BlockThreat - Week 12, 2019

Welcome to the first issue of Blockchain Threat Intelligence! This week we learn more about QuadrigaCX’s shady past, Augur scammers, and a privacy bug in Metamask.

News:

• QuadrigaCX Co-Founder used to run stolen credit card marketplace — Michael Patryn, aka Omar Dhanani, was previously convicted for operating ShadowCrew marketplace.
• Diving into WB21 — the company holding $9 million of Quadriga money — interesting report on yet another shady associate of the failed exchange.
• BTC-e Operator, Alexander Vinnik, Seeks Extradition to Russia — Alexander Vinnik is seeking extradition to Russia after he was arrested in Greece on money laundering charges.

Bugs:

• Augur Invalid Market Scam — one or more scammers are creating invalid markets and get paid out after they shut down due to a bug in bond mechanism. Augur will remain vulnerable until the next version of smart contract is pushed out in the summer.
• Metamask leaks wallet address — Metamask reveals users’ Ethereum addresses to all visited websites. Enable privacy mode (turned off by default) to prevent this behavior.

Events:

• CCTF Announced — Cryptocurrency CTF competition will take place on March 28th during BSides Budapest. It will focus on Ethereum smart contract security.
• Consensys Diligence Ethereum Hacking Challenge #2 —the second challenge was released by Consensys called ROP EVM. Congratulations to samczun for solving this challenge and thanks for the write up!

That wraps up blockchain security intelligence for this week. Feel free to leave a comment about any security news and events that I’ve missed.