Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Currency. Show all posts
Web3
Bitcoin Crypto Currency ETF Ether lazarus North Korea Web3

North Korean Hackers Attacking Crypto Industry, Billions at Risk

North Korean Hackers Attacking Crypto Industry, Billions at Risk

The United States Federal Bureau of Investigation (FBI) has recently highlighted a significant cybersecurity threat posed by North Korean cybercriminals targeting the web3 and cryptocurrency sectors. 

Why Hackers Target ETFs?

The cryptocurrency industry has witnessed tremendous growth, Ether and Bitcoin are game changers. The rise has led to financial instruments like ETFs (Exchange-traded funds) that allow investors access without owning them directly. But, with the increase of crypto technologies, security questions have also surfaced. 

The United States FBI recently warned about a major cybersecurity threat from North Korean hackers targeting cryptocurrency and web3 sectors. Billions of dollars go into these crypto ETFs, but investors shouldn’t be hasty to think their assets are secure. 

Lazarus Behind Attacks

Lazarus (a North Korean state-sponsored group) is no stranger to the cryptocurrency market and is allegedly responsible for various attacks against famous exchanges and blockchain protocols. Officials are concerned about hackers attacking crypto-backed ETFs by targeting the underlying assets. 

North Korean hackers are using advanced engineering methods to fool employees at decentralized finance (DeFi) and cryptocurrency firms. The hackers impersonate high-profile figures within an organization and or make specific scenarios based on the target’s position, business interests, or skills to get in their good books. 

“The actors may also impersonate recruiting firms or technology companies backed by professional websites designed to make the fake entities appear legitimate. Examples of fake North Korean websites can be found in affidavits to seize 17 North Korean domains, as announced by the Department of Justice in October 2023,” the FBI warned.

The FBI Warning

The FBI has warned against storing private cryptocurrency wallet data on web-connected devices as they may be victims of hacking attacks. If these requests come from unfamiliar sources, organizations should be careful when using non-standard software or applications on their network.

North Korean hackers have already stolen sensitive data from Bitcoin companies by using fake job ads. The FBI’s warning is a wake-up call for web3 and cryptocurrency firms to advance their cybersecurity systems and be careful against these rising attacks. 

“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting. If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust,” the FBI reports.

Read more »
Ransomware
Crypto Currency Cyber Crime Cyber Extortion Ransomware

Ransomware Actors Extorted More Than $450 Million in First Half of 2024

 

In the first half of 2024, victims of ransomware have paid $459,800,000 to attackers; if ransom payments continue at this pace, this year might establish a new record. Ransomware payments hit a historic high of $1.1 billion last year, as Chainalysis had previously estimated based on data from the first half of the year, when ransomware activity raked in $449,100,000. 

Despite massive law enforcement operations that halted large ransomware-as-a-service operations, like LockBit, we are currently about 2% higher than the record-breaking trend from the same period in 2023.

The recent Chainalysis study claims that this growth is the result of ransomware gangs concentrating on collecting large payments by stealing customers' private data and inflicting costly disruptions to major organisations. 

"2024 is set to be the highest-grossing year yet for ransomware payments, due in no small part to strains carrying out fewer high-profile attacks, but collecting large payments," reads the Chainalysis report. "2024 has seen the largest ransomware payment ever recorded at approximately $75 million to the Dark Angels ransomware group.” 

It is unclear who paid the large $75 million ransom payment, but Zscaler, which identified it, claims it was made by a Fortune 50 company for an attack in early 2024. The typical ransom payment increased significantly from around $199,000 in early 2023 to $1,500,000 in June 2024, indicating that ransomware perpetrators target larger organisations. 

The median ransom payment increased significantly from around $199,000 in early 2023 to $1,500,000 in June 2024, indicating that ransomware perpetrators target larger organisations. According to Chainalysis, the number of confirmed ransomware attacks increased by 10% year on year in 2024, while the number of victims displayed on dark web extortion platforms increased similarly. 

In terms of how many victims succumb to the threat actors' blackmail and pay the ransom in exchange for a decryptor and a promise not to leak stolen data, Chainalysis reports that the positive trend continues, with fewer organisations falling victim to the extortion.

Chainalysis also estimates that the influx of stolen cryptocurrency has quadrupled year on year, rising from $857 million to $1.58 billion by the end of July 2024. The average value of bitcoin stolen each heist climbed by over 80%, with hackers focussing on centralised exchanges rather than decentralised finance (DeFi) protocols, which had been the target of most attacks in previous years. 

Despite these increases in absolute numbers, illegal on-chain activity decreased by 20% compared to 2023, illustrating that authentic cryptocurrency use is rising faster.
Read more »
WazirX
Crypto Currency Cyber Attacks online money WazirX

India's Largest Crypto Theft: INR 2,000 Crore Stolen from WazirX Exchange Wallet

 

In a shocking incident that marks India's largest crypto theft to date, nearly ₹2,000 crore (approximately $230 million) worth of cryptocurrencies were stolen from a wallet associated with the WazirX exchange last month. This massive theft has resulted in significant financial losses for thousands of people. WazirX quickly reported the theft to the central cybercrime portal, the Financial Intelligence Unit, and the Indian Computer Emergency Response Team. 

Additionally, a police case was filed in Delhi to address the situation. Two digital forensics firms, Pelorus Technology and Crystal Intelligence, provided insights into how such a large-scale theft could occur despite the wallets being secured with multi-level authentication. 

Crystal Intelligence, a blockchain intelligence firm, employs a security tool that monitors crypto transactions in real-time, helping trace the stolen funds. After WazirX shared the identity of the compromised wallet, cyber investigators worldwide used the Crystal tool to track the money trail. 

The investigation revealed that the theft had been planned since July 10, with around 200 transactions originating from the recipient's wallets on July 18. On the day of the robbery, the stolen cryptocurrencies were quickly converted into other forms of cryptocurrency and transferred in smaller amounts to multiple wallets linked to two different exchanges. Over just a few days, around 2,000 transactions were made. Between July 18 and 22, about 95% of the stolen funds were consolidated into three wallets that currently appear unlinked to any exchange. 

"When we started investigating, we saw a parallel story. First, the wallet was compromised and from there, the thief transferred 230 million dollars to his wallet. This was in different cryptocurrencies. At the same time, when we saw its back trail, a transaction was seen funding that wallet from Tornado Cash for a few days. The dates show he (thief) had been preparing from July 10," Sanjeev Shahi, Country Manager, Crystal Intelligence reported. 

Experts believe that the thief used a Tornado Cash wallet to pay the transaction fees required for crypto transfers, which helped them conceal their identity. Tornado Cash operates like a hawala, facilitating anonymous transfers and making it difficult to trace the stolen funds.  

Further, Shahi added that the malicious group can not use stolen funds. "Today, even though the funds are on the blockchain, he cannot use them. To use them, he has to come to the real world and convert it into fiat. As soon as he comes to the real world, his identity will be revealed."
Read more »
Cybersecurity
Crypto Currency Cyber Fraud Cyberattacks CyberCrime Cybersecurity

Crypto Cautionary Tale: How a Man Lost $180,000 in a Scam

 


In Guelph Police's report, they warn people to be careful when investing online after a local man lost $180,000, much of it after failing to heed warnings from bank staff that he was being scammed by an online investment scammer. 

Police were notified of the fraudulent activity on Friday when a sixty-year-old man in Guelph contacted them to report the fraud, occurring since November when he responded to a fake online advertisement for a Bitcoin investment company. Since then, he has transferred over $34,000 through e-transfers and more than $151,000 by wire transfer. He reported last November a fraud involving a Bitcoin investment firm after responding to a fake ad he found on the internet claiming to be a Bitcoin investment firm. 

The man contacted police on Friday to report the fraud. He has already transferred over $34,000 through e-transfers and more than $151,000 through wire transfers since then. The man told police that staff at his bank told him he was being scammed but he did not believe them and still decided to go ahead and transfer the money. 

A resident of the city is advised to be cautious of any online contact and to investigate thoroughly before sending money to anyone, as he became suspicious when he was contacted and asked for another $60,000 to cover administrative costs. 

Cryptocurrency scams are very difficult to investigate and there is a very low likelihood that any lost funds will be recovered. Anyone who feels they may have been a victim of cybercrime or fraud should notify the local police of the incident. 

An advertisement appeared online that claimed to represent a Bitcoin investment company, which lured the victim in. His first transfer was over $34,000 via e-transfer, followed by a further $151,000 via wire transfer, based on promises that he would receive substantial returns. 

Despite the scammers' adeptness at deception, they continued to press for more, persuading him to send an additional $60,000 to cover purported administrative fees that he was supposed to pay. After this, scepticism set in, which prompted him to realize that he had fallen victim to a scam. Unfortunately, this occurrence is not an isolated case. 

Scammers like the Ranndex.com crypto scam take advantage of deep-fake technology and celebrity endorsements to give the appearance that they are legitimate, ensnaring unsuspecting victims. As knowledge is one of the strongest deterrents against fraud, people must be educated about these tactics. 

A good way to protect yourself from being scammed is to understand the common markers of scams. The story of the Guelph man is a powerful reminder of the dangers lurking in the shadows of a digital world that is constantly evolving. 

In light of this, it serves as a reminder to individuals that they should exercise caution, verify that investment opportunities are genuine, and most importantly, follow the advice of financial institutions that are committed to securing their assets against fraudulent practices. There is no denying that staying informed and prudent is crucial in this day and age, where opportunities and risks walk hand-in-hand.
Read more »
Vulnerabilities
Crypto Currency cryptocurrency Cyberattacks Cybersecurity Data Breach database Gokumarket Vulnerabilities

Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed

 


Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a million customers and admin users of the company that are stored in MongoDB in the form of large chunks of document-oriented information. 

Several users of GokuMarket, the centralized crypto exchange owned by ByteX and operated by its staff, have had their records revealed thanks to an open instance, according to a Cybernews investigation. 

With offices in Canada, the European Economic Area, and India, ByteX is a licensed and regulated CeDeFi platform that offers its services in those countries. It is ByteX's goal to bridge the best of both worlds by providing a KYC-verified platform with a compliant DeFi architecture, thus enabling a smooth transition from traditional to crypto credit infrastructure by reinventing it with transparency. 

The Gokumarket cryptocurrency exchange, one of the world's leading crypto exchanges, recently suffered a massive data breach, resulting in the disclosure of sensitive information belonging to over a million users. This is quite a significant and alarming development. 

In light of this breach, significant concerns are raised regarding the security infrastructure of the platform and the potential implications of the breach on the affected users. As a result of GokuMarket's decision, which had around a million users, denying users the option to withdraw their funds in mid-2022, which was a disastrous year for the crypto markets at the time, the company almost went bankrupt. 

GokuMarket faced the harsh reality of insolvency and financial bankruptcy as a result of the crypto market crash that occurred in early 2018. To assist users in safeguarding and protecting their interests, ByteX provided alternative solutions that were in comparison to what ByteX had originally offered. 

There has been considerable turbulence in the market in the aftermath of the recent collapse of several giants, which has also affected the stability of GokuMarket. In acquiring the platform's custodial users, we are making a conscious decision to safeguard and protect both its assets and its users from further challenges. 

It has been discovered that GokuMarket has a database that has been exposed on the web for a considerable period, which is why it was only detected in October 2023 and secured the next day after researchers sent a responsible disclosure note. However, the database could have been accessed by anyone for a considerable amount of time. 

An extensive user base, encompassing an estimated one million people, has been able to access a substantial repository of sensitive data, previously kept in a secure environment. In addition to IP addresses and geographical locations, the information compiled includes information about the users' dates of birth, their first and last names, as well as their mobile phone numbers. 

The encrypted passwords, the crypto wallet addresses, as well as their cryptocurrency wallet addresses, are all compiled in this study. Concern over the security and privacy of the affected individuals is significant in light of this breach of data. 

A persistent attacker could easily use this information to develop a spear-phishing campaign, which would likely involve draining the user's crypto funds, as the researchers believe that there is more than enough information to do so. There was also a revelation that the database, which had full-admin access, held 35 accounts that contained all sorts of sensitive information, including private Telegram channel IDs, secret exchange tokens, passwords and other highly sensitive information. 

A far more dangerous can of worms arises when attackers exploit admin access details to scam users of other platforms, with the ability to steal en-masse and transfer money to their accounts that would otherwise not be there. This is all possible through credential stuffing attacks, which can take advantage of individual user data to target exposed users. 

Using official Telegram channels for malicious purposes, attackers can manipulate the market if a leak of this nature arises. Although the official GokuMarket Telegram channel has not been active since September 2022, scammers are still attempting to impersonate brands within the crypto community to gain their attention.
Read more »
USA officials
Crypto Crypto Currency Crypto Market Cryptominers cryptomixer Data Breach Lazarus Group North Korean Hackers State Sponsored Hackers USA officials

U.S. Seizes Sinbad Crypto Mixer Tied to North Korean Hackers

Federal authorities in the United States have effectively confiscated the Sinbad crypto mixer, a tool purportedly used by North Korean hackers from the Lazarus organization, in a key action against cybercriminal activities. The operation, which focused on the Lazarus group's illegal financial operations, is an important development in the continuous international effort to tackle cyber threats.

The Lazarus organization, a state-sponsored hacker outfit renowned for coordinating high-profile cyberattacks, is connected to North Korea, which is how the Sinbad cryptocurrency mixer got its reputation. A crucial component of this operation was reportedly played by the U.S. Department of Treasury.

The WannaCry ransomware assault in 2017 and the notorious Sony Pictures hack from 2014 are only two of the cybercrimes the Lazarus organization has been connected to. These occurrences highlight the group's advanced capabilities and possible threat to international cybersecurity.

The Sinbad crypto mixer, seized by U.S. authorities, was allegedly used by the Lazarus group to obfuscate and launder cryptocurrency transactions. Cryptocurrency mixers are tools designed to enhance privacy and security by mixing transactions with those of other users, making it challenging to trace the source and destination of funds. However, when used for illicit purposes, such mixers become a focal point for law enforcement.

The U.S. Department of the Treasury issued a press release on the matter, emphasizing the government's commitment to countering cyber threats and safeguarding the financial system's integrity. The move is part of a broader strategy to disrupt the financial networks that support malicious cyber activities.

The US Treasury Secretary stated, "The seizure of the Sinbad crypto mixer is a clear signal that the United States will not tolerate those who use technology to engage in malicious cyber activities. We are committed to holding accountable those who threaten the security and stability of our financial systems."

This operation highlights the collaboration between law enforcement agencies and the private sector in tackling cyber threats. It serves as a reminder of the importance of international cooperation to address the evolving challenges posed by state-sponsored hacking groups.

The seizure of the Sinbad cryptocurrency mixer is evidence of the determination of authorities to safeguard people, companies, and countries from the dangers of cybercrime, particularly at a time when the world community is still struggling to contain the sophistication of cyber threats.
Read more »
Sensitive data
Crypto Crypto Currency Crypto Firms Cyber Secuirty Encryption Finance Protocol Sensitive data

Modern Cryptographic Methodologies Are Essential for Cybersecurity

Robust cybersecurity measures are more important than ever in a time when technological breakthroughs rule the day. A major risk to an organization's security is outdated cryptographic protocols, which make it open to cyberattacks. According to recent reports, organizations must immediately upgrade their cryptography methods in order to keep up with the constantly changing landscape of cyber threats.

The cybersecurity landscape is constantly evolving, and cybercriminals are becoming increasingly sophisticated in their techniques. This means that older cryptographic protocols, once considered secure, may now be vulnerable to attacks. The use of outdated protocols can expose sensitive data and leave organizations susceptible to breaches.

According to a recent article on Help Net Security, organizations can mitigate these risks by adopting modern cryptographic protocols. By staying informed about the latest advancements and best practices in encryption, businesses can ensure that their data remains secure.

One company at the forefront of modern encryption solutions is Virtru. Their platform offers state-of-the-art encryption tools designed to protect sensitive information across various platforms and applications. By leveraging Virtru's technology, organizations can enhance their data security and safeguard against potential breaches.

Moreover, maintaining robust cybersecurity practices can also have financial benefits. A report from Help Net Security suggests that organizations can decrease their cyber insurance premiums while still maintaining adequate coverage. By demonstrating a commitment to strong security measures, companies can negotiate better insurance rates, ultimately saving on costs.

In addition to updating cryptographic protocols, it's essential for organizations to implement a multi-layered approach to security. This includes regular security assessments, employee training, and proactive monitoring for potential threats. By taking a comprehensive approach to cybersecurity, businesses can fortify their defenses against evolving cyber threats.

Keeping up with cryptographic protocols is essential to ensuring strong cybersecurity. Organizations must maintain constant awareness and implement proactive security measures due to the ever-changing world of cyber threats. Businesses may strengthen their defenses and protect their sensitive data from potential intrusions by adopting modern encryption technologies and putting in place a multifaceted security approach.



Read more »
Technology
AI AI Crypto Artificial Intelligence Automation Bots Crypto Crypto Currency Data Tech Technology

Revolutionizing Everyday Life: The Transformative Potential of AI and Blockchain

 

Artificial intelligence (AI) and blockchain technology have emerged as two pivotal forces of innovation over the past decade, leaving a significant impact on diverse sectors like finance and supply chain management. The prospect of merging these technologies holds tremendous potential for unlocking even greater possibilities.

Although the integration of AI within the cryptocurrency realm is a relatively recent development, it demonstrates the promising potential for expansion. Forecasts suggest that the blockchain AI market could attain a valuation of $980 million by 2030.

Exploring below the potential applications of AI within blockchain reveals its capacity to bolster the crypto industry and facilitate its integration into mainstream finance.

Elevated Security and Fraud Detection

One domain where AI can play a crucial role is enhancing the security of blockchain transactions, resulting in more robust payment systems. Firstly, AI algorithms can scrutinize transaction data and patterns, preemptively identifying and preventing fraudulent activities on the blockchain.

Secondly, AI can leverage machine learning algorithms to reinforce transaction privacy. By analyzing substantial volumes of data, AI can uncover patterns indicative of potential data breaches or unauthorized account access. This enables businesses to proactively implement security measures, setting up automated alerts for suspicious behavior and safeguarding sensitive information in real time.

Instances of AI integration are already evident. Scorechain, a crypto-tracking platform, harnessed AI to enhance anti-money laundering transaction monitoring and fortify fraud prediction capabilities. CipherTrace, a Mastercard-backed blockchain security initiative, also adopted AI to assess risk profiles of crypto merchants based on on-chain data.

In essence, the amalgamation of AI algorithms and blockchain technology fosters a more dependable and trustworthy operational ecosystem for organizations.

Efficiency in Data Analysis and Management

AI can revolutionize data collection and analysis for enterprises. Blockchain, with its transparent and immutable information access, provides an efficient framework for swiftly acquiring accurate data. Here, AI can amplify this advantage by streamlining the data analysis process. AI-powered algorithms can rapidly process blockchain network data, identifying nuanced patterns that human analysts might overlook. The result is actionable insights to support business functions, accompanied by a significant reduction in manual processes, thereby optimizing operational efficiency.

Additionally, AI's integration can streamline supply chain management and financial transactions, automating tasks like invoicing and payment processing, eliminating intermediaries, and enhancing efficiency. AI can also ensure the authenticity and transparency of products on the blockchain, providing a shared record accessible to all network participants.

A case in point is IBM's blockchain-based platform introduced in 2020 for tracking food manufacturing and supply chain logistics, facilitating collaborative tracking and accounting among European manufacturers, distributors, and retailers.

Strengthening Decentralized Finance (DeFi)

The synergy of AI and blockchain can empower decentralized finance and Web3 by facilitating the creation of improved decentralized marketplaces. While blockchain's smart contracts automate processes and eliminate intermediaries, creating these contracts can be complex. AI algorithms, like ChatGPT, employ natural language processing to simplify smart contract creation, reducing errors, enhancing coding efficiency, and broadening access for new developers.

Moreover, AI can enhance user experiences in Web3 marketplaces by tailoring recommendations based on user search patterns. AI-powered chatbots and virtual assistants can enhance customer service and transaction facilitation, while blockchain technology ensures product authenticity.

AI's data analysis capabilities further contribute to identifying trends, predicting demand and supply patterns, and enhancing decision-making for Web3 marketplace participants.

Illustrating this integration is the example of Kering, a luxury goods company, which launched a marketplace combining AI-driven chatbot services with crypto payment options, enabling customers to use Ethereum for purchases.

Synergistic Future of AI and Blockchain

Though AI's adoption within the crypto sector is nascent, its potential applications are abundant. In DeFi and Web3, AI promises to enhance market segments and attract new users. Furthermore, coupling AI with blockchain technology offers significant potential for traditional organizations, enhancing business practices, user experiences, and decision-making.

In the upcoming months and years, the evolving collaboration between AI and blockchain is poised to yield further advancements, heralding a future of innovation and progress.
Read more »
Subscribe to: Posts (Atom)