BlockThreat - Week 16, 2019

Welcome to this week’s newsletter! The Mueller report was released and contained plenty of interesting revelations about the use of cryptocurrency by both state actors and also investigators following their trail on the blockchain.

News:

• Cybercrime and Cryptocurrency in the Mueller Report — the report contains detailed investigation of hacking and dumping operations by the Fancy Bear APT group. It was particularly interesting to read about the widespread use of cryptocurrency (page 36) to fund hacking operations as well as trying to hide their source by mining Bitcoin on CEX.io instead of purchasing it. This opens up a potential new threat to exchanges and miners from financially unmotivated actors interested in obtaining a relatively anonymous source of funds to sponsor their operations. On the other hand, the use of cryptocurrency has also enhanced the investigation and attribution thanks to blockchain forensics.
• Japanese Regulators to Introduce New Rules Regarding Exchanges’ Cold Wallets — a new set of regulations to help establish minimum security requirements following several exchange hacks.
• Crypto Exchanges Collaborate With Bithumb to Freeze Stolen Funds After Major Hack — a great sign of increased maturity in the industry where multiple exchanges have joined forces against thieves to locate and freeze stolen funds.

Research:

• Russia’s Bitcoin Hacking Funds — a well researched article revealing wallet addresses and cryptocurrency funds movements mentioned in the Mueller report above.
• Electrum Bitcoin wallets under siege — an in-depth technical report on the evolution of Electrum wallet malware variants as well as the malware behind the ongoing DDoS campaign targeting the Electrum network.
• EOS smart contract centralization risks — a new referendum on the EOS network to address a previously unpublicized security risk. By design, smart contract developers currently have complete control over token ownership including the ability to freeze accounts and redirect transfers. These actions can be performed by the smart contract developers without the need for Block Producer votes.
• Signature Replay Vulnerabilities in Smart Contracts — an interesting discussion of a vulnerable design pattern when checking message signatures without nonces.

And this wraps up blockchain threat intelligence for this week. Stay secure and good luck if you are hunting the Satoshi’s Treasure. It looks like folks are making great progress.