Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum. Learning Objectives: 1: Gain a basic understanding of the Ethereum Virtual Machine and smart contracts. 2: Understand common security flaws in blockchain technology implementation. 3: Consider the legal implications of attacks against fully distributed entities. (Source: RSA Conference USA 2018)

1. SESSION ID:
#RSAC
Marc Laliberte
LOST IN THE ETHER
HOW ETHEREUM HACKS ARE SHAPING THE BLOCKCHAIN
FUTURE
HT-F03
Sr. Security Analyst
WatchGuard Technologies
@XORRO_

2. #RSAC
ABOUT ME
Marc Laliberte
Sr. Security Analyst
6 years at WatchGuard
WatchGuard Threat Lab Lead
2

3. #RSAC
PresentaMon Overview
3
What to expect:
Basic intro to cryptocurrency
Ethereum Virtual Machine primer
Discussion on EVM security
$306
$1,004
$416
$0
$500
$1,000
$1,500
SubmiGed Accepted Slides Due
Ether Value

4. #RSAC
CRYPTOCURRENCY OVERVIEW

5. #RSAC
Intro Video
5

6. #RSAC
Blockchain, more than a buzzword
6

7. #RSAC
Blockchain, more than a buzzword
Distributed public ledger
Public Key EncrypMon
Immutable*
7

8. #RSAC
Example Bitcoin TransacMon
Basic Concept:
From
To
Value
Actual ImplementaMon:
Inputs
Outputs
8

9. #RSAC
Example Bitcoin Block
9

10. #RSAC
Example Bitcoin Blockchain
10

11. #RSAC
ENTER, ETHEREUM

12. #RSAC
What’s Ethereum?
Terminology:
Ethereum = the pla`orm
Ether = the cryptocurrency
Wei = 1,000,000,000,000,000,000 Ether
Smart contract = fancy transacMon
Gas = cost (in GWei) to execute
12

13. #RSAC
Bitcoin and Ethereum User Accounts
Bitcoin:
Input and output states
Wallet value is an accumulaMon
of inputs and ledover “change”
from outputs
Ethereum:
Simple transacMons
Wallet is an account that holds a
value amount
13

14. #RSAC
Ethereum Virtual Machine
Instead of pre-defined acMons (like bitcoin transacMons), allows full
programming using Solidity language
Securely executes untrusted code
ExecuMon results compared to all other nodes on the network
14

15. #RSAC
What is a smart contract?
A type of account, just like user accounts
User accounts also called Externally Owned Accounts (EOAs)
A collecMon of code and data
15

16. #RSAC
Smart Contract Example: High-Five Coin
16

17. #RSAC
Smart Contract Example: High-Five Coin
17

18. #RSAC
Smart Contract Example: High-Five Coin
18

19. #RSAC
Smart Contract Example: High-Five Coin
19

20. #RSAC
Deploying Smart Contracts
Call iniMalizaMon funcMon with
starMng values
Send transacMon containing
bytecode
Every transacMon costs a fee
Discourages frivolous or malicious
transacMons
Add Contract address to wallet
for tracking
20

21. #RSAC
Advanced Smart Contracts
More than just currency
Complete applicaMons
Upsides:
Public
Immutable
Downsides:
Public
Inefficient
- CryptoKijes
21

22. #RSAC
Advanced Smart Contracts - CryptoKijes
22

23. #RSAC
ETHEREUM VULNERABILITIES AND HACKS

24. #RSAC
Advanced Smart Contracts - The DAO
Blockchain Venture Capitalist Fund Smart Contract
Launched on April 30 2016
By end of crowd sale (May 28), gathered 12.7 Million Ether ($150MM
back then)
24

25. #RSAC
The DAO SplitDAO() funcMon
25

26. #RSAC
The DAO SplitDAO() funcMon
26

27. #RSAC
The DAO SplitDAO() funcMon
27

28. #RSAC
The DAO SplitDAO() funcMon
28

29. #RSAC
The DAO SplitDAO() funcMon
29

30. #RSAC
The DAO SplitDAO() funcMon
30

31. #RSAC
The DAO Hacked
June 18th
Hacker drained 3.6 Million Ether ($70MM)
Got around maximum transacMon stack size
31

32. #RSAC
The DAO Hack Fallout
Splijng from the DAO triggered a 28-day waiMng period
The Ethereum community had Mme to decide how to handle it
89% of community voted to hard-fork
All stolen Ether forcibly transferred to a new contract account
VicMms could withdraw their stolen Ether from the new account
Un-forked blockchain renamed Ethereum Classic
32

33. #RSAC
IniMal Coin Offering
Similar to an IPO
Used to raise capital for projects
ParMcipants exchange Ether for a token at an increasing price
ParMcipants can cash out their token for the product in the future or
trade them for Ether at a higher price
$3,700,628,293 raised through ICOs in 2017
33

34. #RSAC
Insurex ICO Hack
July 13, 2017
Just prior to ICO, hacker compromised Insurex’s Twirer account
Posted fake ICO pre-sale address
Stole 1106 Ether ($409K in today’s valuaMon)
34

35. #RSAC
CoinDash ICO Hack
July 17, 2017
Hacker modified the ICO address on CoinDash’s website
37,000 Ether sent to fake address ($13.7MM in today’s valuaMon)
35

36. #RSAC
36

37. #RSAC
Enigma ICO Hack
Arackers hacked Enigma’s Slack and website
Used the CEO’s credenMals, leaked in the Ashley Madison hack…
Convinced parMcipants to send Ether to the wrong address for a
special pre-sale
Stole 1492 Ether ($550K in today’s valuaMon)
37

38. #RSAC
MulM-Signature Wallets
Normal wallets can sign transacMons with approval of their owner
MulM-Sig wallets require mulMple approvals before signing
transacMons
Uses:
Rudimentary mulMfactor for transacMons
Can be used for company accounts with mulMple controllers
38

39. #RSAC
Parity MulM-Sig Wallet Hack
39

40. #RSAC
Parity MulM-Sig Wallet Hack
Aracker found vulnerability that let them re-iniMalize wallets with
them as the owner.
Manually stole over 150,000 Ether from several wallets, starMng with
most valuable
White Hat Group wrote a script to exploit the same vulnerability and
drain funds from all remaining wallets
Drained 377,105 Ether
$122MM (at the Mme) in secondary tokens
40

41. #RSAC
White Hat Group
Returned 100% of the funds by July 31 2017
Paid transacMon fees with donaMons
41

42. #RSAC
Parity MulMsig Wallet Hack 2.0
November 6, 2017
Aracker re-iniMalized the shared Parity code library used by wallets
Issued a self-destruct command, terminaMng the library
Locked 519,774 Ether (near $200MM!!!)
42

43. #RSAC
HOW DO WE SECURE ETHEREUM?

44. #RSAC
Bug BounMes – Ethereum FoundaMon
• CriScal: up to 25,000 points
• High: up to 15,000 points
• Medium: up to 10,000 points
• Low: up to 2,000 points
• Note: up to 500 points
1 point = $1 USD in ETH or BTC
44

45. #RSAC
Bug BounMes – Third Party
Most ICOs now include a bug bounty before any presales
Usually $100 to $10,000 in ETH as rewards
Major applicaMons (e.g. Parity) have substanMal bug bounMes now
45

46. #RSAC
EtherscamDB
EtherScamDB.info
Open source database of ongoing scams relaMng to Ethereum
Created by the MyEtherWallet team
Keeps track of acMve phishing scams
46

47. #RSAC
To Fork or Not To Fork
The DAO
Hard fork in the early life of Ethereum
Concerns about sejng a precedent
Concerns about censorship
Parity Wallet
No plans for hard fork
Fewer people comparaMvely affected
47

48. #RSAC
Is Code Law?
TradiMonal Contract
Lerer of the law (verbiage) is more malleable
Precedents to solve contract conflict in court
Digital Smart Contract
Programming (verbiage) is of upmost importance
Who solves conflict in a decentralized system?
48

49. #RSAC
WHAT ABOUT OTHER CRYPTOCURRENCIES?

50. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
50

51. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
51

52. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
52

53. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
53

54. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
54

55. #RSAC
Bitcoin Issues – Arbitrary Data InserMon
• OP_RETURN allows embedded data
Research by RWTH Aachen University
55

56. #RSAC
VERGE – 51% Arack
56
VERGE
#22 in market cap
Privacy-focused cryptocurrency
Uses rotaMng algorithms for each block
April 4, 2018
Aracker spoofed Mmestamps of mined blocks
Used same algorithm (scrypt) over and over
Gave aracker disproporMonate mining power ( >51%)
VERGE hard-fork fix

57. #RSAC
WRAPPING UP

58. #RSAC
Takeaways
Developers
Avoid External Calls
Untrusted Contracts = Unexpected Errors
Mark Visibility In Contract FuncMons
Be aware of who can call funcMons
Analysts
Look for Bug BounMes
Great way to contribute to the community
Test Everything!
Every funcMon
Every input
58

59. #RSAC
High Five Coin
Its real – 0x191a70e9808c8d89Be289Cfe9001A7010Dc3D78c
Twirer: @Xorro_
You can request up to 10 coins
You can redeem coins for a crisp high five
There is a vulnerability in the smart contract
First person to exploit and redeem 1337
coins in one transacMon earns some Ether
59

60. #RSAC
Contact Info
Email: Marc.Laliberte@WatchGuard.com
Twirer: @XORRO_
LinkedIn: /in/marc-Laliberte
Secplicity.org
60