BlockThreat - Week 43, 2020
Harvest | BurgerSwap | SS7 | Office 365 | Ledger
|Oct 27|| 1|
Phishing scams are on the rise with Office 365 and Ledger customers targeted last week. Old school SS7 exploits are still successfully used to take over email accounts belonging to folks in the industry. Another day, another DeFi project arbitraged for a few million stable coins and more in this week’s edition:
A phishing campaign on Office 365 customers is using Coinbase themed emails in an attempt to take over their email accounts. Attackers are most likely trying to target users associated with the cryptocurrency exchange.
Reports of a phishing campaign targeting Ledger users with a prompt to download an updated version of Ledger Live desktop software. It may be related to a recent leak of up to 1M email addresses belonging to Ledger customers.
Finnish psychotherapy center patients are being extorted 200 euros in BTC to keep their stolen data private.
On October 25th, 2020 an arbitrage weakness in Harvest Finance was exploited to profit an attacker about $24M worth of USDC and USDT. Following the hack, the attacker has transferred gained to funds to the following bitcoin addresses using REN Protocol:
A reentrancy vulnerability was discovered and responsibly disclosed in BurgerSwap DeFi service hosted on Binance Smart Chain.
Financial Attacks on Democracy is a nice survey of using cryptocurrency to finance bad actors in the last election cycle.
Smart Contract Hacking Final Free Chapter - Hacking Games Via Bad Randomness Implementations on the Blockchain.
Thanks for joining me this week, stay healthy, and see you all in another edition next week!