BlockThreat - Week 52, 2020

LiveCoin | Altilly | EXMO | BitGrail | Curve

This year Mr. Grinch has ruined Christmas for three different exchanges with millions reported stolen as a result of hot wallet compromises. BitGrail operator is in trouble again after additional evidence confirmed an exit scam, Curve discovered a flaw in the IDLE pool, and more in this week’s edition of the Blockchain Threat Intelligence newsletter. Oh and you may want to keep how much crypto you have away from jealous relatives.


  • On December 23rd, 2020 LiveCoin exchange lost control over their server infrastructure. The attackers have massively inflated BTC, ETH, and XRP exchange rates on the trading platform. LiveCoin did not communicate the impact of the hack, but estimated $2.4M worth of crypto were withdrawn around the time of the attack. Exchange operators were able to briefly post a message about the hack; however, it was since replaced with a ransom note “Good try Livecoin. But no... You have 2 days left...”. Interestingly, the attackers have also sent small amounts of BTC and ETH to addresses associated with the earlier EXMO hack which may indicate a connection or a false lead.

    Attacker’s addresses:
    BTC - 3QKorNZTQG2kJMk5Lqoj9ecgSMiYXvRz2n
    BTC - bc1qter5yx7re8czhchuzxklepvdxzxtqx6zupj3r6
    ETH - 0x6ee06cd090937E6b768461Fc81825762815E223a
    BCH - qrgh23rfl5dsexregp628sky9xxecwu2du8snpu8p4

  • On December 23rd, 2020 Altilly Exchange server infrastructure was compromised. The exchange operators have shared that the attackers have gained control over the server admin portal using an inactive account without 2FA enabled. After gaining access, the attackers were able to steal $1M worth of assets from hot wallets (30 BTC, 12,000 USDT). Even more assets were lost, after perpetrators of the hack downloaded and destroyed all database data and backups possibly to support future ransom demands.

  • On December 21st, 2020 EXMO exchange hot wallet was compromised which resulted in the loss of $10.5M worth of BTC, BCH, ETH, XRP, and other crypto assets. The exchange tracked $4M of the stolen funds to Poloniex which was unable to recover them.

    Attacker’s addresses:
    BTC - 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq
    USDT (ERC20) - 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
    ETH - 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
    BCH - qrfrw5q9gag2vp6jc5nlx0haplm2jlhx9vsvxd9u3e
    ZEC - t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL
    XRP - rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v (tag 2033412069)
    ETC - 0x4d9EF6846126Da2867AF503448be0508542C971e




Help support BlockThreat in 2021!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes about 10 hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share the newsletter with a friend or a colleague.

Thanks for joining me this week and happy happy holidays! Be safe and see you all in the next week’s edition.

-Peter Kacherginsky (iphelix)

Share Blockchain Threat Intelligence