27bd1191b79e895af14c6111932f540bdcc6a80d7a12b90b52a96b5c08 0xba0aacafe4de6d31de6ea772ff0486443fb937ea30975654b0ce3e69fed749d6
A Denial of Service vulnerability was discovered in OpenEthereum node software which stop the node from importing new blocks.
Chicken Finance was caught thinly disguising a backdoor in their contract, YFV is getting extorted with staking vulnerability, and many other DeFi hacks and vulnerabilities. Check out the excellent Consensys Dilligence - Smart Contract Security Newsletter for more details.
An interesting social engineering attack vector which may allow a user to be extorted to access funds on their hardware wallet.
Significant increases in cryptojacking malware was reported by Symantec.
Electrum wallet users using outdated software versions continue getting phished with malicious popups to download backdoored software. In the latest example, a user reported a 1400 BTC theft as a results of the attack. You can find previous coverage of the hack and its perpetrators here and here.
A detailed report by F-Secure Labs on Lazarus Group criminal activity targeting cryptocurrency businesses. It includes malware indicators, techniques and tactics.
Another report regarding Lazarus Group on-chain activity and the recent DOJ civil forfeiture complaint targeting 280 cryptocurrency addresses.
A fun write-up for the recent for the recent Blockchain Investigation Contest by folks at AnChain.
A fascinating analysis of bots automatically front-running transactions which may yield a profit. We have previously encountered these bots piggy-backing on asset issuer’s attempts to recover funds from vulnerable contracts.
That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.