BlockThreat - Week 43, 2020
Harvest | BurgerSwap | SS7 | Office 365 | Ledger
Phishing scams are on the rise with Office 365 and Ledger customers targeted last week. Old school SS7 exploits are still successfully used to take over email accounts belonging to folks in the industry. Another day, another DeFi project arbitraged for a few million stable coins and more in this week’s edition:
Crime
- Telegram and email accounts of high profile individuals in the crypto industry were hijacked by exploiting vulnerabilities in SS7 telco switches.
- A phishing campaign on Office 365 customers is using Coinbase themed emails in an attempt to take over their email accounts. Attackers are most likely trying to target users associated with the cryptocurrency exchange.
- Reports of a phishing campaign targeting Ledger users with a prompt to download an updated version of Ledger Live desktop software. It may be related to a recent leak of up to 1M email addresses belonging to Ledger customers.
- Finnish psychotherapy center patients are being extorted 200 euros in BTC to keep their stolen data private.
Hacks
- On October 25th, 2020 an arbitrage weakness in Harvest Finance was exploited to profit an attacker about $24M worth of USDC and USDT. Following the hack, the attacker has transferred gained to funds to the following bitcoin addresses using REN Protocol:
1Paykw4s2WX4SaVjDrQkwSiJr16AiANhiM
1HLG86DDEzAxAGmEzxr1SUfPCWcnWA6bMm
14stnrgMFNR4LesqQRUdo5n1VUx9xdAMeg
18w2Bm2cCsbLjWQU9BcnjzK8ErmzozrVa3
1FS2t2eAjmjaNmADN6SMHYo7G4XGpX1osS
1NdAJ89k1qpRMpZLwuYGQ7VnM45xD2NJXa
1CLHhshrusvT4XADWA29R2H4ndsSUamEWn
Vulnerabilities
- A reentrancy vulnerability was discovered and responsibly disclosed in BurgerSwap DeFi service hosted on Binance Smart Chain.
Research
- Financial Attacks on Democracy is a nice survey of using cryptocurrency to finance bad actors in the last election cycle.
- How This DoJ Strike Force Hunts Down Cryptocurrency Criminals
- Efficient audits with machine learning and Slither-simil
- Smart Contract Hacking Final Free Chapter - Hacking Games Via Bad Randomness Implementations on the Blockchain.
Thanks for joining me this week, stay healthy, and see you all in another edition next week!
-Peter