BlockThreat - Week 46, 2019
FSB | SIM | Pemex | Bitcoin | SFBW
This week BBC dropped a bomb with its investigative report linking known bad actors BTC-e (involved in 2016 election fraud) and Wex exchanges with Russian FSB service. A buffer overflow vulnerability was patched in Bitcoin node software, Ethereum opcode cost instability raises reentrancy concerns, and a dump of SFBW ‘19 videos are all featured in this week of blockchain threat intelligence.
Crime
- Russia’s FSB Linked to $450M Bitcoin Disappearance - a fascinating article on the history of BTC-e and Wex exchanges, their takedown by FBI, arrests of their administrators, and how $450 million worth of cryptocurrencies from these exchanges ended up in the hands of FSB. The article is based on the original investigative report by BBC Russia.
- Thieves targeted crypto execs and threatened their families in wide-ranging scheme, says DOJ - indictments against two individuals using technical (SIM-swapping) and non-technical harassment to steam or attempt to steal $550,000 in cryptocurrency.
- Hackers demand $5 million from Mexico's Pemex in cyberattack - a 565 BTC ($5 million) ransom was posted after company’s computers were infected with DoppelPaymer malware.
Research
- The Middleman Is Dead, Long Live the Middleman: The “Trust Factor” and the Psycho-Social Implications of Blockchain - a paper on trust in decentralized blockchain systems.
- Reentrancy After Istanbul - a research article on the effects of opcode repricing may have contracts where Gas increases may allow for successful reentrancy attacks in the fallback function.
- Securing Lightning Nodes - a great overview of possible attacks on the Lightning nodes and how to protect yourself against them.
Vulnerabilities
- [bitcoin-dev] CVE-2017-18350 disclosure - a buffer overflow vulnerability in SOCKS5 protocol handling in the Bitcoin Core node software.
Media
- SFBW 2019 Videos - videos from San Francisco Blockchain Week were posted including a number of blockchain security talks such as TxProbe Discovering Bitcoin’s Network Topology.
Did you enjoy this week’s edition? Have blockchain security related news to share or just a suggestion? Great, drop a line to iphelix [at] blockthreat.net. Thanks!