BlockThreat - Week 39, 2020

KuCoin, Lien, Alien, Teatime, Pool Detective

A tough week for the Singaporean exchange KuCoin which suffered a major $281m hack. On the bright side, Lien Finance’s smart contract was preventively hacked to save $9.6m worth of ETH which also resulted in a fascinating article in the research section on beating front-running bots. This week’s edition features a lot more excellent papers, new tool releases, and two new blockchain security competitions. In other news, folks should really reconsider mining crypto on their employer’s supercomputers.

Hacks

Malware

  • Alien android malware family is targeting Coinbase, Blockchain.com, Luno, other cryptocurrency and banking wallet apps to steal credentials, control and steal SMS messages, and other trojan functionality.

Research

Projects

Competitions

  • DeFi Detectives is another live CTF by folks challenging players to hunt down Uniswap hackers and investigate SushiSwap’s exit scam.

  • Damn Vulnerable Defi wargame by OpenZeppelin’s tincho challenges players to sharpen their defi skills.

That’s all for this week in blockchain threat intelligence! As a reminder, I am participating in the latest round of Gitcoin Grants so would appreciate your support. Stay safe and see you all next week.

-Peter