BlockThreat - Week 44, 2020
TrickBot | Tron | Cred | Ethercrash | Yearn
|Peter Kacherginsky||Nov 11, 2020|
Catching up on blockchain security news can be overwhelming. In this week’s edition we cover multiple hacking incidents, vulnerabilities in DeFi and crypto wallet projects. So with out further ado let’s dive in! Oh and don’t mine crypto at work especially if you work at an airport or a nuclear power station.
Dutch policed seized 2500 BTC in a money laundering investigation.
BitMEX officials allegedly 'looted' $440 million from exchange after learning about U.S. charges, per lawsuit filing.
On October 28, 2020 Cred, a crypto lending service, announced that all deposits and withdrawals will be paused without citing pending law enforcement investigation into handling of corporate funds by a perpetrator.
On October 26, 2020 Ethercrash cold wallet was compromised with 6378 ETH stolen. The stolen funds were exchanged to DAI on Uniswap.
A flash loan vulnerability was responsibly disclosed to the Yearn team which quickly patched it. The issues was caused by the lack of slippage checks in the TUSD deposit handling function.
A flash loan was used to pass a proposal on MakerDAO. While the party behind the vote was legitimate and the vote did not cause a negative outcome, this transaction illustrates a previously discussed governance risk on the Maker platform.
SushiSwap farming arbitrage exploit is being continuously exploited by whales.
Backdoored online BIP39 tools website secretly record generated mnemonic phrases.
Deanonymizng the Kucoin Hacker tracks attackers through Tornado Cash mixer to a deposit on Binance.
Flash Mint Arbitrage testnet payloads.
OpenZeppelin Defender, a smart contract security operations platform.
Bitcoin and the End of History, the final installment in a four part documentary series about cypherpunks.
That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.