BlockThreat - Week 8, 2021
Unchained | Furucombo | CryptoPunks | Yield Finance | Hardhat | Apple Jeus
Welcome to the slightly delayed edition of the Blockchain Threat Intelligence. This week we will explore a few unique hacks targeting CryptoPunks, Hardhat NPM packages, and others. Be sure to check out Immunefi’s gripping war-room story trying to save Primitive Finance as well as US-CERTs writeup on North Korean crypto trading malware. Last but not least, Unchained conference was a fantastic experience with several excellent talks featured below:
Media
- Unchained Blockchain Security Conference 2021 featured a number of fantastic talks such as using ML to detect malicious Ethereum accounts, zkRollups, user security, and many others. The conference also had a great workshop on using Scribble for smart contract vulnerability hunting and a DeFi Security panel. I also had a pleasure of presenting at the conference with The State of Blockchain Security 2021 Edition where I shared a broad overview of the blocksec ecosystem which readers of the newsletter may find useful. You can find all of the talks on this Youtube channel. Special thanks to RazzorSec for organizing the conference and making it run so smoothly!
- ETHGlobal White Hat Panel: DeFi Exploits transcript featuring samczsun, maurelian, Emiliano Bonassi, and others.
Scams
- Tether was hit with a 500 BTC data leak ransom which they refused to pay.
- Armor.Fi team member was scammed of 1.2M ARMOR by someone posing as an OTC trader.
Hacks
- On February 27th, 2021 Furucombo platform was exploited by tricking into using a fake AAVE implementation which resulted in the loss of $15M across 21 different assets. Multiple reports were published dissecting a complete exploit.
- On February 27th, 2021 Yield Finance reported that 166K DAI were stolen by what appears to be a whitehat hack. No additional information is available.
- On February 24th, 2021 CryptoPunks auction was front-run using a flash-loan causing 1 Wei bid to win punk #1737.
- On February 19th, 2021 Hardhat project was targeted using a similarly named NPM package. Metamask posted additional details about the attack including a new tool to help mitigate future incidents.
Vulnerabilities
- Immunefi published a great post-mortem writeup on helping Primitive Finance save $1.3M of user funds after a vulnerability was discovered.
- Nomadic Labs published details of the vulnerability in Dexter.
- Powerpool patched a liquidity mining vulnerability after it was responsibly disclosed.
Malware
- US-CERT published a detailed analysis on North Korean cryptocurrency malware AppleJeus which disguises itself as a crypto trading tool.
- Akamai SIRT published analysis of a novel malware which uses Bitcoin blockchain as a command and control channel.
Research
- How to keep Crypto Exchange secure? Part 2/2 by Pawel Kurylowicz continues the excellent series on exchange security.
- Stolen crypto withdrawal and transfer patterns by Crystal Analytics Team explores tactics used by cryptocurrency attackers to cover their tracks.
- A Security Framework for Distributed Ledgers models a generalized ideal blockchain properties.
- Anti-Exfil: Stopping Key Exfiltration by Blockstream Engineering.
Tools
- MEV-Explore dashboard keeps track of frontrunning bots.
- AddrJack - an education demo of a Bitcoin address-swapping malware.
Stay informed and see you in the next week’s edition!
- Peter Kacherginsky (iphelix)