Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Hack. Show all posts
Zero-day Flaw
Chrome Attack Chain Crypto Hack Cyber Attacks North Korea Hackers Zero-day Flaw

Lazarus Group Exploits Chrome Zero-Day Flaw Via Fake NFT Game

 

The notorious North Korean hacking outfit dubbed Lazarus has launched a sophisticated attack campaign targeting cryptocurrency investors. This campaign, discovered by Kaspersky researchers, consists of a multi-layered assault chain that includes social engineering, a fake game website, and a zero-day flaw in Google Chrome. 

The report claims that in May 2024, Kaspersky Total Security identified a new attack chain that used the Manuscrypt backdoor to target the personal computer of an unidentified Russian citizen. 

Kaspersky researchers Boris Larin and Vasily Berdnikov believe the campaign began in February 2024. After investigating the attack further, analysts discovered that the attackers had developed a website called "detankzonecom" that seemed to be a genuine platform for the game "DeFiTankZone." 

This game reportedly combines Decentralised Finance (DeFi) elements with Non-Fungible Tokens (NFTs) in a Multiplayer Online Battle Arena (MOBA) situation. The website even offers a downloadable trial edition, adding to the look of trustworthiness. However, beneath the surface is a malicious trap. 

“Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim’s PC,” researchers noted. 

The exploit contains code for two vulnerabilities: one that enables hackers to access the whole address space of the Chrome process using JavaScript (CVE-2024-4947), and the other that allows attackers to circumvent the V8 sandbox and access memory outside the confines of the register array. 

Google addressed CVE-2024-4947, a type confusion flaw in the V8 JavaScript and WebAssembly engine, in March 2024, although it's unknown if attackers discovered it first and weaponised it as a zero-day or exploited it as an N-day flaw.

In this campaign, Lazarus has used social media sites like LinkedIn and X (previously Twitter) to target prominent players in the cryptocurrency field. With several accounts on X, they created a social media presence and actively promoted the fake game. They also hired graphic designers and generative AI to create amazing advertising material for the DeTankZone game. The group also sent carefully designed messages to interested parties pretending to be blockchain startups or game developers looking for funding.

This campaign highlights how the Lazarus Group's strategies have changed. It is crucial to be wary of unsolicited investment opportunities, particularly when they involve dubious social media promotions or downloadable game clients. In order to mitigate the risk of zero-day attacks, it is also crucial to maintain browser software, such as Chrome, updated with the most recent security fixes.
Read more »
Orbit Chain
Crypto Hack Crypto Theft Cyber Crime Orbit Chain

Orbit Chain Loses $86M in Cross-Chain Bridge Hack

 

Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. The company disclosed an "unidentified access to Orbit Bridge," its decentralised cross-chain technology, which resulted in the theft of more than $80 million in cryptocurrency. 

Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency mixer Tornado Cash to fund an initial Ethereum wallet before attacking Orbit Chain's Ethereum vault. Last year, Tornado Cash made headlines when its co-founders were charged with money laundering. 

The stolen funds were then transferred to a number of Ethereum wallets. Orbit Chain's Bridge balance fell from $115 million to $31 million between December 31 and January 1, according to blockchain analytics company Arkham Intelligence. Orbit Chain stated in a post on X earlier this week (2 January) that the stolen assets "remain unmoved" at the time of publishing and that the team is constantly tracking the stolen funds. 

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach. Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies,” the firm explained in a post. “We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.” 

Crypto turmoil

Over the past few years, the crypto industry has come under more scrutiny; many have dubbed it an unregulated "wild west." Particularly in 2023, there were several widely reported crypto attacks. Hackers exploited vulnerable code to steal an estimated $197 million from the UK-based cryptocurrency platform Euler Finance in March. The money was later refunded by the hackers, though.

In the meantime, a significant hack on the Ethereum-based cryptocurrency exchange Curve occurred in July 2023. A few months later, in September, a report published by the blockchain analytics firm Elliptic claimed that the well-known North Korean hacker group Lazarus had stolen nearly $240 million in cryptocurrency in less than four months. 

Apart from cybercriminal attacks, the crypto business has received attention for the exploits of its own executives. Sam Bankman-Fried, the founder of crypto exchange FTX, was likely the most notorious, having been convicted of conspiracy to conduct wire fraud and money laundering. Binance CEO Changpeng Zhao pleaded guilty to federal money-laundering crimes in November 2023.

Despite all of this illicit activity, efforts have been made to regulate this unregulated industry. Markets in Crypto Assets, often known as MiCA, was passed by EU lawmakers in April of last year as a major piece of legislation for managing and preserving the crypto industry. 

The legislation went into effect in June 2023 and is now in the implementation phase, which involves consultations on a variety of technical standards. The European Securities and Markets Authority intends to submit the proposed technical standards for approval to the European Commission by June 30, 2024.
Read more »
Cyber Fraud
Chainlink Crypto Crime Crypto Fraud Crypto Hack Cyber Fraud

"Pink Drainer" Siphons $4.4 Million Chainlink Through Phishing

 

Pink Drainer, the infamous crypto-hacking outfit, has been accused in a highly sophisticated phishing scheme that resulted in the theft of $4.4 million in Chainlink (LINK) tokens. 

This recent cyber crime targeted a single victim who was duped into signing a transaction linked with the 'Increase Approval' feature. 

Pink Drainer exploits 'Increase Approval' function 

The 'Increase Approval' function is a regular method in the cryptocurrency world, allowing users to limit the number of tokens that can be transferred by another wallet. This activity facilitated the illegal transfer of 275,700 LINK tokens in two separate transactions without the victim's knowledge. 

According to Scam Sniffer, a crypto-security website, the tokens were drained in two separate transfers. Initially, 68,925 LINK tokens were routed to a wallet identified by Etherscan as "PinkDrainer: Wallet 2." The remaining 206,775 LINK were sent to a separate address that ended as "E70e." 

ZachXBT, a well-known crypto detective, also revealed that the stolen funds were soon transferred into Ethereum (ETH) and laundered through the eXch service, complicating asset tracking.

Scam Sniffer's investigation verifies the Pink Drainer group's involvement in this theft, although the specific technique employed to trick the victim into allowing the token transfer is unclear.

Scam Sniffer has also discovered at least ten additional scam sites linked to Pink Drainer in the previous 24 hours.

The Pink Drainer syndicate has been linked to incidents involving Evomos, Pika Protocol, and Orbiter Finance. It is also known for high-profile attacks on platforms such as Twitter and Discord. They were also accused earlier this year in a fraud posing as crypto journalists, which resulted in the theft of nearly $3 million from over 1,932 victims. 

According to Dune Analytics' most recent statistics, Pink Drainer's operations have intensified. As of December 19, the total losses suffered by the group amounted to $18.7 million, impacting 9,068 victims.
Read more »
TechCrunch
Crypto Hack cryptocurrency Cyber Security DeFi Hackers TechCrunch

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Read more »
Sensitive Data Leak
Bitcoin Blockchain Crypto Crypto Hack Crypto heist Cryptocurrencies Data Breach Financial Fraud FTX Genesis Market Kroll Phishing Attacks Sensitive Data Leak

Cryptocurrency Giants FTX, BlockFi, and Genesis Hit by Kroll Hack

Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.

The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.

FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.

The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.

The breach has consequences beyond only the immediate loss of client data. Users may stop using these platforms, which could result in lost revenue for the impacted businesses. Regulatory organizations might examine these occurrences more closely, which would result in tougher compliance standards for cryptocurrency businesses.

FTX, BlockFi, and Genesis have assured their consumers that they are acting right now in reaction to the intrusion. They are trying to improve their security procedures, assisting law enforcement, and carrying out in-depth investigations to ascertain the scope of the intrusion. Users who are affected are advised to modify their passwords, use two-factor authentication, and be on the lookout for phishing attacks.

The Bitcoin industry as a whole needs to pay attention after this tragedy. The digital world has unmatched prospects, but it also has its own challenges, notably in terms of cybersecurity. To properly protect the information of their users, businesses must implement proactive security measures, carry out routine audits, and spend money on powerful encryption.

Customers of these affected sites must implement suggested security procedures and stay up to date on developments as the investigation progresses. Additionally, the event highlights how crucial industry cooperation is to jointly fix vulnerabilities and improve the overall security posture of the Bitcoin ecosystem.


Read more »
XMRig
Crypto Crime Crypto Currency Crypto Currency mining Crypto Hack Cryptojacking Cryptojacking Campaign Cyber Attacks XMRig

Hacked Devices Generated $53 for Every $1 Cryptocurrency Through Crypto Jacking

 


The team of security researchers evaluated the financial impact of crypto miners affecting cloud servers. They stated that this costs cloud server victims about $53 for every $1 of cryptocurrency mined by threat actors through crypto-jacking. 

Cryptojacking refers to the illegal method of extracting cryptocurrency from unauthorized devices, including computers, smartphones, tablets, and even servers with an intent of making a profit. Its structure allows it to stay hidden from the victims. The malicious actors generate income through hijacking hardware, as the mining programs use the CPUs of hijacked devices.  

The mining of cryptocurrency through the hijacked devices was primarily an activity of financially motivated hacking groups, especially Team TNT. It was responsible for most of the large-scale attacks against vulnerable Doctors Hub, AWS, Redis, and Kubernetes deployments.  

The cyber attackers updated the OS image by distributing the network traffic across servers that contained XMRig. It is a CPU miner for a privacy-oriented hard-to-trace cryptocurrency that has recently been considered the most profitable CPU mining.   

As opposed to ransomware, software that blocks access to systems until the money is paid, and includes aggressive law enforcement, rouge crypto mining is less risky for the cyber attackers.  

The Sysdig researchers used "Chimaera", a large campaign of TeamTNT for estimating the financial damage caused by crypto miners. The research revealed that over 10,000 endpoints were disclosed to unauthorized persons. 

In order to hide the wallet address from the hijacked machines and make tracking even harder, the cyber-attackers used XMRig-Proxy but the analysts were still able to discover 10 wallet IDs used in the campaign. 

Later the researchers disclosed that the 10 wallets held a total of 39XMR, valuing $8,120. However, they also mentioned that the estimated cost to victims incurred from mining those 29 XMR is $429,000 or $11,000 per 1 XMR. 

Moreover, they explained that, according to their estimates, the amount does not include amounts that are stored in unknown older wallets, the damage suffered by the server owner as a result of hardware damage, the potential interruptions of online services caused by hogging processing power, or the strategic changes firms had to make to sustain excessive cloud bills as a result of hogging processing power.
Read more »
Technology
Cloud Botnet Crypto Hack cryptomining Linux Technology

8220 Cryptomining Gang Targets Linux and Cloud Apps to Expand Cloud Botnet

 

The 8220 cryptomining gang has widened their Cloud Botnet over the last month to nearly 30,000 hosts globally. 
The exploitation of Linux and cloud app vulnerabilities and poorly secured configurations for services such as Docker, Confluence, Apache WebLogic, and Redis has played a significant role in the growth of the Cloud Botnet. 

"8220 Gang is one of the many low-skill crimeware gangs we continually observe infecting cloud hosts and operating a botnet and cryptocurrency miners through known vulnerabilities and remote access brute forcing infection vectors," Tom Hegel of SentinelOne explained in a blog post. 

The 8220 gang has been operating since at least 2017, the hackers are Chinese-speaking and the name of the group comes from the port number 8220 employed by the miner to communicate with the C2 servers. In the latest campaign, the Monero-mining hacker targeted i686 and x86_64 Linux systems by means of weaponizing a recent remote code execution exploit for Atlassian Confluence Server (CVE-2022-26134) to install the PwnRig miner payload. 

"Victims are not targeted geographically, but simply identified by their internet accessibility," Hegel pointed out. Besides executing the PwnRig cryptocurrency miner, the group began employing a specific file for the management of the SSH brute forcing step, which contained 450 hardcoded credentials corresponding to a wide range of Linux devices and apps. 

The latest versions of the script are also known to employ blocklists to bypass compromising specific hosts, such as honeypot servers that could flag their illicit efforts. 

The PwnRig crypto miner, which is based on the open source Monero miner XMRig, has received updates of its own as well, employing a phony FBI subdomain with an IP address linked to a Brazilian federal government domain to design a fake pool request and obscure the real destination of the generated money. 

The sudden surge in mining activities is also linked to the dwindling prices of cryptocurrencies, not to mention a heightened "battle" to take control of victim systems from competing cryptojacking-focused groups. Monero, in particular, has lost over 20% of its value over the past six months. 

"Over the past few years 8220 Gang has slowly evolved their simple, yet effective, Linux infection scripts to expand a botnet and illicit cryptocurrency miner," Hegel concluded. "The group has made changes over the recent weeks to expand the botnet to nearly 30,000 victims globally."
Read more »
U.S. Crypto
Blockchain Crypto Hack cryptocurrency Technology U.S. Crypto

Hacker Steals $100 million Worth of Crypto from Harmony Horizon Bridge

 

Earlier this week, the Horizon bridge linking Harmony – a Layer-1 PoS blockchain designed for native token ONE – to the Ethereum and Binance Chain ecosystem was exploited, resulting in a loss of nearly $100 million in Ethereum. Fortunately, the BTC bridge remained unaffected and has been shut down to prevent further losses. 

The U.S. crypto startup has notified the FBI and requested to assist with an investigation in identifying the culprit and retrieving stolen assets. 

“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the company posted on Twitter. 

“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands-on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”

The attack appears to have taken place over the span of 17 hours, starting at about 7:08 am EST until 7:26 am EST. The value of the first transaction was 4,919 ETH, followed by multiple smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down. 

The hack is the latest in a series of exploits affecting the crypto space. So far, Frax (FRAX), Wrapped Ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC), and USD Coin (USDC) have been stolen from the bridge via this exploit. 


Interestingly, a warning was issued by an independent researcher and blockchain developer Ape Dev back on the 2nd of April. In a series of tweets, the researcher warned that the security of the Horizon bridge hinged on a multisignature — or “multisig” — a wallet that required just two signatures to initiate transactions. The hackers could exploit this loophole to execute a very simple attack by getting 2 of the owners to sign off on transfers worth up to $330million. 

The hack adds to a series of negative news in the crypto space lately. Crypto lenders Celsius and Babel Finance put a freeze on withdrawals after a sharp drop in the value of their assets resulted in a liquidity crunch. Meanwhile, crypto hedge fund Three Arrows Capital could be declared as a defaulter for failing to repay a $660 million loan from brokerage firm Voyager Digital.
Read more »
Technology
Crypto Hack Crypto Hacking cryptocurrency Digital Money Hackers Technology

Hackers Hit 483 Users in Crypto.com Attack That Witnessed $31M+ Coins Withdrawn

 

Crypto.com has issued an official remark on the situation that saw it halt its users' ability to withdraw money after hinting at final numbers earlier in the week. Unauthorized bitcoin withdrawals on 483 individuals' accounts were reported by the firm on Monday.

The company stated, "In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed. Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies." 

The value of ether was just shy of $14 million at the time of writing, whereas the fiat worth of bitcoin was just over $17 million. Overall, depending on the unpredictable cryptocurrency pricing on any given day, the entire sum may be approximately $31 million. Users' two-factor authentication was not used, according to Crypto.com, which noticed transactions early Monday morning UTC. 

"Crypto.com revoked all customer 2FA tokens and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours," it stated.

"In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure." 

The company also announced a new policy requiring customers to wait 24 hours before withdrawing funds to a whitelisted address, as well as a scheme that will reimburse consumers up to $250,000 if unauthorised withdrawals are made and certain requirements are fulfilled. 

Users must employ multi-factor authentication on all transactions when possible, set an anti-phishing code at least 21 days before the unauthorised withdrawal, make a police report and send a copy to the corporation, and undertake a "questionnaire to facilitate a forensic investigation," among other terms. 

"Terms and conditions may vary by market according to local regulations. Crypto.com will make the final determination of eligibility requirements and approval of claims," the company said.
Read more »
URL
Abcbot Alibaba Cisco Crypto Currency mining Crypto Hack Crypto Mining Huawei IP addresses malware mining malware URL

Malware Abcbot Related to the Xanthe Cryptomining Bug Developer's

 

Abcbot, the newly discovered botnet has a longer history than what was originally believed. The Xanthe-based cryptojacking campaign found by Cisco's Talos security research team in late 2020 has a clear link, according to the ongoing examination of this malware family. When Talos was notified of an intrusion on one of their Docker honeypots, they discovered malware that looked like a bitcoin mining bot. 

The virus is known as Xanthe, and its main goal is to mine cryptocurrency using the resources of a compromised system. Based on the findings, the same threat actor is behind both Xanthe and Abcbot, and its goal has shifted from mining cryptocurrency on compromised hosts to more classic botnet activity like DDoS attacks.

Abcbot attacks, first reported by Qihoo 360's Netlab security team in November 2021, are triggered by a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet but not before terminating processes from competing threat actors and establishing persistence. The shell script in question is an updated version of one found by Trend Micro in October 2021, which targeted Huawei Cloud's vulnerable ECS instances. 

Further investigation of the botnet, which included mapping all known Indicators of Compromise (IoCs) such as IP addresses, URLs, and samples, revealed Abcbot's code and feature-level similarities to that of a cryptocurrency mining operation known as Xanthe, which spread the infection using incorrectly configured Docker implementations. 

The semantic similarities between the two malware families range from the way the source code is formatted to the names given to the routines, with some functions having not only identical names and implementations (e.g., "nameservercheck"), but also have the word "go" appended to the end of the function names (e.g., "filerungo"). According to experts, Abcbot also contains spyware that allows four malicious users to be added to the hacked machine: 
  • Logger 
  • Ssysall 
  • Ssystem 
  • sautoupdater 
Researchers believe that there are substantial links between the Xanthe and Abcbot malware families, implying that the same threat actor is involved. The majority of these would be difficult and inefficient to recreate identically, including string reuse, mentions of shared infrastructure, stylistic choices, and functionality that can be seen in both instances. If the same threat actor is behind both campaigns, it signals a shift away from cryptocurrency mining on compromised devices and toward botnet-related operations like DDoS attacks.
Read more »
SIM Swapping
Bitcoin Crypto Hack cryptocurrency Cyber Fraud Cyberattack hacker arrested SIM Swapping

UK Man Arrested for Cryptocurrency Fraud, Sentenced 20 Years

 

A United Kingdom man who was earlier charged in the US for links to hacking celebrities' and politicians' Twitter accounts was recently arrested for stealing cryptocurrency worth $784,000 of cryptocurrency. Prosecutors in Manhattan, US said that Joseph James O'Connor (age 22) along with his partners stole Bitcoin, Litecoin, and Ethereum, after getting access to target's cellphone no. by linking it to SIM cards. 

O Connor, aka PlugwalkJoe, along with his partners orchestrated a SIM swapping attack targeting three Manhattan cryptocurrency company executives, stealing cryptocurrency from two clients, while laundering it. O Connor's lawyer isn't yet known. As per the prosecutors, the campaign ran from March 2019 to May 2019. O'Connor awaits possible extradition from Spain after the July arrest concerned with a last year's July hack which compromised several Twitter accounts and stole around $118,000 worth of Bitcoins. 

"It named the British man as Joseph James O'Connor and said he faced multiple charges. He was also accused in a criminal complaint of computer intrusions related to takeovers of TikTok and Snapchat accounts, including one incident involving sextortion, as well as cyberstalking a 16-year-old juvenile," reported Reuters earlier in July. These hacked accounts include current US president Joe Biden, former president Barack Obama, Ex Amazon CEO Jeff Bezos, Bill Gates, Warren Buffett, Kim Kardashian, Elon Musk, and rapper Kanye West (currently known as Ye). 

The accused teenager, Graham Ivan Clark, the mastermind behind the Twitter hack, pleaded guilty in March in state court of Florida and is currently serving three years in a juvenile prison. The latest charges against Connor consist of money laundering and conspiracies to commit wire fraud, carrying a minimum of 20 years prison sentence, along with aggravated identity theft and computer hacking conspiracy. 

Reuters reports, "the alleged hacker used the accounts to solicit digital currency, prompting Twitter to take the extraordinary step of preventing some verified accounts from publishing messages for several hours until security to the accounts could be restored."
Read more »
Cyber Attacks
Crypto Currency Crypto Exchange Crypto Hack Crypto Wallets cryptocurrency Cryptocurrency exchange Cyber Attacks

As Crypto Exchange Attacks Surge Users Must Protect Their Crypto Wallets



As cryptocurrency goes from being an academic concept to becoming a type of transaction that has the potential to significantly reduce cyber fraud, cryptocurrency crimes have seen a likewise rise with cybercriminals targeting cryptocurrency exchanges and crypto-wallets. 

Despite the global pandemic wreaking havoc on economies, cryptocurrency has continued to grow, leading to a rise in the number of crypto exchanges worldwide. Subsequently, several top crypto companies in the Bay area were seen investing in Indian exchanges as well. 

While cryptocurrencies are particularly secure, crypto exchanges are susceptible to a number of vulnerabilities as they remain largely unregulated. It has resulted in exchanges being hacked every year in large numbers. The sudden surge in the popularity of cryptocurrency has meant investments by many amateur investors who didn't take time to fully understand how the crypto scene works. The lack of knowledge has been rampantly exploited by threat actors who saw it as a chance to scam and exploit crypto space. 

Throughout 2020, attacks linked to Blockchain alone accounted for nearly a third of all time attacks targeted at blockchain. Reportedly, the total monetary losses in a total of 122 attacks were almost $3.78 billion. Ethereum (ETH) DApps were the most often targeted – costing users nearly $436.36 million in 2020 alone. There were 47 successful attacks aimed at decentralized applications based on the Ethereum smart contract. 

New-Zealand-based, Cryptopia exchange was breached in 2019 as hackers managed to siphon $11 million worth of funds from the exchange. Following the security breach, the exchange went dark citing an announcement that read: “We are experiencing an unscheduled maintenance, we are working to resume the services as soon as possible. We will keep you updated.” 

Altsbit, an Italian crypto exchange, lost $70,000 in a hack within a few months of being around. The exchange announced that it will refund the affected users and will terminate its services in May 2020. “We will refund whatever we are holding on cold storage to users and then the platform will close down, ” the company stated in an email to Cointelegraph. Though it remained unclear how the hackers pulled off the attack, reports stated that the cybercrime group 'Lulzsec' was behind the hack. 

UPbit, a popular South Korean cryptocurrency exchange lost approximately $45 million (342,000 ETH) in a 2019 crypto theft. It went on to become the seventh-largest crypto exchange hack of the year. 

Liquid Global, a Japanese crypto exchange reported suffering a massive hacking incident, which resulted in the loss of digital assets worth $97 million. It included Bitcoin, Ethereum, XRP, and stablecoins. Liquid claimed that the attacker targeted a Multi-Party Computation wallet (an advanced cryptographic technique). 

In order to stay ahead of the crypto hackers, a few ways to secure your cryptocurrency are: ensuring the security of the Internet, using a cold wallet, changing passwords at regular periods, maintaining multiple wallets, staying wary of phishing attacks, and securing your personal device.
Read more »
Technology
Blockchain Crypto Currency Crypto Hack Digital Money Poly Network Attack Technology

The Hacker Behind the Biggest Crypto Heist is Refusing to Return the Remaining Funds

 

The Poly Network attack took place two weeks ago, but the narrative is far from finished. Mr. White Hat, an unknown hacker, was able to extract $614 million in cryptocurrencies, according to the Poly Network team. They are now declining to assist and delaying the Poly Network team after returning a portion of the cash. 

The hack is regarded as the largest crypto theft to date, and the Poly Network team appears to have fewer options other than to ask the hacker to restore the stolen funds peacefully. The attacker/ attackers are interacting with the Poly Network team via the Ethereum blockchain's transaction data field. The unknown hacker is known as "Poly Network Exploiter 1," as per blockchain-tracking service Etherscan. 

“Your essays are very convincing while your actions are showing your distrust, what a funny game. You don’t [sic] even think to unlock my USDT account,” Poly Network Exploiter 1 wrote on the Ethereum blockchain. 

The attacker is referencing a USDT account with $33 million in stablecoins. The funds have been frozen by Tether, which irritates the offender. The hacker's conversation suggests that he has no issues with keeping the stolen money for an undetermined period. 

The Poly Network team replied, "We still hope you can provide the key to us this week because thousands of people are eager to get their assets back." 

In the response, Poly Network Exploiter 1 replied, “I am not ready to publish the key in this week [sic]… Here is one thing that you can always trust me: [sic] Holding BTC and ETH is better than trading them.” 

On August 10, the Poly Network was hacked, and the intruder returned $256 million worth of coins the next day. As a gesture of cooperation, the hacker produced a token labeled 'The hacker is ready to surrender' and sent it to the assigned Polygon address. 

The Poly Network team has given a $500,000 bounty for identifying the exploit to make things easier for the attacker. It is willing to pay 160 ETH ($500,000) to the hacker's address, a gesture that the hacker has turned down. The attacker has also been given the opportunity to become a consultant for the DeFi initiative (decentralized finance). 

Mr. White Hat, as the hacker is called by Poly Network, is a reference to ethical hackers that look for flaws and assist organizations to patch them. It's unclear why the hacker is preventing the final part of assets from being accessed. Poly Network is in charge of roughly $330 million in stolen funds, while Tether, a stablecoin operator, has frozen $33 million pending legal action. Because the blockchain is transparent, putting every transaction data out in the open, hackers find it difficult to get away from their crime or encash it, according to Chainalysis. 

The company mentioned in its report, "With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?" 

"In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet." 

It's hard to determine whether the hacker was attempting an ethical assault or committing a heist. The underlying reason, however, does not appear to be a concern for the Poly Network team at this time. 

As the pressure from thousands of victims grows, recovering the stolen funds is a prime concern. The attack serves as a reminder to governments and authorities that cryptocurrency legislation must be taken seriously. There is currently near to zero accountability, posing a significant danger to the future of DeFi. 

“Regardless of their intentions, we’re of the belief that this sort of publicity stunt hurts the perception of the virtual asset economy in the eyes of the public,” said AnChain.AI founder and CEO Victor Fang. 

DeFi-related thefts are on the upsurge, the first seven months of the year represented 54% of overall crypto fraud volume, compared to 3% for the entire year last year, according to CipherTrace.
Read more »
Subscribe to: Posts (Atom)