BlockThreat - Week 49, 2020
Compounder | MetaMask | Bancar | Monero
This week we have witnessed a massive exit scam in DeFi space with almost $12M stolen. Monero team strikes back against blockchain analytics companies. Kaspersky and Chainalysis published excellent reports on cryptocurrency-related crime trends. Solidity Underhanded Contest announced its winners and more in this week’s edition of Blockchain Threat Intelligence.
News
- Monero team released a hard-fork to combat blockchain analytics company’s efforts to deanonymize its users.
Scams
- On November 29, 2020 Compounder.Finance DeFi project executed an intentional backdoor in the contract to steal $12M worth of cryptocurrencies. Interestingly, the scammers received a security assessment from Solidity.Finance audit firm which received a benign version of the contracts.
- More than 9.9M XRP stolen in an ongoing phishing campaign targeting Ripple owners using fake airdrops advertised in XRP payment memos and traditional phishing emails.
Hacks
- Venezuelan law enforcement agency, CICPC, announced the capture of perpetrators behind a hack of servers at a local cryptocurrency exchange, Bancar. The attack resulted in a theft of 101 BTC.
Malware
- CipherTrace identified an ongoing phishing campaign advertising a fake MetaMask client.
- Vietnamese APT group Bismuth (aka APT32, OceanLotus) has updated its tactics to include Monero mining to help monetize compromised networks.
- Shirbit insurance company was targeted by the Black Shadow group which demands a ransom of 50 BTC to prevent them form leaking stolen data.
Research
- Cyberthreats to financial organizations in 2021 report by Kasperky predicts increased focus on cryptocurrencies by attacker’s who do not see as many profit opportunities in traditional finance sectors due to COVID-19 pandemic.
- Chainalysis reports on the effects of COVID-19 on darknet markets.
- No Consensus in the Ripple Network paper discusses critical consensus flaws in the Ripple network.
- Ethereum Security Resources and Tools twitter thread.
Contests
- Solidity Underhanded Contest winners announcement! Congratulations Robert M.C. Forster. 👏
Thanks for joining me this week. Oh and be sure to check out MyCrypto’s #MyCryptoWinner tips on keeping your cryptocurrency safe.
-Peter