BlockThreat - Week 14, 2021
Polkatrain | Uranium Finance | Fei | Silk Road | BitClout
Welcome to this week’s edition of Blockchain Threat Intelligence. BSC (Binance Smart Chain) had multiple DeFi applications hacked, a critical bug in Fei was responsibly disclosed, rumors of Paxful exployee PII getting leaked, and more in the never ending stream of blockchain security news.
News
- Ransomware tops U.S. cyber priorities, Homeland secretary says.
- Additional details revealed about Lazarus Group extortion tactics after the Bithumb compromise.
Media
- Silk Road (2021) is yet another crypto-thriller based on the true stories of the Dread Pirate Roberts and a corrupt DEA agent set out to hunt him down. I enjoyed film’s morally ambiguous stance on both DPR and DEA agent’s actions. Silk Road takes a few liberties with the plot line, but mostly sticks to the real world events including the infamous San Francisco library bust.
Hacks
- On April 4th, 2021 Polkatrain on BSC rebate mechanism was exploited which resulted in the loss of $3M (57K DOT).
- On April 7th, 2021 Uranium Finance on BSC logic bug was exploited which resulted in the theft of $1.5M worth of RADS. According to the post-mortem, the Uranium team was able to persuade the attacker to return $1M by linking their identity to a Binance account.
- Rumors of Paxful employee PII leak after a post was made on Raidforums.
Vulnerabilities
- A vulnerability in Fei reward logic was responsibly disclosed by 0xRevert using the Immunefi bug bounty.
- Reports of BitClout collecting users’ private keys on each API request by James Prestwich. Anyone with access to raw data or server logs may be able to steal assets linked to the keys.
- ABI deserialization vulnerability was discovered in Solidity compiler by the Certora team.
Malware
Research
- Sandwich bot exploit/honeypot analysis by Robert Miller.
- Paradigm CTF 2021 Swap Challenge guided walkthrough by samczsun.
- Double Spend Proofs: Protocol Improvements and Providing End-User Guidance explores zero-conf transactions on BCH network.
- A Formal Analysis of the MimbleWimble Cryptocurrency Protocol.
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)