Week 21, 2019

BestMixer | BCH | Cryptopia | Wallets

This week a number of news sources reported a new twist to the BCH hard fork incident where the previously reported node software exploit was followed by a reorganization attack targeting a blocks mined by a malicious miner. In other news, Cryptopia exchange attackers are attempting to cash out at an exchange, a backdoor discovered in a paper wallet website, and a reported uptick in fake wallet software on Android platform.

News:

Hacks:

  • The Bitcoin Cash Hardfork – Three Interrelated Incidents - a great writeup on the previously missed incident on the BCH network which occurred on May 15th, same day as the hard fork event and the 0day incident described in last week’s newsletter. In the technical report, BitMex Research reports a two block reorganization attack with 3392 BCH double spent on the network. A related blog, Bitcoin Cash Guardians & Pirates in Sight, describes an unknown miner mining a block which claimed newly spendable segwit addresses as a result of the fork and a group of miners BTC.top and BTC.com invalidating that block. In yet another twist to the story, someone who claims to have exploited the 0day vulnerability in ABC node software has published a blog post - sigops counting - explaining the discovery and exploitation of the vulnerability while also noting the reorg on the BCH network.

  • Follow The Money — Tracking The Asset Movements Of Cryptopia Hack - PeckShield researchers track the recent funds movement from the Cryptopia hack earlier this year. The report documents a new technique used by attackers to obfuscate their transactions with a large number of fake trades made on a DEX before reassembling funds to be sent to an exchange.

Malware:

Research:

Events:

This wraps up this week’s blockchain threat intelligence. In case you were participating, ETH Treasure Hunt has now concluded and a winner announced.