Skip to main content

The 2020 Year in Review: Major Blockchain or Cryptocurrency Accidents

If 2019 can be summed up as a wild journey, then 2020 will be totally unreasonable.

Cryptocurrency Accidents
Let's review these events in more depth to see what happened and how we can learn from them as an industry.

The following is a list of major security incidents in 2020. However, we will not list all the accidents one by one because there are too many.

Cryptocurrency Accidents
The first quarter of 2020:

Story: Cryptocurrency exchange Poloniex issues a password reset warning.

Summary: Poloniex issued a PSA statement regarding their email in late December 2019, stating that after posting a list of email addresses and passwords on a tweet, some users were forced to reset their passwords.

Story: YouTube account hijacked for cryptocurrency fraud.

Summary: Although this is not a new method of fraud, more and more people are using pre-recorded encrypted currency incident clips to hijack YouTube accounts and broadcast fake cryptocurrency coupons.

Story: After a $50 million hack, Upbit upgraded the security of its ETH wallet.

Summary: A South Korean exchange publicly stated that in November 2019, their hot wallet was stolen and 342,000 ETH (worth approximately US$50 million) was stolen.

Story: Teenagers accused of $50 million in fraud by blockchain experts.

Summary: Although many people think that using SMS 2FA on their accounts will make them more secure, SIM-Swapping is still a real threat in this industry. A teenager took advantage of this fact and netted $50 million from various entities. The 18-year-old man was arrested and faces multiple criminal charges.

Story: After the wallet was hacked, the IOTA cryptocurrency shut down the entire network.

Summary: IOTA shut down their network for a long time because hackers exploited a vulnerability in the official IOTA wallet (Trinity) application to steal users' funds.

Story: High-risk business: #DeFi and the growth story of Ethereum.

Summary: Taylor Monahan, the founder of MyCrypto, transcribed her speech on Defi and related risks at ETHDenver 2020. Taylor discussed potential pitfalls, previous attacks, what we learned and what we didn't learn from past mistakes, and what we can do to improve the room.

Story: Does the BZx flash loan attack herald the end of Defi?

Summary: A popular Defi protocol suffered two attacks in a short period of time through two flash loan vulnerabilities. Lost 1193 ETH in the first round and 2378 ETH at the end of the second round.

Cryptocurrency Accidents

The second quarter of 2020:

Story: Hackers used vulnerabilities in the decentralized Bitcoin exchange Bisq to steal $250,000.

Summary: After Bisq discovered that the attackers used the software to steal funds from users, they took "unprecedented" measures and stopped the transaction. According to reports, the attackers stole 3 BTC and 4000 XMR.

Story: Found fake browser extensions for targeted users such as Ledger, Trezor, MEW, Metamask, etc.

Summary: MyCrypto and PhishFort published a research report that targeted cryptocurrency users by using Google ads to push malicious browser extensions that imitated well-known brands.

Story: Etherscan launches "ETH Protect" to identify and mark tainted ETH addresses.

Summary: One of the most commonly used blockchain explorers-Etherscan has launched a product that provides users with more information about addresses (pollution analysis) and quickly shows whether they have received cryptocurrency from a known wrong address.

Story: dForce lost $25 million in Defi smart contract vulnerability.

Summary: The loan agreement dForce, which is considered to be a compound branch with modified code, has been attacked similarly to the Uniswap liquid pool. The attack used a standard on the imBTC contract.

Story: "evil genius" teenager accused of stealing millions of cryptocurrencies.

Summary: A high-profile SIM exchange complaint submitted by Michael Terpin was published. At the time of the attack, one of the main criminals accused was only 15 years old. He was suspected of exchanging with multiple people and stole more than 23 million U.S. dollars.

Story: Supercomputers across Europe were hacked to mine cryptocurrency.

Summary: Multiple supercomputers in the United Kingdom, Germany, and Switzerland were infected with malicious cryptocurrency mining software. They used cracked SSH logins to mine Monero, a cryptocurrency that emphasizes privacy protection.

Cryptocurrency Accidents
The third quarter of 2020:

Story: Post-mortem analysis of the Twitter hacking incident.

Summary: On July 15, 2020, a large-scale account takeover campaign took place on Twitter, which included the use of certified political accounts to promote "trust transactions"/prepaid bitcoin scams. In total, "only" about $150,000 was stolen, which is a bit insignificant relative to the widespread exposure that bad guys have obtained from the accounts they have obtained.

Story: Working with Binance to return the stolen $10,000 cryptocurrency to the victim.

Summary: We (MyCrypto) are studying more phishing activities and have discovered another open port to a server used by criminals. Once again, we mingled between their phishing front-end and the communication channels of the criminals to clean up those phished assets so that they would not fall into the bad guys' pockets.

Story: Do these 10 things well and say goodbye to losing coins.

Summary: MyCrypto published a short ten-step best practice, introducing best practices and clear action items on how to protect cryptocurrency assets and related accounts. We used our extensive knowledge of how cryptocurrencies were stolen and compiled an actionable list.

Story: Hackers obtained $16 million worth of Bitcoin through a Bitcoin wallet attack.

Summary: A user did not install a critical security update on their Electrum wallet, and thus became a victim of an (old) attack, resulting in the loss of 1,400 BTC. The user was tricked into connecting to a malicious Electrum server, which allowed the rich text to pop up on an error. The error returned prompts users to update their Electrum software, but it links them to download malware.

Story: Escape from the Dark Forest.

Summary: Samczsun (and his companions) successfully saved $9.6 million from a flawed contract in a white hat operation. This story is interesting because Samczsun explained how they defeated the grab-run robot. They privately sent the signed transaction directly to the miners instead of broadcasting it to the transaction pool.

Story: KuCoin, a cryptocurrency exchange, was hacked and lost more than $280 million.

Summary: KuCoin, a popular Asian exchange, had their hot wallet stolen and was warned of a large number of Bitcoin and Ethereum withdrawals. KuCoin is investigating with international law enforcement agencies, and the exchange promised to use its insurance fund to cover all losses in customer funds.

Cryptocurrency Accidents
The fourth quarter of 2020:

Story: Cryptocurrency exchange Liquid confirms hacking.

Summary: Liquid confirmed that their domain name and email account have been compromised. The exchange believes that hackers may have obtained personal information, including email addresses, names, shipping addresses, and encrypted passwords.

Story: Hackers use GoDaddy employees to hack into encrypted websites Liquid and NiceHash.

Summary: A public report stated that there are conclusive data indicating that NiceHash and Liquid have been violated by its service provider GoDaddy.

Story: Tugou smart contract takes away 10.8 million U.S. dollars.

Summary: The smart contract of a liquid mining protocol (a copy of Harvest and Yearfinance) has a hidden back door that allows developers to directly withdraw the BTC, ETH, and DAI in the contract.

Story: After being hacked, Ledger added Bitcoin bounty and new data security.

Summary: Ledger claims that the most recent data dump for their customers came from a rogue agent, Shopify. Matt Johnson, Ledger's new chief information security officer, has developed new procedures and policies to prevent future data leakage and announced a 10 BTC reward for any information that led to the hacker's arrest.

Story: Cryptocurrency exchange EXMO claims that 5% of total assets have been stolen.

Summary: EXMO found suspicious behavior in their hot wallet and suspended withdrawals for investigation. The conclusion is that their cold wallets were not affected, but 5% of their hot wallets were stolen.

The goal for 2021 is the same as our goal for 2020: let us do better.

Comments

Popular posts from this blog

How to repair ASIC miner hash board

How to repair ASIC miner hash board Important parts of ASIC miners – Hash board One  ASIC miner consists of 3 to 5 Hash board, a control board, a casing, and software, among which the Hash board are easiest  to broken. because the ASIC bitcoin miner hash board consists of many serially connected ASIC chips. When they work, they will be in a high-temperature environment for a long time. In this environment, it is easy to burn the chip or scatter the solder due to high temperature which makes the hash board or the mining machine unable to work and no hash rate. How to quickly detective which chips broken it’s the most important when we repairing ASIC miners The Antminer chips fixture fast efficient and easy to use Bitmain Antminer repair inspection tool The ASIC bitcoin miner hash board consists of many serially connected ASIC chips. When they work, they will be in a high-temperature environment for a long time. In this environment, it is easy to burn the chip or scatter the solder du

Antminer APW9 and APW9+ Power Supply Repair Guide

Antminer APW9 and APW9+ Power Supply Repair Guide Apw9 Apw9+ is a high-power PSU with 2 single-phase AC inputs and 2   DC outputs. 1: 14.5v-21v voltage adjustable output, maximum current 170A 2: 12v voltage fixed output, maximum current 12A The circuit board layout is mainly divided into: 1A - The first AC input and EMI circuit 1B - PFC and MOS circuit 1C - 12V auxiliary circuit and VCC circuit 2A -  2nd AC input and EMI circuit 2B - PFC and MOS circuit 2C - 12V auxiliary circuit and VCC circuit 2D - 12V output port and PIC communication port   The vulnerable parts of PSU are: fuse, MOS, rectifier bridge A more detailed circuit diagram is provided in the document for  Reference See more details here  Antminer manuals and repair guide

How to repair antminer T17 Hashboard and repair guide manual download

How to repair antminer T17 Hashboard and repair guide manual download This version contains the basic circuit schematic diagram and chip signal direction and voltage introduction We currently publish in Chinese and the English version will be released soon Basic overview: Antminer T17 single hash board uses a total of 30 hash chips, the model is "BM1397", and the signal direction is sequentially transmitted from U1 to U30. Signal direction: "CLK / CO / BO / RST", transferred from U1 to U30, "RI" is transferred from U30 to U1 It also passes 5 test points for testing and maintenance The five test points are: CLK-CO-RI-BO-RST (Please note: The location of the test points in different voltage domains are also different, please refer to the picture notes) For notes and instructions on the test points, please see the following articles: The whole board has 30 chips, divided into 10 voltage domains, and each voltage domain contains 3 chips For the description of