BlockThreat - Week 6, 2021
Lazarus | KeepChange | Alpha Homora | BT.Finance | Growth DeFi
|Peter Kacherginsky||Feb 19|
Lazarus group was implicated in last year’s KuCoin exchange hack. Chainalysis published a fantastic crypto crime report detailing exploits of many criminal groups as well as a detailed breakdown of Lazarus cryptocurrency money laundering operations. Joker’s Stash is shutting down, three major DeFi hacks happened last week with more than $41M stolen, KERNEL Security published conference videos, another excellent tool published by Consensys Dilligince, and more in this week’s edition.
Chainalysis published its 2021 Crypto Crime Report. The report notes an overall decrease in cryptocurrency theft from exchange hacks and scams. On the less positive side, ransomware theft and DeFi incidents were on the rise. The report notes in-depth coverage of North Korea’s Lazarus group money laundering activity following the massive KuCoin $275M+ hack.
A UN Panel reported that North Korea is laundering the proceeds of cryptocurrency exchange hacks to fund its nuclear program.
Feds’ $3 billion Bitcoin seizure tied to corrupt federal agents. US DoJ released a statement in November of last year where it announced 70K BTC were voluntarily transferred by an anonymous individual. The article points to Shaun Bridges, a former USSS agent in prison for laundering Silk Road funds, as the likely person who turned in the stolen bitcoins.
Egregor ransomware operators arrested in Ukraine. Launched in 2020, the Ransomware-As-A-Service group stole up to $50M from 200+ victims.
100+ Financial Institutions hit with DDOS extortion attacks demanding bitcoin as a ransom.
On February 12th, 2021 Alpha Homora v2 was exploited which resulted in the theft of $38M worth of USDC, DAI, USDT, and WETH. An insider is suspected to have executed the attack.
On February 7th, 2021 KeepChange exchange was hacked which resulted in the theft of customers’ PII including email addresses and password hashes. The exchange noted that attackers attempted but failed to steal cryptocurrency from users’ wallets.
A vulnerability in an arbitrage bot was discovered by the Dedaub team. The team detected a flawed approver function by reverse engineering a closed source contract and proceeded to whitehat hack the contract to prevent the theft of almost 80K in assets.
Avalanche network went down as a result of a consensus failure after a bug in the minting verification logic was triggered by a heavy load. The incident did not result in a monetary loss.
Curve Finance shut down the Yearn Finance v2 pool after discovering a vulnerability.
Code 423n4 project aims to promote open code reviews using contests.
KERNEL Security Track 1 - Lay of the Decentralized Land with Corey Petty
KERNEL Security Track 2 - Automated Tooling with Joran Honig.
KERNEL Security Track 3 - Manual Review with OpenZeppelin with Leo Arias.
Flashbots Transparency Report — January 2021 by thegostep discusses the latest state of front-running bots including a whitehat rescue of NFT funds from a compromised wallet with @samczsun.
Fantastic resource by Origin Protocol security team which publishes DeFi incident reports with detailed analysis within 24 hours of their occurrence.
How to keep Crypto Exchange secure? Part 1/2 by Pawel Kurylowicz offers a great survey of exchange security controls.
ArmorFi Bug Bounty Postmortem by Immunefi.
Under the Armor by Rekt is an investigative report proving foul play in the claims of theft made by an ArmorFi user.
An Introduction to Solidity's Fuzz Testing Approach by Bhargava Shastry.
How Smart Contracts Can Be Automatically Verified by Shard Labs discusses a new tool to pull and verify smart contract source code.
Tarantula by Consensys Dilligence a tool to help with fault localisation.
Help support BlockThreat!
Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:
1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.
Stay informed, stay healthy, and see you next week!
- Peter Kacherginsky (iphelix)