BlockThreat - Week 23, 2020
Coincheck | Coinsquare | CipherTrace
The brief lull between exchange hacks is over with yet another incident on Coincheck. This one is by the order of magnitude less than the 2018 hack, but losing control over your DNS could have been much worse than just leaking customer data for 200 users. Speaking of data leaks, Coinsquare hackers share thoughts on what to do with the stolen cache in their interview with Vice. Last but not least check out CipherTrace’s massive cryptocurrency crime and money-laundering report and a few interesting research articles in the Research section.
Hacks
- Crypto exchange Coincheck says it suffered a data breach, which may have exposed some users' personal information - on May 31, 2020 an unauthorized party changed exchanges DNS record which allowed them to intercept customer emails.
- Hackers Plan to Use Stolen Cryptocurrency Exchange Data for SIM Swapping - interview with Coinsquare hackers where they explore what to do with the stolen data ranging from leaking it to embarrass the exchange to attacking its customers.
- Coinsquare CEO confirms client data was stolen by a former employee after report of SIM swap threat
- Hackers Move Another $800K in BTC Stolen From the 2016 Bitfinex Breach - more activity since last week.
Vulnerabilities
- Details of firmware updates for Trezor One (version 1.9.1) and Trezor Model T (version 2.3.1) - a patch to address a hypothetical attack where malware can craft a transaction with unexpectedly high fees. The patch disables partially signed bitcoin transactions which breaks some integrations.
Research
- CipherTrace - Spring 2020 Cryptocurrency Crime and Anti-Money Laundering Report
- Time-Dilation Attacks on the Lightning Network
- Attacking Zcash Protocol For Fun And Profit
- Breaking the Solidity Compiler with a Fuzzer - an interesting study into compiler fuzzing by Trail of Bits.
- Europol Wasabi Wallet Report
That’s all for this week in Blockchain Threat Intelligence. Stay informed, stay healthy, and head over to /r/blocksec subreddit for blockchain security news through the week.
-Peter