BlockThreat - Week 2, 2021

In this week’s edition I will focus on the many ways cryptocurrencies are involved in facilitation of crime. Multiple sentences were announced to actors behind Ponzi and money laundering schemes, more Twitter scam campaigns, fake exchanges exit scamming, and crypto malware on the rise. On the bright side, two dark web markets have been shut down. Ledger has finally released a detailed post-mortem more than 6 months after the incident. Check out this week’s Media section for a few excellent talks and panels published this week.

Crime

• Joker’s Stash dark web marketplace shuts down. Administrator’s of the site were big advocates of cryptocurrencies to store their ill-gotten gains.
• DarkMarket illegal marketplace has been taken down by an international law enforcement group including Europol, FBI, NCA, BKA, and others. More than 20 servers in Moldova and Ukraine were seized containing a treasure trove of data.
• GemCoin Ponzi founder Steve Chen sentenced to 10 years and ordered to pay $1.8M in back taxes.
• RG Coins exchange founder Rossen Iossifov was sentenced to 10 years for helping launder stolen crypto in support of the fraudulent online auction.
• Coinnest exchange founder Kim Ik-hwan sentenced to 18 month for bribery.
• Russian law enforcement reports a new trend of contract killers accepting cryptocurrency payments and using mixing services to obscure payments.

Scams

• Arbitly exchange reporting a fake “hack” as part of an exit scam. A similar scheme was used with now shut down Livecoin and Altilly exchanges.
• An increase in verified Twitter account hijacks results in $580K worth of BTC stolen in just one week.

Hacks

• Ledger published a post-mortem report detailing the scope of the customer database hack in 2020. The report reveal that the original July, 2020 hack resulted in the theft of 1M+ email addresses. An addition incident in September, 2020 resulted in the leak of 292K customer details including complete PII data such as home addresses, phone numbers, names, and email addresses. Ledger has also started a new bounty program worth 10BTC for any information that leads to the arrest of perpetrators behind these hacks.

Vulnerabilities

• A multi-collateral liquidation bug was fixed in Synthetix on January 6th which could have triggered excess loan liquidations.
• A minting vulnerability in The Sandbox DeFi app was responsibly disclosed by maurelian on January 4th. The fix was deployed on Jan 15th.
• A potential vulnerability was reported in Venus DeFi project hosted on Binance Smart Chain which resulted in $88M worth of ETH and BTC locked up.

Malware

• MyCrypto reports of an increase in malicious Crypto Apps on Google Play.
• Tencent Security Team reports on the mining trojan called SupermanMiner which targets weak Redis servers.

Media

• White Hat Panel: DeFi Exploits featuring samczsun (Paradigm), maurelian (Optimism), Emiliano Bonassi (Marquet Exchange), Martín Abbatemarco (Open Zeppelin) Fubuloubu (Yearn.finance), and Mariano Conti (fmr. MakerDAO).
• Security By Design & Smart Contract Audits by Shayan Eskandari

Research

• Chainalysis report on cryptocurrency donations to Alt-Right Groups and Personalities involved in the recent US Capitol events.
• Atlas VPN report on blockchain incidents notes 122 attacks resulting in $3.8B loss throughout 2020.
• Blockchain for steganography: advantages, new algorithms and open challenges.
• Eth2Vec: Learning Contract-Wide Code Representations for Vulnerability Detection on Ethereum Smart Contracts.

Tools

• TX Spammer tools to enable the semi-reproducible growth of a large and complex chain over RPC, for testing and benchmarking purposes.

In other news, Bitcoin mining is now blamed as a trojan horse to attack on electric grids in Iran. Who needs Stuxnet when you can just drop a few mining rigs! Oh and if you a user of a certain web enabled chastity device you may need 0.02 BTC to regain access to you know what.

Stay informed, stay healthy, and see you next week!

- Peter Kacherginsky (iphelix)