Week 37, 2019

North Korea | EOS | Lightning | InnfiRAT

There were a number of interesting vulnerability reports in various blockchains and smart contracts this week. Check out the detailed incident report on a 30k EOS theft which also caused major EOS network outages. U.S. Treasury published a sanctions report targeting several North Korean actors well known for their hacks of cryptocurrency exchanges.

News

Hacks

  • EOS congestion 9/13/2019 and EOSPlay hack - a detailed incident report on the RNG hack of EOSPlay which resulted in 30,000 EOS (about $120k) theft and major network outages. The vulnerable contract used EOS blockchain itself as a source of entropy which is not sufficient.

    Indicators:

    Attacker’s EOS accounts:
    mumachayinmm
    gotoworkhome
    mumachayinm1
    mumachayinm2
    mumachayinm3
    mumachayinm4
    mumachayinm5

  • Operation: CryptoKitty Rescue - a fun research article where the good guys had to devise ways to race an attacker to recover assets from a compromised smart contract. No kitties were hurt in the making of this paper.

Vulnerabilities and Hacks

Malware

  • InnfiRAT: A new RAT aiming for your cryptocurrency and more - a malware analysis report on a new malware family capable of stealing credentials and cryptocurrency wallet data.

    Indicators:
    rgho[.]st/download/6yghkhzgm/84986b88fe9d7e3caf5183e4342e713adf6c3040/df3049723db33889ac49202cb3a2f21ac1b82d5b/peugeot.zip
    tcp://62[.]210[.]142[.]219:17231/IVictim

Community

  • Smart Contract Security Newsletter - check out this excellent newsletter with a focus on Ethereum smart contract security published by Maurelian from Consensys Dilligence. The latest edition dives into the security concerns posed by the upcoming Istanbul upgrade.

  • BlockSec Community - a dedicated subreddit to share and discuss blockchain security news, events, vulnerabilities, etc. The community has similar goals to this newsletter, but offers a more frequent cadence to disseminate information.

That’s all for this week in Blockchain Threat Intelligence. Stay safe and stay informed!


Protect Your Crypto

Buy a hardware wallet: