BlockThreat - Week 30, 2020

We are all recovering from last week’s epic Twitter hack so this week’s edition is full of research articles and workshop recordings to help you relax and recharge.

News

• Woz is suing Youtube to get better at taking down “Bitcoin Giveaway” scams.

Malware

• New malware framework from Lazarus APT which frequently targets cryptocurrency businesses. MATA: Multi-platform targeted malware framework. The malware supports Windows, Linux, and MacOS operating systems and has backdoor, process and file manipulation, proxy, and DLL injection capabilities.

Research

• Ethereum Foundation’s Eth 2.0 Attacknets contest has the first winner who was able to break finality for 16 epochs! Details are now available here.
• Ethereum mempool may have been intentionally manipulated in order to cause congestion and win over 1000 zero-bid auction on MakerDAO during March’s Black Thursday event.
• Video recording of ISSTA 2020 Workshop on Smart Contract Analysis:
  00:00:00 - Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities -- Neville Grech
  00:30:19 - SMT-Based Effective Formalization of Reference Types in Solidity -- Ákos Hajdu
  01:00:42 - Verification of Parameterized Smart Contracts -- Arthur Scott Wesley 01:38:42 - Echidna: Effective, Usable, and Fast Fuzzing for Smart Contracts -- Gustavo Grieco
  02:05:00 - VeriSol: Bringing Formal Verification to Solidity Smart Contract Developers -- Shuvendu K. Lahiri & Diego Garbervetsky
  02:41:07 - Rump
• He who controls the hashpower controls the PoW chain. The Alchemy of Hashpower explores different components of the mining market and discusses economic forces behind the total hash rate.

Fun

• Romantic Hacker. That’s the name of the upcoming South Korean TV series involving hackers, fictional cryptocurrency exchanges, and of course romance.

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter