BlockThreat - Week 40, 2020

BitMEX | Eminence | KuCoin | REvil

BitMEX is in a serious trouble with U.S. DoJ with one of the co-owners arrested. No more ransomware payments unless you want OFAC to come after you for financing North Korean nukes. DeFi hackers stole so much that they have started voluntarily returning half of their stolen loot. Ethereum miners caught in MEV schemes and other excellent research articles in this week’s edition.

News

Hacks

Vulnerabilities

Malware

Events

  • Solidity Underhanded Contest is a competition to obfuscate malicious code in Solidity smart contract. This year’s theme is upgradable contracts.

Research

  • MEVs are coming tweet storm by @FrankResearcher reveals real world examples of Ethereum miners engaging in execution arbitrage. Miner Extractable Value (MEV) were first discussed in Flash Boys 2.0 paper on front-running transactions.

  • EMN Exploit case study implements a complete exploit used to attack Emminence.Finance contract.

  • Check out Smart Contract Hacking training series blog posts, Github repo, and YouTube channel.

  • A DoS attack vector against Eth2 nodes using time servers. The attack works by setting node time far into the future using malicious NTP servers and also broadcasting future state from attacker validators. Once the target node signs a future attestation it will remain in locked state until some time in the future.

That’s all for this week in blockchain threat intelligence! As a reminder, I am participating in the latest round of Gitcoin Grants so would appreciate your support. Stay safe and see you all next week.

-Peter