This week brought us another series of DeFi hacks and scams resulting in the theft of more than $2.2M worth of tokens. Exchange hacks continue the trend of attackers targeting PII data, U.S. government knocked out another major malware actor, cryptomining malware is on the rise. This week also features a must-read CipherTrace report on cryptocurrency crime and a number of research articles on DeFi security.

On a more positive note, checkout my latest project called OpenBlockSec which aims to create a series of curated lists on security of smart contracts, blockchains, exchanges, and other related topics. The first list in the series documents all known blocksec CTF competitions and writeups. On this note, Paradigm CTF kicks off this Friday, which should be a fantastic opportunity to learn!

Let’s dive into the news, but first a note from friends and sponsors at Halborn:

Halborn is an award-winning, enterprise grade cybersecurity advisory firm working with some of the best in blockchain and DeFi including Blockfi, Bancor, Ava Labs and many more. We offer Security Advisory as a service, Advanced Penetration Testing, Smart Contract Auditing, Key Management and DevOps.

Follow on Twitter
We’re Hiring!

Hacks

• On January 21, 2021 BuyUcoin exchange released a statement about an incident from mid-2020 which resulted in the recent leak of up to 325K user PII on a hacking forum by ShinyHunters group. Stolen data included email addresses, password hashes, phone numbers, and Google sign-in tokens.

• On January 27, 2021 SushiSwap DeFi misconfiguration was exploited to manipulate the exchange price of a DIGG-WETH pair which netted an attacker 81 ETH ($100K) profit.

Scams

• PopcornSwap Defi project on Binance Smart Chain performed an exit scam to steal $2M worth of BNB tokens.

• Reports of refi.finance exit scamming by calling a superuser function to change treasury boardroom implementation to steal 2600 BAS ($144K).

Crime

• CipherTrace’s 2020 Cryptocurrency Crime and Anti-Money Laundering Report is a must-read report of hacks, scams, law enforcement actions, and other events in the cryptocurrency space. The report also identifies future trends such as DeFi being the next major source of hacks and scams in 2021.

• NetWalker Ransomware Suspect Charged in an international law enforcement action. A Chainalysis report provides additional details on the cryptocurrency funds movement to the actors behind this malware strain.

• Passive Income of Cyber Criminals: Dissecting Bitcoin Multiplier Scam explores variations on the common cryptocurrency scam including fake chat bots, Google Ads, and even a bitcoin hacking simulator.

Malware

• FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts details reverse engineering of a cryptominer called macOS.OSAMiner.

• Dovecat malware targets QNAP devices to install a cryptominer. A malware analysis report by Matthew Ruffell offers an interesting look at the malware operation and its mining patterns.

• Zscaler report on Dreambus malware which includes an arsenal of exploits, and bruteforcers to autonomously infect vulnerable hosts to install Monero miners.

Training

• A new course from SANS on Blockchain and Smart Contract Security taught by Steven Walbroehl.

Research

• (Almost) Everything you need to know about Optimistic Rollup by Georgios Konstantopoulos discusses a new Ethereum scalability solution including its security implications.

• SoK: Decentralized Finance (DeFi) provides a systematic overview of DeFi platforms and their security risks.

• DeFi In & Out Part 1: Flash loan attack explained by Quillhash

• DeFi In & Out Part 2: Impermanent losses explained by Quillhash

• Bitcoin Miner Transaction Fee Gathering Capability post by BitMEX Research on simulating and detecting transaction censorship.

Tools

• EVM Assembly Utilities - utility classes and functions for working with EVM (Ethereum Virual Machine) forks and their opcodes.

Help support BlockThreat!

Over the past two years, BlockThreat has gained hundreds of followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Stay informed, stay healthy, bet crypto, and see you next week!

- Peter Kacherginsky (iphelix)