Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Binance. Show all posts

Leaked Data from Binance Taken Down


One of the biggest cryptocurrency exchanges in the world's security has come under scrutiny following the recent disclosure of private information from Binance on GitHub. Several documents, including code, internal passwords, and architecture diagrams, were purportedly released by an account on GitHub going by the name "Termf" and were accessible to the public for several months. The content was removed after Binance requested a copyright takedown.

Binance has effectively removed its GitHub data breach

Various technical details, including code about Binance's security procedures, were included in the leaked material. Interestingly, this contained details on multi-factor authentication (MFA) and passwords. A large portion of the code that was made public concerned systems that were identified as "prod," denoting a link to Binance's operational website as opposed to test or development environments.

On January 5, 2024, 404 Media contacted Binance to inform the exchange about the compromised data, which is when the problem became apparent. Binance then retaliated by sending GitHub a copyright removal request. Binance admitted in this request that internal code from the disclosed material "poses a significant risk" to the exchange, resulting in "severe financial harm" as well as possible user misunderstanding or harm.

What next?

Even after admitting the leak, Binance sent out a representative to try and reassure its user base. According to the spokesman, Binance's security team examined the circumstances and came to the conclusion that the code that had been leaked was not similar to the code that was being produced at the time. The representative emphasized the protection of users' data and assets and stated that there was only a "negligible risk" from the compromised information.

The significance of strong security procedures in the Bitcoin sector is highlighted by this occurrence. Crypto exchanges are required to uphold strict security procedures because of their role in managing users' sensitive information and financial assets. The prolonged public disclosure of security-related code and internal passwords on a public forum calls into doubt the effectiveness of Binance's security protocols.

The necessity of heightened security protocols

Another level of worry is raised by the exposed data, especially the code about security protocols like multi-factor authentication and passwords. These kinds of security lapses can have serious repercussions, including the compromise of user funds and accounts. It draws attention to the continuous difficulties Bitcoin platforms have in maintaining the integrity and confidentiality of their internal systems.

Emerging Phishing Campaigns Aim FTX Users After Kroll Data Breach

 

In a recent turn of events that has reverberated across the cryptocurrency community, Changpeng ‘CZ’ Zhao, the Chief Executive Officer of Binance, a globally renowned cryptocurrency exchange, has issued a stern caution to users who were formerly associated with the now-defunct FTX platform. 

This alert revolves around a fresh surge of phishing attacks that have been set in motion following a significant data breach stemming from Kroll, the claims agent responsible for managing FTX’s bankruptcy case.

The Core of the Issue: Kroll Data Breach and Its Ramifications

The crux of this matter revolves around a recent breach in cybersecurity suffered by Kroll, the entity tasked with overseeing claims linked to the ongoing bankruptcy proceedings of FTX. While the specific details of the breach were initially kept confidential, it has now been unveiled that the breach exposed certain non-sensitive customer data belonging to specific claimants involved in the case.

Zhao’s warning emphasizes the seriousness of the situation, explicitly connecting the current series of phishing attacks to this data breach. The pronouncements from the CEO of Binance closely follow FTX’s own declaration concerning the breach, a revelation that has understandably triggered significant apprehension among its user community.

However, what renders this breach especially alarming is the technique through which it was executed. Zhao has illuminated the fact that a SIM swap maneuver executed on an employee's account was pivotal in enabling the breach. For those unfamiliar, a SIM swap involves malicious actors deceiving cellular service providers into transferring a victim’s phone number to a device under their control.

Subsequently, this maneuver allows them to intercept crucial information, including authentication codes, effectively circumventing security measures like two-factor authentication. The gravity of the threat was so pronounced that FTX was compelled to temporarily suspend operations on its claims portal.

The Escalating Peril of Phishing Attacks

Phishing attacks are not an emerging concept in the digital domain. Nevertheless, their persistent and evolving nature has solidified their status as one of the most malicious hazards that internet users encounter today. Fundamentally, these attacks capitalize on deception and psychological manipulation to deceive unsuspecting individuals into disclosing sensitive information, spanning from login credentials to personal financial particulars.

Zhao’s recent alert acts as a somber reminder of the possible havoc that phishing attacks can unleash. When successful, these attacks can lead to a spectrum of consequences, encompassing identity theft, unauthorized entry into sensitive accounts, and substantial financial losses. The fact that prominent platforms like FTX, BlockFi, and the now-defunct Genesis crypto exchange have become targets for cybercriminals underscores the sheer scale and audacity of these threats.

Bolstering Defenses Against the Digital Threatscape

In light of these unfolding events, the responsibility falls upon individual users to enhance their digital safeguards. Zhao's message is crystal clear: complacency is not an option. Users are urged to be proactive in their stance on online security, adopting a multifaceted approach to thwart potential threats.

Foremost, staying well-informed is of paramount significance. Being cognizant of the latest threats and comprehending the strategies of cybercriminals can play a pivotal role in precluding potential attacks. Equally important is vigilance. Users ought to exercise caution in response to unsolicited communications, particularly those soliciting personal or financial information.

Furthermore, embracing robust security measures is imperative. This encompasses, but is not limited to, utilizing strong and distinct passwords for various accounts, activating two-factor authentication whenever feasible, and regularly updating software and applications to rectify known vulnerabilities.

While the digital era presents unparalleled conveniences and avenues, it also introduces an array of challenges. The recent events encompassing the FTX platform and the Kroll data breach underline the ever-evolving nature of the threat landscape. Nonetheless, by merging awareness, vigilance, and resilient security practices, users can confidently navigate this landscape, securing their digital well-being.

The Threat of Deepfakes: Hacking Humans

Deepfake technology has been around for a few years, but its potential to harm individuals and organizations is becoming increasingly clear. In particular, deepfakes are becoming an increasingly popular tool for hackers and fraudsters looking to manipulate people into giving up sensitive information or making financial transactions.

One recent example of this was the creation of a deepfake video featuring a senior executive from the cryptocurrency exchange Binance. The video was created by fraudsters with the intention of tricking developers into believing they were speaking with the executive and providing them with access to sensitive information. This kind of CEO fraud can be highly effective, as it takes advantage of the trust that people naturally place in authority figures.

While deepfake technology can be used for more benign purposes, such as creating entertaining videos or improving visual effects in movies, its potential for malicious use is undeniable. This is especially true when it comes to social engineering attacks, where hackers use psychological tactics to convince people to take actions that are not in their best interest.

To prevent deepfakes from being used to "hack the humans", it is important to take a multi-layered approach to security. This includes training employees to be aware of the risks of deepfakes and how to identify them, implementing technical controls to detect and block deepfake attacks, and using threat intelligence to stay ahead of new and emerging threats.

At the same time, it is important to recognize that deepfakes are only one of many tools that hackers and fraudsters can use to target individuals and organizations. To stay protected, it is essential to maintain a strong overall security posture, including regular software updates, strong passwords, and access controls.

The most effective defense against deepfakes and other social engineering attacks is to maintain a healthy dose of skepticism and critical thinking. By being aware of the risks and taking steps to protect yourself and your organization, you can help ensure that deepfakes don't "hack the humans" and cause lasting harm.

North Korean Cybercriminals Attempt to Steal $27M in ETH

Hacking organizations 'Lazarus' and 'APT38' supported by the North Korean government were responsible for the loss of $100 million worth of Ethereum from Harmony Horizon in June 2022. 

The funds and the seizure of stolen assets were reported to the authorities. The exploiters' activities closely resembled the attempt, which was undertaken on January 13, 2023, since more than $60 million was attempted to be laundered.

The Binance chain, Bitcoin, and Ethereum transfers are made possible through Harmony's Horizon Bridge. Numerous tokens worth $100,000,000  were taken from the network on June 23, 2022.

North Korean cybercriminals were actively shifting a portion of Harmony's Horizon bridge funds during the last weekend as the price of bitcoin approached $24,000. While several cryptocurrency exchanges instantly froze certain cash, Binance CEO Changpeng Zhao (CZ) claimed that some exchanges are not helpful in fighting crime, which made it easier to convert ETH to BTC.

According to reports, the APT38 was able to convert some of the $27 million in Ethers to Bitcoin and withdraw the money from exchanges. The Lazurus group has reportedly been shifting laundered money to a number of addresses in order to mask their true identity through multiple layers.

With the use of its Horizon Bridge, Harmony can transmit data to and from the Ethereum network, Binance Chain, and Bitcoin. On June 23, a number of tokens from the network valued at roughly $100 million were taken.

After the exploit, the Tornado Cash mixer processed 85,700 Ether, which was then deposited at various addresses. The hackers began transferring about $60 million of the stolen money via the Ethereum-based anonymity protocol RAILGUN on January 13. 350 addresses have been linked to the attack through numerous exchanges in an effort to escape detection, according to research by the cryptocurrency tracking tool MistTrack.

Cryptocurrency exchanges like Binance and Huobi have alerted authorities about stolen Harmony's Horizon Bridge funds by freezing them. This demonstrates how DeFi platforms and centralized exchanges are dependent on one another.





Lazarus Moves More than $60 Million from Harmony Bridge Hack


North Korean state-owned threat actors Lazarus Group has stolen around 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huobi and OKX. While Binance and Huobi both froze the funds, Binance declared that an asset of 124 BTC was also recovered in the process. 

According to internet sleuth ZachXBT, the funds were stolen from the Harmony blockchain bridge hack from last year, which led to a whopping $100 million crypto compromise. Apparently, the same hacker group utilized Tornado Cash, a now banned crypto mixer that conceals names of people involved in the transaction, in order to carry out the attack. 

As per the analysis, conducted by token movements, the ETH was routed through the anonymity system Railgun before being collected in wallets and sent to three significant crypto exchanges, possibly to be exchanged for fiat currency. 

“A very busy weekend” for Lazarus Group 

ZachXBT shared details of this week’s token movements on Twitter, claiming Lazarus Group has had “a very busy weekend” moving funds. 

In the follow-tweets, ZachXBT also linked to the website Chainabuse.com where he shared a list of approximately 350,000 unique wallet addresses that were involved in the Friday’s operation. 

Binance’s Say on the Issue 

On Monday, Binanace CEO Changpeng Zhao, better known as CZ too, commented on the situation. CZ claims that the hackers used Huobi, a competing exchange, rather than Binance this time as one of their exchanges. The hacker's accounts were subsequently frozen with Binance's assistance, he says. 

CZ also disclosed that 124 BTC ($2.6m) had been seized from the hackers, indicating at least some of their ETH has been converted to BTC. 

“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered,” he wrote. 

Although, Huobi did not comment on the matter other than retweeting an article claiming that the exchange had frozen accounts containing money connected to the hack. 

According to a report from South Korea's National Intelligence Service from December of last year, North Korean hackers have stolen more than $1 billion in digital assets since 2017. 

Moreover, the report claims that around $626 million, or more than half of that estimated tally, was taken in 2022. It also stated that it is suspected that the North Korean government uses the money obtained from the theft to advance Pyongyang’s nuclear weapons program.  

DEA Tracks Down Drug Cartels with Binance

 

Due to the anonymity provided by cryptocurrencies, they allow cartels a perfect means to transfer funds across continents in a relatively safe manner. To identify individuals, it is necessary to analyze the chain of command. 

As a result of its widespread use by threat actors to wash funds from crypto markets, Tornado Cash has been sanctioned by the US Treasury for being used as a crypto mixing tool. Following the sanctions, threat actors are no longer able to operate through their usual routes, including through centralized exchanges. 

Drug cartels are under attack by the DEA


Forbes published an article about the gang that indicated that it operated in several countries, including the United States, Europe, Mexico, and Australia. Based on the DEA's report, it appears that the cartel was channeling as much as $40 million of illicit proceeds through the exchange.

Using Localbitcoins, informants were able to interact with perpetrators trading crypto for fiat in 2020, which led to investigations into the crime and communication with authorities. 

To ensure trust between trading parties, Localbitcoins uses an escrow service to ensure both parties are given a fair chance to make a transaction. Carlos Fong Echavarria, a Mexican citizen responsible for the theft, assured them the money came from family restaurants and cattle ranches. 

In the aftermath of Echavvaria's capture, he pleaded guilty to charges of drug possession and money laundering. As the matter awaited sentencing, a blockchain address was tracked by the DEA. According to one of them, there is still money being laundered.  One of the latest perpetrators recently bought $42 million in crypto and sold $38 million in crypto. Some of these funds are believed to be linked to the trafficking of drugs, according to authorities. 

The Binance versus the money laundering issue


During the most recent attack, BNBc tokens worth trillions of dollars were obtained via an exploit of the ANKR protocol. BNP and BUSD were exchanged for some of the proceeds, then transferred to the exchange. As a result of the incident, the Exchange reacted by freezing the associated accounts. The company ANKR has determined that the perpetrator of the crime was a former employee of their own company. There was a data breach earlier this month by Lazarus Group, a North Korean cybercrime group. This breach may have led to a loss of more than $540 million from the Ronin Axie Infinity ecosystem. 

It appears that Lazarus also moved the stolen funds to Tornado Cash and several other exchanges. Through a collaborative effort, Chainalysis, law enforcement authorities, and the leading cryptocurrency exchange reverse-engineered the transaction trail. They also froze about $5.8 million in crypto assets linked to this crime as a result of this discovery. 

Following a collaboration between Russian law enforcement and the exchange, Hydra, a darknet marketplace for Russians on the internet, has been shut down. According to earlier reports in the media, it had been reported that Hydra had received funding from the exchange. In its statement, Binance stated that law enforcement would not have been able to capture the criminals behind the Hydra case if it weren't for cryptocurrency. 

A report by Binance indicated that the company had spent tens of millions of dollars hiring sophisticated cybersecurity specialists from across the globe. More than 120 security and industry experts comprise the team. These experts include former members of the IRS, FBI, the US secret service, Europol, and police agencies in the U.K., Europe, Asia, and Latin America. In addition, former members of the US secret service. 

Throughout the history of cryptocurrencies, critics have portrayed them in a bad light. This is because they view them as a disruptive technology that will revolutionize global finance, as well as global crime. 

To ensure that the industry is under the control of the authorities, strict regulations have been published. 

Binance has proved that blockchain is a valuable tool to use in the fight against cyber law-breaking, as evidenced by its success in this field. Several industrial applications have been demonstrated using the technology, including preventing forgery and enhancing procurement processes.  

There is no anonymity in crypto, centralized exchanges may be able to identify the owners of the addresses. As a user or individual with a majority stake in a blockchain ecosystem and a much-acclaimed proof-of-stake coin, one can rely on their power to lock out funds on the blockchain and ultimately lock users out of their funds.   

FTX: Failed Crypto Exchange Could Owe More Than 1 Million Creditors


Following the collapse of the crypto exchange FTX, and its associated businesses, it could owe money to more than a million people and organizations, according to the bankruptcy filings. The documents filed in bankruptcy court demonstrated the extent of a corporate collapse that has stripped traders’ accounts, plunging the crypto sector into crises. 

The investigations for bankruptcy commenced last week when FTX experienced an $8 billion shortfall due to a run-on deposit. Consequently, this led to the company which was once regarded as one of the safest and most reliable institutions of the freewheeling crypto industry crumbling overnight. 

The exchange’s founder Sam Bankman-Fried reportedly transferred $10 billion of customer funds from FTX to his trading company ‘Alameda Research.’ A large amount of that total fund has since disappeared. The total amount is said to be between $1-2 billion. 

The financial hole later came to light in records shared by Bankman-Fried with other senior executives last Sunday. The records provided a real-time account of the situation, some sources said. 

The company’s sudden downfall due to the run-on deposits last week left FTX unable to fulfill its customers' demands. Consequently, Bankman-Fried struck a rescue deal to sell his firm to its largest rival exchange, Binance. 

After a lengthy online skirmish between Bankman-Fried and Changpeng Zhao, CEO of Binance, a review stating FTX’s finances revealed various problems, posing as a deal breaker and Binance pulled out of the deal. Bankman-Fried attempted to secure new financing but was unable to, and later declared bankruptcy. The Justice Department and SEC are currently looking into his management of FTX. They are apparently focusing on whether FTX inappropriately transferred customer funds to Alameda Research.  

In regards to the case, Associate Professor in Finance Technology at the University of Liverpool, Gavin Brown referred to a recent report that suggested “42% of the exchanges which failed simply disappeared without traces.” 

According to Prof Brown “In the event of exchange failure, or even bankruptcy, it is the investors who are on the hook for losses” He, along with other industry experts warned that often smaller investors often end up back of the queue, after the remains of a crypto business are divided among themselves. They doubt much money will be coming back. 

"The unfortunate news is that the money's all gone. It's just not there anymore. Investors should expect pennies on the dollar," says crypto blogger and author David Gerard.   

FTX Filed for Bankruptcy Protection in US

Facing the digital equivalent of a banking collapse, the financially troubled cryptocurrency exchange FTX filed for US bankruptcy protection on Friday.

Bitcoin fell to a two-year low this week after a week of reports regarding the platform's financial difficulties, and by Friday night, the price of the cryptocurrency was trading at $16,861 (€16,256).

The company revealed that Sam Bankman-Fried, its former CEO, has also left after a remarkable turn of events at the second-largest cryptocurrency exchange in the world. His FTX empire crumbled in a little more than a week, shattering trust in the already unstable cryptocurrency market.

Coindesk and customer reports on social media claim that the unstable platform has finally permitted some users to withdraw money for the first time in days.

Summary of FXT company

According to a tweet from the company, FTX, Alameda Research, a cryptocurrency trading company that is linked with it, and roughly 130 of its other businesses have started voluntary Chapter 11 bankruptcy procedures in Delaware. In the US, a firm can use Chapter 11 to reorganize its debts while still operating under court supervision.

FTX Trading claimed in its bankruptcy filing that the firm has assets worth between $10 billion and $50 billion, liabilities between $10 billion and $50 billion, and more than 100,000 creditors.

Customers left FTX earlier this week because of concern about a lack of capital, leading to an agreement to sell the company to larger rival Binance.

Kingston student Thomas, 22, who has been a customer of FTX for over a year, calls it a 'hub for crypto.'For the £2,000 he claimed to have on the exchange, which he calls a 'fairly large amount of money,' he claims he was able to submit a withdrawal request.

However, he is worried about the number of requests being made by FTX consumers and is unsure if all of them will be fulfilled as the business struggles.

The cryptocurrency community had hoped that Binance, the biggest cryptocurrency exchange in the world, could be able to save FTX and its depositors.

After reviewing FTX's financial records, Binance came to the conclusion that the issues facing the smaller exchange were insurmountable, and it withdrew from the agreement. A business that was once the pride of the cryptocurrency market had a dramatic fall in popularity.

In January, FTX collected $400 million from investors, valuing the business at $32 billion.






Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.

DoorDash Data Breach Linked with Twilio Hackers

A data breach that exposed customer and staff information and was tied to the recent cyberattack on Twilio has been disclosed by the food delivery service DoorDash. 

According to DoorDash, hackers misused a vendor's access to its networks. By abusing DoorDash's internal tools, the hacker was able to access the data of a small fraction of people. 

Customers' names, email addresses, delivery addresses, and phone numbers are among the compromised data. In certain instances, basic order information and partial payment card information were also made public.

The attacker gained access to the name, phone number, or email address of Dashers—those who make deliveries. It's worth noting that an earlier data breach at DoorDash in 2019 resulted in the exposure of information on roughly 5 million consumers.

As per the spokesperson of DoorDash Justin Crowley, the unnamed third-party vendor provides services that require limited access to specific internal tools, but the vendor hack is connected to the phishing attempt that affected SMS and messaging giant Twilio on August 4.

Researchers connected these attacks to a larger phishing campaign carried out by the same hacker group known as "0ktapus," which since March has stolen nearly 10,000 employee login credentials from at least 130 businesses, including Twilio, internet companies, and outsourced customer service providers.

Twilio revealed this month that they were compromised after many employees fell for an SMS phishing scam that gave threat actors access to their internal systems. Hackers might access the data of 163 Twilio users with this access, and they could utilize that data in additional supply-chain assaults.

According to an updated Twilio security advisory, "so far, our research has identified 163 Twilio customers - out of a total customer base of over 270,000 - whose data was accessed without authorization for a limited period of time, and we have notified all of them."

Coinbase, KuCoin, Binance, Microsoft, Telus, Verizon Wireless, T-Mobile, AT&T, Sprint, Rogers, Mailgun, Slack, Box, SendGrid, Yahoo, Sykes, BestBuy, and Infosys are among the other organizations that have been attacked. None of these businesses, however, have stated if the attacks were effective.

Android Trojans are After Financial Apps With Over a Billion Downloads

 

The exploitation of financial apps by trojans has become prevalent, according to a report by Zimperium, a mobile security firm. Trojans are a type of malware that infects users' devices by posing as legitimate and trustworthy programs. The researchers looked at ten separate trojans that are currently active in the open and discovered that they target 639 financial Android apps when combined. 

Once they've infected a device, they leverage Accessibility services to take actions as the user, overlaying login pages on top of authentic banking and finance apps to steal login details, monitoring notifications to capture OTPs, and even carrying out on-device financial fraud. This is particularly concerning because, according to 2021 studies, three out of four Americans use banking applications to conduct their regular financial activities, offering a large target pool for these trojans.

The Google Play Store has slightly over 1 billion downloads of these mobile banking, investment, payment, and cryptocurrency apps combined. PhonePe, which is immensely popular in India and has 100 million downloads on the Play Store, is the targeted application with the most downloads. 

The popular bitcoin exchange software Binance has received 50 million downloads. Cash App is a mobile payment service that is available in the United States and the United Kingdom, with 50 million downloads on Google Play. Even though they don't provide traditional financial services, some banking Trojans target both of these. BBVA, a worldwide online banking platform with tens of millions of downloads, is the most widely marketed application. Seven of the ten most active banking trojans have been found to target this app. 

Additional trojans which were active during the first half of 2021 include the following: 

  • BianLian is a malware that targets Binance, BBVA, and several Turkish apps.
  • Cabassous is after clients from Barclays, CommBank, Halifax, Lloys, and Santander. 
  • Coper may take over accounts from BBVA, Caixa Bank, CommBank, and Santander. 
  • Barclays, Intensa, BancoPosta, and a slew of other Italian apps are among the targets of EventBot. This one uses Microsoft Word or Adobe Flash to hide its true identity. 
  • PayPal, Binance, Cash App, Barclays, BBVA, and CaixaBank may all be affected by the aforementioned Exobot. 
  • FluBot affected BBVA, Caixa, Santander, and several other Spanish apps. 
  • Medusa was a banking app that targeted BBVA, CaixaBank, Ziraat, and Turkish banks. 
  • Binance, BBVA, and Coinbase were all hit by Sharkbot. 
  • PhonePe, Binance, Barclays, Crypto.com, Postepay, Bank of America, Capital One, Citi Mobile, and Coinbase are among the companies targeted by Teabot. 
  • BBVA and a slew of other EU-specific bank apps are among those targeted by Xenomorph. 
The method utilized by these trojans would be that they each have a small target scope and different types of functionality for diverse goals. Because these trojans are concealed among programs available on Android's official app store, users should be cautious and avoid downloading apps from untrustworthy sources. One may take it a step further by using a provider like ExpressVPN.

Users' Crypto Wallets are Stolen by Fake Binance NFT Mystery Box Bots

 

Researchers have discovered a new campaign to disperse the RedLine Stealer — a low-cost password seeker sold on underground forums — by mutating oneself with the data malware from GitHub repositories using a fake Binance NFT mystery box bots, an array of YouTube videos that take advantage of global interest in NFTs. 

The enticement is the promise of a bot that will automatically purchase Binance NFT Mystery Boxes as they become available. Binance mystery boxes are collections of non-fungible token (NFT) things for users to purchase in the hopes of receiving a one-of-a-kind or uncommon item at a discounted price. Some of the NFTs obtained in such boxes can be used in online blockchain games to add unusual cosmetics or identities. However, the bot is a hoax. According to Gustavo Palazolo, a malware analyst at Netskope Threat Labs, the video descriptions on the YouTube pages encourage victims to accidentally download RedLine Stealer from a GitHub link. 

In the NFT market, mystery boxes are popular because they provide individuals with the thrill of the unknown as well as the possibility of a large payout if they win a rare NFT. However, marketplaces such as Binance sell them in limited quantities, making some crates difficult to obtain before they sell out. 

"We found in this attempt that the attacker is also exploiting GitHub in the threat flow, to host the payloads," Palazolo said. "RedLine Stealer was already known for manipulating YouTube videos to proliferate through false themes," Palazolo said. The advertising was spotted by Netskope in April. "While RedLine Stealer is a low-cost malware, it has several capabilities that might do considerable harm to its victims, including the loss of sensitive data," Palazolo said. This is why prospective buyers frequently use "bots" to obtain them, and it is exactly this big trend that threat actors are attempting to exploit. 

The Ads were uploaded during March and April 2022, and each one includes a link to a GitHub repository that purports to host the bot but instead distributes RedLine. "BinanceNFT.bot v1.3.zip" is the name of the dropped file, which contains a program of a similar name, which is the cargo, a Visual C++ installation, and a README.txt file. Because RedLine is written in.NET, it demands the VC redistributable setup file to run, whereas the prose file contains the victim's installation instructions.

If the infected machine is found in any of the following countries, the virus does not run, according to Palazolo: Armenia, Azerbaijan,  Belarus,  Kazakhstan,  Kyrgyzstan,  Moldova,  Russia,  Tajikistan Ukraine, and Uzbekistan.

The repository's GitHub account, "NFTSupp," began work in March 2022, according to Palazolo. The same source also contains 15 zipped files including five different RedLine Stealer loaders. "While each of the five loaders we looked at is slightly different, they all unzip and inject RedLine Stealer in the same fashion, as we discussed earlier in this report. The oldest sample we identified was most likely created on March 11, 2022, and the newest sample was most likely compiled on April 7, 2022," he said. These promotions, on the other hand, use rebrand.ly URLs that lead to MediaFire downloads. This operation is also spreading password-stealing trojans, according to VirusTotal. 

RedLine is now available for $100 per month on a subscription basis to independent operators, and it allows for the theft of login passwords and cookies from browsers, content from chat apps, VPN keys, and cryptocurrency wallets. Keep in mind that the validity of platforms like YouTube and GitHub doesn't really inherently imply content reliability, as these sites' upload checks and moderation systems are inadequate.

Financier Diakonov Called Russia the Future Cryptocurrency Center of the World

 

Mr. Diakonov predicted the future of cryptocurrency and called it a possible alternative to traditional money. "Time will tell how it will be built into the system of international payments and trade," he said.
The financier also stated that Russia can become a cryptocurrency world center since it has the necessary knowledge, capabilities and technologies to create this product. However, it is difficult to guess when this scenario will come to life,since the concepts of cryptocurrencies proposed by the Ministry of Finance and the Central Bank do not reflect the current situation. 

"If the task is to transfer part of the international settlements into the "new currency," in case this instrument will acquire the scale, then sanctions measures from the West may affect it as well. And we may see the next prohibitive measures of an international nature," he explained. 

According to Mr. Diakonov, China, as Russia's largest business partner, is not yet ready to switch to cryptocurrency trading. However, he suggested that the country would start using the digital yuan. "Here we see great prospects for creating new synthetic products that will become a growth point for the economy," he concluded. 

Earlier, the founder and CEO of the world's largest cryptocurrency exchange Binance, Changpeng Zhao, said that next year there will be more transparency in the regulation of crypto-assets, and this is a positive signal for the market. In addition, there will be new options for their use. But the crypto market moves cyclically, and an upturn is followed by a downturn. Whether it happens next year or later is hard to predict. Asset volatility will continue regardless of who comes to the market. "Our personal goal for next year is to get as many licenses around the world as we can; we expect to get 10 to 20 more licenses next year." 

In addition, there will be new ways to use them. But the crypto market moves cyclically, and a period of recovery is followed by a recession – it will happen next year or later, it is difficult to predict. Asset volatility will continue regardless of who comes to the market. "Our personal goal for next year is to get as many licenses around the world as possible. We expect to get another 10-20 licenses next year." 

Earlier, the Ministry of Finance submitted to the government a bill on the legalization of cryptocurrencies. According to the document, Russians will have the right to legally invest up to 600 thousand rubles ($7,600) in cryptocurrency annually. However, this will require special testing.

Binance to assist Ukraine in regulating the crypto currency industry


The largest cryptocurrency exchange Binance intends to help Ukraine in developing methods for regulation the cryptocurrency industry. This means that the company's specialists see great potential for the development of the crypto industry in Ukraine.

The company said that they signed a Memorandum of understanding with the Ministry of Digital Transformation of Ukraine. The Ukrainian government said that such cooperation will significantly improve the legal status of cryptocurrencies in the country. It is expected that the platform will begin work in the country before the end of the year.

As part of the partnership, Binance, together with the Ministry of Digital Transformation of Ukraine, intend to create a working group that will discuss further plans for the regulation of the crypto industry and the formation of the digital market in Ukraine.

Moreover, Binance will develop effective mechanisms designed to transfer rights to various virtual assets through a distributed network, as well as create favourable conditions for investment and business activities.

Changpeng Zhao is confident that the legal status of cryptocurrencies will improve the Ukrainian economy, as well as create the basis for additional investments.

The Minister of Digital Transformation of Ukraine, Mikhail Fedorov, is confident that cooperation with the largest cryptocurrency exchange will open the opportunity for transparent work with companies in this industry and create a comfortable environment for them.

He also believes that the entry of Binance into Ukraine will be a strong driver for the crypto-system and the legalisation of cryptocurrencies.

"This is an additional hundred of millions of taxes that our state will receive. For fans of cryptocurrency and those who work in this direction, this is a very big signal that Ukraine has appeared on the world map of cryptocurrencies," said the head of the Ministry of Digital.

“We are pleased that Binance has become interested in neighbouring countries. We hope that they will reach Russia as well,” commented Denis Onatsik, director of Deecrypto Store & Club.

However, in Russia, the regulation of the cryptocurrency market is regularly postponed due to disagreements among the members of the working group and the tough position of the Central Bank, which is categorically against the legalization of cryptocurrencies on open platforms.

An interesting fact is that in the spring of 2019, Binance suffered from a hacker attack, they stole $41 million in bitcoins.

Cryptocurrency exchanges losses $40 million to hackers




A cryptocurrency exchange Binance reported a ‘’large scale’’ data breach in which hackers managed to steal 7,000 bitcoins worth of about $40 million.

The company said that hackers used various techniques including phishing, viruses and other attacks to obtain large numbers of user API keys, 2FA codes and other info. 

“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” said Binance’s CEO, Changing Zhao.

According to the initial investigation, the hacker attacked through multiple seemingly independent accounts at the most opportune time. 

The company has halted all the withdrawals immediately after the reports of hack. 

In a public statement released by the company,  they admitted that, ’’the transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system.’’

They further added that they need to conduct a thorough security review, and it would include all parts of our systems and data, which might take one week. 

However, till the whole time, deposits and withdrawals will ‘’REMAIN SUSPENDED’’.