Week 34, 2019

RubyGem | Beaxy | Moscow | PlusToken

Another fun week in blockchain security where a compromised RubyGem account resulted in a cryptojacking code getting added to a popular Ruby library. More details were revealed on the massive Beaxy exchange hack and PlusToken scam.

Hacks

Research

  • Beaxy — Incompetent. In Denial. Insolvent? - a great investigative report into the XRP partial payment hack of Beaxy exchange including a complete incident timeline. The total loss listed in the article was 43 BTC and 111k XRP.

    Indicators:

    XRP Addresses:
    raz97dHvnyBcnYTbXGYxhV8bGyr1aPrE5w
    rTNTzZ2ewR5kLRuCTerWyKAXgBrwRjfa1
    rwDGX47HETkMb4LgnYt7qCTEGKjjQpFjrp

    BTC Addresses:
    13LZMvczfqwF8aG2WSsoREf5fyvnjmUg1y
    16K7aBM9HpXcgmBUswf9ix37y5VaNQuvRx

  • A Survey on Ethereum Systems Security: Vulnerabilities, Attacks and Defenses - a detailed threat model of Ethereum on application, data, consensus, network, and environment layers. The paper also includes examples of attacks and specific defense mechanisms used to protect smart contracts.

  • Jump-Oriented Programming on EVM Opcode - an interesting blog post with links to the Defcon 27 Blockchain Village talk, source code and videos covering the use of JOP in smart contracts.

  • 10 Million ETH: Big Mysteries Revealed About PlusToken - an investigation into the Ethereum addresses involved in the massive 10 million ETH scam. The report notes that 820k ETH are laying dormant while the remainder have been distributed among 248k Ethereum addresses with top 10 accounts holding a significant portion. Of the funds that moved to the exchanges, attackers have used Huobi for about half of total transactions with ZB[.]com, Upbit, Okex, and Gate[.]io trailing behind.

    Indicators:

    0xf4a2eff88a408ff4c4550148151c33c93442619e
    0xef13a2c29f7a433aff08c60007bc276a64c7bdf5
    0x32b0ccd7fd17f2a03fd0346378e750fe1c5e2194
    0x4416a953b466695a65f5c0a1634982fe6c090fe9
    0x6013f376191b0daa5910e69372316ab3b56d5d2e
    0x7e1793bc8cc86fef0ba448076d7cb0c773fd682f
    0x96afe718f1f424f0eb5ad017911fd9023918187e
    0xe6515162d73013b66697851a118b67b6eb73803a
    0xb100d11fd9cf3deb2995e10bdeea961ab81ade4e
    0x3d2d6f622dd2a855c688b2674741fd84dcd301bb
    0xd0ca6730bee060c11e3bf7759d6150b332a35080
    0xdbc5acac14d5e317ca76dda5fedfbc36a26afb7e
    0x98d2e9862e193d93657103362aaa6f721883b208


    https://github.com/elementus-io/plustoken/blob/master/plustoken-ethereum-addresses.csv

  • Advances in Automated Smart Contract Vulnerability Detection - a great demonstration of current state of the art in smart contract security assessment using MythX.

  • Bitcoin’s Security Budget is Adequate - an analysis of Bitcoin’s security from economic perspective.

Malware

That’s all for this week’s Blockchain Intelligence. Stay safe and don’t install miners at work, especially if you work at a Nuclear Reactor.


Protect Your Crypto

Buy a hardware wallet: