BlockThreat - Week 31, 2019
Capture the Coin | Defcon 27 | BTC-e | Elliptic
Multiple blockchain security events are happening this month. Defcon 27 is hosting the Blockchain Village with lots of interesting talks. A new capture the flag competition called Capture the Coin by Coinbase is also launching in August. I will be speaking and hanging out at the Blockchain Village to support the contest so feel free to stop by and solve some challenges.
News:
- US files lawsuit against Bitcoin exchange that helped launder ransomware profits - a lawsuit targeting the now defunct BTC-e exchange and its founder Alexander “Mr. Bitcoin” Vinnick is seeking to recover more than $100 million. The exchange was well-known for its money laundering activity. At one point, it was used by 95% of all ransomware to cash out user payoffs.
Events:
- Capture the Coin - Blockchain Security CTF - a new CTF competition was announced with two dozen challenges covering smart contract exploitation, cryptography, wallet malware, blockchain forensics, and many others. The competition will start on August 9th at Defcon 27 Blockchain Village.
- Defcon 27 - Blockchain Village - the upcoming Defcon conference will host a village dedicated to various blockchain security topics. Some topics interesting talks include Responding to Firefox 0-day by Philip Marting, Hacking Cryptocurrencies by Mark Nesbitt, FumbleChain by Nils Amiet, Jump-Oriented Programming (JOP) in Smart Contract Honeypots by Xiohang Yu, and many others. You can find the full agenda here.
Research:
- Blockchain analytics startup Elliptic, MIT researchers collaborate to detect money laundering in bitcoin using machine learning - over 200,000 Bitcoin transactions were analyzed to detect illicit activity and shared in a publicly accessible dataset.
- The Revival and Rise of Email Extortion Scams - an in-depth article into cryptocurrency extortion scam variants and unique characteristics. According to the paper, scammers make approximately $1.2 million equivalent in Bitcoin and Litecoin in a single year.
- Updated PSA : Wasabi Wallet is the target of ongoing behavior that appears to be a Sybil Attack since January 2019 - a report of an unknown actor targeting Wasabi Wallet’s mixer protocol, ZeroLink, which increases addresses reuse and decreases privacy of wallet’s users.
Bugs:
- The Livepeer slashing vulnerability - a critical protocol bug in the Livepeer smart contract could cause arbitrarily slash transcoders in the network and net attacker the “findersFee” to profit form it. According to the incident post-mortem the vulnerability was patched in under 12 hours of notification.
- Ripple devs rush to fix flaw in XRP’s blockchain - a new online app makes it significantly easier to upload files using XRP’s memo field, potentially inflating the size of the blockchain.
That’s all for this week’s Blockchain Threat Intelligence. Stay safe and see you in Vegas!