BlockThreat - Week 34, 2020

Quiet weeks like this one are great to catch up on a number of excellent research articles and enjoy another occasion when the good side wins.

News

• A join effort by Binance’s Sentry Team and the Ukrainian Cyber Police led to the arrests a gang responsible for money laundering and ransomware operations.

Scams

• The 10 Best Things You Can Do to Not Lose Your Crypto

Malware

• Prometei botnet targeting vulnerable Windows hosts to spread Monero miner.
• FritzFrog botnet targeting weak SSH logins to spread Monero miner.

Vulnerabilities

• Samourai Wallet identified vulnerabilities in Wasabi Wallet’s CoinJoin feature which may impact transaction anonymity. No additional details about the vulnerabilities were disclosed.
• The latest update from Beacon Fuzz project includes multiple overflow and parsing errors in the upcoming Eth2 client.
• Another DeFi project, xSNXa, had to shutdown after a vulnerability was discovered and responsibly disclosed by samczun.

Research

• A Philosophy of Blockchain Validation blog post by Vitalik explores just how much validation is necessary on PoW chains.
• A survey of criteria to evaluate security of ERC-20 tokens used by Coinbase.
• Repository for Solidity vulnerabilities compiled to Yul.
• Discussion of EIP-1559 standard make 51% attacks less profitable.
• Great video series by Smart Contract Programmer on Smart Contract exploitation.

That’s all for this week in Blockchain Threat Intelligence. Be sure to check out /r/BlockSec for more up to the minute news and see you all next week.

-Peter