BlockThreat - Week 40, 2020

BitMEX is in a serious trouble with U.S. DoJ with one of the co-owners arrested. No more ransomware payments unless you want OFAC to come after you for financing North Korean nukes. DeFi hackers stole so much that they have started voluntarily returning half of their stolen loot. Ethereum miners caught in MEV schemes and other excellent research articles in this week’s edition.

News

• BitMEX was charged by CFTC and DoJ with failing to implement sufficient AML and KYC procedures and violating the Bank Secrecy Act. The criminal complaint names four BitMEX co-owners with one of them already arrested in Massachusetts.
• U.S. Department of Treasury issued an advisory essentially restricting companies from making or facilitating ransomware payments which may profit entities on the sanctions list.

Hacks

• On September 28, 2020 Eminence.Finance contract was exploited which resulted in the theft of $15M worth of Eminence token. The contract attracted investors even before it was publicly announced or properly tested. An attacker used flash loans to exploit an arbitrage flaw in the way EMN is minted. @FrankResearcher tweeted a detailed transaction analysis which may hold clues in identifying the perp. Interestingly, the attacker returned $8M of their loot back to the Eminence contract for an unknown reason.
• KuCoin CEO tweeted that the perpetrators behind the exchange hack were found. Many more token issuers have performed swaps to invalidate and return stolen assets to KuCoin.

Vulnerabilities

• Double-spend vulnerability was responsibly disclosed and patched in the Incognito smart contract by samczsun.

Malware

• REvil Ransomware-as-a-Service operators posted $1M worth of bitcoins on a forum to recruit new affiliates.

Events

• Solidity Underhanded Contest is a competition to obfuscate malicious code in Solidity smart contract. This year’s theme is upgradable contracts.

Research

• MEVs are coming tweet storm by @FrankResearcher reveals real world examples of Ethereum miners engaging in execution arbitrage. Miner Extractable Value (MEV) were first discussed in Flash Boys 2.0 paper on front-running transactions.
• EMN Exploit case study implements a complete exploit used to attack Emminence.Finance contract.
• Check out Smart Contract Hacking training series blog posts, Github repo, and YouTube channel.
• A DoS attack vector against Eth2 nodes using time servers. The attack works by setting node time far into the future using malicious NTP servers and also broadcasting future state from attacker validators. Once the target node signs a future attestation it will remain in locked state until some time in the future.

That’s all for this week in blockchain threat intelligence! As a reminder, I am participating in the latest round of Gitcoin Grants so would appreciate your support. Stay safe and see you all next week.

-Peter