BlockThreat - Week 9, 2021
Meerkat | PAID | Kava | IVF | Curve | Electrum | MetaMask
Never a dull week in blockchain security! Multiple smart contract developers reported their private keys were compromised. In all but one case we can only guess if these incidents were part of a rug pull or a compromise by malicious 3rd parties. However, what was apparent is the importance of properly securing superuser keys using multi-sig, governance contracts, or other ways which would prevent a single bad developer from running off with all the cash. On the more positive side, check out two great podcasts with Katie Haun on prosecuting corrupt agents in the Silk Road case and Julien Boutelop’s talk on the Rekt project.
Media
- The Tim Ferris Show Episode 499: Katie Haun on the Dark Web, Gangs, Investigating Bitcoin, and The New Magic of "Nifties" (NFTs) deep dives into the investigation of corrupt law enforcement agents involved in the Silk Road case.
- Epicenter Episode 381 - Stake Capital/Rekt - Uncovering the Dark Side of Defi with Julien Boutelop.
Crime
- Blockchain Sleuth Says OKEx, Huobi Stonewalled Him in Child Porn Investigation explores regulatory challenges while hunting down criminals behind the worst kind of crimes.
- BitCoin blackmailer who threatened to blow up NHS hospital during Covid pandemic sentenced in Germany.
Scams
- On March 4th, 2021 Meerkat Finance, a Yearn clone on BSC, smart contract was drained of $31M worth of BUSD and BNB tokens after it was upgraded with a malicious proxy implementation. Further analysis have shown that the hack was perpetrated by the project owners, who later rolled back their hack allegations stating that it was just a test.
- On March 7th, 2021 IVF Finance developer reported his phone, Telegram, and deployer keys were compromised resulting in someone pulling liquidity. The official twitter account has since been deleted.
Hacks
- On March 5th, 2021 PAID Network private keys were compromised resulting in the minting of $160M worth of PAID tokens. While the incident sounds very similar to the Meerkat Finance scam a day earlier, it appears developers are taking active steps to relaunch the token, wipe out stolen funds, and enhance future key security using multi-sig.
- On March 5th, 2021 Kava, a DeFi lending platform, had to be paused and relaunched after an accounting flaw was exploited. No funds were lost.
Vulnerabilities
- A vulnerability was discovered in deprecated Factory v1 pools on Curve Finance. No additional details or post-mortems are currently available.
Malware
- Backdoored Electrum Wallet was notarized and available in Apple Appstore. Once installed, the malware attempted to steal user’s wallet.
- MetaMask phishing campaign on Google Adwords was reported by CipherTrace.
Research
- Failed attempt to break Curve by Experience and Killari.
Just a heads up that next week’s edition will be delayed, but we will catch up on all the news the week after. Thanks for joining me and see you all soon!
- Peter Kacherginsky (iphelix)