170 total views
In the past month, a total of 29 prominent security incidents occurred in the blockchain ecosystem, including 4 DeFi, 2 exchanges, and 15 frauds.
Original title: “PeckShield: A total of 29 security incidents occurred in October, with frequent occurrences of virtual currency investment fraud”
Written by: PeckShield
According to data from the PeckShield situational awareness platform, in the past month, 29 prominent security incidents occurred in the entire blockchain ecosystem, rated as “Advanced”, with 4 incidents involving DeFi, 3 wallet security incidents, and 2 exchange-related incidents. , 5 blackmail-related incidents, 15 fraud incidents, etc.
A total of 4 DeFi-related security incidents occurred in October, as follows:
1) On October 11, the WLEO contract of the Ethereum project was hacked, resulting in the theft of US$42,000 in funds. The hackers stolen Ethereum from the pool of the decentralized exchange Uniswap by casting WLEO to themselves and replacing it with Ethereum.
2) On October 26, a user discovered that the DeFi mining project Harvest.finance was used to achieve huge arbitrage by using the lightning loan function. Harvest’s official tweet explained that the arbitrage attack originated from a huge flash loan and manipulated the price of Curve y Pool many times to arbitrage the price difference between fUSDT and fUSDC to make profits.
3) Alex Manuskin, a researcher of the crypto wallet ZenGo, revealed that UniCats, a so-called “yield farming platform” based on the Ethereum network, is suspected of stealing at least $200,000 worth of encryption from several users, including Uniswap’s governance token UNI assets. A backdoor in the smart contract allows UniCats to retain control of user tokens even if these tokens have been withdrawn from the user pool. The previous attacks against Bancor also used similar vulnerabilities.
4) yearn.finance (YFI) disclosed a new lightning loan security vulnerability, which was reported by security researcher Wen-Ding Li through Year’s security vulnerability disclosure process on October 29. The team moved the vulnerability 1.5 hours later. except. According to the disclosure, the lightning loan attack may bring security risks to TUSD vault funds. At present, the problem has been fixed, and the TUSD vault has been stopped from deploying funds.
PeckShield Comments: As the functions of DeFi projects become more and more diverse, hidden security issues are gradually exposed. Given its close connection with user assets, the security issues of DeFi projects are very serious. Since each project is developed by different teams and has limited understanding of the design and implementation of their respective products, the integrated products are likely to encounter security problems during the interaction with third-party platforms, and then suffer from the enemy. PeckShield hereby suggests that before the DeFi project goes online, it should try to find a team that has in-depth research on the product design of DeFi to do a complete security audit to avoid potential security risks.
Digital wallet security
There were 3 wallet security incidents in October:
1) Ledger, a hardware wallet manufacturer, suffered a phishing attack. Some users received e-mails with phishing software, resulting in financial losses. The hacker attack may be related to the company’s user data breach in July 2020.
2) A ZDNet investigation revealed that hackers stole 22 million U.S. dollars from users of Bitcoin wallet Electrum by enticing users to install fake software updates. And this technique was highest in 2018. Since this attack was first discovered two years ago, the Electrum team has taken some measures to prevent this attack. But this attack still applies to users who use older versions of the application.
3) Recently, AlonGal, chief technology officer of cybercrime intelligence company HudsonRock, tweeted that on October 27, the EtherCrash cold wallet that claimed to be “Ethereum’s most mature and largest gambling game” was stolen, with a loss of approximately US$2.5 million, suspected to be internal What people do.
PeckShield Comments: As a tool for managing private keys, digital wallets are the closest place to encrypted assets. Although a cold wallet is an offline wallet disconnected from the network, it also has the risk of being physically attacked and stolen. For hot wallets such as web wallets, users should also beware of phishing, malicious code injection and other attack methods.
There were 2 exchange-related security incidents in October:
1) On October 16, OKEx issued the “Announcement on Suspension of Withdrawals” stating that some of the company’s private key persons are currently cooperating with the investigation by the public security organs, and they are currently in a state of disconnection and cannot complete authorization. Two sources close to OKEx said that it was OKEx’s founder Xu Mingxing who “cooperated with the public security investigation” in the announcement. One of them also said that Xu Mingxing had been taken away by the police at least a week ago and had not appeared in the work group for many days.
2) The imToken wallet user reported that accounts related to the DeFi Saver Exchange exchange vulnerability had flowed 310,000 DAI. As early as June 20 this year, DeFiSaver tweeted that a vulnerability in Exchange was discovered. In order to protect user funds, we carried out a white hacking attack to transfer the affected funds (about 30,000 USD) to a smart contract that only the original owner can withdraw.
PeckShield Comments: Hackers will launder money after stealing assets, no matter how complicated the process is, they will generally use the exchange as part of the cash channel. This undoubtedly raises requirements for the KYC and KYT businesses of major digital asset exchanges. Exchanges should strengthen the review of AML anti-money laundering and capital compliance.
There were 5 blackmail-related security incidents in October:
1) The Italian multinational energy giant Enel Group recently encountered a ransomware attack, and its computer network was infected with a Windows ransomware called NetWalker. It is reported that NetWalker hackers released screenshots of approximately 5 TB of stolen data and threatened to publish the first batch of data within a week, thereby forcing Enel Group to pay 1,234 bitcoins (about 16.8 million US dollars).
2) On October 28th, the confidential medical records of tens of thousands of patients receiving psychological treatment in Finland were hacked, and some of them were leaked online. The Finnish police revealed that there were records of hackers breaking into the private company Vastaamo, which operates 25 treatment centers across Finland. According to reports, thousands of people have lodged complaints with the police. Many patients reported that they received emails asking for 200 euros in bitcoin to prevent the content of their discussions with the therapists from being made public.
3) According to the news on October 14, recently, the country’s first Bitcoin ransomware developer giant was successfully captured by Nantong police in Jiangsu. The local police in Nantong City, Jiangsu Province reported that the suspect, Ju, as the producer of multiple Bitcoin ransomware, had successfully committed more than 100 crimes, and the illegally obtained Bitcoin was equivalent to more than RMB 5 million.
4) Recently, a ransomware attack hit the medical software company eResearchTechnology (ERT), which provides global pharmaceutical companies with tools to conduct clinical trials (including COVID-19 vaccine trials), which has targeted companies including Bristol-Myers Squibb, AstraZeneca, Pfizer, and Johnson & Johnson. Many new crown research projects carried out by the company have potential impacts.
5) The leaders of the Group of Seven (G7) nations on Tuesday warned of the global surge in ransomware attacks, saying that this hacking technique poses a threat to the critical infrastructure of the world’s major economies. Ransomware will sneak into and encrypt computer networks, and then ask victims to pay a ransom to unlock their files. The G7 statement warned: “Criminals often demand virtual assets to pay ransoms. This fact is particularly worrying.” EU leaders said that “virtual assets” are a way for hackers to launder money. The statement called on more countries to implement the Financial Action Task Force (FATF) virtual asset protection measures.
PeckShield Comments: Blackmail security incidents have always been a major hidden danger affecting the entire Internet ecology, not limited to the blockchain ecology. Moreover, after the gradual popularity of cryptocurrencies in the blockchain field, criminals often use the better anonymity of cryptocurrencies such as Bitcoin for blackmail fraud.
Other fraud incidents
In addition to the above, a number of fraudulent runaway incidents occurred in October that are worthy of vigilance, such as:
1) Kusunose users posted on Google forums that they had lost $15,000 due to crypto scams found in Google ads. Allegedly, the suspicious website named Coindaq.io tried to use the digital renminbi that China is studying, claiming that users can deposit funds on the platform to participate in the sale of digital renminbi. The victim expressed the hope that Google can investigate the matter and establish a webpage targeted at the alleged fraud.
2) The Guangzhou Public Security Bureau announced that on October 3, citizen Ms. Pan went to the Yunpu Police Station to report the case, saying that she met a “netizen” in September, and was then induced to download a fake APP in the name of investing in digital currency. A total of RMB 2.32 million has been invested successively, and it is currently unable to withdraw cash. Huangpu Public Security urgently reminded that they should treat the digital currency rationally, and report to the police as soon as there is any doubt or if they have been cheated.
3) Recently, Lin, a resident of Furong District, Changsha, reported to the police that more than 3.2 million yuan was defrauded of investing in digital currency. It is reported that Lin downloaded an app called “AOC” through a URL link sent by a “teacher” in a WeChat group and registered an account. Lin Mou gave the other party 13 different bank accounts to transfer a total of more than 3,273,900 yuan in 25 times. A few days later, the App showed that the digital currency he purchased plummeted by 80%. When Lin called the police, the app could not be logged in, and the WeChat account of “Teacher” had been blocked and lost contact. The case is currently under investigation.
4) Recently, a user suffered a phishing attack while visiting the Curve exchange website, and lost 20 Bitcoins. It is reported that the fraud group used the Google advertising system to purchase Google search ads, pretending to be the Curve exchange for fraudulent advertising. Due to Google’s new advertising program, ads are usually displayed in the first place in search, which has caused many users to be deceived. The Maintenance Reduction Security Lab recommends that users stay vigilant, carefully identify the source of the message, and carefully identify the domain name to avoid asset loss.
5) On October 12, Marius, the developer of Geth, the Ethereum client, tweeted that email phishing occurred in the development community of Ethereum, specifically a website named get-eth.com, which showed that it was available for download The latest Ethereum Geth client. The download URL of the geth client is geth.ethereum.org, or download directly on github.
6) CoinGecko, a cryptocurrency data company, announced through Twitter that it has encountered a DDOS attack and temporarily strengthened security measures. Currently, CoinGecko is closely monitoring the development of the situation. The official is working hard to repair it, hoping to resume operation quickly.
7) The Xuzhou Public Security Bureau recently successfully detected a “CDBC digital currency” fraud case involving the unfreezing of large national assets, arrested 16 criminal suspects, seized more than 60 computers, mobile phones, and bank cards, and frozen more than 1.5 million yuan of funds involved in the case. The record of internal investigation and handling of such cases with the largest number of arrests at one time. It is reported that the group claimed that the “CDBC digital currency” was the first batch of digital currencies issued by the central bank, 100 yuan per order, each person restricted 7 orders, in the future will be 100 times, 1000 times; at present, all 16 suspects have been transferred to prosecution The agency prosecuted.
8) A few days ago, the police in Huanghua, Hebei succeeded in destroying an inter-provincial telecommunications fraud criminal group and arrested 3 criminal suspects, involving more than 1.2 million yuan. It is reported that the criminal group used an investment app to use virtual currency to buy and sell electronic pets to commit fraud
9) Paxful, the P2P Bitcoin market, successfully defended against a series of serious threats within two months, including 220,000 cyber robot attacks and various social engineering strategies. Paxful stated that the attackers tried to use automated robots to violently break into the accounts of users of the project. Paxful said that, according to reports, about a quarter of the world’s network traffic is generated by robots, which are actually programs that simulate the actions of real devices.
10) According to the indictment issued by the US prosecutor on Monday, Russian national cyber hackers used Bitcoin to conceal their connections to the “infrastructure” of critical hacking activities, such as servers and domain names. The lawsuit mentions six members of the Russian national hacker team who allegedly used Russian military unit 7445 to attack companies, the military, the government, and thousands of victims of the 2018 Winter Olympics. Prosecutors also claimed that they were responsible for the disastrous “NotPetya” malware attack in 2017, which caused billions of dollars in damage.
11) The Pudong police successfully destroyed a virtual currency investment fraud den and arrested 22 criminal suspects. The case involved 7.9 million yuan. It is reported that the “HASTE” virtual currency trading platform involved was developed and maintained by technical personnel of a technology company founded by the criminal suspect Wu, and the use rights were sold to overseas personnel. The platform can directly change the user’s virtual currency quota on the platform at will, and simulate and control the currency exchange rate trend through the manipulator “robot”.
12) Recently, some third parties unrelated to AAX or not authorized by AAX have tried to fake AAX customer service through email, WeChat, and telegram, and spread false associations pretending to be AAX online to attempt fraud.
13) A source from the Spanish National Police said that Santiago Fuentes, the CEO of Arbistar 2.0, was finally captured and detained by the police in the Tenerife region of southern Spain on October 22. Fuentes is accused of defrauding nearly 32,000 investors in a Bitcoin Ponzi scheme, valued at nearly 850 million euros (about 1 billion US dollars).
14) According to the indictment issued by the US prosecutor on Monday, Russian national cyber hackers used Bitcoin to cover up their connections with key hacker activities such as servers and domain names. The lawsuit mentions six members of the Russian national hacker team who allegedly used the Russian military unit 7445 to attack thousands of victims of companies, the military, political movements, the government, and the 2018 Winter Olympics.
15) A doppelganger scam appeared in Yearn. Finance to trick visitors into sharing the private key of their cryptocurrency wallet. The scam website can copy almost all aspects of the original yearn.finance website, including its design, website copy and even the domain name.
PeckShield Comments: Various security risks caused by users’ lack of security awareness and standardized operation have been emerging in an endless stream. Various incidents such as phishing attacks and fraud are typical. Here is a reminder that users should keep all types of private information carefully, and any small negligence may cause irreparable losses.