BlockThreat - Week 20, 2020

Happy Bitcoin halving and welcome back to the Blockchain Threat Intelligence newsletter, the weekly digest of blockchain security news, tools, events, and threats. You may also be interested in /r/blocksec subreddit where I share many of the news below throughout the week.

Lot’s of money laundering activity this week where attackers have attempted to cash out their ill gotten gains or found innovative ways to obfuscate their source. North Korean hackers are at it again and more supercomputers commandeered to mine crypto. Also this week, more news about Michael Terpin’s quest to punish everyone involved in a 2018 heist. Oh and you may want to avoid using online paper wallet generators.

Crime

• N. Korean hacking group increasing efforts to steal cryptocurrency - reports of increased efforts by North Korean APT group Lazarus (aka Hidden Cobra) to attack cryptocurrency institutions in the time when COVID-19 pandemic left the country even more isolated. Additionally, FBI, DHS are preparing to share details of North Korean hacking tools involved in these hacks.
• U.S. cryptocurrency investor sues suburban NYC teen for $71.4 million over alleged swindle - the latest in the series of lawsuits where Michael Terpin is going after everyone involved in a 2018 SIM swapping hack where he lost $24 million in cryptocurrencies. In 2019, Terpin was awarded $75 million in a case against Nicholas Truglia, one of the co-conspirators. Same year, he has also sued AT&T for $224 million for allowing the hack in the first place. The latest suit targets Ellis Pinsky, the alleged ring-leader of the SIM swapping group, who has just turned 18 years old.

Hacks

• The most recent attempt to launder stolen UPbit hacked funds involves an array of well-known exchanges - some more money laundering activity from the 2019 Upbit hack where 342,000 ETH were stolen. The article contains detailed breakdown of all Exchanges which received stolen ETH. Funds moved to Binance exchange were reported frozen.
• Supercomputers hacked across Europe to mine cryptocurrency - a number of European university supercomputers were compromised via stolen SSH credentials to mine Monero. The attackers used custom malware (detailed analysis and indicators) and a CVE-2019-15666 exploit to escalate privileges.
• Thousands of #EOS Related to EOSPlay Hack (Sep. 2019) are Laundered through Buying/Selling RAM and Deposited into #Binance Eventually - interesting money laundering technique unique to crypto assets and EOS specifically.

Tools

• Bug Hunting with Crytic - a new smart contract security project by Trail of Bits. Crytic integrates with existing smart contract repositories to continuously execute some of ToB’s other tools like Slither and Echidna to produce customized reports.

That’s all for this week in blockchain security. A bit of trivia, the last block before Bitcoin reward halving contained a nice easter egg in the spirit of the genesis block: NYTimes 09/Apr/2020 With $2.3T Injection, Fed's Plan Far Exceeds 2008 Rescue. Stay healthy and see y’all next week!