BlockThreat - Week 39, 2020

A tough week for the Singaporean exchange KuCoin which suffered a major $281m hack. On the bright side, Lien Finance’s smart contract was preventively hacked to save $9.6m worth of ETH which also resulted in a fascinating article in the research section on beating front-running bots. This week’s edition features a lot more excellent papers, new tool releases, and two new blockchain security competitions. In other news, folks should really reconsider mining crypto on their employer’s supercomputers.

Hacks

• On September 25, 2020 KuCoin exchange hot wallet was compromised which resulted in a lost of more than $281m worth of crypto across BTC, ETH, LTC, BSV, XRP, XLM, TRX, and a number of ERC-20 tokens. What was unique about this hack is the sheer number of ERC-20 asset issuers who were able to freeze and reclaim stolen assets while the attacker was racing to liquidate them on Uniswap, Kyber, and other DEXs. This sets an interesting precedent for future attacks where token issuers actively support hacked exchanges.
• On September 20, 2020 a vulnerability in Soda Finance smart contract resulted in the loss of 400 ETH ($160K) a day after its launch.
• On September 19, 2020 a vulnerability in Lien Finance’s smart contract was discovered and later exploited by a white-hat group led by samczsun. While no funds were lost, $9.6m worth of ETH were at risk.

Malware

• Alien android malware family is targeting Coinbase, Blockchain.com, Luno, other cryptocurrency and banking wallet apps to steal credentials, control and steal SMS messages, and other trojan functionality.

Research

• Escaping the Dark Forest is a fascinating research article by samczsun on beating the front-runners to recover $9.6m worth of ETH from a vulnerable contract. The article is a follow up to Ethereum is a Dark Forest by Dan Robinson where a previous attempt at recovery was intercepted by front-runner bots.
• Staring into the Monster’s Eye: Analyzing a Generalized Front-running Arbitrage Bot Attack is another take on the front-running attacks on the Ethereum network by general purpose arbitrage bots.
• A General Framework for the Security Analysis of Blockchain Protocols.
• Research by Aqua Security observes a sharp increase on cloud infrastructure attacks over the past year to mine Monero using MrbMiner malware.

Projects

• Teatime is an extensible attack framework for Ethereum nodes by Dominik Muhs at Consensys Dilligence.
• Pool Detective is a project by MIT Digital Labs which attempts to detect network attacks across several Satoshi chains.
• Circuit Breaker is a firewall for Lightning network nodes to help protect them against htlcs floods.

Competitions

• DeFi Detectives is another live CTF by folks challenging players to hunt down Uniswap hackers and investigate SushiSwap’s exit scam.
• Damn Vulnerable Defi wargame by OpenZeppelin’s tincho challenges players to sharpen their defi skills.

That’s all for this week in blockchain threat intelligence! As a reminder, I am participating in the latest round of Gitcoin Grants so would appreciate your support. Stay safe and see you all next week.

-Peter