This year Mr. Grinch has ruined Christmas for three different exchanges with millions reported stolen as a result of hot wallet compromises. BitGrail operator is in trouble again after additional evidence confirmed an exit scam, Curve discovered a flaw in the IDLE pool, and more in this week’s edition of the Blockchain Threat Intelligence newsletter. Oh and you may want to keep how much crypto you have away from jealous relatives.

Hacks

• On December 23rd, 2020 LiveCoin exchange lost control over their server infrastructure. The attackers have massively inflated BTC, ETH, and XRP exchange rates on the trading platform. LiveCoin did not communicate the impact of the hack, but estimated $2.4M worth of crypto were withdrawn around the time of the attack. Exchange operators were able to briefly post a message about the hack; however, it was since replaced with a ransom note “Good try Livecoin. But no... You have 2 days left...”. Interestingly, the attackers have also sent small amounts of BTC and ETH to addresses associated with the earlier EXMO hack which may indicate a connection or a false lead.
  
  Attacker’s addresses:
  BTC - 3QKorNZTQG2kJMk5Lqoj9ecgSMiYXvRz2n
  BTC - bc1qter5yx7re8czhchuzxklepvdxzxtqx6zupj3r6
  ETH - 0x6ee06cd090937E6b768461Fc81825762815E223a
  BCH - qrgh23rfl5dsexregp628sky9xxecwu2du8snpu8p4
  

• On December 23rd, 2020 Altilly Exchange server infrastructure was compromised. The exchange operators have shared that the attackers have gained control over the server admin portal using an inactive account without 2FA enabled. After gaining access, the attackers were able to steal $1M worth of assets from hot wallets (30 BTC, 12,000 USDT). Even more assets were lost, after perpetrators of the hack downloaded and destroyed all database data and backups possibly to support future ransom demands.
  

• On December 21st, 2020 EXMO exchange hot wallet was compromised which resulted in the loss of $10.5M worth of BTC, BCH, ETH, XRP, and other crypto assets. The exchange tracked $4M of the stolen funds to Poloniex which was unable to recover them.
  
  Attacker’s addresses:
  BTC - 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq
  USDT (ERC20) - 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
  ETH - 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
  BCH - qrfrw5q9gag2vp6jc5nlx0haplm2jlhx9vsvxd9u3e
  ZEC - t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL
  XRP - rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v (tag 2033412069)
  ETC - 0x4d9EF6846126Da2867AF503448be0508542C971e

Crime

• BitGrail exchange owner, Francesco “The Bomber” Firano, accused of faking a theft of $146M worth of XRB (Nano) coin in 2018. The investigation by Italian police has revealed that the perpetrator has been knowingly hiding missing funds for months while continuing to pump XRB price and attempted to empty exchange accounts after the court ruling to compensate victims.

• An eight-year-old boy kidnapped in India for a 100 BTC ransom. Six perpetrators were arrested who were all related to the boy’s father.

Vulnerabilities

• Curve Finance asked users to withdraw IDLE tokens from the pool after discovering a flaw that would make them unsafe in the long-term.

Tools

• A survey of Solidity Smart Contract security tools

Help support BlockThreat in 2021!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes about 10 hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share the newsletter with a friend or a colleague.

Thanks for joining me this week and happy happy holidays! Be safe and see you all in the next week’s edition.

-Peter Kacherginsky (iphelix)

Share Blockchain Threat Intelligence