BlockThreat - Week 14, 2019

After a string of cryptocurrency exchange hacks last week, we can finally take a break and regroup. This week, I will focus on a number of interesting research publications to help you better understand threat actors, tactics and techniques used in phishing campaigns, as well as the latest studies into cryptocurrency privacy and security.

News:

• Years after brutal $2M hack, Gatecoin cryptocurrency exchange is dead — another hacked exchange now headed to the blockchain graveyard.
• Over 25,000 ETH from Bancor hack Moved to Exchange — an analysis of stolen funds movements from the exchange compromise last year. It is interesting that the attacker has been patiently waiting for almost a year to start moving them.

Hacks:

• SlowMist Hacked — a great new resource to track compromises of exchanges, wallets, exploitation of blockchain technologies and EOS, ETH, Tron DApps. The site is currently tracking more than $4 billion in lost funds with the majority of hacks in EOS Dapps.
• Electrum servers are under a DoS attack — in an apparent effort to force users to connect to malicious Electrum servers, attackers have started a DoS campaign to knock our legitimate nodes. You can read more about the issues faced by the Electrum network here.

Bugs:

• A look at irregularities discovered on Augur — Binance Research discusses the invalid market vulnerability and several other weaknesses in the Augur platform.

Research:

• Terrorist Use of Cryptocurrencies — an in-depth study by RAND corporation on the current challenges and trends for the use of crypto to support terrorism and other illicit activities. The book offers several useful models to help you better understand the cryptocurrency threat space.
• Gustuff: Weapon of Mass Infection — a detailed report on the inner-workings of the Gustuff Android malware discussed last week. The report covers techniques used to interact with banking and crypto wallet apps, propagation mechanism, and other malware functionality.
• North Korea’s elite hackers are funding nukes with crypto raids — as a follow up from last week’s Kaspersky report, this Wired article offers a nice survey and motivations behind a string of financial hacks attributed to North Korea as well as the reason for their particular interest in cryptocurrency.
• Ethereum Threat Actors Part 3 — Phishings/Scams using Smart Contracts — an interesting analysis of a smart contract used as part of a phishing scam.
• On-chain tracking of Monero and other Cryptonotes — discusses several deanonimization techniques against Monero.
• Formal Verification for n00bs -Part 4: Understanding K language — introduces the use of the K framework for formal verification of EVM smart contracts.
• Quantum resistant blockchain and cryptocurrency, the full analysis in seven parts. Part 3 — the latest developments in quantum resistant cryptography and adoption challenges that need to be solved by blockchain implementations.
• SmartCustody: Simple Self-Custody Cold Storage Scenario — a consumer guide on setting up a secure cryptocurrency storage solution.

This concludes our weekly blockchain threat intelligence report. Thanks for reading and as always looking forward to any feedback.