BlockThreat - Week 51, 2020
Warp Finance | Nexus Mutual | Ledger | RubyGem
|Peter Kacherginsky||Dec 22, 2020|
Governments around the world have introduced additional AML and KYC requirements on self-hosted wallet transactions. Warp Finance oracle vulnerability was exploited, Nexus Mutual founder’s wallet was backdoored, Ledger database dumped on a forum, RubyGem supply chain attacks to steal crypto, and more in this week’s edition of Blockchain Threat Intelligence.
FinCEN proposal requires exchanges to keep a record of all transactions greater than $3,000 sent to self-hosted wallets. The proposal is unusual due to a very limited public comment period due to “significant national security imperatives.”
French Ministry of Finance will require KYC verification for all crypto-to-crypto transactions. The ordinance aims to stop the use of cryptocurrencies for terrorist financing.
On December 17th, 2020 an oracle manipulation vulnerability in Warp Finance was exploited which resulted in the loss of $7.8M worth of DAI and USDC tokens. Interestingly, the 75% of the stolen assets remained locked in the Warp Finance as a collateral which was recovered and returned to the users.
On December 14th, 2020 Nexus Mutual founder’s Metamask was backdoored which resulted in the theft of 370,000 NXM ($8M). According to the incident report published by the victim, an attacker compromised the host OS in order to replace Metamask with a backdoored version which presented a malicious transaction once the user performed a routine transfer. Some of the stolen funds were converted to BTC using renBTC. Interestingly, the attacker attempted to extort additional 4.5K ETH by sending a message on Ethereum blockchain.
Ledger’s customer database dump from June, 2020 was posted on Raidforum. The database dump included customer emails, full names, addresses, and phone numbers which are being actively used in phishing campaigns.
Backdoored RubyGems contained malware which replaced bitcoin addresses in the clipboard with that of attacker’s. Compromised gems were pretty_color and ruby-bitcoin.
Breaking Aave Upgradeability by Trail of Bits discusses details of the DoS vulnerability published last week.
Paradigm CTF by samczsun
That’s all for this week’s edition. Thank you to all the Gitcoin sponsors, stay safe, and watch out for deepfake scams.
-Peter Kacherginsky (iphelix)