BlockThreat - Week 31, 2020

This week we have witnessed a massive 3500+ block attack again Ethereum Classic network. More PII leaks from cryptocurrency companies and news of arrests have been made weeks after the Twitter hack.

Hacks

• Ethereum Classic has undergone a 51% attack which resulted in a massive 3500 block reorg. The attack was used to double spend 807260 ETC ($5.6M) on OKEx exchange which only cost the attack 17.5 BTC ($192k) in mining rental fees on Nicehash.
• PII leak was responsibly disclosed in Ledger’s e-commerce and marketing database. However, according to the incident report, the breach was exploited to steal data from 9500 customers.
• A Florida teenager was arrested and two others charged in the Twitter hack case. One of the suspects located in UK was found out because he was using a bitcoin wallet on Binance and Coinbase to transact with stolen bitcoin.

Scams

• Another recovery hack by Harry Denley to return $10,000 stolen funds to their rightful owners. Similar to the previous case, the scammer’s website was not properly secured allowing Harry to obtain stolen keys and to return stolen funds to their rightful owners.

Malware

• An interesting new mining malware, Doki, uses DogeCoin blockchain in order to calculate the C2 host based on spends of a hard-coded wallet. In this scheme, the value sent by the wallet was hashed and the first 12 characters used to form a ddns[.]net domain

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter