BlockThreat - Week 47, 2019

Monero | Gatehub | EIDOS

26 Jan 2020 • 1 min read

China central bank’s Shanghai unit officially announces to crack down on crypto exchanges - People’s Bank of China (PBoC) regulatory enforcement action targeting cryptocurrency companies in Shanghai.

Monero download site and binaries compromised - report on the backdoor Monero wallet binaries downloaded from the project’s Github page. The compromise was first reported on Github when a user observed release binaries not matching.
Password data for ~2.2 million users of currency and gaming sites dumped online - a large data dump from Gatehub and RuneScape compromises
Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies - a bug bounty was announced that would pay hacktivists in crypto to target financial institutions.

Roughly $400 million of Ripple tokens tied to illegal activity - a blockchain analytics company, Elliptic, report on criminals starting to use XRP for illegal activities such as scams, Ponzi schemes, thefts, and some stolen credit card trading activity.

Operation BlockChain Gang; Advanced Exploits, Commodity Tools - a detailed profile into a new threat actor called HydSeven. It is unique in its use of highly targeted speak-phishing combined with the use of commodity malware such as NetWire. The actor was involved in the earlier report of the 0day attack targeting Coinbase.
How Ransomware Attacks - a threat profile of eleven ransomware families diving into their operation, file system and network activity.
Update to X86 XMR crypto mining blog post - an update to a previous Akamai report discussing an additional attack script used to scan and infect hosts passed by the C2 server.

Breaking Mimblewimble’s Privacy Model - a report of a flaw in Grin’s Dandelion protocol which may allow user deanonymization by setting up a number of sniffer nodes. However, the Mimblewimble team has responded with the analysis of the report by calling it factually inaccurate.
Prevent protocol stall from inconsistent LogicSig validity - Algorand fixed a DoS bug in its transaction validation logic.

What are the Actual Flaws in Important Smart Contracts (and How Can We Find Them)? - analysis of security findings from a large data set of smart contract security audits performed by Trail of Bits.
Kudelski Security audit of Solana architecture - an in-depth architectural assessment of Solana cryptocurrency.
EIDOS Airdrop Stifles the Liveness of EOSIO Network - an analysis of the network outages caused by the EIDOS airdrop.

Sign up for more like this.