Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crypto Hacking. Show all posts

The Week of Crypto Platform Breaches: Prisma Finance Incident Highlights

 

The past week witnessed a series of bewildering events in the realm of cryptocurrency, marked by breaches on two prominent platforms that left the crypto community grappling with perplexing motives and unexpected outcomes. 

The first incident unfolded on Tuesday evening when the Munchables blockchain-based game fell victim to an attack, resulting in the theft of approximately $62 million worth of cryptocurrency. Initial speculation pointed towards North Korea-linked hackers, given the country's history of targeting cryptocurrency platforms for financial gain. However, the situation took an unexpected turn when the alleged perpetrator voluntarily returned the stolen funds without any ransom demands. 

In a surprising twist, Munchables shared that the individual behind the attack had relinquished access to the private keys containing the stolen funds, expressing gratitude for their cooperation. Despite this resolution, questions lingered about the circumstances surrounding the incident, including the attacker's identity and motives, prompting calls for enhanced security measures within the crypto community. Shortly thereafter, another breach occurred on Thursday evening, this time affecting Prisma Finance, a popular decentralized finance (DeFi) platform, which suffered a loss of approximately $11.6 million. 

However, the aftermath of this breach was marked by cryptic messages from the hacker, who claimed the attack was a "white hat" endeavour aimed at highlighting vulnerabilities in the platform's smart contracts. The hacker, whose identity remained undisclosed, reached out to Prisma Finance seeking to return the stolen funds and engaging in a discourse about smart contract auditing and developer responsibilities. 

Despite the hacker's apparent altruistic intentions, the incident underscored the importance of rigorous security measures and comprehensive audits in the DeFi space. Prisma Finance later released a post-mortem report detailing the flash loan attack that led to the breach, shedding light on the exploitation of vulnerabilities in the platform. The report emphasized ongoing efforts to investigate the incident and ensure the safety of users' funds, highlighting the collaborative nature of the crypto community in addressing security breaches. 

These breaches come against the backdrop of heightened scrutiny of cyberattacks on cryptocurrency platforms, with a recent United Nations report identifying North Korean hackers as key perpetrators. The report highlighted a staggering $3 billion in illicit gains attributed to North Korean cyberattacks over a six-year period, underscoring the persistent threat posed by state-sponsored hackers in the crypto space. 

As the investigation into these breaches continues, the crypto community remains vigilant, emphasizing the importance of robust security measures and proactive collaboration to safeguard against future threats. While the motives behind these breaches may remain shrouded in mystery, the incidents serve as a stark reminder of the ever-present risks associated with digital assets and the imperative of maintaining heightened security protocols in the evolving landscape of cryptocurrency.

How Blockchain Technology is Playing a Major Role in Combating Crypto Hacking Risk

 

The world of cryptocurrencies is not immune to the shadows that come with living in a time when digital currencies are having such a significant impact on the global financial landscape. 

Malicious actors are devising complex plans to take advantage of this expanding market while remaining unseen and hidden in the shadows of the internet. Even if the situation involving the most recent Euler Finance exploit and the Ronin Network hack last year was frightening, it is not an isolated incident. 

The finding of a potential link between these instances has caused concern among those in the cryptocurrency community regarding the security and traceability of digital assets. 

The Ronin Bridge exploiter, who is thought to be connected to the notorious North Korean hacker group Lazarus Group, received 100 Ether, or $170,515, via a wallet address connected to the Euler Finance exploit. These occurrences serve as a sharp reminder of the cyberthreats that exist within the crypto sector and may jeopardise its integrity and safety. 

However, this cloud does have a silver lining. The discovery of these links further demonstrates the effectiveness of blockchain technology in locating and perhaps even reducing these concerns. As we continue reading this article, we'll examine the intricacies of cryptocurrency hacking and talk about how to effectively counter such malicious threats. 

How does crypto hacking work?

Crypto hacking, in its most basic form, is the unauthoritative access to and theft of digital assets kept in cryptocurrency wallets and exchanges. It is a type of cybercrime that targets the blockchain ecosystem specifically and takes advantage of flaws in hardware, software, or user behaviour to gain cryptocurrencies in an unauthorised manner. 

Crypto hackers use a variety of strategies. One of the most typical is phishing, where a hacker impersonates a reliable entity to deceive people into disclosing sensitive information like private keys or login passwords. The use of malware or ransomware, which infiltrates networks and either directly steals cryptoassets or holds them for ransom, is a further popular tactic. However, these aren't the only techniques available for crypto cracking. Since hot wallets on crypto exchanges are more prone to attack than cold wallets, hackers target them. 

This includes the current scandals surrounding the Ronin Network and Euler Finance. They depict what are referred to be DeFi exploits. DeFi platforms, like Euler Finance, run on smart contracts, which are self-executing contracts with the conditions of the agreement put directly into code. These smart contracts have numerous benefits, such as transparency and a reduction in the need for middlemen, but they may also have flaws or other weaknesses that cunning hackers might take advantage of. 

Rise in crypto crimes

In 2022, Chainalysis recorded bitcoin thefts of $3.8 billion, a startling increase from the $0.5 billion taken in 2020 and a 15% increase over the $3.3 billion reported in 2021. The increase in online holdings brought about by the rise in public use of digital currencies has made them more desirable and reachable targets for cybercriminals.

De-Fi protocols, essential pieces of technology that support major cryptocurrency exchanges and organisations, were identified by Chainalysis as the key target of assaults in both 2023 and 2022. De-Fi protocols accounted for 82% of all hacking instances in 2022, an increase from 73% in the previous year. 

North Korea continues to lead the pack in terms of dedication to bitcoin hacking. Chainalysis estimates that NK-connected cybercrime groups, such the Lazarus Group, stole $1.7 billion in 2022, making up about half of the annual global total. In 2022, NK stole more digital currency than ever before, according to a recent United Nations report on cyberattacks, albeit the value of the stolen assets vary. 

According to The Conversation, North Korea uses the stolen cryptocurrency to fund its sanctioned nuclear programme, indicating that its hacking activities are unlikely to slow down anytime soon. Compared to prior years, 2022 will see a significant increase in hacking activity, according to Chainalysis' year-over-year research. 

Prevention tips 

The increase in crypto hacking events and the daring actions of organisations like the Lazarus Group highlight the pressing need for strong deterrents. A multifaceted strategy combining technological, legal, and instructional tactics is necessary to tackle these dangers.

Technology-based barriers: The first line of defence against advanced persistent threats is strong cybersecurity measures. This entails the deployment of firewalls, secure, up-to-date software, and robust encryption for all data transmissions. MFA, or multi-factor authentication, can offer an additional layer of security to prevent unauthorised access. 

Regular smart contract audits by outside security companies can aid in identifying and fixing vulnerabilities in the DeFi space before they are exploited. Additionally, the usage of bug bounty programmes, in which ethical hackers are compensated for identifying and disclosing software vulnerabilities, might be an efficient tactic to foreseeably discover possible security weaknesses.

Legal obstacles: Another important component of stopping crypto hacking is using legal disincentives. This entails the creation and application of stringent legislation and rules to deter online criminal activity. The decentralised and international character of cryptocurrencies, however, can make enforcing laws more difficult. Despite these difficulties, there have been cases where hackers have been caught and charged, including the notorious Silk Road case, illustrating the effectiveness of legal deterrents. Blockchain forensics and international cooperation between law enforcement organisations can be crucial in locating and prosecuting these fraudsters. 

Educational barriers: Education is also a potent deterrent. In cybersecurity, the human element is frequently the weakest link since people are readily duped into disclosing private information or acting riskily. Therefore, educating people on how to protect their digital assets, spreading awareness of safe online conduct, and encouraging these behaviours are essential steps in preventing crypto hacking. 

Cybercrime is still a significant concern as we negotiate the complicated world of cryptocurrency. Axie Infinity's Ronin Network and the hacker group Lazarus' suspected involvement in such breaches serve as a sobering warning of the vulnerability of digital assets. Although law enforcement authorities and cybersecurity companies are stepping up their efforts to prevent and track down these hackers, the reality is that due to the anonymity and decentralised nature of cryptocurrencies, these efforts are made more difficult. 

Though it is still in its infancy, insurance is beginning to show promise as a way to reduce the risk of loss from cybercrimes. Crypto insurance may provide some amount of defence against losses brought on by theft, hacking, and other cybersecurity breaches. However, it is a challenging task due to the volatile nature of crypto assets and the absence of comprehensive rules.

In the end, protecting digital assets depends on personal watchfulness, technological breakthroughs, legal frameworks, and international cooperation. The necessity for effective legal deterrents and strong cybersecurity safeguards will only become more pressing as we continue to learn more about cryptocurrency. In this fast-changing environment, the development of crypto insurance and other preventive measures will surely play a crucial role.

Mattress Company Hit by a Magecart Attack, Suffers Data Breach

Emma Sleep Company confirmed that it was hit by a Magecart attack which allowed hackers to steal customer's credit card and debit card data from the company website. The customers were told about the attack via emails last week. The company mentioned "subject to a cyberattack leading to the theft of personal data" but didn't specify in the message the date of breach incident. The attack was sophisticated, targeting checkout process of the company website and stealing personal information, including credit card data, whether the customer made a purchase doesn't matter. 

It is believed to be a Magecart attack, as suggested by the Adobe Magento e-commerce platform. "Currently there is "no evidence" personal or payment data has been abused in the wild, the company said to customers in the email. Nevertheless, it advised them to contact their banks or credit card provider and "follow their advice," and check for unusual or suspicious activity," reports The Register. The Magecart attack has affected customers across 12 countries, associated with a malicious code that was attached to checkout pages that skimmed card data from a user's browser. 

The attack was targeted, and the hacker made copy-cat URLs according to the needs. According to the mattress company, it is positive that the digital platforms were upto date with the latest security fixes. In a famous Magecart attack that happened in 2018 where it exposed 40 million British Airways customers' data (it was fined €20m for the act), it used shady skimming techniques to extract credit cards and debit cards credentials. The hackers get access to the site either via third-party apps or directly, and deploy malicious JavaScript which is responsible for stealing the information. 

The company admits that the security measures had been implemented in an effective way, in accordance with the Javascript code implementation and dynamically loaded from the hacker's server and via highly advanced escape techniques to evade detection, and also plan out countermeasures to avoid analysis. Hence, the technology that kept track of scripts in the web pages couldn't identify it. 

"In February this year, Adobe issued two out-of-bounds patches in a single week when critical security bugs affecting its Magento/Adobe Commerce product emerged, with the vendor warning the vulns were being actively exploited," reports the Register.

New Golang Botnet Drains Windows Users’ Cryptocurrency Wallets

 

A new Golang-based botnet has been ensnaring hundreds of Windows PCs, each time its operators launch a new command and control (C2) server. This previously undiscovered botnet, dubbed Kraken by ZeroFox researchers in October 2021, utilizes the SmokeLoader backdoor and malware downloader to proliferate to new Windows systems. 

The botnet adds a new Registry key after compromising a new Windows device in order to accomplish persistence across system restarts. It also includes a Microsoft Defender exclusion to assure that its installation directory is never examined, and use the hidden attribute to hide its binary in Window Explorer. 

Kraken has a basic feature set that allows attackers to download and run additional malicious payloads on infected devices, such as the RedLine Stealer malware. RedLine is the most extensively used data thief, capable of gathering victims' passwords, browser cookies, credit card information, and cryptocurrency wallet information. 

ZeroFox stated, "Monitoring commands sent to Kraken victims from October 2021 through December 2021 revealed that the operator had focused entirely on pushing information stealers – specifically RedLine Stealer. It is currently unknown what the operator intends to do with the stolen credentials that have been collected or what the end goal is for creating this new botnet." 

The botnet, however, has built-in data-stealing skills and can steal cryptocurrency wallets before dropping other data thieves and cryptocurrency miners. Kraken can steal information from Zcash, Armory, Bytecoin, Electrum, Ethereum, Exodus, Guarda, Atomic, and Jaxx Liberty crypto wallets, according to ZeroFox. This botnet appears to be adding almost USD 3,000 to its masters' wallets every month, according to data obtained from the Ethermine cryptocurrency mining pool. 

The researchers added, "While in development, Kraken C2s seem to disappear often. ZeroFox has observed dwindling activity for a server on multiple occasions, only for another to appear a short time later using either a new port or a completely new IP."

Regardless, "by using SmokeLoader to spread, Kraken quickly gains hundreds of new bots each time the operator changes the C2."

Hackers Steal Around $320M+ from Crypto Firm Wormhole

 

A threat actor abused a vulnerability in the Wormhole cryptocurrency platform to steal $322 million worth of Ether currency. 

Wormhole Portal, a web-based application—also known as a blockchain "bridge"—that enables users to change one type of bitcoin into another, was the target of the attack earlier. Bridge portals transform an input cryptocurrency into a temporary internal token, which they then turn into the user's preferred output cryptocurrency using "smart contracts" on the Ethereum blockchain. 

The attacker is suspected to have taken advantage of this method to deceive the Wormhole project into releasing significantly more Ether (ETH) and Solana (SOL) tokens than they originally provided. The attacker allegedly stole crypto-assets worth $322.8 million at the time of the attack, according to reports. As per reports, the attacker acquired crypto-assets worth $322.8 million at the time of the incident, which have since depreciated to $294 million due to price swings since the breach became public. 

While a Wormhole official is yet to respond to a request for comment on today's incident. The firm verified the incident on Twitter and put its site on maintenance while it investigates. The Wormhole attack is part of a recent pattern of abusing [blockchain] bridges, according to Tal Be'ery, CTO of bitcoin wallet app ZenGo who informed The Record about the Wormhole Attack. 

A hacker stole $80 million from Qubit Finance just a week ago, in a similar attack against another blockchain bridge. As per data compiled by the DeFiYield project, if Wormhole officially acknowledges the number of stolen funds, the incident will likely become the biggest hack of a cryptocurrency platform so far this year, and the second-largest hack of a decentralised finance (DeFi) platform of all time. 

Wormhole offered a $10 million "bug bounty" to a hacker. Be'ery pointed out that, similar to the Qubit hack, Wormhole is now appealing to the attacker to return the stolen funds in return for a $10 million reward and a "whitehat contract," which indicates that the platform will most likely not file any criminal complaints against the attacker. 

As per Wormhole's most recent Twitter update, posted on Thursday, February 3, the vulnerability has been fixed. However, as one former Uber executive discovered, such contracts exonerating hackers are illegal in some areas, and authorities may still investigate the hacker.


Hackers Hit 483 Users in Crypto.com Attack That Witnessed $31M+ Coins Withdrawn

 

Crypto.com has issued an official remark on the situation that saw it halt its users' ability to withdraw money after hinting at final numbers earlier in the week. Unauthorized bitcoin withdrawals on 483 individuals' accounts were reported by the firm on Monday.

The company stated, "In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed. Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies." 

The value of ether was just shy of $14 million at the time of writing, whereas the fiat worth of bitcoin was just over $17 million. Overall, depending on the unpredictable cryptocurrency pricing on any given day, the entire sum may be approximately $31 million. Users' two-factor authentication was not used, according to Crypto.com, which noticed transactions early Monday morning UTC. 

"Crypto.com revoked all customer 2FA tokens and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours," it stated.

"In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure." 

The company also announced a new policy requiring customers to wait 24 hours before withdrawing funds to a whitelisted address, as well as a scheme that will reimburse consumers up to $250,000 if unauthorised withdrawals are made and certain requirements are fulfilled. 

Users must employ multi-factor authentication on all transactions when possible, set an anti-phishing code at least 21 days before the unauthorised withdrawal, make a police report and send a copy to the corporation, and undertake a "questionnaire to facilitate a forensic investigation," among other terms. 

"Terms and conditions may vary by market according to local regulations. Crypto.com will make the final determination of eligibility requirements and approval of claims," the company said.