BlockThreat - Week 53, 2020
COVER | Voyager Digital | Parity | LiveCoin
Welcome to the last Blockchain Threat Intelligence newsletter for this year. We are ending the year with just a few more hacks, one of a DeFi project and one of an exchange. Additional Livecoin exchange hack details reveal some suspicious activity and Parity hackers have suddenly awoken after 3 years. I’ll keep this edition brief, but be on a lookout for the Year in Review report coming out in the next few days.
Hacks
- On December 28, 2020 COVER Protocol minting vulnerability resulted in $9.4M worth of COVER token minted by multiple attackers. One of the attackers, Grap Finance, has publicly acknowledged the hack and returned $3.2M with a message for Cover devs. Several write ups describe details of the hack. Interestingly, Binance vowed to compensate $10M of the stolen funds to its customers.
- On December 28, 2020 Voyager Digital reported its DNS server getting compromised. No funds or PII were stolen according to the exchange.
- On December 19, 2020 bitcoin.org website was under a heavy DDoS attack.
Research
- Ethology: A Safari Tour in Ethereum’s Dark Forest dives into the world of frontrunning bots by running several live experiments.
- Livecoin. Hack or “hack”? Current state recreates a complete incident timeline and raises interesting questions about exchanges operation prior to the “hack”.
- Parity wallet hacker begins moving ETH. Parity MultiSig wallet was hacked on July 18, 2017 which resulted in the loss of 150K ETH ($30M at the time).
- An Elaborate Cryptocurrency Scam revisits Twitter hack and draws connections with a multitude of scammer campaigns across Youtube, Facebook, and other social media platforms.
Media
- Andreas Antonopoulos posted a series of videos on the details, repercussions, and defense tips for the massive Ledger database leak. The leaked database is freely available online.
Tools
- Multisol is a CLI to make contract verification easier.
Dear readers, thank you for joining me on this journey to learn and explore the exciting world of blockchain security. I hope you had just as much fun reading and learning about this field this past year. Looking forward to seeing you all again in 2021!
Sincerely,
Peter Kacherginsky (iphelix)