Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Crime. Show all posts

North Korean Hacking Outfit Lazarus Siphons $1.2M of Bitcoin From Coin Mixer

 

Lazarus Group, a notorious hacker group from North Korea, reportedly moved almost $1.2 million worth of Bitcoin (BTC) from a coin mixer to a holding wallet. This move, which is the largest transaction they have made in the last month, has blockchain analysts and cybersecurity experts talking. 

Details of recent transactions

Two transactions totaling 27.371 BTC were made to the Lazarus Group's wallet, according to blockchain analysis firm Arkham. 3.34 BTC were subsequently moved to a separate wallet that the group had previously used. The identity of the coin mixer involved in these transactions remains unknown. Coin mixers are used to conceal the trail of cryptocurrency transactions, making it difficult to track down the ownership and flow of funds.

The Lazarus Group's latest effort adds to its long history of sophisticated cyber crimes, notably involving cryptocurrency. The US Treasury Department has linked them to a $600 million bitcoin theft from the Ronin bridge, which is linked to Axie Infinity, a famous online game. 

Growing cryptocurrency reservoir

According to Arkham, the Lazarus Group's combined wallet holdings are currently worth approximately $79 million. This includes around $73 million in Bitcoin and $3.4 million in Ether. This huge wealth accumulation through illicit techniques exemplifies the group's persistent and expanding cryptocurrency operations.

Furthermore, a recent TRM Labs study discovered that North Korean-affiliated hackers, notably the Lazarus Group, were responsible for one-third of all cryptocurrency attacks and thefts in 2023. These operations apparently earned them roughly $600 million. 

Cyber attack patterns  

Multiple cybersecurity firms have carried out investigations into the Lazarus Group's operational tactics. Taylor Monahan, a Metamask developer, stated that the latest Orbit assault, which resulted in a loss of $81 million, was similar to prior Lazarus Group operations. Such patterns provide significant insights into their strategies and can assist in the development of more effective defensive measures for future attacks.

Over the last three years, the cybersecurity firm Recorded Future has attributed more than $3 billion in cryptocurrency breaches and vulnerabilities to the Lazarus Group. Their consistent and effective execution of high-profile cyber thefts highlights the advanced nature of their skills, as well as the challenges encountered in combatting such attacks.

"Pink Drainer" Siphons $4.4 Million Chainlink Through Phishing

 

Pink Drainer, the infamous crypto-hacking outfit, has been accused in a highly sophisticated phishing scheme that resulted in the theft of $4.4 million in Chainlink (LINK) tokens. 

This recent cyber crime targeted a single victim who was duped into signing a transaction linked with the 'Increase Approval' feature. 

Pink Drainer exploits 'Increase Approval' function 

The 'Increase Approval' function is a regular method in the cryptocurrency world, allowing users to limit the number of tokens that can be transferred by another wallet. This activity facilitated the illegal transfer of 275,700 LINK tokens in two separate transactions without the victim's knowledge. 

According to Scam Sniffer, a crypto-security website, the tokens were drained in two separate transfers. Initially, 68,925 LINK tokens were routed to a wallet identified by Etherscan as "PinkDrainer: Wallet 2." The remaining 206,775 LINK were sent to a separate address that ended as "E70e." 

ZachXBT, a well-known crypto detective, also revealed that the stolen funds were soon transferred into Ethereum (ETH) and laundered through the eXch service, complicating asset tracking.

Scam Sniffer's investigation verifies the Pink Drainer group's involvement in this theft, although the specific technique employed to trick the victim into allowing the token transfer is unclear.

Scam Sniffer has also discovered at least ten additional scam sites linked to Pink Drainer in the previous 24 hours.

The Pink Drainer syndicate has been linked to incidents involving Evomos, Pika Protocol, and Orbiter Finance. It is also known for high-profile attacks on platforms such as Twitter and Discord. They were also accused earlier this year in a fraud posing as crypto journalists, which resulted in the theft of nearly $3 million from over 1,932 victims. 

According to Dune Analytics' most recent statistics, Pink Drainer's operations have intensified. As of December 19, the total losses suffered by the group amounted to $18.7 million, impacting 9,068 victims.

Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly

 

As the use of cryptocurrency grows, more criminals are likely to start using it to raise, move, and conceal money outside of the established banking system, according to Canada's financial intelligence agency. 

In a report published on Monday, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) stated that ransomware attacks and the concealment and cleaning of fraudulent profits are the most frequent types of criminal activity involving cryptocurrencies. 

Fintrac expanded its strategic intelligence programme to increase its knowledge and comprehension of the risks and vulnerabilities related to virtual currencies by building on the funding it had received in the previous two years' budgets. 

“Fintrac continues to operate in a challenging environment with new and evolving technologies and financial products, rapidly shifting global financial systems and geopolitical events constantly shaping our work,” agency director Sarah Paquet stated in the report. 

Every year, the agency sifts through millions of pieces of data from insurance firms, banks, money services enterprises, securities dealers, real-estate brokers, casinos, and others to track down money linked to illegal activities. It then actively shares details on suspected cases with police and other law enforcement agencies. 

Businesses that exchange foreign currencies, transfer money, cash, or buy or sell money orders or traveler's cheques, or deal in virtual currency must first register with Fintrac before offering these services to the general public. 

According to the report, the continued use of unregistered money services businesses creates challenges for those attempting to discover money laundering and terrorist financing via traditional financial channels. 

“Suspicious transactions reported to Fintrac have highlighted the significant role of third-party intermediaries, such as professional money launderers and money mules, in facilitating underground banking and the laundering of criminal proceeds,” the report further reads. 

While the majority of illicit cryptocurrency transactions involve the laundering of criminal proceeds—a small proportion of total virtual transactions—Fintrac has observed that terrorist groups around the world are increasingly using virtual currencies to finance their operations. 

This trend is especially visible among those associated with ideologically driven violent extremism, who distrust regulated and centralised financial systems. There has also been an increase in loosely connected entities within expansive movements that transcend national boundaries in recent years, as well as the persistence of cross-border funding networks and online fundraising efforts. 

Additionally, the report discovered that there is a significant reliance on mixing services and high-risk exchanges for laundering cryptocurrency and converting ransoms back into cash.

Over $30 Billion Stolen from Crypto Sector, Reveals SlowMist's

A recent report by cybersecurity firm SlowMist has uncovered a shocking revelation regarding the vulnerability of the crypto sector. According to the report, blockchain hacks have resulted in the theft of over $30 billion from the cryptocurrency industry since 2012. This alarming figure highlights the pressing need for enhanced security measures within the blockchain ecosystem.

The report from SlowMist, a renowned cybersecurity company specializing in blockchain technology, brings to light the magnitude of the problem facing the crypto sector. The findings emphasize the urgent requirement for robust security protocols to safeguard digital assets and protect investors.

The report reveals that hackers have been successful in exploiting vulnerabilities across various blockchain networks, resulting in significant financial losses. SlowMist's research indicates that these attacks have been carried out through a range of methods, including exchange hacks, smart contract vulnerabilities, and fraudulent schemes.

One of the primary areas of concern is the vulnerability of cryptocurrency exchanges. These platforms serve as a vital link between users and their digital assets, making them lucrative targets for hackers. SlowMist's report highlights the need for exchanges to prioritize security measures and implement robust systems to safeguard user funds.

The rise in smart contract-based attacks has also been a cause for concern. Smart contracts, which automate and facilitate transactions on blockchain platforms, have been exploited by hackers who identify vulnerabilities within the code. This highlights the need for thorough security audits and ongoing monitoring of smart contracts to prevent potential breaches.

Industry experts emphasize the significance of preemptive actions to thwart these threats in response to the report's conclusions. Renowned blockchain security expert Jack Smith emphasizes the value of ongoing surveillance and quick response mechanisms. According to him, "It is crucial for crypto companies to prioritize security and adopt a proactive approach to identify and mitigate vulnerabilities before hackers exploit them."

The report also highlights the demand for a greater user understanding of cryptocurrencies. If consumers don't employ prudence when transacting with and holding their digital assets, even the most comprehensive security measures won't be enough. By educating people about best practices, like as using hardware wallets and turning on two-factor authentication, the danger of being a victim of hacking efforts can be greatly decreased.

The cryptocurrency industry has grown rapidly in recent years, drawing both investors and bad actors looking to take advantage of its weaknesses. The SlowMist report is a wake-up call, highlighting the critical need for better security procedures to protect the billions of dollars invested in the sector.

The adoption of more robust security measures must continue to be a primary focus as the blockchain sector develops. The report's conclusions underscore that everyone is accountable for building a secure ecosystem that promotes trust and protects against possible dangers, including blockchain developers, cryptocurrency exchanges, and individual users.



Evaluation by Chainalysis Declare 2022 to be "The Year of Crypto Thefts"

 

A recent Chainalysis analysis stated that ransomware and fraud increased cryptocurrency theft last year. "The 2023 Crypto Crime Report" was published by Chainalysis. The paper also discussed the reasons why 2022 established records for cryptocurrency hacking and the effects of sanctions against Hydra, Tornado Cash, and other companies on cryptocurrency crime. In addition, case studies on the greatest hacks, darknet markets, and ransomware variants of the year were included in the paper. 

Rise in crypto crime

Chainalysis is a well-known blockchain data platform that serves more than 70 nations' worth of exchanges, financial institutions, insurance organisations, and cybersecurity firms with data, software, services, and research.

The 2022 instability on the cryptocurrency markets was addressed in the 2023 crypto crime report. The paper also highlighted the most recent methods used by fraudsters for laundering money using cryptocurrencies. 

For cryptocurrency criminals, 2017 was a good year. Over $3.8 billion, more than any other year, was stolen from various services and processes, with $775.7 million of that total occurring in just one month, according to Chainalysis. The research also claims that fraudsters' and ransomware hackers' overall revenue decreased.

As stated in the papers, DeFi methods accounted for 82.1% of the stolen money. "In particular, cross-chain bridges, which are protocols that let users exchange assets between two separate blockchains."

"Bridges are an enticing target for hackers as the smart contracts in effect become massive, centralised warehouses of monies backing the assets that have been crossed to the new chain – a more desirable honeypot could barely be imagined," the paper states. 

Oracle manipulation, according to Chainalysis, is a growing trend in DeFi hacks. This is when an attacker subverts the mechanisms used by a decentralised protocol to determine the price of traded assets and establishes favourable conditions for quick and extremely profitable trades.

DeFi protocols lost $386.2 million in 2022 as a result of 41 different oracle manipulation attacks. A case in point is the Mango Markets exploit, which led to the arrest of the suspected attacker, Avraham Eisenberg, who is now accused of manipulating commodities in a US court. 

The Lazarus squad of North Korean hackers surpassed their previous record in 2022, stealing $1.7 billion from numerous victims. The majority of that money was sent to decentralised exchanges and a number of mixers, including Tornado Cash, Blender(dot)io, and Sinbad after Blender was shut down

The Russian darknet marketplace Hydra, the exchange Garantex, the cryptocurrency mixers Blender(dot)io, and Tornado Cash were all sanctioned by the United States last year. However, not all of the money processed by these sanctioned services had criminal origins; according to the Chainalysis analysis, just 6.1% of the money Garantex received and 34% of the money received by Tornado Cash came from illegal sources. 

Sanctions, as stated by Chainalysis, significantly reduced the amount of money that could enter Tornado Cash, however, Garantex continued to operate as usual and reported an increase in receiving funds from recognised darknet and fraud sites.

Britain Government With Robust Crypto Regulation

The department of Britain’s finance ministry came with robust regulations for crypto assets, following the collapse of the crypto exchange FTX last year in which millions of people lost billions of dollars. 
However, regulation of crypto-assets could create a one-sized approach that could hinder innovation.

The treasury department published a consultation document today, to bring cryptocurrency-related activities under the ambit of governing traditional financial services. 

The ministers said that the new regulations will "mitigate the most significant risks of crypto assets while harnessing their advantages". As per the data from ministers, up to 10% of UK adults now own some form of crypto. 

The government is planning to use existing rules and regulations for the industry, rather than creating a whole new regime. The Treasury Department reported regarding the regulations that it will allow crypto to benefit from the "confidence, credibility and regulatory clarity" of the existing system for financial services, as set out in the UK's Financial Services and Markets Act 2000 (FSMA). 

Economic Secretary Andrew Griffith reported that the government remained "steadfast in our commitment to grow the economy and enable technological change and innovation - and this includes crypto-asset technology. But we must also protect consumers who are embracing this new technology - ensuring robust, transparent, and fair standards". 

The Treasury Department proposed in its consultation document the following: 

1. It will make laws and regulations on crypto-asset promotions which will be fair, clear, and not misleading. 

2. It will also enhance data-reporting requirements, including with regulators. 

3. Furthermore, it will implement new laws to stop so-called pump and dump, or lie and sell high where an individual artificially inflates the value of a crypto asset before selling it. 

Conservative MP Harriett Baldwin, who chairs the Treasury Committee, said, "truly Wild West behavior, valuable technological innovation happening that could benefit the UK economy". We are paying close attention to these plans and to the regulators' plans because we would not want our constituents to think cryptocurrencies are any less risky if they are regulated".

Is Bitcoin Actually Safe? Here’s All You Need to Know

 

Since its creation in 2009, Bitcoin, the first and best-known cryptocurrency in the world, has had many ups and downs. One bitcoin was essentially useless when it first started. 

In May 2010, Laszlo Hanyecz purchased two pizzas for around 10,000 bitcoins, marking the first bitcoin transaction for the purchase of tangible items (BTC). The cost of those pizzas would have been approximately $650 million USD at the highest recorded price of bitcoin, which was almost $65,000 USD per coin. 

However, this year Bitcoin witnessed a fall of roughly 60%. In the meanwhile, the absence of a regulatory framework led to an increase in crypto crimes. The Federal Trade Commission estimated that bitcoin fraud cost INR 27 billion in just the first three months of this year. 

Despite the cryptocurrency market's volatility, advocates of Bitcoin have consistently argued that it provides anonymity and security that traditional money cannot. That's not actually true, though. Contrary to popular belief, Bitcoin is not at all secure or private. Bitcoin privacy issues Bitcoin does include some privacy precautions that most fiat currencies do not, such as the ability to create addresses that are unrelated to a person's identity. But it's not at all private. Here are the primary three justifications. 

Transactions are openly disclosed 

The blockchain, a public ledger, contains a record of every Bitcoin transaction. This implies that every transaction is visible to everyone who has access to the blockchain and that anyone may see all the transactions connected to a specific Bitcoin address. A threat actor or law enforcement agency might track every transaction you ever made if they were able to connect your Bitcoin address to your identity. 

The Use of Third-Party Services Required 

Bitcoin is dependent on outside services. For instance, you must register with an exchange if you want to purchase Bitcoin. The vast majority of exchanges demand multiple forms of identity verification from users. Your name, email address, street address, and other details are all covered by this. Most will also require a photo of an ID issued by the government. 

Government surveillance 

Governments worldwide are warming up to the idea of regulating Bitcoin since it has long been favored by criminals of all sorts. However, surveillance also endangers privacy in addition to controlling it. Law enforcement organizations swiftly adjusted to this new reality and now employ blockchain analysis to identify Bitcoin users and track their transactions. Even if you don't mind a third-party service knowing your identity, consider what may happen if it experienced a data breach. 

How to Safeguard Your Bitcoin 

The safety of your Bitcoin largely depends on how you store it. Your choice of crypto wallet and the degree of encryption it employs are key factors in ensuring the security of your currencies. 

Ryan Burke, general manager at Invest at M1 asserts that convenience and security are not always mutually exclusive. 

Although less practical than hot wallets, he claims that offline "cold" wallets that are not connected to the internet are safe against attack. Cold wallets can also be stolen or destroyed. Burke warns that if you misplace your private key or lose a device or drive, you will have trouble. 

Because you can access your cryptocurrencies from everywhere there is an internet connection or phone service, hot wallets are more practical but also more prone to hacking. 

“A prudent strategy is to use a combination of hot and cold storage, with most assets being held in cold storage,” Burke added. 

Before registering for a wallet or service, experts advise reading the terms and conditions so that your bitcoin doesn't unintentionally become another victim of the crypto liquidity crisis. Investigate whether buying Bitcoin is a good fit for your financial portfolio, just like with any other investment. Be ready for highs and lows if you decide to purchase BTC as part of your investing plan.

Hackers Leaked Stolen Data of 5.7M Gemini Users

Gemini crypto exchange recently made an announcement this week that its customers have been victimized in a phishing campaign after a group of malicious actors collected their personal credentials by breaching a third-party vendor. 

The notification of the attack came to light after multiple posts on hacker forums observed by BleepingComputer offered to sell a database reportedly from the Gemini crypto exchange containing email addresses and phone numbers of 5.7 million customers. 

 “Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers...,” reads the advisory published by the crypto exchange. “…No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.” 

The Gemini security team released a short notice in which it described the attack but did not disclose the name of a third-party vendor who suffered an "incident" that allowed unauthorized access to malicious actors. Because of the breach, customers of the company received phishing emails. 

However, as per the analysis of the attack, it has been observed that the mission of the threat actors is unknown. In the short report, the company wrote that the account information and its systems are safe from the attack and that fund and customer accounts "remain secure." 

After the attack, the company came back online after seven hours due to scheduled maintenance. "The Gemini Spaceship will undergo scheduled Exchange maintenance on Thursday, December 15th from approximately 10:00 p.m. until Friday, December 16th at 12:30 a.m. ET, and all user interfaces and trading will be unavailable during that time”, a notice on the exchange's status page read. 

Gemini advised its customers to use strong authentication methods and two-factor authentication (2FA) and/ or the hardware security keys to protect their networks and systems.

International Summit Agrees Crack Down on Digital Tokens to Counter Ransomware

 

In recent years, hackers have repeatedly requested crypto as their primary currency for ransomware payments. 

Earlier this week, The White House's second International Counter Ransomware Initiative summit which included 36 nations led by the US agreed to improve ransomware prevention measures, specifically regarding the use of cryptocurrencies to finance ransomware operations. 

The summit was far more explicit on digital tokens than it was during its inaugural outing last year, as concerns continue to rise over the ease with which hackers are able to access the digital tokens. One of the primary issues identified by the Counter Ransomware Initiative (CRI) was the laundering of cryptocurrency. 

To counter money laundering and the financing of terrorism, the CRI group said its anti-crypto work will focus on sharing information regarding nefarious crypto wallets across agencies worldwide, run workshops to enhance blockchain tracing, and implement identity authentication for crypto transactions.

As a result of the summit, a number of nations agreed to the establishment of an International Counter Ransomware Task Force (ICRTF) that will initially be chaired by Australia and work "to coordinate resilience, disruption, and counter illicit finance activities." 

The Lithuanian Regional Cyber Defense Center (RCDC) will also begin playing host to a new "fusion cell" that will be utilized as a test case for a more extensive information-sharing program. 

Meanwhile, over the next year, the CRI will design a roadmap for the identification of primary targets and warn multiple law enforcement agencies, put together a toolkit for other organizations to use for the investigation of ransomware attacks, and design channels between private and public bodies to share ransomware information. 

Ransomware is becoming an increasingly popular modus operandi employed by cybercriminals to extort unwitting victims. According to data reported by banks to the U.S. Treasury Department, U.S. financial entities observed approximately $1.2 billion in costs associated with ransomware attacks in 2021, a nearly 200 percent surge compared to 2020. 

“We may approach the challenge of ransomware with a different lens — and in some cases, an entirely different set of tools — but we are all here because we know that ransomware remains a critical threat to victims across the globe and continues to be profitable for bad actors,” Deputy Secretary of the Treasury Wally Adeyemo stated. 

“In fact, we know that hackers around the world consider conducting ransomware attacks the most profitable scheme on the internet. More profitable even than selling illegal drugs via dark net markets and stealing and selling stolen credit cards.”

Spidark Stole Ed Sheeran’s Unreleased Songs, Sentenced To 18 Months In Prison

A 23-year-old hacker, named Adrian Kwiatkowski who allegedly stole two unreleased songs from English singer-songwriter Ed Sheeran and 12 songs from American rapper Lix Uzi Vert has been sentenced to 18 months in prison. 
 
The hacker is charged with hacking the artists’ cloud-based accounts, the stolen songs were then sold for cryptocurrencies. He allegedly generated a sum of $147,000 from these nefarious transactions. 
 
Kwiatkowski pleaded guilty to a total of 19 charges, including copyright infringement and possessing criminal property. The hacker was charged with three instances of unauthorized access to computer data, 14 of making an article that violates copyright available for sale, one of converting criminal property, and two of possession of the criminal property, as per a report by the CPS. 
 
A search in the hacker’s laptop also unveiled 565 audio files, seven devices storing 1,263 unreleased songs by 89 different music artists, including the unreleased songs from Ed Sheeran and Lix Uzi Vert. Additionally, the hacker also admitted to receiving bitcoins in return for the unreleased songs. 
 
“Kwiatkowski had complete disregard for the musicians’ creativity and hard work producing original songs and the subsequent loss of earning” says Joanne Jakymec from the CPS. “He selfishly stole their music to make money for himself by selling it on the dark web […] We will be pursuing ill-gotten gains from these proceeds of crime.” 
 
According to a press release, Kwiatkowski was arrested on October 21st, Friday at Ipswich Crown Court, England. The hacker has been operating under the mononym Spirdark, and his operations were allegedly reported by numerous music companies. 
 
In 2019, an investigation took place by the Manhattan District Attorney’s Office, after a few musicians reported of someone with the name Spirdark has hacked their accounts. The investigation then led to the convict’s identification as Kwiatkowski via his email address and IP address. Later that year, London police detained the hacker. Eventually, he pleaded guilty to the charges.

Missing Cryptoqueen: Leaked Police Files May Have Alerted the OneCoin Fraudster Ruja Ignatova

 

Best known as the “Missing CryptoQueen,” convicted fraudster Ruja Ignatova who was included on the most wanted list by the US Federal Bureau of Investigation (FBI) is assumed to be receiving the information of the investigation before her disappearance. 
 
The 42-year-old fraudster, based in Bulgaria is convicted of her suspected involvement in the $4 billion OneCoin cryptocurrency fraud. The details of the scam were uncovered in a BBC podcast ‘The Missing Cryptoqueen’ devoted to the infamous fraudster. 

The police documents related to the case were apparently shown in the podcast by Frank Schneider, a former spy and trusted adviser to Ignatova. Following the allegations, Schneider is now facing extradition to the US for his role in the OneCoin fraud. 

While the metadata on the files suggests that Ignatova acquired the said documents through her own contacts in Bulgaria, Schneider denies the claims of obtaining the documents himself, which he says were obtained on a USB memory stick by Ignatova. 
 
Ignatova disappeared on October 25th, 2017, after being made aware of the police investigation into her OneCoin cryptocurrency. Following this, in June 2022 she was included in the FBI's most wanted list.
 
In an interview with the BBC, Schneider informed about the police files containing presentations made at a Europol meeting named ‘Operation Satellite.’ The meeting was attended by officials from Dubai, Bulgaria, the UK, Germany, and the Netherlands along with the FBI, the US Department of Justice, and the New York District Attorney five months before the disappearance of Ignatova. 
 
The said documents contained details of US authorities having a “high-placed confidential informant”, bank accounts from OneCoin receiving investor funds, and failed attempts of the UK's City of London to interview Ignatova. 

On being asked about the aforementioned files, Schneider said "When the Bulgarians participated at certain Europol meetings, it only took hours for her to get a complete rundown and get the minutes of what was said in those meetings.” “I can only deduce that it came from the circles that she was in and the she had through a variety of influential personalities.”

Hacked Devices Generated $53 for Every $1 Cryptocurrency Through Crypto Jacking

 


The team of security researchers evaluated the financial impact of crypto miners affecting cloud servers. They stated that this costs cloud server victims about $53 for every $1 of cryptocurrency mined by threat actors through crypto-jacking. 

Cryptojacking refers to the illegal method of extracting cryptocurrency from unauthorized devices, including computers, smartphones, tablets, and even servers with an intent of making a profit. Its structure allows it to stay hidden from the victims. The malicious actors generate income through hijacking hardware, as the mining programs use the CPUs of hijacked devices.  

The mining of cryptocurrency through the hijacked devices was primarily an activity of financially motivated hacking groups, especially Team TNT. It was responsible for most of the large-scale attacks against vulnerable Doctors Hub, AWS, Redis, and Kubernetes deployments.  

The cyber attackers updated the OS image by distributing the network traffic across servers that contained XMRig. It is a CPU miner for a privacy-oriented hard-to-trace cryptocurrency that has recently been considered the most profitable CPU mining.   

As opposed to ransomware, software that blocks access to systems until the money is paid, and includes aggressive law enforcement, rouge crypto mining is less risky for the cyber attackers.  

The Sysdig researchers used "Chimaera", a large campaign of TeamTNT for estimating the financial damage caused by crypto miners. The research revealed that over 10,000 endpoints were disclosed to unauthorized persons. 

In order to hide the wallet address from the hijacked machines and make tracking even harder, the cyber-attackers used XMRig-Proxy but the analysts were still able to discover 10 wallet IDs used in the campaign. 

Later the researchers disclosed that the 10 wallets held a total of 39XMR, valuing $8,120. However, they also mentioned that the estimated cost to victims incurred from mining those 29 XMR is $429,000 or $11,000 per 1 XMR. 

Moreover, they explained that, according to their estimates, the amount does not include amounts that are stored in unknown older wallets, the damage suffered by the server owner as a result of hardware damage, the potential interruptions of online services caused by hogging processing power, or the strategic changes firms had to make to sustain excessive cloud bills as a result of hogging processing power.

Lazarus Group Responsible For $100M Crypto-Heist


Cyber security researchers have found Lazarus Group responsible for stealing $100m worth of crypto via Harmony's Horizon Bridge, a California-based company. Lazarus group is a popular North Korean state-sponsored hacking group that was also behind $620 million worth of crypto theft from the Ronin exchange in March. 

Following the incident, the Harmony cybersecurity team was warned of the attack last week by blockchain forensics company Elliptic that the institution has been attacked by a cross-chain bridge. 

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds,” Elliptic wrote. 

Additionally, Reuters reported that Chainalysis, a blockchain firm is also investigating with Harmony; it claims that the attack style is similar to previous attacks attributed to North Korea-linked actors.

“On Thursday, June 23, 2022, the Harmony Protocol team was notified of a malicious attack on our proprietary Horizon Ethereum Bridge. At 5:30 AM PST, multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge,” the company said in its blog. 

As the name suggests, Blockchain bridges allow users to transfer their crypto assets from one blockchain to another. The malicious actors stole $100 million in crypto assets, including Ethereum (ETH), Binance Coin, Tether, USD Coin, EOS, and Dai. 

Elliptic said that the hack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique that is popularly used by the suspected groups. 

“Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons referring to the Asia-Pacific region. Although Harmony is based in the US, many of the core team has links to the APAC region,” Elliptic added. 

Further, the report suggests that after two days of attack Harmony offered to pay a $1 million bounty to the group for the return of Horizon bridge funds. Also, researchers reported that they have found the offenders behind the $100 million hack.

AUSTRAC Publishes New Guidance on Ransomware and Crypto Crime

 

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released two new financial guides for businesses to detect and prevent criminal abuse of digital currencies and ransomware. 

Each guide provides practical recommendation to assist businesses detect if a payment is related to a ransomware assault, or if someone is exploiting digital currencies and blockchain technology to commit crimes such as tax evasion, terror financing, scams or money laundering. 

The guideline implored businesses to be on the lookout for users who tried to obfuscate the trail of their digital assets transactions by using mixers, privacy assets, and decentralized finance (DeFi) platforms suspiciously. 

Among the particular indicators, Austrac recommends being careful when figuring out if somebody is using digital currencies for terrorism financing, for example, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism centered boards, or when a buyer account receives a number of small deposits, that are instantly transferred to private wallets. 

In the meantime, some indicators of identifying when an individual is a sufferer of a ransomware assault, according to Austrac, include when a customer increases the limit on their account after which rapidly sends funds to a third party; following a preliminary giant digital currency transfer, a customer has little or no additional digital forex exercise; and when a newly onboarded customer desires to make a direct and huge buy of digital currency, followed by a direct withdrawal to an exterior digital currency address. 

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Austrac CEO Nicole Rose said in a statement. 

The guides have been released in response to the increase in cyber threats to Australia. In 2020-21, 500 ransomware attacks were reported, marking a 15% increase from the previous fiscal year, analysts at Austrac noted. 

Earlier this month, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online. The details included the driver's license, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders. 

IDCare initially discovered the breach in late January when it noticed a post for sale on a Chinese-speaking platform for $150, before it was eventually posted to be accessed without spending a dime on another online forum called Breached.

"This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us," IDCare said.