“Single signature” failure: StablR compliance stabilization currency de-lagged incident analysis and stolen funds tracking
The attack, which originated in the uncontrolled management of multiple signature rights, once again sounded the alarm of security governance for the entire stable currency track。
Original source:Beosin
24 MayStablR is under attackTHE EURR AND THE U.S. DOLLAR WERE ISSUED AS A COMPLIANT EURO-STABILIZED CURRENCY AND THE US$-STABILIZED CURRENCYActual losses of over $3 millionI don't know. The attack, which originated in the uncontrolled management of multiple signature rights, once again sounded the alarm of security governance for the entire stable currency track。
Attack flow analysis
StablR is a stable currency distributor based in Malta, following Tether ' s announcement of a strategic investment in StablR and the provision of stable currency issuance and risk management tools for StablR through its Hadron monetization platform. This post is part of our special coverage Syria Protests 2011StablR launched two compliance stabilization currency products: EURR and USDRI don't know
By analysing the data on the chain, we can find:
Multiple-signed wallet for control of EURR casting 0x8278D2881dBF8F6Fc01c98d196c4b16F1aade5Bc
CONTROLS THE MULTIPLE-SIGNED WALLETS MADE BY USDR
0xF45392bd2D6e6b8C5Dc26BA6c8a12889419B82F3
Since the above-mentioned multiple wallets are required to start the transaction with only one signature, the attackers added the attacker ' s address 0xD4677B5A8B1B97EA213Fdb876FcBAB3F9F6F6CD1 to the two above-mentioned multiple wallets by controlling the homeer address 0xC73fD562d7860E6C200813Bcb2cF455d:
Related deal Hash:
(1) 0x41c2504e208a3f260b25643938b6e68f7348f5fcb8df00cde41f800f073c8a
(2) 0x5b5825ca36f4cdad02b1c777df63115e6310de771dba0ac60160c18100de
We can see through the above processIt's not a code breach, it's a security problem for the issuer: No private key with a privileged address, no high threshold multiples for high value/high risk operations, no time lock for large casting operations and no rapid emergency response mechanism。
After the assailant ' s address 0xD4677B5A8B1b97EA213Fdb876bFcBAB3f9F6CD1 was granted casting currency authority, the assailant began large-scale casting of the coin and sent the forged stable currency to multiple addresses:
According to Beosin, a total of 8.35M USDR and 4.5M EURR were found in castings, linked to a search of the relevant foundry coins: https://otherscan.io/advanced-filter?fadd=0x000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000& tkn=0x7b43ne385440b44663dc3b087663e6da638f8%2c0x5053cfaf86oc094925bf976f218d0433f879108& ps=500x0x0x5037cFaf864925b976f=288&ps
Analysis of the flow of stolen funds
The actual losses caused by the incident exceeded $3 million. The principal recipients after the seigniorage are:
1, 0xD4677B5A8B1b97EA213Fdb876FcAB3f9F6CD1
(1,000,000 EURR & nbsp;)
2, 0xBb64302c6F039D4a4a800CAc93E6E5485568675D
(a total of 4,000,535.33 & nbsp; EURR, 4,610,173.19 & nbsp; USDR; current sedimentation: 324,163.04 & nbsp; USDR, 1,204,098.63 EURR)
3, 0xeA480c23D7B29a515856AafE0dc86F7519965a04
(a total of 41.67 & nbsp; ETH, 2,575,966.87 & nbsp; USDR, 650,000 & nbsp; EURR)
4, 0x5D2184d84b82B67c18Bbec8ce81E7Df14F6bAb
(the address received 235.92 & nbsp; ETH, 700,000 & nbsp; EURR, 200,000 & nbsp; USDR)
5, 0x41E63c5d2AE95802868D9ef3686c974aDA96d0dd
(a total of 225.54 & nbsp; ETH, 4,000,000 & nbsp; USDR, 1,000,000 & nbsp; EURR)
6, 0x873Ef45d10b29EB251b1Eb5Fe057C325f092a80a
(the address received 2,000 000 & nbsp; USDR; current deposition: 1,969,000 USDR)
7, 0x8c 1957765721e2540c03A0D6445a469a7266c51
(a total of 1,400,000 & nbsp received at this address; USDR, 1400,000 EURR; current deposition: 900,000 EURR, 900,000 USDR)
8, 0x865eC0587CdF305877783C080d97D4f60398f
(a total of 504,000 & nbsp; USDR)
This post is part of our special coverage Global Voices 2011Illegally found EURR and USDR parts are transferred to different exchanges by means of decentralized funds, such as ChangeNOW, Kraken, Fire Currency, WhiteBIT etc, a small amount of money is entered into Tornado the Cash Mixer。
Beosin Trace can penetrate transactions in mixed currencies such as Tornado & nbsp; Cash and ChangeNOW, FoxedFlow, the relevant penetration results are as follows:
In addition to funds transferred to the Centralized Exchange, the chain deposits as follows:
1. 0x09be1a36c2d7f9909eb3d6f9184c6e46a12b0aca
SEDIMENT AMOUNT: 1,488.08 ETH
2. 0x4645b1f001ec64f93a31a8e678bbd3146ef3ff
SEDIMENT AMOUNTS: 510,673.98 USDR, 44,000 EURR
3. 0x9c25a3634fa04a8bac72e233c74469d5e15c5926
DEPOSITION AMOUNT: 85.21 ETH, 15,263.22 USDT, 101,241.95 EURR
4. 0x2e74a82f6dbdbe8fe54bd081e215c0c368c7762
DEPOSITION AMOUNTS: 8.91 ETH, 26,816.98 USDT, 250,570.03 EURR
5. 0xde7adbb368c266df8c5c0e986933bee8f660add
DEPOSITION AMOUNT: 13.65 ETH, 165,162.05 USDT, 38,696.42 USDR, 258,117.67 EURR
6. 0x0bc0b7b24876ac97610346ea0194735cc271edd
DEPOSITION AMOUNT: 100 ETH
7. 0xb8d90cfe9fdb398fec70490d1efdb28a6386
DEPOSITION AMOUNT: 100,000 USDR
8. 0x7ec05d1d6b0cbf4e74bd5907d01aeeb4343c6376
DEPOSITION AMOUNT: 15 ETH
Overall financial flows are shown in the figure below:
Stolen financial flows by Beosin Trace
This security incident certificate code audit does not address operational/governance deficiencies, and stabilizers and regulators should consider proactively monitoring, on a risk basis, the circulation and operation of stable currencies in secondary markets. In response to the pain of the industry, Beosin introduced the Stablecoin Monitoring System, which covers the entire life cycle of a stable currency: SystemSupport ongoing monitoring of key operational indicators such as the total amount of money issued, foundry and destruction, distribution of currency holding addresses, chain-trading water flow:
During the flow phase, Stablecoin Monitoring will combine price fluctuations and anchor analysis to detect the risks of de- anchorage arising from market manipulation or liquidity crises in a timely mannerIn response to attacks such as the release of private keys from the StablR incident, a mass of maliciously cast stable coins; and has cross-chain activity tracking capability to track financial flows across different block chains. For counterfeit stabilizers issued on the chain, the system provides real-time monitoring and alerts to enable users to identify relevant fraud risks。
