BlockThreat - Week 41, 2021

MGNR | OpenSea | Indexed Finance | Glide Finance | CryptoRom | MyKings | Necro

Welcome to BlockThreat!

In this much delayed editions we will catch up the latest ransomware new and policy changes, dive into a real life spy story involving crypto and nuclear submarines, and catch up on the technical details and drama in the latest slew of DeFi hacks. MGNR hack worries me in particular as a number of crypto business appear to be targeted with malware infested spear phishing campaigns which may lead to more high value compromises.

Let’s dive into the news:


  • Ransomware Trends in Bank Secrecy Act Data report from FinCEN identifies current tactics by ransomware actors in using centralized exchanges as cash out points, mixing and chain hopping as a laundering methods, and other crypto-related indicators such as increased use of AECs (Anonymity Enhanced Cryptocurrencies) for H1 2021. A total of 635 SARs (Suspicious Activity Report) were filled related to ransomware with a value exceeding $590M which already exceeds the value report in 2020.

  • International ransomware summit including 32 countries issued a joint statement on increasing resilience to attacks, making policy changes and legal actions to help crack down on bad actors and countries where they operate. Russia, which hosts many ransomware groups, was not invited to the summit.

  • US Navy engineer and his wife attempted to sell secret submarine propulsion data for $100K in Monero to an unknown nation state. The criminal complaint released by DoJ described an elaborate scheme involving cryptocurrency transactions, dead drops, an operation to install a signal in a building associated with an unknown country, and other spycraft gems.



  • OpenSea patched an actively exploited XSS vulnerability in its marketplace after it was disclosed by Check Point. The vulnerability allowed attackers to execute JavaScript code and interact with users’ wallets by airdropping specially crafted NFTs.

  • Cosmos patched a critical vulnerability which may have resulted in chain halting. Node operators are advised to update to the latest version.


Other Incidents


Help support BlockThreat!

Over the past two years, BlockThreat has gained more than a thousand followers including exchanges, asset issuers, DeFi projects, engineers, investigators, law enforcement, and many others. This newsletter is a labor of love which takes many hours weekly to prepare. If you found BlockThreat valuable consider supporting its future growth:

1) Make an individual contribution.
2) Sponsor an edition where you can place an advertisement.
3) Share your job postings in the next edition.
4) Share the newsletter with a friend or a colleague.

Stay informed, stay healthy and see you in the next week’s edition!

- Peter Kacherginsky (iphelix)