Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Currency. Show all posts

North Korean Hackers Attacking Crypto Industry, Billions at Risk

North Korean Hackers Attacking Crypto Industry, Billions at Risk

The United States Federal Bureau of Investigation (FBI) has recently highlighted a significant cybersecurity threat posed by North Korean cybercriminals targeting the web3 and cryptocurrency sectors. 

Why Hackers Target ETFs?

The cryptocurrency industry has witnessed tremendous growth, Ether and Bitcoin are game changers. The rise has led to financial instruments like ETFs (Exchange-traded funds) that allow investors access without owning them directly. But, with the increase of crypto technologies, security questions have also surfaced. 

The United States FBI recently warned about a major cybersecurity threat from North Korean hackers targeting cryptocurrency and web3 sectors. Billions of dollars go into these crypto ETFs, but investors shouldn’t be hasty to think their assets are secure. 

Lazarus Behind Attacks

Lazarus (a North Korean state-sponsored group) is no stranger to the cryptocurrency market and is allegedly responsible for various attacks against famous exchanges and blockchain protocols. Officials are concerned about hackers attacking crypto-backed ETFs by targeting the underlying assets. 

North Korean hackers are using advanced engineering methods to fool employees at decentralized finance (DeFi) and cryptocurrency firms. The hackers impersonate high-profile figures within an organization and or make specific scenarios based on the target’s position, business interests, or skills to get in their good books. 

“The actors may also impersonate recruiting firms or technology companies backed by professional websites designed to make the fake entities appear legitimate. Examples of fake North Korean websites can be found in affidavits to seize 17 North Korean domains, as announced by the Department of Justice in October 2023,” the FBI warned.

The FBI Warning

The FBI has warned against storing private cryptocurrency wallet data on web-connected devices as they may be victims of hacking attacks. If these requests come from unfamiliar sources, organizations should be careful when using non-standard software or applications on their network.

North Korean hackers have already stolen sensitive data from Bitcoin companies by using fake job ads. The FBI’s warning is a wake-up call for web3 and cryptocurrency firms to advance their cybersecurity systems and be careful against these rising attacks. 

“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting. If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust,” the FBI reports.

Ransomware Actors Extorted More Than $450 Million in First Half of 2024

 

In the first half of 2024, victims of ransomware have paid $459,800,000 to attackers; if ransom payments continue at this pace, this year might establish a new record. Ransomware payments hit a historic high of $1.1 billion last year, as Chainalysis had previously estimated based on data from the first half of the year, when ransomware activity raked in $449,100,000. 

Despite massive law enforcement operations that halted large ransomware-as-a-service operations, like LockBit, we are currently about 2% higher than the record-breaking trend from the same period in 2023.

The recent Chainalysis study claims that this growth is the result of ransomware gangs concentrating on collecting large payments by stealing customers' private data and inflicting costly disruptions to major organisations. 

"2024 is set to be the highest-grossing year yet for ransomware payments, due in no small part to strains carrying out fewer high-profile attacks, but collecting large payments," reads the Chainalysis report. "2024 has seen the largest ransomware payment ever recorded at approximately $75 million to the Dark Angels ransomware group.” 

It is unclear who paid the large $75 million ransom payment, but Zscaler, which identified it, claims it was made by a Fortune 50 company for an attack in early 2024. The typical ransom payment increased significantly from around $199,000 in early 2023 to $1,500,000 in June 2024, indicating that ransomware perpetrators target larger organisations. 

The median ransom payment increased significantly from around $199,000 in early 2023 to $1,500,000 in June 2024, indicating that ransomware perpetrators target larger organisations. According to Chainalysis, the number of confirmed ransomware attacks increased by 10% year on year in 2024, while the number of victims displayed on dark web extortion platforms increased similarly. 

In terms of how many victims succumb to the threat actors' blackmail and pay the ransom in exchange for a decryptor and a promise not to leak stolen data, Chainalysis reports that the positive trend continues, with fewer organisations falling victim to the extortion.

Chainalysis also estimates that the influx of stolen cryptocurrency has quadrupled year on year, rising from $857 million to $1.58 billion by the end of July 2024. The average value of bitcoin stolen each heist climbed by over 80%, with hackers focussing on centralised exchanges rather than decentralised finance (DeFi) protocols, which had been the target of most attacks in previous years. 

Despite these increases in absolute numbers, illegal on-chain activity decreased by 20% compared to 2023, illustrating that authentic cryptocurrency use is rising faster.

India's Largest Crypto Theft: INR 2,000 Crore Stolen from WazirX Exchange Wallet

 

In a shocking incident that marks India's largest crypto theft to date, nearly ₹2,000 crore (approximately $230 million) worth of cryptocurrencies were stolen from a wallet associated with the WazirX exchange last month. This massive theft has resulted in significant financial losses for thousands of people. WazirX quickly reported the theft to the central cybercrime portal, the Financial Intelligence Unit, and the Indian Computer Emergency Response Team. 

Additionally, a police case was filed in Delhi to address the situation. Two digital forensics firms, Pelorus Technology and Crystal Intelligence, provided insights into how such a large-scale theft could occur despite the wallets being secured with multi-level authentication. 

Crystal Intelligence, a blockchain intelligence firm, employs a security tool that monitors crypto transactions in real-time, helping trace the stolen funds. After WazirX shared the identity of the compromised wallet, cyber investigators worldwide used the Crystal tool to track the money trail. 

The investigation revealed that the theft had been planned since July 10, with around 200 transactions originating from the recipient's wallets on July 18. On the day of the robbery, the stolen cryptocurrencies were quickly converted into other forms of cryptocurrency and transferred in smaller amounts to multiple wallets linked to two different exchanges. Over just a few days, around 2,000 transactions were made. Between July 18 and 22, about 95% of the stolen funds were consolidated into three wallets that currently appear unlinked to any exchange. 

"When we started investigating, we saw a parallel story. First, the wallet was compromised and from there, the thief transferred 230 million dollars to his wallet. This was in different cryptocurrencies. At the same time, when we saw its back trail, a transaction was seen funding that wallet from Tornado Cash for a few days. The dates show he (thief) had been preparing from July 10," Sanjeev Shahi, Country Manager, Crystal Intelligence reported. 

Experts believe that the thief used a Tornado Cash wallet to pay the transaction fees required for crypto transfers, which helped them conceal their identity. Tornado Cash operates like a hawala, facilitating anonymous transfers and making it difficult to trace the stolen funds.  

Further, Shahi added that the malicious group can not use stolen funds. "Today, even though the funds are on the blockchain, he cannot use them. To use them, he has to come to the real world and convert it into fiat. As soon as he comes to the real world, his identity will be revealed."

Crypto Cautionary Tale: How a Man Lost $180,000 in a Scam

 


In Guelph Police's report, they warn people to be careful when investing online after a local man lost $180,000, much of it after failing to heed warnings from bank staff that he was being scammed by an online investment scammer. 

Police were notified of the fraudulent activity on Friday when a sixty-year-old man in Guelph contacted them to report the fraud, occurring since November when he responded to a fake online advertisement for a Bitcoin investment company. Since then, he has transferred over $34,000 through e-transfers and more than $151,000 by wire transfer. He reported last November a fraud involving a Bitcoin investment firm after responding to a fake ad he found on the internet claiming to be a Bitcoin investment firm. 

The man contacted police on Friday to report the fraud. He has already transferred over $34,000 through e-transfers and more than $151,000 through wire transfers since then. The man told police that staff at his bank told him he was being scammed but he did not believe them and still decided to go ahead and transfer the money. 

A resident of the city is advised to be cautious of any online contact and to investigate thoroughly before sending money to anyone, as he became suspicious when he was contacted and asked for another $60,000 to cover administrative costs. 

Cryptocurrency scams are very difficult to investigate and there is a very low likelihood that any lost funds will be recovered. Anyone who feels they may have been a victim of cybercrime or fraud should notify the local police of the incident. 

An advertisement appeared online that claimed to represent a Bitcoin investment company, which lured the victim in. His first transfer was over $34,000 via e-transfer, followed by a further $151,000 via wire transfer, based on promises that he would receive substantial returns. 

Despite the scammers' adeptness at deception, they continued to press for more, persuading him to send an additional $60,000 to cover purported administrative fees that he was supposed to pay. After this, scepticism set in, which prompted him to realize that he had fallen victim to a scam. Unfortunately, this occurrence is not an isolated case. 

Scammers like the Ranndex.com crypto scam take advantage of deep-fake technology and celebrity endorsements to give the appearance that they are legitimate, ensnaring unsuspecting victims. As knowledge is one of the strongest deterrents against fraud, people must be educated about these tactics. 

A good way to protect yourself from being scammed is to understand the common markers of scams. The story of the Guelph man is a powerful reminder of the dangers lurking in the shadows of a digital world that is constantly evolving. 

In light of this, it serves as a reminder to individuals that they should exercise caution, verify that investment opportunities are genuine, and most importantly, follow the advice of financial institutions that are committed to securing their assets against fraudulent practices. There is no denying that staying informed and prudent is crucial in this day and age, where opportunities and risks walk hand-in-hand.

Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed

 


Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a million customers and admin users of the company that are stored in MongoDB in the form of large chunks of document-oriented information. 

Several users of GokuMarket, the centralized crypto exchange owned by ByteX and operated by its staff, have had their records revealed thanks to an open instance, according to a Cybernews investigation. 

With offices in Canada, the European Economic Area, and India, ByteX is a licensed and regulated CeDeFi platform that offers its services in those countries. It is ByteX's goal to bridge the best of both worlds by providing a KYC-verified platform with a compliant DeFi architecture, thus enabling a smooth transition from traditional to crypto credit infrastructure by reinventing it with transparency. 

The Gokumarket cryptocurrency exchange, one of the world's leading crypto exchanges, recently suffered a massive data breach, resulting in the disclosure of sensitive information belonging to over a million users. This is quite a significant and alarming development. 

In light of this breach, significant concerns are raised regarding the security infrastructure of the platform and the potential implications of the breach on the affected users. As a result of GokuMarket's decision, which had around a million users, denying users the option to withdraw their funds in mid-2022, which was a disastrous year for the crypto markets at the time, the company almost went bankrupt. 

GokuMarket faced the harsh reality of insolvency and financial bankruptcy as a result of the crypto market crash that occurred in early 2018. To assist users in safeguarding and protecting their interests, ByteX provided alternative solutions that were in comparison to what ByteX had originally offered. 

There has been considerable turbulence in the market in the aftermath of the recent collapse of several giants, which has also affected the stability of GokuMarket. In acquiring the platform's custodial users, we are making a conscious decision to safeguard and protect both its assets and its users from further challenges. 

It has been discovered that GokuMarket has a database that has been exposed on the web for a considerable period, which is why it was only detected in October 2023 and secured the next day after researchers sent a responsible disclosure note. However, the database could have been accessed by anyone for a considerable amount of time. 

An extensive user base, encompassing an estimated one million people, has been able to access a substantial repository of sensitive data, previously kept in a secure environment. In addition to IP addresses and geographical locations, the information compiled includes information about the users' dates of birth, their first and last names, as well as their mobile phone numbers. 

The encrypted passwords, the crypto wallet addresses, as well as their cryptocurrency wallet addresses, are all compiled in this study. Concern over the security and privacy of the affected individuals is significant in light of this breach of data. 

A persistent attacker could easily use this information to develop a spear-phishing campaign, which would likely involve draining the user's crypto funds, as the researchers believe that there is more than enough information to do so. There was also a revelation that the database, which had full-admin access, held 35 accounts that contained all sorts of sensitive information, including private Telegram channel IDs, secret exchange tokens, passwords and other highly sensitive information. 

A far more dangerous can of worms arises when attackers exploit admin access details to scam users of other platforms, with the ability to steal en-masse and transfer money to their accounts that would otherwise not be there. This is all possible through credential stuffing attacks, which can take advantage of individual user data to target exposed users. 

Using official Telegram channels for malicious purposes, attackers can manipulate the market if a leak of this nature arises. Although the official GokuMarket Telegram channel has not been active since September 2022, scammers are still attempting to impersonate brands within the crypto community to gain their attention.

U.S. Seizes Sinbad Crypto Mixer Tied to North Korean Hackers

Federal authorities in the United States have effectively confiscated the Sinbad crypto mixer, a tool purportedly used by North Korean hackers from the Lazarus organization, in a key action against cybercriminal activities. The operation, which focused on the Lazarus group's illegal financial operations, is an important development in the continuous international effort to tackle cyber threats.

The Lazarus organization, a state-sponsored hacker outfit renowned for coordinating high-profile cyberattacks, is connected to North Korea, which is how the Sinbad cryptocurrency mixer got its reputation. A crucial component of this operation was reportedly played by the U.S. Department of Treasury.

The WannaCry ransomware assault in 2017 and the notorious Sony Pictures hack from 2014 are only two of the cybercrimes the Lazarus organization has been connected to. These occurrences highlight the group's advanced capabilities and possible threat to international cybersecurity.

The Sinbad crypto mixer, seized by U.S. authorities, was allegedly used by the Lazarus group to obfuscate and launder cryptocurrency transactions. Cryptocurrency mixers are tools designed to enhance privacy and security by mixing transactions with those of other users, making it challenging to trace the source and destination of funds. However, when used for illicit purposes, such mixers become a focal point for law enforcement.

The U.S. Department of the Treasury issued a press release on the matter, emphasizing the government's commitment to countering cyber threats and safeguarding the financial system's integrity. The move is part of a broader strategy to disrupt the financial networks that support malicious cyber activities.

The US Treasury Secretary stated, "The seizure of the Sinbad crypto mixer is a clear signal that the United States will not tolerate those who use technology to engage in malicious cyber activities. We are committed to holding accountable those who threaten the security and stability of our financial systems."

This operation highlights the collaboration between law enforcement agencies and the private sector in tackling cyber threats. It serves as a reminder of the importance of international cooperation to address the evolving challenges posed by state-sponsored hacking groups.

The seizure of the Sinbad cryptocurrency mixer is evidence of the determination of authorities to safeguard people, companies, and countries from the dangers of cybercrime, particularly at a time when the world community is still struggling to contain the sophistication of cyber threats.

Modern Cryptographic Methodologies Are Essential for Cybersecurity

Robust cybersecurity measures are more important than ever in a time when technological breakthroughs rule the day. A major risk to an organization's security is outdated cryptographic protocols, which make it open to cyberattacks. According to recent reports, organizations must immediately upgrade their cryptography methods in order to keep up with the constantly changing landscape of cyber threats.

The cybersecurity landscape is constantly evolving, and cybercriminals are becoming increasingly sophisticated in their techniques. This means that older cryptographic protocols, once considered secure, may now be vulnerable to attacks. The use of outdated protocols can expose sensitive data and leave organizations susceptible to breaches.

According to a recent article on Help Net Security, organizations can mitigate these risks by adopting modern cryptographic protocols. By staying informed about the latest advancements and best practices in encryption, businesses can ensure that their data remains secure.

One company at the forefront of modern encryption solutions is Virtru. Their platform offers state-of-the-art encryption tools designed to protect sensitive information across various platforms and applications. By leveraging Virtru's technology, organizations can enhance their data security and safeguard against potential breaches.

Moreover, maintaining robust cybersecurity practices can also have financial benefits. A report from Help Net Security suggests that organizations can decrease their cyber insurance premiums while still maintaining adequate coverage. By demonstrating a commitment to strong security measures, companies can negotiate better insurance rates, ultimately saving on costs.

In addition to updating cryptographic protocols, it's essential for organizations to implement a multi-layered approach to security. This includes regular security assessments, employee training, and proactive monitoring for potential threats. By taking a comprehensive approach to cybersecurity, businesses can fortify their defenses against evolving cyber threats.

Keeping up with cryptographic protocols is essential to ensuring strong cybersecurity. Organizations must maintain constant awareness and implement proactive security measures due to the ever-changing world of cyber threats. Businesses may strengthen their defenses and protect their sensitive data from potential intrusions by adopting modern encryption technologies and putting in place a multifaceted security approach.



Revolutionizing Everyday Life: The Transformative Potential of AI and Blockchain

 

Artificial intelligence (AI) and blockchain technology have emerged as two pivotal forces of innovation over the past decade, leaving a significant impact on diverse sectors like finance and supply chain management. The prospect of merging these technologies holds tremendous potential for unlocking even greater possibilities.

Although the integration of AI within the cryptocurrency realm is a relatively recent development, it demonstrates the promising potential for expansion. Forecasts suggest that the blockchain AI market could attain a valuation of $980 million by 2030.

Exploring below the potential applications of AI within blockchain reveals its capacity to bolster the crypto industry and facilitate its integration into mainstream finance.

Elevated Security and Fraud Detection

One domain where AI can play a crucial role is enhancing the security of blockchain transactions, resulting in more robust payment systems. Firstly, AI algorithms can scrutinize transaction data and patterns, preemptively identifying and preventing fraudulent activities on the blockchain.

Secondly, AI can leverage machine learning algorithms to reinforce transaction privacy. By analyzing substantial volumes of data, AI can uncover patterns indicative of potential data breaches or unauthorized account access. This enables businesses to proactively implement security measures, setting up automated alerts for suspicious behavior and safeguarding sensitive information in real time.

Instances of AI integration are already evident. Scorechain, a crypto-tracking platform, harnessed AI to enhance anti-money laundering transaction monitoring and fortify fraud prediction capabilities. CipherTrace, a Mastercard-backed blockchain security initiative, also adopted AI to assess risk profiles of crypto merchants based on on-chain data.

In essence, the amalgamation of AI algorithms and blockchain technology fosters a more dependable and trustworthy operational ecosystem for organizations.

Efficiency in Data Analysis and Management

AI can revolutionize data collection and analysis for enterprises. Blockchain, with its transparent and immutable information access, provides an efficient framework for swiftly acquiring accurate data. Here, AI can amplify this advantage by streamlining the data analysis process. AI-powered algorithms can rapidly process blockchain network data, identifying nuanced patterns that human analysts might overlook. The result is actionable insights to support business functions, accompanied by a significant reduction in manual processes, thereby optimizing operational efficiency.

Additionally, AI's integration can streamline supply chain management and financial transactions, automating tasks like invoicing and payment processing, eliminating intermediaries, and enhancing efficiency. AI can also ensure the authenticity and transparency of products on the blockchain, providing a shared record accessible to all network participants.

A case in point is IBM's blockchain-based platform introduced in 2020 for tracking food manufacturing and supply chain logistics, facilitating collaborative tracking and accounting among European manufacturers, distributors, and retailers.

Strengthening Decentralized Finance (DeFi)

The synergy of AI and blockchain can empower decentralized finance and Web3 by facilitating the creation of improved decentralized marketplaces. While blockchain's smart contracts automate processes and eliminate intermediaries, creating these contracts can be complex. AI algorithms, like ChatGPT, employ natural language processing to simplify smart contract creation, reducing errors, enhancing coding efficiency, and broadening access for new developers.

Moreover, AI can enhance user experiences in Web3 marketplaces by tailoring recommendations based on user search patterns. AI-powered chatbots and virtual assistants can enhance customer service and transaction facilitation, while blockchain technology ensures product authenticity.

AI's data analysis capabilities further contribute to identifying trends, predicting demand and supply patterns, and enhancing decision-making for Web3 marketplace participants.

Illustrating this integration is the example of Kering, a luxury goods company, which launched a marketplace combining AI-driven chatbot services with crypto payment options, enabling customers to use Ethereum for purchases.

Synergistic Future of AI and Blockchain

Though AI's adoption within the crypto sector is nascent, its potential applications are abundant. In DeFi and Web3, AI promises to enhance market segments and attract new users. Furthermore, coupling AI with blockchain technology offers significant potential for traditional organizations, enhancing business practices, user experiences, and decision-making.

In the upcoming months and years, the evolving collaboration between AI and blockchain is poised to yield further advancements, heralding a future of innovation and progress.

Here's all you Need to Know About Crypto Poisoning Attack

In today's digital landscape, advanced persistent threats have become a prevalent and ongoing challenge. The financial sector, particularly the realm of cryptocurrencies, faces even greater risks from these evolving cyber threats. Such threats not only endanger our sensitive data and privacy but also put our valuable assets and investments at stake. 

One specific concern within the crypto community in 2023 is the emergence of crypto poisoning or address poisoning attacks. These attacks have garnered attention due to their potential to compromise the security and integrity of crypto transactions and holdings. 

What are crypto poisoning attacks? 

In the realm of cryptocurrency, crypto poisoning attacks pose a significant threat to users. These attacks involve the manipulation of a user's transaction history to deceive them into sending funds to the attacker's wallet instead of the intended recipient. 

By crafting a wallet address that closely resembles the user's legitimate address, the attacker introduces confusion and disrupts the transaction process. Crypto poisoning attacks emerged in late 2022 and have rapidly gained attention ever since. 

The attractiveness of this attack lies in its simplicity and the potential for substantial gains, making it a popular choice among cybercriminals. The core idea behind these attacks is to exploit the target's vulnerability by creating transactions that deliberately confuse them, leading to unintended transfers to the attacker's address. 

These attacks can occur through phishing schemes, malware infections, compromised websites, or other social engineering techniques. They often rely on exploiting human vulnerabilities, such as inattentiveness or lack of knowledge about verifying transaction details. 

Crypto poisoning attacks pose a significant risk to cryptocurrency users as they can result in financial losses, compromised privacy, and damage to trust in the cryptocurrency ecosystem. 

Crypto poisoning attacks have been on the rise, targeting popular platforms like MetaMask and PancakeSwap. In one case, attackers sent fake tokens to create a legitimate transaction history, leading users to unintentionally send Ether to the attacker's address. Another incident involved a fake PancakeSwap website, where attackers replaced users' wallet addresses, and unknowingly sent funds to the attacker. 

These incidents highlight the evolving tactics of cybercriminals in the crypto community, emphasizing the need to stay informed and protect digital assets. Crypto poisoning attacks unfold through a systematic process, taking advantage of the victim's lack of vigilance and familiarity with their blockchain addresses. 

Here is a breakdown of the key steps involved in a Crypto Poisoning Attack: 

Identifying the victim: Attackers target potential victims by focusing on crypto exchanges or creating similar addresses. They rely on users misspelling the exchange's address, allowing the attacker to passively receive transactions and generate income. Exchanges often change their deposit addresses to combat this. 

Exploiting on-chain tracking systems: Attackers use tracking tools to monitor specific accounts and receive alerts when transactions occur. They then launch their own transactions immediately after the victim's, taking advantage of the timing. 

Creating a similar address: To carry out a crypto poisoning attack, the attacker creates a blockchain address similar to the victim's address. This is done by taking some initial or final digits of the victim's address and generating a similar one using "vanity address generators." These tools find a private key that corresponds to the desired address, with more similarity requiring a longer and more complex process. 

Once equipped with a similar address and its private key, the attacker employs two main techniques: 

Fake Contracts: The attacker constructs a smart contract that sends tokens with zero value to an address resembling the victim. Initially, the victim may not pay much attention to this transaction. However, when they attempt a legitimate transfer, they might unintentionally copy the phishing address from the transaction history, sending their funds to the attacker. 

Breadcrumbing: Here, the attacker creates a vanity address closely resembling the victim's address. They send small amounts of cryptocurrency to the victim's address, anticipating that the victim will check the balance on a block explorer. Seeing the attacker's address in the transaction history, the victim might mistakenly copy it, believing it to be their own, and unintentionally send funds to the attacker. 

To protect against address poisoning attacks and safeguard your digital assets, always verify recipient addresses, use alerts and contact lists, obtain addresses from trusted sources, and consider using Name Service Addresses as a user-friendly alternative. 

The Cryptocurrency Was Stolen by Hackers Last Year to the Tune of $4 Billion.

 

In the past year, a blockchain analytics firm that tracks cybercrime detected a record $3.8 billion worth of cryptocurrency stolen by hackers extensively, primarily from North Korea. As per a report published last week by researchers at Chainalysis, 2022 will be seen as one of the biggest years ever in terms of cryptocurrency hacking. The company reported a $2 billion increase in thefts from the $3.3 billion stated in 2021, according to its report. A confidential United Nations report published on Monday revealed that North Korea had stolen more digital assets in 2016 than it had in any previous year. 

There was a period when U.S. investors poured millions of dollars into Bitcoin, Ether, and Dogecoin. As a result, they were hoping that the Coronavirus pandemic would result in a fortune. It should be noted, however, that some investors on platforms with poor cybersecurity instead lost their digital wallets by being victimized by hackers, which made their investments worthless.  

Cybercriminals in North Korea stole $1.7 billion in cryptocurrency in 2022, shattering their yearly record for the highest number of cryptocurrencies stolen in a given year. This is according to a Chainalysis report published earlier this month. 

North Korea's total exports in 2020 were $142 million. Therefore, it's fair to assume that cryptocurrency hacking is a significant economic component of the country. This is because it represents a notable portion of the economy, the researchers commented. 

Crypto industry regulators have renewed their calls for regulation by calling for more regulation in the wake of more investors losing money in crypto. After FTX Trading, the third largest crypto platform collapsed and declared bankruptcy in November, scrutiny of the industry increased even more due to this unexpected failure. 

As Cryptocurrency Hacking trends tend to ebb and flow, Chainalysis estimates the number of crypto hacks will peak between March and October of 2022. During October, there were 32 attacks totaling $775.7 million due to cryptocurrency hacks. According to the report, this is the biggest single month for cryptocurrency hacking ever.  

As a result of hackers' activities, decentralized finance platforms, or DeFis, were targeted for 82% of all stolen funds across the world last year, Chainalysis reported. Usually, criminals operate in the crypto space when investors and operators are actively transferring funds from a single blockchain to another through a so-called cross-chain bridge.  

A cross-chain bridge owned by Binance was hacked in October, and $586 million in crypto was stolen from it. This was the biggest hack of October in terms of crypto theft. There have been some security issues at the company that led to the hack, but they managed to minimize the damage.  

According to David Schwed, the chief operating officer of Halborn, a blockchain security firm based in New York, some crypto companies do not prioritize security over other aspects of their business, allowing bad actors to exploit DeFi platforms.  


As Schwed stated in Chainalysis' report, for a complicated protocol to be secure, the security team should consist of 10 to 15 people. Each person should have their area of expertise. There is no clear demand for better security among the DeFi community - they often want to switch over to protocols that offer high returns but the incentives are liable to lead to problems down the road.

How Threat Actors Are Changing Money Laundering Campaigns


Change in the money-laundering game

It is next to impossible to locate the exact amount of money that's been laundered globally, conservative estimates suggest anywhere between $800 million to $2 trillion. This is just the tip of the iceberg. It's a crime that fuels some of the world's most dangerous criminal operations. 

It's also a tactic threat actors use to cover up their tracks and the profits they make from campaigns like large-scale ransomware attacks. The increase of cryptocurrency has also allowed cybercriminals to avoid getting caught. 

Financial enterprises, cryptocurrency companies, and other institutions have to pay fines for not being able to root out money laundering as regulators and government agencies worldwide try to crack down on this major challenge. 

The bad news is that as we move toward 2023, automation is going to make the situation only worse. We can expect a rise in money laundering as-a-service. The good news is that there are ways to fight this problem and collectively mitigate cyber criminals' ability to operationalize. 

The Crypto money laundering case

A go-to tactic by threat actors looking to advance in ranks is using 'money mules.' Money mules are individuals that help launder money- sometimes, unknowingly. They're often baited under promises of legitimate jobs and false pretenses, only to find later that the job is to help launder profits from cybercrime. 

Traditionally, money laundering was done through anonymous wire transfer services. These transfers can be tracked easily by law enforcement agencies and regulators. Nowadays, cybercriminals have shifted to using cryptocurrency. 

A lack of regulatory supervision along with anonymous transactions, make it the ideal platform for money laundering. A Chainalysis report discovered that cybercriminals laundered $8.6 billion in cryptocurrency in 2021. It's a 30% increase since that year. 

Rise in money-laundering recruitment campaigns

Making recruitment campaigns for money mules takes a lot of time and resources. To hide their true purpose, threat actors will sometimes go to great extents and build genuine-looking websites for fake companies and also post fake job openings to make the business look authentic. 

But machine learning (ML) and automation will make the process much easier and quicker. ML can effectively target potential recruits in less time. We can also expect a few manual campaigns replaced with automatic services that will allow cybercriminals to launder money through layers of crypto exchanges- it's going to make the process fast and difficult to track. It also means that it will be hard to recover stolen money. 

Together, these tactics make 'money-laundering-as-a-service' (MLaaS), and it's going to be another weapon in the cybercrime inventory. 

Combatting new money-laundering challenge

While threat actors will look for any means possible to launch an attack and launder money easily, it doesn't mean that we have to accept the situation as it is. 

The biggest factor in fighting the MLaaS is going to include public-private collaboration on a massive scale. Companies across the globe can share threat intelligence with each other, helping to build a secure defense. 

Dark Reading says, "it must be reiterated that cyber hygiene and education must be prioritized as well. No matter the type of organization you're in or the role you're in, this is essential for everyone. Everyone can play a key role in helping keep organizations safe from bad actors. This includes things like more digital literacy — and how to recognize a too-good-to-be-true job ad for the scam it really is. And of course, there's the concept of fighting fire with fire — as bad actors adopt more automation and ML-based approaches, so, too, must defenders."




Is Bitcoin Actually Safe? Here’s All You Need to Know

 

Since its creation in 2009, Bitcoin, the first and best-known cryptocurrency in the world, has had many ups and downs. One bitcoin was essentially useless when it first started. 

In May 2010, Laszlo Hanyecz purchased two pizzas for around 10,000 bitcoins, marking the first bitcoin transaction for the purchase of tangible items (BTC). The cost of those pizzas would have been approximately $650 million USD at the highest recorded price of bitcoin, which was almost $65,000 USD per coin. 

However, this year Bitcoin witnessed a fall of roughly 60%. In the meanwhile, the absence of a regulatory framework led to an increase in crypto crimes. The Federal Trade Commission estimated that bitcoin fraud cost INR 27 billion in just the first three months of this year. 

Despite the cryptocurrency market's volatility, advocates of Bitcoin have consistently argued that it provides anonymity and security that traditional money cannot. That's not actually true, though. Contrary to popular belief, Bitcoin is not at all secure or private. Bitcoin privacy issues Bitcoin does include some privacy precautions that most fiat currencies do not, such as the ability to create addresses that are unrelated to a person's identity. But it's not at all private. Here are the primary three justifications. 

Transactions are openly disclosed 

The blockchain, a public ledger, contains a record of every Bitcoin transaction. This implies that every transaction is visible to everyone who has access to the blockchain and that anyone may see all the transactions connected to a specific Bitcoin address. A threat actor or law enforcement agency might track every transaction you ever made if they were able to connect your Bitcoin address to your identity. 

The Use of Third-Party Services Required 

Bitcoin is dependent on outside services. For instance, you must register with an exchange if you want to purchase Bitcoin. The vast majority of exchanges demand multiple forms of identity verification from users. Your name, email address, street address, and other details are all covered by this. Most will also require a photo of an ID issued by the government. 

Government surveillance 

Governments worldwide are warming up to the idea of regulating Bitcoin since it has long been favored by criminals of all sorts. However, surveillance also endangers privacy in addition to controlling it. Law enforcement organizations swiftly adjusted to this new reality and now employ blockchain analysis to identify Bitcoin users and track their transactions. Even if you don't mind a third-party service knowing your identity, consider what may happen if it experienced a data breach. 

How to Safeguard Your Bitcoin 

The safety of your Bitcoin largely depends on how you store it. Your choice of crypto wallet and the degree of encryption it employs are key factors in ensuring the security of your currencies. 

Ryan Burke, general manager at Invest at M1 asserts that convenience and security are not always mutually exclusive. 

Although less practical than hot wallets, he claims that offline "cold" wallets that are not connected to the internet are safe against attack. Cold wallets can also be stolen or destroyed. Burke warns that if you misplace your private key or lose a device or drive, you will have trouble. 

Because you can access your cryptocurrencies from everywhere there is an internet connection or phone service, hot wallets are more practical but also more prone to hacking. 

“A prudent strategy is to use a combination of hot and cold storage, with most assets being held in cold storage,” Burke added. 

Before registering for a wallet or service, experts advise reading the terms and conditions so that your bitcoin doesn't unintentionally become another victim of the crypto liquidity crisis. Investigate whether buying Bitcoin is a good fit for your financial portfolio, just like with any other investment. Be ready for highs and lows if you decide to purchase BTC as part of your investing plan.

FTX: Failed Crypto Exchange Could Owe More Than 1 Million Creditors


Following the collapse of the crypto exchange FTX, and its associated businesses, it could owe money to more than a million people and organizations, according to the bankruptcy filings. The documents filed in bankruptcy court demonstrated the extent of a corporate collapse that has stripped traders’ accounts, plunging the crypto sector into crises. 

The investigations for bankruptcy commenced last week when FTX experienced an $8 billion shortfall due to a run-on deposit. Consequently, this led to the company which was once regarded as one of the safest and most reliable institutions of the freewheeling crypto industry crumbling overnight. 

The exchange’s founder Sam Bankman-Fried reportedly transferred $10 billion of customer funds from FTX to his trading company ‘Alameda Research.’ A large amount of that total fund has since disappeared. The total amount is said to be between $1-2 billion. 

The financial hole later came to light in records shared by Bankman-Fried with other senior executives last Sunday. The records provided a real-time account of the situation, some sources said. 

The company’s sudden downfall due to the run-on deposits last week left FTX unable to fulfill its customers' demands. Consequently, Bankman-Fried struck a rescue deal to sell his firm to its largest rival exchange, Binance. 

After a lengthy online skirmish between Bankman-Fried and Changpeng Zhao, CEO of Binance, a review stating FTX’s finances revealed various problems, posing as a deal breaker and Binance pulled out of the deal. Bankman-Fried attempted to secure new financing but was unable to, and later declared bankruptcy. The Justice Department and SEC are currently looking into his management of FTX. They are apparently focusing on whether FTX inappropriately transferred customer funds to Alameda Research.  

In regards to the case, Associate Professor in Finance Technology at the University of Liverpool, Gavin Brown referred to a recent report that suggested “42% of the exchanges which failed simply disappeared without traces.” 

According to Prof Brown “In the event of exchange failure, or even bankruptcy, it is the investors who are on the hook for losses” He, along with other industry experts warned that often smaller investors often end up back of the queue, after the remains of a crypto business are divided among themselves. They doubt much money will be coming back. 

"The unfortunate news is that the money's all gone. It's just not there anymore. Investors should expect pennies on the dollar," says crypto blogger and author David Gerard.   

Metaverse: Billions Spent In The Virtual Land Grab

 

A sum of almost $2 billion was spent on the virtual land over the past year, according to research from metaverse analysts DappRadar. Digital real estate and digital plots of land are being purchased by individuals like Snoop Dogg and corporate investors like Samsung Electronics and PwC for a variety of reasons, but many of them believe that its value will rise over time. 
The virtual land is being sold via online platforms like Decentraland and Voxels (formerly Cryptovoxels), which many people consider as a primal version of metaverse – a virtual world, where the online users can live, work and play. 

Moreover, businesses and investors are building digital shops and event spaces on the virtual land they purchased in the metaverse, which often allows visitors to make purchases via cryptocurrencies. 

However, we are yet years away from the metaverse emerging as a sole immersive space online for people to live, play and work. So, is spending large sums for the land grabbing one huge gamble? 

‘Exhibiting my own work’ 


With the giant red Mohican and a permanent cigarette, the avatar of artist Angie Taylor does not quite resemble a typical land mogul. Nonetheless, she is among the growing group of people, who are laying claim to the new virtual worlds. 

“I bought my first metaverse parcel in July 2020 and paid about £1,500. I bought it for exhibiting my own work, but also for running metaverse events that would promote my art and also other people's art," she says. 

These plots, owned by Angie are about the size of a small family house (if one compares them to the size of her avatar). The tallest of them all stretches up over three floors and even comprises a roof terrace with a white-and-black-striped road crossing, and a pink taxi permanently driving back and forth just for fun. 

But one can sense the reality of the scale of this world from the air. 

"Hold down the F key and you can fly up to take a look at my neighborhood," Angie explains. Above her gallery, one can see thousands of identical boxes of land stretching to the horizon. 

Voxels is one of the many virtual worlds that identify as metaverses. People frequently refer to "the metaverse" as if there were just one, which is confusing. Companies are selling land and experiences in their own versions until one platform begins to dominate or these disparate worlds join together. 

According to DappRadar, $1.93 billion worth of cryptocurrency has been spent in order to purchase virtual lands in the past year alone, with $22m of that spent on about 3,000 parcels of land in Voxels. 

Among the many luxury fashion brands, Philipp Plein as well owns a virtual plot about the size of four football pitches, which it hopes will eventually contain a metaverse store and gallery. 

With fashion industries being most interested in taking the opportunity and risks in regards to the metaverse, Amsterdam-based digital-only fashion house, ‘The Fabricant’ only makes clothing for the avatars, designing collections and bespoke garments for users of Decentraland, Sandbox, and other crypto metaverses. 

The company just raised $14m in funding from investors betting on the idea that many of us will soon be living part of our lives in the metaverse. But since crypto metaverses are generally sparsely populated and only really used when events are held, and even then only thousands, and not millions, of people attend. Consequently, it is not certain if and when it will happen.

Google Cloud Delivers Web3 Developers for Blockchain Node Engine

The Blockchain still has more than 38 million customers in 140 countries worldwide, according to the Google Cloud website. In a news release, the business stated that the launch represents a resolve to aid Web3 developers in creating and deploying new products on platforms based on blockchain technology. 

Blockchains serve as a sort of decentralized database because they are made up of transaction data that is encrypted and permanently stored. The governing infrastructure is a node, which is a computer or server that holds the whole copy of the blockchain's transaction history in addition to depending on a central authority to confirm data.

Amit Zavery, GM and VP of engineering and platform, and James Tromans, director of cloud web3, announced the new service in a blog post that explained how difficult it is for blockchain nodes to stay in sync since they must continually exchange the most relevant blockchain data. It requires a lot of resources and data.

By providing a service model to handle node creation and a safe development environment in a fully managed product, Google Cloud aims to make it simpler. From Google's standpoint, it is far simpler to let them handle the labor-intensive tasks while you focus on creating your web3 application.

Additionally, Web3 businesses that need dedicated nodes can create effective contracts, relay transactions, read or write blockchain data, and more using the dependable and fast network architecture of Google Cloud. Organizations using Web3 benefit from quicker system setup, secure development, and managed service operations.

The goal of Google's blockchain service is to deploy nodes with the security of a virtual private cloud firewall that restricts networking and communication to vetted users and computers. The ability to access the notes from processes like distributed denial of service assaults will be restricted by other services like Google Cloud Armor.

Gains from Node Engine

The majority will adopt this method after Ethereum, which will employ it first. The following are some advantages that businesses could gain from using this Google Cloud Node Engine.

It takes a significant amount of time to manually node, and it can prove difficult for a node to sync with the network. However, the developers can deploy nodes using Google Cloud's Node Engine in a single transaction, simplifying and speeding up the procedure.

In the realm of cryptocurrency, data security is of utmost importance. The developers will benefit from the Engine Node's assistance in protecting their data and preventing illegal access to the nodes. Additionally, Google Cloud shields the nodes from DDoS assaults, just like Cloud Armor.

This development seeks to "assist enterprises with a stable, easy-to-use blockchain node web host so they can focus their efforts on developing and scaling their Web3 apps," according to Google Cloud's official website.

An approved group fully manages the Google Cloud Engine Node. The staff will administer the system during an outage, therefore you will have no concerns about availability. Nodes need to be restarted and monitored during an outage; the group will take care of it for clients.

Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.

Missing Cryptoqueen: Leaked Police Files May Have Alerted the OneCoin Fraudster Ruja Ignatova

 

Best known as the “Missing CryptoQueen,” convicted fraudster Ruja Ignatova who was included on the most wanted list by the US Federal Bureau of Investigation (FBI) is assumed to be receiving the information of the investigation before her disappearance. 
 
The 42-year-old fraudster, based in Bulgaria is convicted of her suspected involvement in the $4 billion OneCoin cryptocurrency fraud. The details of the scam were uncovered in a BBC podcast ‘The Missing Cryptoqueen’ devoted to the infamous fraudster. 

The police documents related to the case were apparently shown in the podcast by Frank Schneider, a former spy and trusted adviser to Ignatova. Following the allegations, Schneider is now facing extradition to the US for his role in the OneCoin fraud. 

While the metadata on the files suggests that Ignatova acquired the said documents through her own contacts in Bulgaria, Schneider denies the claims of obtaining the documents himself, which he says were obtained on a USB memory stick by Ignatova. 
 
Ignatova disappeared on October 25th, 2017, after being made aware of the police investigation into her OneCoin cryptocurrency. Following this, in June 2022 she was included in the FBI's most wanted list.
 
In an interview with the BBC, Schneider informed about the police files containing presentations made at a Europol meeting named ‘Operation Satellite.’ The meeting was attended by officials from Dubai, Bulgaria, the UK, Germany, and the Netherlands along with the FBI, the US Department of Justice, and the New York District Attorney five months before the disappearance of Ignatova. 
 
The said documents contained details of US authorities having a “high-placed confidential informant”, bank accounts from OneCoin receiving investor funds, and failed attempts of the UK's City of London to interview Ignatova. 

On being asked about the aforementioned files, Schneider said "When the Bulgarians participated at certain Europol meetings, it only took hours for her to get a complete rundown and get the minutes of what was said in those meetings.” “I can only deduce that it came from the circles that she was in and the she had through a variety of influential personalities.”

E1 Salvador Hosting Promotional conference "Adopting Bitcoin"

 



The first nation to embrace bitcoin as authorized cash in the year 2021 is El Salvador. There is no evidence in recent years that suggest that the country El Salvador will renounce crypto accord. The country will be hosting the conference “adopting Bitcoin” which will aim to encourage the adoption of 
Bitcoin. 

The conference “Adopting Bitcoin” will include an examination of technology and financial inclusion will be done. Approximately 110 speakers will be joining from 30 countries, one of the notable personalities is Senator India Kempis of Mexico.

In the 3rd week of November from 15th to 17th, the Bitcoin Beach conference will take place in San Salvador and the surrounding area. There is no event like the Bitcoin Conference that brings together the entire Bitcoin ecosystem for the purposes of collaboration, networking, and education.

E1 Salvador hosting a crypto-adopting conference

Bitcoin Beach Wallet, a bitcoin wallet developed and operated by Galoy Inc., is being rolled out in El Salvador through the platform that powers Bitcoin Beach Wallet. The bitcoin exchange Bitfinex will also be the primary sponsor of the event, which is taking place in November. In order to develop a financial technology platform for the issuance and trading of Volcano Tokens, Bitfinex is collaborating with the government of El Salvador to create a platform that will be used by both parties throughout the process.

It was impossible to have anticipated in 2021 that a sovereign government would be using Bitcoin as their official legal tender. A significant shift was observed in the public's perception of the nation as well as its currency as a result of the action. Currently, El Salvador is making progress on its way to becoming one of the first financial inclusion models in Central America and becoming the Singapore of Central America.

Nonetheless, Bitcoin has proven to be a very convenient exchange medium that can support millions of transactions each day, proving to be a very successful exchange medium. This conference will take place at the Crowne Plaza convention center in Orlando, Florida over the first two days. During the presentation, speakers will discuss the most recent advancements in the Bitcoin ecosystem from a technological and economic perspective.

Among the most significant presentations of the conference will be that of the Bitcoin Core engineer Jon Atak. Atak recently won a $50,000 grant from the Human Rights Foundation, and his presentation will be an important contribution to the technology field.

Another significant speaker at the economic conference will be Senator Indira Kempis of Mexico who is scheduled to deliver the keynote address. Kempis is known in the past for her advocacy for central bank digital currencies (CBDCs), which have been in the news for quite some time. Her effort to legalize bitcoin in Mexico, which made headlines globally, was another remarkable achievement. 

The Crypto Environment After Conference


The cryptocurrency market is presently undergoing a turbulent phase. As far as market conditions are concerned, the current market environment is by far the most severe crypto winter in history. As risk assets declined overnight, bitcoin (BTC) reached new weekly lows on September 28 as the price declined throughout the entire week.

There is a strong correlation between the value of digital currencies and the stock market in the U.S., which has prompted investors to pay close attention to monetary policy for this year. There has been a surge in interest rates along with pressure applied to the S&P 500 and the tech-heavy Nasdaq, which has influenced other risky assets, such as cryptocurrencies, as well as others in general.

As a result of this year's interest rate hikes, the United States Federal Reserve has not made any commitments to stop them yet, although this year's rate hikes have exerted pressure on risk assets such as cryptocurrency in general.

At the same time, investors are closely watching the U.S. dollar in order to determine how it will perform. It has been estimated that the dollar index, which measures how the greenback is performing against a basket of currencies, has increased by more than 18% so far this year. 

Hacked Devices Generated $53 for Every $1 Cryptocurrency Through Crypto Jacking

 


The team of security researchers evaluated the financial impact of crypto miners affecting cloud servers. They stated that this costs cloud server victims about $53 for every $1 of cryptocurrency mined by threat actors through crypto-jacking. 

Cryptojacking refers to the illegal method of extracting cryptocurrency from unauthorized devices, including computers, smartphones, tablets, and even servers with an intent of making a profit. Its structure allows it to stay hidden from the victims. The malicious actors generate income through hijacking hardware, as the mining programs use the CPUs of hijacked devices.  

The mining of cryptocurrency through the hijacked devices was primarily an activity of financially motivated hacking groups, especially Team TNT. It was responsible for most of the large-scale attacks against vulnerable Doctors Hub, AWS, Redis, and Kubernetes deployments.  

The cyber attackers updated the OS image by distributing the network traffic across servers that contained XMRig. It is a CPU miner for a privacy-oriented hard-to-trace cryptocurrency that has recently been considered the most profitable CPU mining.   

As opposed to ransomware, software that blocks access to systems until the money is paid, and includes aggressive law enforcement, rouge crypto mining is less risky for the cyber attackers.  

The Sysdig researchers used "Chimaera", a large campaign of TeamTNT for estimating the financial damage caused by crypto miners. The research revealed that over 10,000 endpoints were disclosed to unauthorized persons. 

In order to hide the wallet address from the hijacked machines and make tracking even harder, the cyber-attackers used XMRig-Proxy but the analysts were still able to discover 10 wallet IDs used in the campaign. 

Later the researchers disclosed that the 10 wallets held a total of 39XMR, valuing $8,120. However, they also mentioned that the estimated cost to victims incurred from mining those 29 XMR is $429,000 or $11,000 per 1 XMR. 

Moreover, they explained that, according to their estimates, the amount does not include amounts that are stored in unknown older wallets, the damage suffered by the server owner as a result of hardware damage, the potential interruptions of online services caused by hogging processing power, or the strategic changes firms had to make to sustain excessive cloud bills as a result of hogging processing power.