There were a number of interesting vulnerability reports in various blockchains and smart contracts this week. Check out the detailed incident report on a 30k EOS theft which also caused major EOS network outages. U.S. Treasury published a sanctions report targeting several North Korean actors well known for their hacks of cryptocurrency exchanges.

News

• Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups - OFAC sanctions targeting several North Korean actors targeting SWIFT messaging system, financial institutions, and cryptocurrency exchanges. Three actors were named in the news release: Lazarus Group, Bluenoroff, and Andariel.

Hacks

• EOS congestion 9/13/2019 and EOSPlay hack - a detailed incident report on the RNG hack of EOSPlay which resulted in 30,000 EOS (about $120k) theft and major network outages. The vulnerable contract used EOS blockchain itself as a source of entropy which is not sufficient.
  
  Indicators:
  
  Attacker’s EOS accounts:
  mumachayinmm
  gotoworkhome
  mumachayi…