Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Hack. Show all posts
Security Breach
Crypto Exchange Crypto Hack cryptocurrency Cyber Attacks Digital Assets Lazarus Group Security Breach

Bybit Crypto Exchange Hacked for $1.5 Billion in Largest Crypto Heist

 

Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack, now considered the largest in crypto history, compromised the exchange’s cold wallet—an offline storage system designed to provide enhanced security against cyber threats. 

Despite the breach, Bybit CEO Ben Zhou assured users that other cold wallets remain secure and that withdrawals continue as normal. Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen funds as they were quickly moved across multiple wallets and laundered through various platforms. Most of the stolen assets were in ether, which were liquidated swiftly to avoid detection. 

The scale of the attack far exceeds previous high-profile crypto thefts, including the $611 million Poly Network hack in 2021 and the $570 million stolen from Binance’s BNB token in 2022. Investigators later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for targeting cryptocurrency platforms. The group has a history of siphoning billions from the digital asset industry to fund the North Korean regime. 

Experts say Lazarus employs advanced laundering techniques to hide the stolen funds, making recovery difficult. Elliptic’s chief scientist, Tom Robinson, confirmed that the hacker’s addresses have been flagged in an attempt to prevent further transactions or cash-outs on other exchanges. However, the sheer speed and sophistication of the operation suggest that a significant portion of the funds may already be out of reach. The news of the breach sent shockwaves through the crypto community, triggering a surge in withdrawals as users feared the worst. 

While Bybit has managed to stabilize outflows, concerns remain over the platform’s ability to recover from such a massive loss. To reassure customers, Bybit announced that it had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations. The Lazarus Group’s involvement highlights the persistent security risks in the cryptocurrency industry. Since 2017, the group has orchestrated multiple cyberattacks, including the theft of $200 million in bitcoin from South Korean exchanges. 

Their methods have become increasingly sophisticated, exploiting vulnerabilities in crypto platforms to fund North Korea’s financial needs. Industry experts warn that large-scale thefts like this will continue unless exchanges implement stronger security measures. Robinson emphasized that making it harder for criminals to profit from these attacks is the best deterrent against future incidents. 

Meanwhile, law enforcement agencies and crypto-tracking firms are working to trace the stolen assets in hopes of recovering a portion of the funds. While exchanges have made strides in improving security, cybercriminals continue to find ways to exploit weaknesses, making robust protections more crucial than ever.
Read more »
Threat Landscape
Artificial Intelligence Crypto Hack Quantum computing Technology Threat Landscape

A Looming Threat to Crypto Keys: The Risk of a Quantum Hack

 


 The Quantum Computing Threat to Cryptocurrency Security

The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears is its ability to break the private keys safeguarding cryptocurrency wallets.

While this threat is genuine, it is unlikely to materialize overnight. It is, however, crucial to examine the current state of quantum computing in terms of commercial capabilities and assess its potential to pose a real danger to cryptocurrency security.

Before delving into the risks, it’s essential to understand the basics of quantum computing. Unlike classical computers, which process information using bits (either 0 or 1), quantum computers rely on quantum bits, or qubits. Qubits leverage the principles of quantum mechanics to exist in multiple states simultaneously (0, 1, or both 0 and 1, thanks to the phenomenon of superposition).

Quantum Computing Risks: Shor’s Algorithm

One of the primary risks posed by quantum computing stems from Shor’s algorithm, which allows quantum computers to factor large integers exponentially faster than classical algorithms. The security of several cryptographic systems, including RSA, relies on the difficulty of factoring large composite numbers. For instance, RSA-2048, a widely used cryptographic key size, underpins the private keys used to sign and authorize cryptocurrency transactions.

Breaking RSA-2048 with today’s classical computers, even using massive clusters of processors, would take billions of years. To illustrate, a successful attempt to crack RSA-768 (a 768-bit number) in 2009 required years of effort and hundreds of clustered machines. The computational difficulty grows exponentially with key size, making RSA-2048 virtually unbreakable within any human timescale—at least for now.

Commercial quantum computing offerings, such as IBM Q System One, Google Sycamore, Rigetti Aspen-9, and AWS Braket, are available today for those with the resources to use them. However, the number of qubits these systems offer remains limited — typically only a few dozen. This is far from sufficient to break even moderately sized cryptographic keys within any realistic timeframe. Breaking RSA-2048 would require millions of years with current quantum systems.

Beyond insufficient qubit capacity, today’s quantum computers face challenges in qubit stability, error correction, and scalability. Additionally, their operation depends on extreme conditions. Qubits are highly sensitive to electromagnetic disturbances, necessitating cryogenic temperatures and advanced magnetic shielding for stability.

Future Projections and the Quantum Threat

Unlike classical computing, quantum computing lacks a clear equivalent of Moore’s Law to predict how quickly its power will grow. Google’s Hartmut Neven proposed a “Neven’s Law” suggesting double-exponential growth in quantum computing power, but this model has yet to consistently hold up in practice beyond research and development milestones.

Hypothetically, achieving double-exponential growth to reach the approximately 20 million physical qubits needed to crack RSA-2048 could take another four years. However, this projection assumes breakthroughs in addressing error correction, qubit stability, and scalability—all formidable challenges in their own right.

While quantum computing poses a theoretical threat to cryptocurrency and other cryptographic systems, significant technical hurdles must be overcome before it becomes a tangible risk. Current commercial offerings remain far from capable of cracking RSA-2048 or similar key sizes. However, as research progresses, it is crucial for industries reliant on cryptographic security to explore quantum-resistant algorithms to stay ahead of potential threats.

Read more »
Zero-day Flaw
Chrome Attack Chain Crypto Hack Cyber Attacks North Korea Hackers Zero-day Flaw

Lazarus Group Exploits Chrome Zero-Day Flaw Via Fake NFT Game

 

The notorious North Korean hacking outfit dubbed Lazarus has launched a sophisticated attack campaign targeting cryptocurrency investors. This campaign, discovered by Kaspersky researchers, consists of a multi-layered assault chain that includes social engineering, a fake game website, and a zero-day flaw in Google Chrome. 

The report claims that in May 2024, Kaspersky Total Security identified a new attack chain that used the Manuscrypt backdoor to target the personal computer of an unidentified Russian citizen. 

Kaspersky researchers Boris Larin and Vasily Berdnikov believe the campaign began in February 2024. After investigating the attack further, analysts discovered that the attackers had developed a website called "detankzonecom" that seemed to be a genuine platform for the game "DeFiTankZone." 

This game reportedly combines Decentralised Finance (DeFi) elements with Non-Fungible Tokens (NFTs) in a Multiplayer Online Battle Arena (MOBA) situation. The website even offers a downloadable trial edition, adding to the look of trustworthiness. However, beneath the surface is a malicious trap. 

“Under the hood, this website had a hidden script that ran in the user’s Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim’s PC,” researchers noted. 

The exploit contains code for two vulnerabilities: one that enables hackers to access the whole address space of the Chrome process using JavaScript (CVE-2024-4947), and the other that allows attackers to circumvent the V8 sandbox and access memory outside the confines of the register array. 

Google addressed CVE-2024-4947, a type confusion flaw in the V8 JavaScript and WebAssembly engine, in March 2024, although it's unknown if attackers discovered it first and weaponised it as a zero-day or exploited it as an N-day flaw.

In this campaign, Lazarus has used social media sites like LinkedIn and X (previously Twitter) to target prominent players in the cryptocurrency field. With several accounts on X, they created a social media presence and actively promoted the fake game. They also hired graphic designers and generative AI to create amazing advertising material for the DeTankZone game. The group also sent carefully designed messages to interested parties pretending to be blockchain startups or game developers looking for funding.

This campaign highlights how the Lazarus Group's strategies have changed. It is crucial to be wary of unsolicited investment opportunities, particularly when they involve dubious social media promotions or downloadable game clients. In order to mitigate the risk of zero-day attacks, it is also crucial to maintain browser software, such as Chrome, updated with the most recent security fixes.
Read more »
Orbit Chain
Crypto Hack Crypto Theft Cyber Crime Orbit Chain

Orbit Chain Loses $86M in Cross-Chain Bridge Hack

 

Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. The company disclosed an "unidentified access to Orbit Bridge," its decentralised cross-chain technology, which resulted in the theft of more than $80 million in cryptocurrency. 

Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency mixer Tornado Cash to fund an initial Ethereum wallet before attacking Orbit Chain's Ethereum vault. Last year, Tornado Cash made headlines when its co-founders were charged with money laundering. 

The stolen funds were then transferred to a number of Ethereum wallets. Orbit Chain's Bridge balance fell from $115 million to $31 million between December 31 and January 1, according to blockchain analytics company Arkham Intelligence. Orbit Chain stated in a post on X earlier this week (2 January) that the stolen assets "remain unmoved" at the time of publishing and that the team is constantly tracking the stolen funds. 

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach. Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies,” the firm explained in a post. “We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.” 

Crypto turmoil

Over the past few years, the crypto industry has come under more scrutiny; many have dubbed it an unregulated "wild west." Particularly in 2023, there were several widely reported crypto attacks. Hackers exploited vulnerable code to steal an estimated $197 million from the UK-based cryptocurrency platform Euler Finance in March. The money was later refunded by the hackers, though.

In the meantime, a significant hack on the Ethereum-based cryptocurrency exchange Curve occurred in July 2023. A few months later, in September, a report published by the blockchain analytics firm Elliptic claimed that the well-known North Korean hacker group Lazarus had stolen nearly $240 million in cryptocurrency in less than four months. 

Apart from cybercriminal attacks, the crypto business has received attention for the exploits of its own executives. Sam Bankman-Fried, the founder of crypto exchange FTX, was likely the most notorious, having been convicted of conspiracy to conduct wire fraud and money laundering. Binance CEO Changpeng Zhao pleaded guilty to federal money-laundering crimes in November 2023.

Despite all of this illicit activity, efforts have been made to regulate this unregulated industry. Markets in Crypto Assets, often known as MiCA, was passed by EU lawmakers in April of last year as a major piece of legislation for managing and preserving the crypto industry. 

The legislation went into effect in June 2023 and is now in the implementation phase, which involves consultations on a variety of technical standards. The European Securities and Markets Authority intends to submit the proposed technical standards for approval to the European Commission by June 30, 2024.
Read more »
Cyber Fraud
Chainlink Crypto Crime Crypto Fraud Crypto Hack Cyber Fraud

"Pink Drainer" Siphons $4.4 Million Chainlink Through Phishing

 

Pink Drainer, the infamous crypto-hacking outfit, has been accused in a highly sophisticated phishing scheme that resulted in the theft of $4.4 million in Chainlink (LINK) tokens. 

This recent cyber crime targeted a single victim who was duped into signing a transaction linked with the 'Increase Approval' feature. 

Pink Drainer exploits 'Increase Approval' function 

The 'Increase Approval' function is a regular method in the cryptocurrency world, allowing users to limit the number of tokens that can be transferred by another wallet. This activity facilitated the illegal transfer of 275,700 LINK tokens in two separate transactions without the victim's knowledge. 

According to Scam Sniffer, a crypto-security website, the tokens were drained in two separate transfers. Initially, 68,925 LINK tokens were routed to a wallet identified by Etherscan as "PinkDrainer: Wallet 2." The remaining 206,775 LINK were sent to a separate address that ended as "E70e." 

ZachXBT, a well-known crypto detective, also revealed that the stolen funds were soon transferred into Ethereum (ETH) and laundered through the eXch service, complicating asset tracking.

Scam Sniffer's investigation verifies the Pink Drainer group's involvement in this theft, although the specific technique employed to trick the victim into allowing the token transfer is unclear.

Scam Sniffer has also discovered at least ten additional scam sites linked to Pink Drainer in the previous 24 hours.

The Pink Drainer syndicate has been linked to incidents involving Evomos, Pika Protocol, and Orbiter Finance. It is also known for high-profile attacks on platforms such as Twitter and Discord. They were also accused earlier this year in a fraud posing as crypto journalists, which resulted in the theft of nearly $3 million from over 1,932 victims. 

According to Dune Analytics' most recent statistics, Pink Drainer's operations have intensified. As of December 19, the total losses suffered by the group amounted to $18.7 million, impacting 9,068 victims.
Read more »
TechCrunch
Crypto Hack cryptocurrency Cyber Security DeFi Hackers TechCrunch

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Read more »
Sensitive Data Leak
Bitcoin Blockchain Crypto Crypto Hack Crypto heist Cryptocurrencies Data Breach Financial Fraud FTX Genesis Market Kroll Phishing Attacks Sensitive Data Leak

Cryptocurrency Giants FTX, BlockFi, and Genesis Hit by Kroll Hack

Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.

The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.

FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.

The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.

The breach has consequences beyond only the immediate loss of client data. Users may stop using these platforms, which could result in lost revenue for the impacted businesses. Regulatory organizations might examine these occurrences more closely, which would result in tougher compliance standards for cryptocurrency businesses.

FTX, BlockFi, and Genesis have assured their consumers that they are acting right now in reaction to the intrusion. They are trying to improve their security procedures, assisting law enforcement, and carrying out in-depth investigations to ascertain the scope of the intrusion. Users who are affected are advised to modify their passwords, use two-factor authentication, and be on the lookout for phishing attacks.

The Bitcoin industry as a whole needs to pay attention after this tragedy. The digital world has unmatched prospects, but it also has its own challenges, notably in terms of cybersecurity. To properly protect the information of their users, businesses must implement proactive security measures, carry out routine audits, and spend money on powerful encryption.

Customers of these affected sites must implement suggested security procedures and stay up to date on developments as the investigation progresses. Additionally, the event highlights how crucial industry cooperation is to jointly fix vulnerabilities and improve the overall security posture of the Bitcoin ecosystem.


Read more »
XMRig
Crypto Crime Crypto Currency Crypto Currency mining Crypto Hack Cryptojacking Cryptojacking Campaign Cyber Attacks XMRig

Hacked Devices Generated $53 for Every $1 Cryptocurrency Through Crypto Jacking

 


The team of security researchers evaluated the financial impact of crypto miners affecting cloud servers. They stated that this costs cloud server victims about $53 for every $1 of cryptocurrency mined by threat actors through crypto-jacking. 

Cryptojacking refers to the illegal method of extracting cryptocurrency from unauthorized devices, including computers, smartphones, tablets, and even servers with an intent of making a profit. Its structure allows it to stay hidden from the victims. The malicious actors generate income through hijacking hardware, as the mining programs use the CPUs of hijacked devices.  

The mining of cryptocurrency through the hijacked devices was primarily an activity of financially motivated hacking groups, especially Team TNT. It was responsible for most of the large-scale attacks against vulnerable Doctors Hub, AWS, Redis, and Kubernetes deployments.  

The cyber attackers updated the OS image by distributing the network traffic across servers that contained XMRig. It is a CPU miner for a privacy-oriented hard-to-trace cryptocurrency that has recently been considered the most profitable CPU mining.   

As opposed to ransomware, software that blocks access to systems until the money is paid, and includes aggressive law enforcement, rouge crypto mining is less risky for the cyber attackers.  

The Sysdig researchers used "Chimaera", a large campaign of TeamTNT for estimating the financial damage caused by crypto miners. The research revealed that over 10,000 endpoints were disclosed to unauthorized persons. 

In order to hide the wallet address from the hijacked machines and make tracking even harder, the cyber-attackers used XMRig-Proxy but the analysts were still able to discover 10 wallet IDs used in the campaign. 

Later the researchers disclosed that the 10 wallets held a total of 39XMR, valuing $8,120. However, they also mentioned that the estimated cost to victims incurred from mining those 29 XMR is $429,000 or $11,000 per 1 XMR. 

Moreover, they explained that, according to their estimates, the amount does not include amounts that are stored in unknown older wallets, the damage suffered by the server owner as a result of hardware damage, the potential interruptions of online services caused by hogging processing power, or the strategic changes firms had to make to sustain excessive cloud bills as a result of hogging processing power.
Read more »
Subscribe to: Posts (Atom)