BlockThreat - Week 20, 2019

A relatively quiet week with just one high profile yet unsuccessful attack on the BCH network. In this edition of the newsletter I will look into several scam and malware trends as well as a a few fun research articles including James Lopp going on a destruction rampage against several popular metal wallets.

Hacks:

• Bitcoin Cash Upgrade Attack and the 110K BCH Bitfinex Position - on May 15, 2019 an unknown actor has flooded BCH network with specially crafted transactions to trigger a vulnerability in Bitcoin ABC software. The exploit briefly prevented legitimate transactions from getting included in blocks causing empty blocks to be mined and mempool congestion. The attack was timed to coincide with the planned BCH fork, but failed to have a lasting impact on the network after the vulnerability was quickly patched. The attacker is rumored to have borrowed 180,000 BCH in order to short the coin on Bitfinex. In a surprise twist, the attacker’s own crafted transactions were cracked and relieved of a few hundred dollars worth of BCH.
• Binance Security Incident Recap - a great collection of lessons learned from the Binance Incident by CZ. The recap was sadly missing any new details on the attackers or the hack. With the entire community watching, there still haven’t been any movements of the stolen BTC funds which will likely remain the case for awhile.
• The blockchain ecosystem has a patch problem - in a follow up to the February, 2019 DoS vulnerability in Ethereum’s Parity node software, SRLabs researchers have identified that 40% of the Parity nodes are still unpatched.

Scams:

• Scammers luring people into buying ‘discounted stolen Bitcoins’ - a variation of the “free crypto” scam promising discounted Bitcoins from the Binance hack.
• Fake Block One address transaction - a creative scam managed to trick EOS block explorers into displaying a transaction which appeared to be coming from the official B1 address by creating a custom contract.
• Phishing links in Electrum’s Github issues - yet another scam attempt at getting users of the most phished wallet project to download malware.

Malware:

• Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud - the blog by Intezer contains a wealth of indicators on malware samples used by the Pacha Group to target various cloud infrastructure services. It is interesting that the Pacha group is well aware and is actively blacklisting its competition.

Research:

• Metal Bitcoin Seed Storage Stress Test (Part II) - a second installment of James Lopp testing various metal wallets by heating them up to extreme temperatures, throwing metal plates into baths of acid, crushing plates under hydraulic press, and then rating readability of surviving mnemonic words.
• Breaking Monero series Episode 03: 0-Decoy and Chain Reactions - a detailed look into zero decoy attacks and how Monero was hardened against them.

That’s all for this week. Feel free to drop me a line on how this newsletter could be improved or any stories that you would like to see in the future: iphelix[at]blockthreat[.]net