AnChain.AI and Graphistry recently partnered to investigate the world’s first publicly identified BAPT (Blockchain Advanced Persistent Threat). The investigation identified the BAPT-F3D hacker group, which was responsible for stealing 12,948 ETH (~ $4 million) between July and August 2018 from various vulnerable smart contract DApps.
As of today, BAPT-F3D is still actively attacking, illustrating how diligent teams and communities operating in the blockchain industry need to be from a security standpoint.
AnChain.AI uncovered the wildly popular Solidity-based smart contract DApp “Fomo3D” ( Top DApp July 2018) and its copycat “Last Winner” (Top 5 DApp August 2018). The airdrop function vulnerability allowed attackers to steal more than $4 million USD across both games in just a few days.
AnChain.AI’s Situational Awareness Platform (SAP) was able to investigate across 30,000 entities to identify 5+ highly correlated ETH addresses linked to the BAPT-F3D hacker group which manifests itself as an APT:
- Advanced: Leverages a massive scale of sophisticated attack contracts to exploit a vulnerability in the DApp’s airdrop feature. Utilizes anti-forensics capabilities that self-destruct blockchain artifacts many data analytics researchers use to trace transactions and funds. A coordinated, sophisticated crime.
- Persistent: Well planned attack that was actively operating for several weeks and constantly upgrading and iterating upon attack contracts from V1 to V3. Moving from target to target, becoming more dangerous as it iterates upon itself.
- Threat: Financially motivated threat targeting specific smart contract DApps with similar vulnerabilities, stealing $4 million USD worth of ETH. Still active today.
Combining Graphistry’s industry leading GPU-powered investigation platform technology with the AnChain.AI SAP, we gained a holistic view of all the behavior behind millions of events and 30,000+ addresses.
Using this methodology we detected the 1st ever BAPT in blockchain history. Furthermore, a bytecode artifacts similarity analysis by SECBIT Labs confirmed this BAPT group of 5+ addresses are strongly correlated, as shown in the visualization generated between AnChain.AI’s SAP and Graphistry’s GPU platform.
What does this mean for the blockchain security industry?
APT is your worst nightmare in cybersecurity. AnChain.AI + Graphistry’s joint investigation efforts have confirmed the existence of Blockchain APT. Meaning that the promise of blockchain being unhackable, immutable, fully distributed are a bit too early to fully accept as the truth. This have substantial security and perception implications for the broader blockchain industry.
It is the mission of the AnChain.AI + Graphistry partnership to provide security and transparency to DApp owners, exchanges, and the growing blockchain ecosystem.
Graphistry is redefining how organizations investigate their data. The Graphistry Platform turns any type of data into interactive, graph-based investigations that brings immediate insight into cybersecurity, anti-fraud, and a wide range of other data-intensive investigations. By providing an intuitive human front-end to big data and AI, Graphistry allows human analysts to bring all of their data and all of their tools into a single context and see connections and relationships that could never be seen before. Using multiple breakthrough GPU innovations on both the client and server side, Graphistry has already delivered a 100x improvement in the scale of interactive data visualization, and continues to reset the bar on a regular basis.
A blockchain data analytics firm providing intelligence, indicators, and investigative resources for clients to enhance their security, risk, and compliance strategies.
Feel free to reach out to us directly at: firstname.lastname@example.org
With extensive experience in cybersecurity, artificial intelligence, cloud computing, and big data AnChain is continuously securing top-tier crypto exchanges, protocols, investors, custodians, and enterprise with our Blockchain Ecosystem Intelligence.