BlockThreat - Week 37, 2020

Not a month has gone by before the next big exchange hack. Another DeFi project list $5M USD worth of crypto due to a money printing bug. Bitcoin core silently patches a critical bug, forgets to share it with other projects. IRS still wants to figure out where all of the Monero goes. Ransomware incidents on the rise and other news in this week’s edition of Blockchain Threat Intelligence newsletter.

Events

• Crypto Privacy Conference is hosted on September 15-16 with topics on blockchain surveillance, CoinJoin, and other related topics.

News

• IRS announced a $625k bounty to develop blockchain analytics software targeting Monero, Lightning Network, Raiden Network, and other layer 2 privacy protocols.
• US Treasury published 23 wallets on its sanctions list linked to the Internet Research Agency.
• Call of Duty gamers have to pay bitcoin ransom to regain access to their stolen accounts.
• An OG bitcoin wallet file is being traded online to anyone willing to try to crack the password and unlock 69370 BTC.
• $200M AT&T lawsuit filled by Michael Terpin was thrown out, but additional $23.8M case is still pending.

Hacks

• On September 9, 2020, Eterbase exchange was compromised which resulted in $5.4M worth of BTC, ETH, XTZ, AGLO, and other assets stolen from their hotwallets. The exchange has published a report including a list of attacker’s cryptocurrency wallets including a number hosted on Binance and Huobi exchanges. No additional details about the hack were shared.
• A minting vulnerability in bZx token was exploited which resulted in $8M worth LINK, ETH, USDT, USDC, and DAI getting stolen from the platform. According to the incident report, a non-standard transfer function allowed one to set both source and destination to the same address which in turn double the amount owned by the sender.

Vulnerabilities

• A previously patched vulnerability in Bitcoin Core was discovered in forked projects such as Litcoin, Namecoin, Decred. A memory exhaustion vulnerability can crash and/or freeze the vulnerable node. The vulnerability was silently patched in 2018 and was only shared after it was independently discovered by another party.

Malware

• KryptoCibule malware infects Windows hosts to mine Monero, steal crypto by replacing addresses in the clipboard, and exfiltrate wallet files. The malware uses Tor and Bittorrent for its C2 communication.
• Netwalker ransomware compromised Pakistan’s electric company and Argentina’s government network. The ransom is set to 382 BTC and 355 BTC respectively.
• REVil ransomware compromised Chilean bank.

Research

• Coordination, Good and Bad by Vitalik Buterin

Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news throughout the week.

-Peter