#RSAC
SESSION ID: TFA-F02
HACKING THE BLOCKCHAIN INDUSTRY PROJECTS
Aleksandr Lazarenko Technical Director for Blockchain Security Projects Group-IB Is it worth knowing anything about blockchain for hacking purposes? Rise of the Blockchain Crime Blockchain crime growth #RSAC
12 10 8 6 4 2 0 2011 2012 2013 2014 2015 2016 2017
�4 The only thing hackers need to steal is
… #RSAC
The Private Key
E9873D79C6D87DC0FB6A577…
�5 How you can store private keys? #RSAC
Hot storage Cold storage
E9873D79C6D87DC0FB6A577… E9873D79C6D87DC0FB6A577…
�6 Hot/cold storage distribution #RSAC
Typical storage structure in blockchain project escrow 80 / 20 Cold storage Hot storage
�7 New type of hackers Reasons to Hack Blockchain Companies #RSAC
Big, anonymous, 16+ fast money Bugs
Teams Low security As easy as a pie* Almost ready } for laundering... Same passwords �9 Attack types used against blockchain projects #RSAC
Malware Source code vuln. Exploitation Phishing
Blockchain attack Credentials reuse Domain hijacking Insider attacks
�10 Blockchain projects categories #RSAC
Exchange Wallet Cryptocurrency ICO
Mining Equipment Mining Pools Platforms People
�11 #RSAC
BLOCKCHAIN SPECIFIC ATTACKS Blockchain specific attacks #RSAC
Smart contract vulnerabilities Double spending attacks Eclipse attacks Race attacks Selfish mining attacks
�13 51% attack #RSAC
Alice -> Bob: 10BTC
Bob -> Charly: 2BTC > 51% Bob -> Hak#)x: 2BTC
Attacker should Attacker can Attacker can alter the control more than half generate blocks history and pay with of the network hash faster than the rest of the same bitcoins rate the network twice
�14 51% attack in the wild #RSAC
Krypton Shift Bitcoin Gold GHash (Mining Pool) Verge Cryptocurrency (XVG)
�15 Smart contract vulnerabilities * #RSAC
Level Cause of vulnerability Solidity Call to the unknown Gasless send Exception disorders Type casts Reentrancy Keeping secrets EVM Immutable bugs Ether lost in transfer Blockchain Unpredictable state Generating randomness Time constraints
* N.Atzei, M.Bartoletti, T.Cimoli. A survey of attacks on Ethereum smart contracts The DAO #RSAC
Developed by slock.it team
No human VC firm Investors make decisions via smart contracts There is an opportunity to split the organisation
27 day crowdsale
11 500 000 ETH
�17 The DAO #RSAC
Recursive 12th of June call bug “no DAO funds at risk”, said developer
Function Split proposal = reward + update Weakness For solving disagreements
Problem The problematic code wasn’t audited
�18 The DAO #RSAC The attack started by Saturday, 18th June The attacker creates a split proposal loop Reward + no update + reward + no update The attacker Drained more than 3.6M ether into a “child DAO” Stopped voluntarily
�19 Transaction malleability #RSAC What can the adversary do?
Mauled T
Transaction T
Miners
�20 Mt.Gox #RSAC
Transaction malleability (TM)? 850 000 BTC Lost Research: only 386 bitcoins with TM*
* [Decker and Wattenhofer, ESORICS 2014]
�21 Blockchain attacks stats #RSAC
Attacks Profit
Krypton & Shift: 21 465 KR 21 465 KR Mt.Gox: 740 000 (386) BTC 386 BTC The DAO: 3 600 000 ETH 3.6M ETH Verge cryptocurrency: 35M XVG 35M XVG
�22 #RSAC
CREDENTIALS REUSE Bitcoinica (Exchange) #RSAC 1st incident 2nd incident
Website Password Comment LastPass >N}Y2'c4L9a$XqU} Mt.Gox API key :) b76f5f3b5297e42d4cb909ea4e2b5360: l@st_pass d8578edf8458ce06fbc5bb76a58c5ca4: qwerty 5f4dcc3b5aa765d61d8327deb882cf99: password eeafbf4d9b3957b139da7b7f2e7f2d4a: mama 0ac6cd34e2fac333bf0ee3cd06bdcf96: papa
�24 Credentials reuse (stats) #RSAC Attacks
Bitcoinica: 40 000 BTC Profit Bter: 7170 BTC CoinDash: 43 438 ETH 51 270 BTC Enigma: 1 492 ETH 44 930 ETH Cointerra: undefined Steemit: 80 000 Steem dollars 80 000 Steem inputs.io: 4 100 BTC
�25 #RSAC
INSIDER ATTACKS Bit LC (Exchange) #RSAC
Founder Founder drained cold wallet Founder disappeared
2 000 BTC
�27 Mintpal (Exchange) #RSAC
Took funds from cold wallet Sold himself in LocalBitcoins
3 700 BTC �28 796 (Exchange) #RSAC
Malicious update [new withdrawal address]
1 000 BTC
�29 Insider attacks (stats) #RSAC
Attacks Profit Bitfinex: 120 000 BTC Mintpal: 3 700 BTC 796: 1 000 BTC 133 650 BTC CryptoRush: 950 BTC PicoStocks: 6 000 BTC Bit LC: 2 000 BTC
�30 #RSAC
MALWARE MEETS BLOCKCHAIN Shapeshift #RSAC How was it? Amount 3 incidents stolen 2 weeks 5800 2 migrations BTC hot wallet drained 469 ETH hot wallet drained
�32 Shapeshift (1) #RSAC System administrator Achievements unlocked
Sell backdoor
BTC hot wallet Emptied BTC hot wallet Installed a backdoor Sold a backdoor to hacker
Developer
�33 Shapeshift (2) #RSAC
New hosting Same backdoor works again Admin to trash
�34 Shapeshift (3) #RSAC
New hosting again
Same backdoor works again and again
�35 Malware (stats) #RSAC
Attacks Profit ShapeShift: 496 BTC + 5800 ETH exco.in: 2 000 BTC Cryptsy: 13 000 BTC 39 285 BTC Yapizon: 3 816 BTC 5 800 ETH Allinvain: 20 000 BTC
�36 #RSAC
PHISHING
ICO phishing cases #RSAC
56% of money lost in ICO was due to phishing scams Chainanalysis, H2 2016 - H1 2017
$115+ Million was lost to ICO phishing scams Chainanalysis, H2 2016 - H1 2017
$1 Million monthly profit of an average phishing group Group-IB, 2017
�40 ICO phishing statistics #RSAC
Top 10 blockchain projects by phishing websites
20 18 16 14 > 2.5K 12 phishing websites 10 8 6 > 2.2K 4 MyEtherWallet 2 0
Tzer o Bittrex Storm Envion Raiden SirinLabs EtherDelta OmiseGO Shapeshift Quantstamp
�41 #RSAC
SOURCE CODE VULNERABILITIES BitFloor #RSAC
During the manual I’ve found an upgrade I transferred data unencrypted into an unencrypted partition… backup of private keys :)
wallet1.dat
wallet2.dat 24 000 BTC wallet3.dat
�43 Linode (Cloud hosting) #RSAC
Mining pools Trading websites Wallets
�44 Linode (Cloud hosting) #RSAC
Attackers obtained customer support privileges And found user accounts with BTC wallets
�45 Linode (Cloud hosting) #RSAC
Reboot the machines and change root passwords
Log in via Linode manager
46 653 BTC
�46 Parity Wallet (numerous ICOs affected) #RSAC
Technical details on Parity Wallet
Store money like user accounts Wallet is a Solidity smart contract Provides additional functionality on top of user accounts
�47 Parity Wallet #RSAC
Multi-Signature Wallets
\ Requires multiple approvals to withdraw Useful for multi-factor authentication
�48 Parity Wallet #RSAC
Anamnes
Every multi-signature wallet deployed by users relied on the library contract Anonymous user gained control over the library contract The library contract was turned down to be the contract of a single user
�49 Parity Wallet #RSAC
Attacker
After gaining ownership attacker destroyed the contract All the funds stored in the wallets were no longer withdrawable 50 000 000 USD frozen
�50 Parity Wallet #RSAC
Polkadot: 306,276 ETH ($93.1m) Fluence: 1,376 ETH ($418k) ICONOMI: 114,939 ETH ($34.9m) Live Stars: 672 ETH ($204k) Centrality: 21,704 ETH ($6.6m) IMMLA: 600 ETH ($182k) Musiconomi: 16,476 ETH ($5m) Silent Notary: 286 ETH ($87k) Hedge Token: 4,525 ETH ($1.4m) Mirocana: 285 ETH ($87k) Moeda: 4,361 ETH ($1.3m) DAO.Casino: 150 ETH ($46k) Wysker: 1,577 ETH ($479k) Fiinu: 145 ETH ($44k) Viewly: 1,400 ETH ($426k) Jincor: 58 ETH ($18k)
�51 Source code vuln. Stats #RSAC
20 Attacks FlexCoin: 896 BTC BIPS: 1 295 BTC BTC-E: Unknown Profit Bitmain: unknown Cavirtex: 0 BTCGuild: 1 254 BTC GateCoin: 185 000 ETH + 250 BTC Ozcoin: 922 BTC BitFloor: 24 000 BTC 95 817 BTC Tether: $31M USDT Kipcoin: 3 000 BTC Linode: 46 653 BTC Poloniex: 97 BTC 338 037 ETH Parity: 153 037 ETH Bitcurex: 2 300 BTC $31M USDT Aeternity: $30 000 000 Bitcoin7: 11 000 BTC moonco.in: 4 000 BTC Coinapult: 150 BTC
�52 #RSAC
ANALYSIS # of attacks by project category #RSAC
Exchange ICO Wallet Blockchain attack Mining Equipment Credentials reuse Platform Domain hijacking Mining Pool Insider Cryptocurrency Malware Phishing Private Source code vulnerability exploitation Hosting 0 5 10 15 20 25 30 35
�54 Survival - die statistics #RSAC
Exchange ICO Wallet Mining Equipment Platform Mining Pool Survived && Refund Cryptocurrency Survived && No refund Private Dead && Refund Hosting Dead && No refund 0 5 10 15 20 25 30 35
�55 Discussion #RSAC
How to investigate blockchain-related attacks? Standardisation of security processes for blockchain projects Cybersecurity of major blockchain platforms
�56 Conclusion #RSAC
Traditional hacking Pwd and keys Blockchain specific weapons still kill storage policies attacks are yet to blockchain projects should be better come
�57 Problem:
No precise technical information about the incident! “Apply” Slide #RSAC If you are protecting an ICO or a blockchain company Provide your users and investors with anti-phishing education Make sure that personal security of core team is high Design private keys storage policies Remember about the web application security If you are dealing with blockchain related service or cryptocurrency Make sure that your private keys are really yours Always check the latest news Remember that your blockchain project doesn’t inherit all the security properties of the blockchain technology by default