BlockThreat - Week 43, 2019
Crypto Capital | Zcash | Monero | FumbleChain
Catching up on the Week 43 in Blockchain Threat Intelligence, this newsletter features updates on the Crypto Capital saga and its involvement with drug cartel money laundering, side-channel attacks on the privacy coins, and awesome research articles on FumbleChain wargame, eclipse attack against Ethereum, and others.
Crime
- Crypto Capital Official Nabbed in Money Laundering Probe - arrest and extradition of Ivan Manuel Molina Lee to Poland to face money laundering charges for a Columbian drug cartel. Bitfinex issued a statement about its involvement as only a victim of a fraud. The arrest continues the saga of the missing $850 million from the Tether fund controlled by Crypto Capital.
- Russian man sent to prison for mining bitcoin at top secret facility that made nuclear bombs - sentencing of a Russian scientist for mining bitcoin at Sarov lab on recently installed supercomputer.
Vulnerabilities
- Linking Anonymous Transactions via Remote Side-Channel Attacks - report on a patched side-channel attack targeting Zcash and Monero networks which can be used to deanonymize transactions, obtain IP addresses of machines with running wallets, cluster addresses to the same wallet.
- Forking Cheeze Wizards Smart Contracts, All Funds (and Wizards!) are Secure - an interesting “dead ringer” vulnerability and writeup in the Cheeze Wizards smart contract.
Research
- Blockchain Penetration Testing - Hacking the Vulnerable FumbleChain - an awesome writeup of solving the FumbleChain wargame.
- Eclipsing Ethereum Peers with False Friends - a research article exploiting Geth’s peer discovery mechanism to perform an eclipse attack.
- Smart Contract Attack Vectors - a repository of known smart contract attacks and vulnerabilities.
- OpenZeppelin Blockchains Study Group - an awesome project to document various blockchain security core topics such as a list of vulnerabilities in node software, classification of consensus mechanisms, common blockchain-specific attacks, and other related topics.
- Responding to 51% attacks in Casper FFG - the article discusses finality-reversion attack and how the upcoming PoS consensus mechanism will defend against it.