While you were enjoying your sushi and yam, another DeFi project lost their almost entire liquidity pool, Ethereum oracle node operators got attacked, and Shapeshift caught their employee stealing bitcoin.

Hacks

• On September 3, 2020 SYFI token rebase mechanism was exploited to which allowed an attacker to empty token’s liquidity on Uniswap worth 740 ETH.

• On August 30, 2020 multiple Chainlink node operators have experienced a spam attack which resulted in 700 ETH being drained due to inflated gas fees. The attacked allowed a malicious party to mint and sell Chi tokens at a higher price point earning a profit.

• On August 21, 2020 Shapeshift detected a theft of ~90 BTC. According to the civil complaint filed by Shapeshift, a recently hired engineer installed a malicious program which siphoned corporate funds to his personal account for almost 7 months. Shapeshift has previously experienced multiple insider threat incidents in 2016. According to the Forensic Report and a blog post, those incidents also involved an employee who sold login credentials to critical network infrastructure which resulted in a theft of 469 BTC, 5800 ETH, and 1900 LTC spanning three separate hacks.

Vulnerabilities

• Wasabi CoinJoin denial of service vulnerability was discovered and responsibly disclosed by the Trezor team. The vulnerability could have halted all mixing activity for all users.

Malware

• Anubis malware targets Windows users to steal cryptocurrency wallets.

Research

• BAE’s published a report on money laundering operations. The report reveals cryptocurrencies are still rarely used for this purpose while traditional methods like front companies, casinos, money mules are still the preferred method.

• A fun hunting exercise by ZenGo’s security team to track down bitcoin funds paid in the recent UCSF ransomware incident.

Tools

• ETHOver extension by Martin Ortner from Consensys Dilligence allows analysts to easily pull source code and bytecode from Etherscan for any Ethereum address in the VS Code editor.

Thanks for joining me this week in blockchain threat intelligence news and see you all next week.

-Peter