BlockThreat - Week 33, 2019

The last few weeks without an exchange hack have unfortunately been interrupted by Beaxy which fell victim to a well known XRP exploit. A number of excellent research articles came out this week ranging from CipherTrace’s Q2 report on the whole blocksec industry to more specific papers on vulnerabilities in EOS, tracking Ethereum honeypots, PlusToken scam details, and many others. Dash fell victim to an apparent attack which resulted in masternodes crashing and transaction getting dropped.

Hacks

• Months-Old Exchange Beaxy Targeted With XRP Partial Payment Exploit, Vows to Rollback Trades - a well known and frequently abused feature in the XRP protocol was used to steal funds from Beaxy exchange. In this attack, the partial payments feature is abused to craft a transaction which only appears to have a large amount of XRP. It appears that Beaxy failed to check for the partial payments flag and credited attacker’s account with non-existent funds. A similar exploit was used to steal 7 million XRP ($2 million) from Bitopro exchange in May of this year.

Crime

• How the PlusToken Scam Absconded With Over 1 Percent of the Bitcoin Supply - details of the massive scam involving up to 4 million victims defrauded from $3 billion in cryptocurrency assets (200k BTC, 789k ETH, 26 million EOS). Most of the victims were in China, but also spread to South Korea, Japan, and other countries in Southeast Asia. Several founding members were arrested in Vanuatu; however, there are reports of stolen funds being liquidated.
• Another chunk of the Bitcoin stolen from Bitfinex has mysteriously moved - 30 BTC of the mostly dormant 119756 BTC stolen from Bitfinex was recently moved.

Bugs

• Dash Releases Upgrade In Response to Newly Exposed Vulnerabilities - an emergency patch was issued for Dash nodes to address an attack on the network which caused outages.

Research

• Q2 2019 Cryptocurrency Anti-Money Laundering Report - a must read report by CipherTrace into past quarter’s cryptocurrency crime trends, exchange compromises, and major scams.
• Who Spent My EOS? On the (In)Security of Resource Management of EOS.IO - a KAIST research paper into EOS design which uncovers four critical flaws with one of them capable of incapacitating the network altogether.
• Research into Trust-Trading Scams on Twitter - a study and statistical analysis of the common Twitter scam. The article includes a wealth of indicators available on Github.
• Applying Machine Learning for more thorough investigation of ZAIF hack - an interesting article tracking stolen funds to ChipMixer and later Binance for liquidation.
• Bypassing Smart Contract Timelocks - a collection of attack techniques and defense for a common smart contract design pattern.
• The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts - a research article into various honeypotting techniques and a corresponding web project with live addresses.

Malware

• Varonis Uncovers New Malware Strains and a Mysterious Web Shell During a Monero Cryptojacking Investigation - an interesting report into “Norman” miner malware. The malware installs XMRig miner and a PHP webshell for C2 (Command and Control) communication.

Events

• Blockchain Training Conference - the upcoming conference will features several blockchain security related workshops including CryptoCurrency Security Standard Auditor (CCSSA) Workshop, Balancing Security & Usability for your Blockchain Project, Security By Design and Smart Contract Audits, Smart Contract Development: Security and Best Practice. The conference will take place on August 28-30 in Denver, CO.

Hope you enjoyed this week’s blockchain threat intelligence report! Stay safe and see you all next week.