1. Home
  2. Blockchain Analytics

Blockchain Analytics

Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

Coin Telegraph
Hacker bungles DeFi exploit: Leaves stolen M in contract set to self destruct
attacker

A hacker apparently so thrilled by a successful theft left behind over $1 million in a smart contract that was set to destruct, permanently ensuring the crypto could never be moved.

In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto.

Just after 8AM UTC on Thursday April 21st, blockchain security and analytics firm BlockSec shared it had detected an attack on a little known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem”.

The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero, but netting just over $1 million for the exploiter.

Blockchain analytics firm PeckShield noted the stolen crypto was transferred to an “attack contract”, a smart contract which automatically and quickly executes the found exploit.

However the attacker was apparently so excited by their successful heist that they forgot to transfer over $1 million worth of stolen crypto out of their attack contract before they set it to self-destruct, permanently and irreversibly ensuring the funds can never be moved.

Using a blockchain scanner to view the attack contract address shows that $1,041,237.57 worth of BSC-USD Binance-Peg token is forever stuck in the contract and the successful self-destruction of the contract was confirmed at 7:15AM UTC on April 21.

Related: Truth or fiction? Popular former hacker claims to have $7B in BTC

It's one of the more bizarre turns of events since the Polygon hacker did an “Ask Me Anything” using embedded messages on Ethereum(ETH) transactions after stealing $612 million from the protocol in August 2021. The question and answer session revealed the attacker hacked “for fun” and thought “cross-chain hacking is hot.”

This latest hack is on the smaller end regarding the amount stolen, and other DeFi protocol hacks have seen hundreds of millions siphoned off as with the recent Ronin bridge hack where attackers made off with over $600 million.

Other notable DeFi exploits include the $80 million worth of crypto stolen from Qubit Finance in January where attackers tricked the protocol into believing they had deposited collateral, allowing them to mint an asset representing a bridged crypto.

DeFi marketplace Deus Finance was exploited in March when hackers manipulated the price feed of a pair of stablecoins resulting in the insolvency of user funds, netting the hackers over $3 million.

Read more
Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Part 3 — Blockchain heuristics through time

Coinbase
02AdQmSjBn6rMFNEwVq
Blockchain Analytics

Part 3 — Blockchain heuristics through time

In our last post we introduced the cornerstone of scaling up blockchain analysis, commonspend, and its pitfalls. In this blog post we’ll explore more complex and novel blockchain analysis scaling methods, their drawbacks and why time is a critical feature of blockchain analytics.

1. Change prediction

Change prediction is the second most commonly applied UTXO heuristic. It aims to predict which receiving address is controlled by the sender. A hallmark of UTXO blockchains is that when addresses transact, they move all outputs. The surplus amount is normally returned to the sender via a change address.

Consider the transaction below and try spotting the change address that belongs to the sender:

The change address is likely 374jbPUojy5pbmpjLGk8eS413Az4YyzBq6. Why? In this case, prediction logic relies on the fact that the above address is in the same address format as the input addresses (P2SH format, where sender’s addresses start with a “3”).

Among other factors, rounded amounts (i.e. 0.05 or 0.1 BTC) are often recognized as the actual send, with the rest being redirected to the change address. This suggests that change prediction relies not only on technical indicators, but also on elements of human behavior, like our affinity for rounded numbers.

Naturally, a more liberal change prediction logic that takes into account multiple variables in favor of a desired outcome can potentially lead to misattribution and mis-clustering. In particular, blockchain analytics tools can inadvertently fall into the trap of unsupervised change prediction — that’s why it is vital for blockchain investigators to be mindful of the limitations posed by this approach.

2. Change prediction, not a fact

Consider a more challenging example:

We have legacy addresses (starting with a “1”) sending on to two other legacy addresses. So which one is the change address?

The best way to figure out which address is the change address is to look at how each address spends BTC onwards. Usually output addresses receiving rounded amounts are not change addresses — but this could be wrong. So let’s just place our bet on the latter output address:

1Hs6XkSpuLguqaiKwYULH4VZ9cEkHMbsRJ — its next transction is as follows:

At first glance, this sort of looks like the pattern we saw in a previous transaction. The only aspect that stands out is a significant decrease in fees.

Looking at a second output address — 12Y8szPTeVzupEfe5RXs84fRsJJZBVhTgG — we see that its next transaction is distinct from the transaction it previously made:

The fees also look low compared to our initial transaction. And we notice that both our output addresses’ next transactions involve the original 1Hs6XkSpuLguqaiKwYULH4VZ9cEkHMbsRJ address in their outputs. Following the address’s next transaction we arrive to output #1’s next transaction.

To simplify, let’s visualize:

The diamonds in the above graph represent transactions — whereas the circles represent addresses. Notice that input address 15sMm6Rkf9hzz6ZtrrdhxdWZ8jGW12gQ93 commonspends in a transaction with 12Y8szPTeVzupEfe5RXs84fRsJJZBVhTgG. Therefore, output address #2 is in fact our change address!

This example illustrates how complicated change prediction can become leading to erroneous results.

3. Bespoke heuristics are still heuristics

Entities that attempt to preserve privacy in very public blockchains, such as exchanges and dark markets, may go out of their way to create their own wallet infrastructure that makes it difficult for blockchain investigators to identify how they operate. For these cases, blockchain analytics companies will create bespoke heuristics for these particular entities.

Still, no heuristics are foolproof. Parameters and limitations for blockchain analysis depend on how restrictive the scope is — or how much room is left for interpretation. A conservative approach would dictate not attributing anything that cannot be determined with close to 100% certainty; a liberal approach would allow wider attribution, at the cost of expanding the potential margin of error.

This also applies to any bespoke heuristic that is constructed with specific blockchain entities in mind. This is illustrated well by the above mentioned coinjoin Wasabi example. Although the transaction in question highly likely to belongs to Wasabi wallet, we need to ask ourselves what this transaction is displaying:

Most likely this transaction is displaying Wasabi addresses commonspending with other users’ addresses. As complexity increases, the accuracy of attribution decreases — especially if we consider that a user might own one or more addresses in this transaction.

Every blockchain analytics tool will have a different set of parameters and rely on different heuristics. That is why differences between clusters displayed by various tools are so common — for example, the SilkRoad cluster will each time look differently, depending on the blockchain analytics software used to conduct its analysis.

In fact, even with only comonspend applied, we see how the block explorers CryptoID and WalletExplorer both show different sizes of the Local Bitcoins cluster.

4. In blockchain analytics the future can impact the past

Einstein would probably admire blockchains, because they are one of the few examples of where the future can change the past — at least from an attribution perspective. For example, 14FUfzAjb91i7HsvuDGwjuStwhoaWLpGbh received various transactions from a P2P service provider between August and mid-September 2021. So we might think that this address could belong to an unhosted wallet.

But if we check on that address a couple days later on September 30, 3021, we suddenly notice that it’s been tagged as Unicc, a carding shop. What happened? This address commonspent 15 days later with an address we already knew belonged to Unicc — making it a part of the Unicc cluster.

This is a simple example, but you can imagine from a Compliance and market intelligence perspective that these after-the-fact attributions can have some ripple effects.

Conclusion

Blockchain analytics is an increasingly complex field of expertise. It is not as straightforward as it seems and the difficulty is compounded by the fact that conclusions are drawn not only from blockchain, but also from external sources that are often ambiguous.

It is not possible to call blockchain analytics science — after all, scientific experiments can be replicated by unrelated parties who, by following a set scientific methodology, will come to the same conclusions. In blockchain analytics even the ground truth can have multiple facades, meanings and interpretations.

Certainty of attribution is almost scarce and because multiple parties are relying on different tools for conducting transaction tracing on blockchains, it can sometimes yield dramatically different results. That is why educational efforts in this area should continuously emphasize that even the most robust, tooled-up methodologies are prone to errors.

Nothing is infallible — after all, blockchain analytics is more art than science.

Part 3 — Blockchain heuristics through time was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more
Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

New York state ramps up blockchain monitoring to enforce sanctions

Coin Telegraph
New York state ramps up blockchain monitoring to enforce sanctions
Blockchain Analytics

Blockchain analytics will help ensure that NY-licensed companies don’t send money to sanctioned Russians.

New York state’s efforts to enforce sanctions against Russia have ramped up a gear with the Department of Financial Services, or DFS, expediting the procurement of additional blockchain analytics technology.

According to a statement released Wednesday, the department will use the technology to help detect exposure to Russian individuals and entities subject to federal sanctions, by the virtual currency businesses licensed by the department.

NY Gov. Kathy Hochul issued an executive order Feb. 27 directing state agencies to divest from Russian institutions and companies, as well as entities that provide them with support. She said:

“New York is proudly home to the nation's largest Ukrainian population and we will use our technological assets to protect our people and show Russia that we will hold them accountable."

New York requires individuals and companies engaged in a number of activities with virtual currency to apply for a BitLicense. The DFS is now “assessing a number of technology tools and service providers to augment current supervisory capabilities.” No other details were given about the analytics technology the state is looking for.

The DFS held a techsprint — an “intense problem-solving sessions meant to facilitate innovation, collaboration and creative solutions to difficult problems” — to design a digital regulatory reporting mechanism for virtual currency companies in March 2021. It was noted at the time that event organizers were working with some of the participants to advance the development of their solutions.

Blockchain analysis is typically used to assure anti-money laundering compliance and customer protection. The process often combines the tracing of transfers on the blockchain with information obtained off-chain to understand transactions.

Read more
Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

4% of crypto whales are criminals and they have $25B between them: Chainalysis

Coin Telegraph
4% of crypto whales are criminals and they have B between them: Chainalysis
Blockchain Analytics

The report defines criminal whales as private wallets that hold more than $1 million worth of crypto with more than 10% of their balances coming from illicit addresses.

Chainalysis data shows that 4068 criminal whales (roughly 4% of all whales) are hodling more than $25 billion worth of cryptocurrency between them.

The blockchain analytics firm defines criminal whales as any private wallet that holds more than $1 million worth of crypto with over 10% of the funds received from illicit addresses tied to activity such as scams, fraud and malware.

The data is from the “Criminal Balances” section of the Crypto Crime Report that explores criminal activity on the blockchain over 2021 and early 2022. The wide-ranging report also covers topics such as Ransomware, Malware, Darknet markets and NFT related crime.

“Overall, Chainalysis has identified 4,068 criminal whales holding over $25 billion worth of cryptocurrency. Criminal whales represent 3.7% of all cryptocurrency whales — that is, private wallets holding over $1 million worth of cryptocurrency,” the report reads.

The data showed that 1,374 whales had received between 10% and 25% of their balance from nefarious sources, while 1,361 had between 90% and 100% . Those with balances between 25% and 90% of illicit funds totaled 1,333 criminal whales.

Percentage of whale balance via illicit addresses: Chainalysis

“Whereas stolen funds dominate overall criminal balances, darknet markets are the biggest source of illicit funds sent to criminal whales, followed by scams second and stolen funds third,” the report read.

Related: Chainalysis report finds most NFT wash traders unprofitable

Illicit transaction activity

In terms of illicit transaction activity, the report revealed that criminal addresses had received more than $14 billion in 2021, marking a whopping 79% increase compared to the $7.8 million seen in 2020.

Value recieved via type of crypto crime: Chainalysis

The lion's share of that $14 billion figure last year was attributed to scamming which increased by 82% year-over-year to account for $7.8 billion. Decentralized Finance (DeFi) rug pulls in particular were highlighted as a key source of scamming at $2.8 billion:

“We should note that roughly 90% of the total value lost to rug pulls in 2021 can be attributed to one fraudulent centralized exchange, Thodex, whose CEO disappeared soon after the exchange halted users’ ability to withdraw funds.”

Theft also increased by 516% to account for $3.2 billion worth of illicit transaction activity, with the DeFi sector once again being an area of concern.

On the positive side, Chainalysis pointed out that all transaction volume in USD value in 2021 totaled around $15.8 trillion, with illicit addresses accounting for a mere 0.15% of that figure, down from 0.34% the year prior.

“Crime is becoming a smaller and smaller part of the cryptocurrency ecosystem. Law enforcement’s ability to combat cryptocurrency-based crime is also evolving. We’ve seen several examples of this throughout 2021, from the CFTC filing charges against several investment scams, to the FBI’s takedown of the prolific REvil ransomware strain, to OFAC’s sanctioning of Suex and Chatex,” the report said.

Read more
Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Blockchain.com Raises $300 Million, Firm’s Post-Money Valuation Now $5.2 Billion

Bitcoin.com
Blockchain.com Raises 0 Million, Firm’s Post-Money Valuation Now .2 Billion
$120 Million
Blockchain.com Raises 0 Million, Firm’s Post-Money Valuation Now .2 BillionThe crypto financial services provider Blockchain.com revealed on Wednesday that the company has raised $300 million in a financing round. Blockchain.com’s latest funding round follows the $120 million raise the company obtained last month. Blockchain.com Is Now Valued at $5.2 Billion On March 24, Blockchain.com CEO Peter Smith announced that the company was pleased to […]
Read more
Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

Planning Ahead: Cosmos Health Looks to Add Bitcoin and Ethereum to Its Treasury

WordPress Theme by cactus.com
Close

Share this video