Last Week In Blockchain and CyberSecurity News - March 5, 2019
Hacker Steals $7.7 Million In EOS Cryptocurrency After Blacklist Snafu
On Saturday, February 23, EOS42, a web-based community of EOS cryptocurrency owners disclosed a hack via a Telegram public post. Reportedly, the hack occurred when a new EOS block producer named “game.eos” failed to update the blacklist for EOS mainnet accounts. The blacklist is a feature of the EOS blockchain which requires block producers to identify and update a list of compromised accounts. For the feature to work, a block producer needs to blacklist all top 21 BPs. If only one top 21 BP does not have an updated blacklist, hacked accounts are vulnerable to being emptied," said the EOS42 team in a Medium blog post. The procedure was put in place to prevent hackers from stealing funds, but as seen in the incident, it did not work as intended. EOS42 further explained the “scenario played out [during the hack] is when a newly rotated top 21 BP [fails] to apply the blacklist.” As “games.eos” did not update the blacklist for the EOS mainnet accounts, an anonymous hacker was able to move 2.09 million EOS($7.7 million) from a frozen hacked account to several wallets at various cryptocurrency exchanges.
Read more here.
Hacked Exchange Cryptopia Discloses Estimate of Stolen Crypto
In the past month, we have been following the Cryptopia exchange hack that took the exchange offline, stating they had experienced a “security breach which resulted in significant losses.” The exchange did not provide much information on what specifically occurred as the New Zealand Police were going to conduct an investigation. Blockchain data analytic firms have estimated as much as $16 million was stolen in Ethereum and ERC-20 tokens from the exchange, but no official estimate was given until last week. In a series of tweets, Cryptopia stated that they “are continuing to work on assessing the impact incurred as a result of the hack in January. Currently, [they] have calculated that worst case 9.4% of [their] total holdings was stolen.” Although this statement does not provide an actual monetary amount, 9.4% is still a large chunk of their total holdings. Cryptopia also states they are securing all wallets individually and that the exchange will be reopened “as read-only” by Match 4th.
Read more about Cryptopia here.
Cryptocurrency Miners Exploit Latest Drupal Flaw
Read more about the vulnerability here.
Google Chrome Bug Used In The Wild To Collect User Data Via PDF Files
An exploit detection service named EdgeSpot claims it has discovered a vulnerability that allows attackers to collect data from users who open PDF files inside of Chrome’s built-in PDF viewer. EdgeSpot stated the PDF documents would contact a remote domain with information on the users' device --such as IP address, OS version, Chrome version, and the path of the PDF file on the user's computer. The researchers stated no suspicious activity occurred when PDFs were opened using other PDF readers such as Adobe reader, but outbound traffic is detected when they are opened with Chrome. Collecting these types of data on users who open PDF files can aid attackers in their future endeavors. Security expert Patrick Wardle analyzed the PDFs and stated that the issue lies in Chrome not alerting users when a PDF submits data to a remote server, which can then allow this type of tracking. He believes this should not be classified as a “zero-day.” The exploit detection service notified Google about this vulnerability and are now promised a fix by the end of April. EdgeSpot recommends to use a different PDF viewer, or disable your internet while opening PDFS in Chrome.
Get more information here.
Coinhive In-Browser Cryptomining Service Shuts Down on March 8
Read more about Coinhive here.