This week marks the largest forfeiture of cryptocurrency assets in history with ~$1B worth of bitcoin stolen from Silk Road voluntarily returned to IRS. Grin network came under 51% attack with hash capacity likely rented on Nicehash, BSV P2PKH multi-sig wallet implementation exploited to steal funds, Ethereum had an ETHash bug, and more of the usual DeFi shenanigans in this week’s edition of Blockchain Threat Intelligence.

Crime

• US Government Agencies seize more than $1B in cryptocurrency connected to the darknet market Silk Road. According to the US DoJ release, 69,370.22491543 BTC (and forks such as BCH, BSV, and others) were voluntarily transferred to IRS by an individual who has previously stolen those funds from Silk Road. While the Silk Road hacker will remain free and anonymous, it is still odd that he or she came forward only 7 years after the hack.

• US DoJ seized $24M worth of cryptocurrencies held by a cryptocurrency firm to assist Brazilian authorities with the “Operation Egypto” investigation into a $200M crypto fraud scheme.

• Huobi COO Zhu Jiawei was reported to be under police investigation following a series of BTC and USDT withdrawals from the exchange.

• Binance helps recover $344K worth of crypto stolen by the Wine Swap DeFi project on Binance Smart Chain (BSC).

• Former Cryptopia exchange employee charged with stealing $250K worth of crypto.

• ISIS supporter caught sending bitcoin to help terror organization.

Hacks

• On November 7, 2020 GRIN network came under 51% attack where multiple blocks were reorged. Additional analysis points to NiceHash as the source of rented hashrate capacity necessary for the attack. It is not known if any of the exchanges were double spent as a result of the attack on the privacy coin.

• On November 7, 2020 a vulnerable implementation of the multi-sig wallet on BSV network was exploited to steal 600 BSV. The vulnerability was caused by the use of P2PKH accumulator multisig by the ElectrumSV wallet which can be unlocked with zero signatures.

• On November 2, 2020 Axion Network smart contract was compromised when an attacker minted 80B AXN tokens and exchanged them for 348 ETH ($133K). According to Certik, which has previously audited the contract, the malicious minting code was added after the audit.

Vulnerabilities

• An integer overflow vulnerability in Ethash library used by Ethereum and Ethereum Classic projects resulted in valid blocks getting rejected destabilizing the network. The vulnerability was responsibly disclosed by 2miners pool operators and Lolliedieb.

• A coding error resulted in $1M worth of crypto was permanently locked by Percent Finance, a Compound fork.

Malware

• Analysis of Ledger phishing email and fake client malware by SerHack.

• CAPCOM was attacked by Ragnar Locker ransomware group which stole 1TB of private data and demanded $11M worth of BTC for a decryptor.

Research

• Rescuing Schrodinger’s Cat in DeFi Dark Forest - an incident response writeup by the Anchain team to recover 1.2M staked USDC from a hacked wallet without tipping off the attacker.

• So you want to use a price oracle - Everything you need to know about price oracles and how to use them safely by samczsun.

• Why Proof of Stake by Vitalik Buterin.

Media

• DeFi Attack Vectors by Jamie Burke and Julien Bouteloup.

Thanks for joining me this week in blockchain threat intelligence news and see you all next week.

-Peter