Security Monthly Report | 16 security incidents occurred in November, with losses of nearly US $ 56 million

Source: PeckShield

DApp ecology

A total of 5 DApp security incidents occurred in November, of which 3 occurred in the EOS ecology and 1 in the ETH and TRON ecology.

1) EOS DApp

The three security incidents in the EOS ecosystem are related to EIDOS mining. Specifically, due to the EIDOS mining boom, the CPU resource consumption of the EOSIO main network has entered a highly saturated state, and ordinary users cannot use the network at all.

Some hackers are also trying to steal CPU resources from DApps for mining.

On November 06, BigGame became the first DApp to be attacked. It is a DApp that pays CPU resources for players. Hackers hijacked transaction information between users and BigGame, and illegal operations were embedded in the transfer notification, so it was successful. Steal free CPU resources paid to users by BigGame until its CPU resources are exhausted.

At 3 am on November 07, another DApp game, BetHash, was also attacked in the same way. For most betting games, players will receive DApp game notifications after betting. At this time, hackers can control malicious programs to hijack the notifications to embed inline operations, and then perform attacks . Not only BetHash, but also some other gaming games including EOSBet, EOSMMM, Trust-Dice, WinPlay, etc. have also been attacked one after another .

The problem seems to be getting worse. At 3 am on November 11, the attack began to extend to the bidname short account auction of the EOSIO system, and even the CPU resources of the EOS system could be used without limit . If you want to bid on a short account, for example: baaa, you start to bid from 0.0001 EOS. When someone bids 10% higher, your bid will be returned. The hacker hijacked the transfer notification to carry out the attack during the return of the EOSIO system. Since the EOSIO system has an unlimited amount of CPU resources, hackers can continue to obtain CPU resources through attacks.

According to DAppTotal data, the EOS CPU congestion index for the last 7 days is 100%.

2) ETH DApp

One security incident in the ETH ecosystem was related to the Augur DApp in the DeFi market. Specifically: Augur is a prediction market protocol built on the Ethereum network.Offline Oracle will crawl multiple pieces of information and submit it to the chain. Malicious attackers deliberately post false information on social media such as Twitter, which affects Oracle data sources and manipulates predictions.

3) TRON DApp

One security incident in the TRON ecosystem is a common transaction rollback attack. PeckShield security personnel discovered that hackers starting with the TGiN78 address launched a transaction rollback attack on the contract starting with the TRON TR66FA address through a self-created contract, resulting in a total profit of 18,808 TRX.

PeckShield reviews: The above DApp ecological security events are basically caused by contract players. DApps should check whether the target account is a smart contract before receiving player tokens or sending notifications.

Exchange security

There were three exchange security incidents in November, two of which were related to hacking.

1) South Korean exchange Upbit 342,000 ETH was stolen with a total value of about 50 million USD;

2) The Vietnamese exchange VinDAX was hacked and lost at least $ 5 million in cryptocurrency;

3) A large number of email address leaks occurred on the BitMEX exchange.

At 12:04 on November 27, Beijing time, CoinHolmes, a digital asset visualization asset tracking platform owned by PeckShield, monitored that the Upbit exchange address continuously made large transfers to unknown wallets and Bittrex exchanges. One of them involved a transaction of 342,000 ETH. Anomalies may have been hacked. Later, the Upbit exchange issued an announcement admitting that their Ethereum hot wallet was stolen by 342,000 ETH. When they discovered that they had stolen, they quickly transferred other assets in the hot wallet to the cold wallet.

At 15:08 on November 28, CoinHolmes monitored the stolen ETH assets of the South Korean Upbit Exchange for the first time. Hackers starting with 0xa09871ae transferred stolen ETH to multiple addresses, and sent a small amount of ETH to Huobi. Binance And other exchange addresses.

A picture overview of the flow of stolen funds in Upbit Exchange:

PeckShield comment: Since this year, hackers have stolen hundreds of millions of dollars worth of tokens from various exchanges, such as the theft of exchanges such as Cryptopia, Binance, DragonEx, and Bitrue. PeckShield recommends that exchanges use a more secure defense system, keep their private keys well, and adopt mechanisms such as multi-signature defense.

Blackmail related

In November, there were five security incidents related to ransomware, among which several new types of ransomware appeared. For example, NextCry ransomware will use the PHP-fpm remote code execution vulnerability (CVE-2019-11043) to launch attacks and attempt to invade Linux servers.

PeckShield comment: For some suspicious websites and emails, users need to be careful to access, and at the same time to install timely patch patches issued by the operating system. Even if your computer is infected with ransomware, seek professional security personnel instead of paying for ransomware.

Phishing attacks and other security incidents

In addition to the above, there are other security incidents in November that are also worth watching:

1) The 1.4 million user account information of the encrypted wallet GateHub was stolen, including passwords, keys, and mnemonics;

2) The Monero CLI binary file is damaged, and users need to check the file integrity in time after downloading the file.

PeckShield Comments: Various types of security risks caused by lack of user security awareness and standardized operations have emerged endlessly, and various events such as phishing attacks and fraud are typical. It is reminded that users should carefully keep all kinds of private information, any small oversight may cause irreparable losses.