BlockThreat - Week 38, 2020

We have some good news this week from Bzx team which was able to recover stolen funds after identifying the attacker. Eterbase revealed additional hack details in the criminal complaint. US DOJ filled multiple indictments against Russian and Chinese nationals participating in variety of crypto-related schemes. At last check out an awesome twitter thread by @tayvano_ on crypto wallet security.

News

• Bzx project was able to recover $8.1M worth of crypto after identifying the attacker. The project has also awarded a $45k bounty to the engineer who initially identified the vulnerability and reported the hack in progress.
• Negligence lawsuit was filled by Frisco (Zaif) exchange against Binance which allowed attackers to liquidate their stolen bitcoin following the 2018 hack.
• Two Russian nationals were indicted for participating in the theft of $16.8M in crypto and fiat by setting up fake exchange websites.
• Five Chinese nationals associated with APT 41 group were indicted for computer intrusions in facilitation of ransomware, crypto-jacking, and other schemes.
• Eterbase published a criminal complaint containing details of the hack, attacker and hotwallet addresses.

Research

• Awesome thread by Taylor Monahan (@tayvano_) about crypto hacks and vulnerabilities affecting crypto wallets over the past few years. So may gems and lessons!
• Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma - attack on ETH2.0’s Casper finality gadget.
• Defending Against Malicious Reorgs in Tezos Proof-of-Stake - statistical analysis of reorgs.
• Formalizing Bitcoin Crashes with Universally Composable Security - analysis of attack and detection techniques against Bitcoin blockchain.
• Lightning-dev SIGHASH_SINGLE + update_fee Considered Harmful - vulnerability in LN HTLCs may allow theft of onchain fees.

Thanks for joining me this week, stay healthy, and see you all in another edition next week!

-Peter