Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cryptocurrencies. Show all posts
Technology Breach
ATM ATM Bitcoin ATMs Bitcoins Cryptocurrency Threats Cryptocurrencies cryptocurrency Cyber Security Cyber Threats CyberCrime Technology Breach

Bitcoin ATM Emerges as Major Threat to Cryptocurrency

 


There is an ominous growth in Bitcoin ATMs across the United States, and some experts have claimed they are also one of the biggest cybercrime threats to the country. As with other ATMs, Bitcoin ATMs share a few characteristics with their cash counterparts: there are PINs to punch, and there are withdrawal fees as well. 

However, unlike cash ATMs, crypto ATMs have a high value, making them prime targets for hackers who are looking for ways to steal data. The problem is that whereas the location of a cash ATM at a gas station may not draw much attention, the location of a Bitcoin ATM gets more scrutiny from fraudulent individuals. The UK's National Crime Agency has reported in an article published by CNBC on September 8 that Bitcoin ATMs have proven to be one of the most popular ways for individuals to buy and sell cryptocurrencies, although they have additionally evolved into a prime target for hackers and scammers. 

There is no difference in the operation of these machines from traditional ATMs; however, thanks to the significant value of cryptocurrencies, they can be very attractive to cybercriminals, who will exploit both physical and digital vulnerabilities to their advantage. According to Timothy Bates, an assistant professor of cybersecurity at the University of Michigan, these machines are especially vulnerable to hacking due to the lack of security measures that are often part of the software used in these devices. 

According to Bates, Bitcoin ATMs can be infected by malware, which allows hackers to steal private keys and manipulate transactions through the use of malware. As well as this, an ATM can be compromised as a result of weaknesses in the security of the network, which may allow criminals to intercept communications between the ATM and its server, potentially allowing data theft to take place. As a result of malware installed by hackers on Bitcoin ATMs, they can be compromised, steal private keys, or manipulate transactions. 

It is especially concerning for ATMs that may not receive regular updates or security patches to prevent hackers from stealing funds or capturing private keys. A weakness in the network is also a weakness in the network security system. A compromised machine's network communications can be intercepted by attackers if the ATM's network communications are not adequately secured. Consequently, stolen data can be accessed or the server could be accessed by unauthorized persons, Bates explained. 

Bitcoin ATMs need to be taken seriously because of the threat posed by both hackers and scammers. Since 2020, according to a report released by the Federal Trade Commission this week, the number of scamming incidents has increased by 1,000%. In a curious twist, the risks associated with Bitcoin ATMs are directly proportional to their strengths, according to Joe Dobson, the principal analyst at Mandiant, which is owned by Google Cloud and a company that specializes in cybersecurity. 

There are three main characteristics of Bitcoin: decentralization, permissionlessness, and immutability. There is no way to reverse or reverse a transaction if funds are deposited to the wrong address, according to Dobson. Although many crypto bulls are attracted to Bitcoin because of its decentralization and lack of governance, it is a problem when used in ATMs. There are no regulations in the Bitcoin community that dictate who can run a Bitcoin ATM and who cannot, so independent organizations operate Bitcoin ATMs without any interference from the Bitcoin community," said Dobson. 

In addition to this, some old criminal tricks might be reversible in a traditional banking system, but not so in the Bitcoin world, which comes with its own set of unique challenges. It is possible for someone, for instance, to maliciously place their deposit slips into the bank stack, which can lead to folks being tricked into depositing money into their accounts unknowingly. According to Dobson, "there is the possibility that Bitcoin ATMs could also be subject to a similar attack." 

According to Dobson, "If an attacker compromises an ATM, they will be able to change the recipient wallet address (or "account number"), which in turn will steal the money of the user."  Bitcoin ATMs, however, continue to spread old tricks as well and they also introduce newer threats that are not encountered by cash ATMs. Several Bitcoin ATMs require that users provide personally identifiable information, such as their ID number or even their Social Security number to satisfy "Know Your Customer (KYC)" requirements that are necessary in the financial industry. 

Depending on the level of security that exists on a Bitcoin ATM, this information could be at risk. The Middletown Food Mart, located on the fringes of the town, in a hollowed-out section of the town near the town's main road, has a Bitcoin Depot ATM running alongside a regular cash machine, which blends in with the potato chips, bottled water, and beer on sale. 

Those who live in Middletown know that it is the hometown of Donald Trump's running mate, Ohio Senator J.D. Vance, who, similar to Trump, has refashioned himself as a crypto-advocate and has been speaking out against the adoption of Bitcoin. It is just a few blocks away from the Middletown Food Mart where Vance grew up where he works. Among the best ways to avoid these scams is to be cautious and sceptical about any requests from users who want to make payments through a Bitcoin ATM. It is rare that legitimate businesses if they exist, will request payment in Bitcoin via a machine for their services. 

During a transaction, users must verify the validity of the transaction, particularly checking the recipient's wallet for references to questionable entities," Frei said, adding that an additional precaution can be taken by using licensed ATMs from reliable operators. 

Users will be able to follow certain steps to make sure they are dealing with a Bitcoin ATM or party that is legitimate and owned by someone reputable. Adding to Frei's warning, he stressed the importance of being cautious and not sending bitcoins to unknown wallets. A platform like Chainabuse can help validate the legitimacy of the transaction by examining the risk score of the recipient's wallet, which can help verify their legitimacy. 

In the U.S., Bitcoin Depot operates over 8,000 ATMs, making it the country's largest operator of Bitcoin ATMs. Its chief executive, Brandon Mintz, assured CNBC that the company's software and hardware are designed to deter hackers, although he cautioned consumers not to fall victim to scams or be deceived by them. There seem to be just 10 operators worldwide who manage about 74% of ATMs in the world, as per Frei's analysis of data.
Read more »
Security Framework
Crypto Exchange Crypto heist Crypto Phishing Cryptocurrencies Cyber Security Darknet Financial Institution Law Enforcement Security Framework

India Strengthens Crypto Crime Vigilance with Dark Net Monitor Deployment

India has made a considerable effort to prevent crypto-related criminal activity by establishing a Dark Net monitor. This most recent development demonstrates the government's dedication to policing the cryptocurrency market and safeguarding individuals from potential risks.

India has made a considerable effort to prevent crypto-related criminal activity by putting in place a Dark Net monitor. This most recent development demonstrates the government's dedication to overseeing the cryptocurrency industry and safeguarding citizens from any potential risks.

Drug trafficking, cyberattacks, and financial crimes using cryptocurrency are just a few of the criminal activities that have long been the center of the Dark Net, a secret area of the internet. Indian officials hope to efficiently identify and stop these illegal activities by implementing a Dark Net monitor.

According to officials, this cutting-edge technology will provide critical insights into the operations of cybercriminals within the crypto space. By monitoring activities on the Dark Net, law enforcement agencies can gain intelligence on potential threats and take proactive measures to safeguard the interests of the public.

Sneha Deshmukh, a cybersecurity expert, commended this move, stating, "The deployment of a Dark Net monitor is a crucial step towards ensuring a secure and regulated crypto environment in India. It demonstrates the government's dedication to staying ahead of emerging threats in the digital landscape."

India's stance on cryptocurrencies has been closely watched by the global community. The government has expressed concerns about the potential misuse of digital currencies for illegal activities, money laundering, and tax evasion. The deployment of a Dark Net monitor aligns with India's broader strategy to strike a balance between innovation and regulation in the crypto space.

A spokesperson for the Ministry of Finance emphasized, "We recognize the transformative potential of blockchain technology and cryptocurrencies. However, it is imperative to establish a robust framework to prevent their misuse. The Dark Net monitor is a crucial tool in achieving this goal."

Experts believe that this move will bolster confidence among investors and industry stakeholders, signaling a proactive approach towards ensuring a secure crypto ecosystem. By leveraging advanced technology, India is poised to set a precedent for other nations grappling with similar challenges in the crypto space.

Initiatives like the deployment of the Dark Net monitor show India's commitment to staying at the forefront of regulatory innovation as the global crypto scene changes. This move is anticipated to be crucial in determining how cryptocurrencies will evolve in the nation and open the door for a more secure and safe digital financial ecosystem.

Read more »
Technology Threats
Cryptocurrencies cyber attack Cyber Attacks cyber sfety online money Technology Threats

North Korean Threat Actors Stole $41 Million in Online Casino Heist

 

This week, cyber attackers set their sights on Stake.com, an online casino game and sports betting platform. They successfully made away with around $41 million in cryptocurrencies. The FBI has pinpointed North Korea and its infamous state-supported hacking group, the Lazarus Group, as the responsible parties. 

According to Edward Craven, co-founder of Stake.com, the incident was characterized as a "sophisticated breach." It exploited a specific service employed by the casino for authorizing cryptocurrency transactions. Despite the significant amount stolen by the state-affiliated hackers, particularly given the ongoing downturn in cryptocurrency prices, Craven affirmed that Stake.com would persevere in its operations. 

“The FBI has confirmed that this theft took place on or about September 4, 2023, and attributes it to the Lazarus Group (also known as APT38) which is comprised of DPRK cyber actors,” the agency said in a press release. 

The group has been active since 2010 and its primary interest lies in South Korean entities, The group engages in activities ranging from espionage to disruption and even outright destruction. Additionally, they have a track record of pursuing financial gains through cyber operations, which includes targeting cryptocurrency exchanges. 

In 2019, North Korea's Lazarus Group gained infamy and was sanctioned by the U.S. government. This hacking collective also recognized as APT38, has been responsible for a series of high-profile cyber intrusions, amassing well over a billion dollars in ill-gotten gains over the years. 

Just this year alone, the FBI reports that Lazarus Group has purloined more than $200 million in cryptocurrencies. Given the traceable nature of blockchain, authorities possess information on the destination addresses of these funds. The FBI is strongly advising individuals to exercise caution when engaging in transactions linked directly or indirectly to these flagged addresses. 

Speculations from experts suggest that North Korea may be channeling the acquired cryptocurrencies into its nuclear weapons program. This month, Kim Jong-un is scheduled to visit Russia, where discussions are anticipated to revolve around the potential supply of weapons to support Vladimir Putin's ongoing invasion of Ukraine. U.S. officials have cautioned that such actions will come with consequences for the nation.
Read more »
Sensitive Data Leak
Bitcoin Blockchain Crypto Crypto Hack Crypto heist Cryptocurrencies Data Breach Financial Fraud FTX Genesis Market Kroll Phishing Attacks Sensitive Data Leak

Cryptocurrency Giants FTX, BlockFi, and Genesis Hit by Kroll Hack

Customers of prominent cryptocurrency companies FTX, BlockFi, and Genesis had their financial and personal information exposed in a recent cybersecurity breach. Concerns have been expressed about the security of private information in the cryptocurrency sector as a result of the hack.

The breach, according to claims from sources, was carried out by taking advantage of flaws in the systems of Kroll, a reputable data management business. The personal information of innumerable users is now in danger due to Kroll's involvement in processing the client data of these cryptocurrency companies.

FTX, BlockFi, and Genesis being prominent names in the cryptocurrency sector, have a significant user base that relies on their platforms for trading, lending, and other financial services. The compromised data includes user names, email addresses, phone numbers, transaction histories, and potentially even account passwords. This sensitive information falling into the wrong hands could lead to identity theft, phishing attacks, and financial fraud.

The incident raises questions about the industry's overall data security practices. While the cryptocurrency market has been praised for its decentralized nature and robust encryption, this breach underscores the persistent vulnerabilities that exist in digital systems. Companies dealing with such high-value assets and sensitive data must prioritize cybersecurity measures to prevent such incidents.

The breach has consequences beyond only the immediate loss of client data. Users may stop using these platforms, which could result in lost revenue for the impacted businesses. Regulatory organizations might examine these occurrences more closely, which would result in tougher compliance standards for cryptocurrency businesses.

FTX, BlockFi, and Genesis have assured their consumers that they are acting right now in reaction to the intrusion. They are trying to improve their security procedures, assisting law enforcement, and carrying out in-depth investigations to ascertain the scope of the intrusion. Users who are affected are advised to modify their passwords, use two-factor authentication, and be on the lookout for phishing attacks.

The Bitcoin industry as a whole needs to pay attention after this tragedy. The digital world has unmatched prospects, but it also has its own challenges, notably in terms of cybersecurity. To properly protect the information of their users, businesses must implement proactive security measures, carry out routine audits, and spend money on powerful encryption.

Customers of these affected sites must implement suggested security procedures and stay up to date on developments as the investigation progresses. Additionally, the event highlights how crucial industry cooperation is to jointly fix vulnerabilities and improve the overall security posture of the Bitcoin ecosystem.


Read more »
Technology
Crpto Crypto Crime Cryptocurrencies Government Regulations Technology

Britain Government With Robust Crypto Regulation

The department of Britain’s finance ministry came with robust regulations for crypto assets, following the collapse of the crypto exchange FTX last year in which millions of people lost billions of dollars. 
However, regulation of crypto-assets could create a one-sized approach that could hinder innovation.

The treasury department published a consultation document today, to bring cryptocurrency-related activities under the ambit of governing traditional financial services. 

The ministers said that the new regulations will "mitigate the most significant risks of crypto assets while harnessing their advantages". As per the data from ministers, up to 10% of UK adults now own some form of crypto. 

The government is planning to use existing rules and regulations for the industry, rather than creating a whole new regime. The Treasury Department reported regarding the regulations that it will allow crypto to benefit from the "confidence, credibility and regulatory clarity" of the existing system for financial services, as set out in the UK's Financial Services and Markets Act 2000 (FSMA). 

Economic Secretary Andrew Griffith reported that the government remained "steadfast in our commitment to grow the economy and enable technological change and innovation - and this includes crypto-asset technology. But we must also protect consumers who are embracing this new technology - ensuring robust, transparent, and fair standards". 

The Treasury Department proposed in its consultation document the following: 

1. It will make laws and regulations on crypto-asset promotions which will be fair, clear, and not misleading. 

2. It will also enhance data-reporting requirements, including with regulators. 

3. Furthermore, it will implement new laws to stop so-called pump and dump, or lie and sell high where an individual artificially inflates the value of a crypto asset before selling it. 

Conservative MP Harriett Baldwin, who chairs the Treasury Committee, said, "truly Wild West behavior, valuable technological innovation happening that could benefit the UK economy". We are paying close attention to these plans and to the regulators' plans because we would not want our constituents to think cryptocurrencies are any less risky if they are regulated".
Read more »
Lazarus Group
Cryptocurrencies Cyber Security DeFi Lazarus Group

$3.7B Stolen in Crypto Hacks Targeting DeFi in 2022

 


It has been revealed by TRM Labs that a record $3.7 billion worth of crypto funds have been stolen the past year. Of this, 80% have been traced back to attacks against DeFi, as per the research report published by the company. The ten mega hacks identified in the analysis represent 75% of the total amount of funds stolen over the past few years.

A Hacker Stole $3 Billion in Crypto Funds from DeFi

In the findings of a recent study by TRM Labs, it was found that 3.7 billion dollars worth of crypto funds were fraudulently obtained by cybercriminals in 2022. According to the analysis, 80% of the stolen amount, or $3 billion, was obtained through decentralized finance (DeFi) attacks, which constitute a large amount of the stolen amount.

The ten "mega hacks" in the last year refer to exploits of more than $100 million. A total of $3.7 billion was stolen throughout 2022 — nearly 75% of that amount being attributed to these mega hacks. 

More than $540 million was stolen from Ronin Bridge, an Ethereum sidechain developed for the play-to-earn game Axie Infinity, during the Lazarus Group's attack on Ronin Bridge, the largest hack of the year. In the world of cybercrime, the Lazarus Group is a known organization believed to be controlled by North Korea's government. 

Response of Regulators

With profound concern, regulators have been forced to act fiercely in the last couple of months to protect crypto consumers. This is due to the unprecedented rise in attacks on Defi. To illustrate, after the Ronin exploit was uncovered, the U.S. Treasury Department's Foreign Asset Control took action, identifying and tracking the stolen funds using blockchain intelligence. In addition to sanctions on the wallet addresses to which the funds were transferred, OFAC also sanctioned crypto mixers, such as blender.io and Tornado Cash. Hackers used these mixers to launder money and transfer it to these wallet addresses. 

The crypto ecosystem is also targeted by a large army of cyber criminals, with other global regulators adopting specific measures to fight this threat. There have been several proposals by the central bank of Singapore concerning the ban on debt-financed and leveraged crypto trading, including trades made with credit cards by retail users. There has also been a troubling trend in stablecoins, particularly after the colossal collapse of the algorithmic stablecoins TerraUSD and LUNA. These coins have been the focus of global regulators in recent months. Many crypto projects, such as Celsius Network and Voyager Digital, suffered a knock-on effect following the collapse of the market in recent months.   

In November, when the crypto exchange FTX fell to its knees, it was possibly the most significant collapse of the year. Over $8 billion of its users' money got missing from this exchange, a sum that is unlikely to ever be recouped. FTX's contagion spread rapidly over the past month, with many experts predicting the devastation will be even more severe shortly.    
Read more »
DEA
Binance Crypto Cryptocurrencies cryptocurrency Cyber Security DEA

DEA Tracks Down Drug Cartels with Binance

 

Due to the anonymity provided by cryptocurrencies, they allow cartels a perfect means to transfer funds across continents in a relatively safe manner. To identify individuals, it is necessary to analyze the chain of command. 

As a result of its widespread use by threat actors to wash funds from crypto markets, Tornado Cash has been sanctioned by the US Treasury for being used as a crypto mixing tool. Following the sanctions, threat actors are no longer able to operate through their usual routes, including through centralized exchanges. 

Drug cartels are under attack by the DEA


Forbes published an article about the gang that indicated that it operated in several countries, including the United States, Europe, Mexico, and Australia. Based on the DEA's report, it appears that the cartel was channeling as much as $40 million of illicit proceeds through the exchange.

Using Localbitcoins, informants were able to interact with perpetrators trading crypto for fiat in 2020, which led to investigations into the crime and communication with authorities. 

To ensure trust between trading parties, Localbitcoins uses an escrow service to ensure both parties are given a fair chance to make a transaction. Carlos Fong Echavarria, a Mexican citizen responsible for the theft, assured them the money came from family restaurants and cattle ranches. 

In the aftermath of Echavvaria's capture, he pleaded guilty to charges of drug possession and money laundering. As the matter awaited sentencing, a blockchain address was tracked by the DEA. According to one of them, there is still money being laundered.  One of the latest perpetrators recently bought $42 million in crypto and sold $38 million in crypto. Some of these funds are believed to be linked to the trafficking of drugs, according to authorities. 

The Binance versus the money laundering issue


During the most recent attack, BNBc tokens worth trillions of dollars were obtained via an exploit of the ANKR protocol. BNP and BUSD were exchanged for some of the proceeds, then transferred to the exchange. As a result of the incident, the Exchange reacted by freezing the associated accounts. The company ANKR has determined that the perpetrator of the crime was a former employee of their own company. There was a data breach earlier this month by Lazarus Group, a North Korean cybercrime group. This breach may have led to a loss of more than $540 million from the Ronin Axie Infinity ecosystem. 

It appears that Lazarus also moved the stolen funds to Tornado Cash and several other exchanges. Through a collaborative effort, Chainalysis, law enforcement authorities, and the leading cryptocurrency exchange reverse-engineered the transaction trail. They also froze about $5.8 million in crypto assets linked to this crime as a result of this discovery. 

Following a collaboration between Russian law enforcement and the exchange, Hydra, a darknet marketplace for Russians on the internet, has been shut down. According to earlier reports in the media, it had been reported that Hydra had received funding from the exchange. In its statement, Binance stated that law enforcement would not have been able to capture the criminals behind the Hydra case if it weren't for cryptocurrency. 

A report by Binance indicated that the company had spent tens of millions of dollars hiring sophisticated cybersecurity specialists from across the globe. More than 120 security and industry experts comprise the team. These experts include former members of the IRS, FBI, the US secret service, Europol, and police agencies in the U.K., Europe, Asia, and Latin America. In addition, former members of the US secret service. 

Throughout the history of cryptocurrencies, critics have portrayed them in a bad light. This is because they view them as a disruptive technology that will revolutionize global finance, as well as global crime. 

To ensure that the industry is under the control of the authorities, strict regulations have been published. 

Binance has proved that blockchain is a valuable tool to use in the fight against cyber law-breaking, as evidenced by its success in this field. Several industrial applications have been demonstrated using the technology, including preventing forgery and enhancing procurement processes.  

There is no anonymity in crypto, centralized exchanges may be able to identify the owners of the addresses. As a user or individual with a majority stake in a blockchain ecosystem and a much-acclaimed proof-of-stake coin, one can rely on their power to lock out funds on the blockchain and ultimately lock users out of their funds.   
Read more »
Nuclear Programme
Cryptocurrencies cryptocurrency Cyber Attacks Cyberattack North Korea North Korean Hackers Nuclear Programme

North Korea Uses Stolen Cryptoassets to fund its Nuclear Weapons Programs

International investigators and researchers have claimed that North Korea, in recent months is responsible for stealing $300 million worth of Bitcoin and other cryptocurrencies, which was done through hacking and other mass cyberattacks. 
 
The crypto assets are allegedly stolen in order to pay for North Korea's nuclear weapons program. In regards to this, a row has broken out in South Korean political circles over Korea's politicians’ and other leaders' ties to crypto developer Virgil Griffith. 
 
This development comes after North Korea’s missile launches have intensified in the past 10 days. In the wake of the recent nuclear attacks on the island of Hokkaido, more than 5 million Japanese citizens were urgently ordered to take cover as a protective measure. Pyongyang claims that these missile launches were “simulations” for nuclear attacks on South Korea. 
 
As per Military analysts, a large part of this missile launch is being funded, using the stolen cryptocurrency. North Korea is believed to have employed thousands of well-trained hackers, who have affected South Korean businesses and organizations. It has also been accused of exploiting its cyber skills for financial gains. 
 
According to Yonhap, one of South Korea's major news sources, the UN Security Council’s North Korea Sanctions Panel has blamed the North Korean cyber organization such as ‘Lazarus Group’ for Ronin Bridge and the Harmony bridge hack. 
 
As per the experts, the hermit state is utilizing the absence of worldwide regulatory constraints on cryptocurrencies, in order to steal cryptocurrencies to fund nuclear weapons and missile projects. 
 
In an interview with the VOA Korean Service, Jason Barlett, a researcher at the Center for a New American Security (CNAS) stated, “Cryptocurrency offers Pyongyang a new kind of currency that is substantially less regulated and understood by national governments, financial institutions, and institutions, and international organizations.”  
 
In accordance with a report by Nikkei Asia, North Korea is in the penultimate phase, to prepare for a nuclear weapon test, with such incidents pointing to the excavation of an underground tunnel and testing of triggering mechanisms.
Read more »
Protocols
Blockchain Cryptocurrencies Cyber Security DeFi Platforms FBI Protocols

FBI Alerts of Rise in Attacks Targeting DeFi Platforms

 

The FBI is alerting of an increase in cryptocurrency theft attacks on decentralised finance (DeFi) platforms.

According to the agency, criminals are exploiting the increased interest in cryptocurrency, as well as the complex functionality and open-source nature of DeFi platforms, to carry out nefarious activities.

According to the FBI, cybercriminals are stealing virtual currency and causing investors to lose money by utilising security flaws in the smart contracts that govern DeFi platforms. Smart contracts, defined as self-executing contracts containing the terms of an agreement between a buyer and a seller within their lines of code, are present throughout the decentralised blockchain network.

DeFi platforms accounted for roughly 97% of the $1.3 billion in cryptocurrencies stolen by cybercriminals between January and March 2022, an increase from 72% in 2021 and 30% in 2020.

According to the FBI, cybercriminals have also initiated flash loans to trigger an exploit in the DeFi platform's smart contracts (resulting in $3 million in cryptocurrency losses), exploited a signature verification bug in a DeFi platform's token bridge (resulting in $3 million in cryptocurrency losses), and tampered cryptocurrency price pairs (to steal $35 million in cryptocurrency).

Before investing, investors should research DeFi platforms, protocols, and smart contracts to identify potential risks and ensure that the DeFi investment platform's code has been audited at least once.

Furthermore, they should be cautious of DeFi investment pools with short timeframes for joining and rapid deployment of smart contracts, as well as the dangers posed by crowdsourced solutions in terms of bug hunting and patching.

According to the FBI, DeFi platforms should implement real-time analytics, monitoring, and code testing to address vulnerabilities and possibly shady activity, as well as an incident response plan that includes informing investors of any suspicious activity, including smart contract exploitation.
Read more »
Researchers
Cloud based services Cryptocurrencies Cryptojacking malware Researchers

CoinStomp Malware is Aimed at Asian Cloud Service Providers

 

Researchers have uncovered a new malware family that mines cryptocurrencies using cloud services. According to Cado Security, the malware, dubbed CoinStomp, is comprised of shell scripts that "try to target cloud compute instances hosted by cloud service providers for the purpose of mining cryptocurrencies." According to the company's researchers, the overall goal of CoinStomp is to silently breach instances in order to harness computational resources to illicitly mine for cryptocurrency, a type of attack known as cryptojacking. 

So far, a handful of attacks have targeted cloud service companies in Asia. Clues in code also referenced Xanthe, a cryptojacking threat group previously linked to the Abcbot botnet. However, the clue – found in a defunct payload URL – is insufficient to determine who is behind CoinStomp and may have been included in an "attempt to dodge attribution," according to the team. 

CoinStomp includes a variety of intriguing features. One example is its reliance on "timestomping." Timestomping is the process of modifying the timestamps of files dumped or used during a malware attack. This approach is commonly used as an anti-forensics strategy to confound investigators and thwart remedial efforts. Although the Rocke gang has previously utilized timestomping in cryptojacking assaults, it is not a common technique. On Linux, timestomping is simple with the -t flag of the touch command. 

"It seems likely that timestomping was employed to obfuscate usage of the chmod and chattr utilities, as forensic tools would display the copied versions of these binaries as being last accessed (executed) at the timestamp used in the touch command," Cado Security noted. 

Furthermore, the malware will attempt to mess with the cryptographic policies of Linux servers. Because these policies can prevent malicious executables from being dumped or run, the creator of CoinStomp has included options to disable system-wide cryptographic policies via a kill command. "This could undo attempts to harden the target machine by administrators, ensuring that the malware achieves its objectives," the researchers say. 

CoinStomp will then use a reverse shell to connect to its command-and-control (C2) server. The script then downloads and runs additional payloads as system-wide systemd services with root access. These include binaries that might be used to develop backdoors and a customized version of XMRig, which is genuine Monero mining software that has been abused for criminal purposes.
Read more »
Technology
Crypto Mining Cryptocurrencies Georgia Georgian Cyber Security Technology

Georgia goes after crypto miners

On January 10, Georgian Economy Minister Natia Turnava told reporters that the Government of Georgia and the energy distribution company Energo-pro Georgia are engaged in solving the problem of illegal mining of cryptocurrencies in the Svaneti region, which leads to an overload of power grids.

The problem is connected with a sharp increase in electricity consumption over the past year in the Mestia region of Svaneti. Widespread mining in the area is associated with low tariffs for businesses in the highland area and free electricity for the local population.

In December, the Georgian authorities had to introduce an electricity supply schedule in Mestia due to network congestion and recurring accidents.

"Of course, illegal electricity consumption is unacceptable, especially the so-called problems with household mining, which, as we know, exist there. We are working with the local government, as well as with Energo-pro Georgia, which supplies electricity to Svaneti, to solve this issue step by step," Turnava said.

She added that she does not think it is justified to involve the police in identifying the mining farms. The Minister of Economy hopes that the population itself is aware of the threat to the tourism sector inherent in the district, and will draw conclusions about this based on its own interests.

It's interesting to note that at the end of December, Mestia residents held protests demanding the closure of mining farms and accused the authorities of patronizing miners.

Energo-pro Georgia announced that it will be forced to introduce tariffs for the population in this situation. Before the New Year, local residents swore on an icon in the church that they would turn off all mining farms in the area. But after the New Year, the energy distribution company said that electricity consumption has not decreased.

According to a study by the Cambridge Center for Alternative Finance, in 2018 Georgia was in second place in terms of the amount of electricity spent on mining cryptocurrencies — 60 megawatts.

Read more »
Ethereum
Bitcoin BitMart Crypto Wallets Crypto-wallet Cryptocurrencies Data Breach digital currency Ethereum

BitMart Will Compensate Victims of $196 Million Hack

 

The global Cryptocurrency trading platform BitMart has recently witnessed a security breach in the wake of which the company has released a statement and confirmed that the hackers have managed to steal $150 million in various cryptocurrencies. Sheldon Xia, BitMart’s CEO, and founder confirmed the breach on Twitter. 

The company confirmed in the statement that although all wallets, except ETH and BSC, are “secure and unharmed,” Bitmart has temporarily paused all withdrawals until further notice. 

“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” the company said in a statement. 

Additionally, Sheldon Xia said that during the investigation they discovered that the cryptocurrencies were drained by using a stolen private key which usually enables a user to access their cryptocurrency.

Furthermore, the company’s intelligence confirmed that it will compensate victims, it will use its own assets to recompense victims of this large-scale security breach. As per the sources, hackers withdrew $150 million in assets. However, blockchain security and data analytics firm Peckshield, which first confirmed the attack, claims that the loss is closer to $200 million. 

Owing to the cyberattack, the trade volume of the company has gone down, CoinGecko CEO Bobby reported. “Crypto exchange hacks are fairly common. Exchanges are a honeypot for hackers because of the high potential payoff for any successful exploit,” he said.

Bitmart was created by cryptocurrency enthusiasts, the roadmap began in November 2017. It has worldwide offices, with the company being registered in the Cayman Islands. The platform offers a mix of spot trading, OTC trading, leveraged futures trading as well as lending and staking services, and other services for digital assets. Also, in April, Bitmart registered with US regulators and was named MSB. 


Read more »
Technology
Bitcoin Cryptocurrencies Technology

Miners began to leave Kazakhstan due to a shortage of electricity

Co-founder of the company Didar Bekbau said on Twitter on Wednesday that crypto-mining company Xive has closed a large farm for 2,500 devices in Southern Kazakhstan due to the lack of sufficient electricity supply from the national grid. According to Xive co-founder Didar Bekbau, mining in the south of Kazakhstan is no longer possible.

Kazakhstan is struggling with a shortage of electricity, partly caused by the influx of crypto miners from China. The southern part of the country is particularly vulnerable because there are not enough powerful power plants in the region, and the national grid cannot reliably transmit electricity from the energy-rich northern region.

Crypto miners such as Xive and Enegix have been facing electricity problems since September due to rationing introduced by the national grid operator KEGOC, which has not yet commented on the situation.

Xive is preparing a new project for more than 2,500 machines, but "it is obvious that mining in the south of Kazakhstan is no longer possible,” Bekbau said.

Other miners in the south of Kazakhstan are also looking for hosting sites to move their mining machines, but the country “has no options left”. Some managed to locate their farms in Russia and the United States.

Last month, the Ministry of Energy published a draft resolution limiting the construction of new farms to 100 megawatts. The ministry later stated that they would not restrict the supply of electricity to legitimate businesses unless it jeopardized the national grid.

Recently, the government announced that it wants to encourage crypto-miners to develop independent renewable energy capacities. According to Sapar Akhmetov, Chairman of the Board of the Kazakhstan Association of Blockchain Technologies, the industry hopes that after Kazakhstan expands its capacity with renewable energy sources in the next one or two years, the limit may change.

According to the Bitcoin Electricity Consumption Index conducted by the Center for Alternative Finance at the University of Cambridge, Kazakhstan is the second-largest country in the world in the production of cryptocurrencies after the United States.

Read more »
Technology News
Cryptocurrencies Russia Technology Technology News

The Russian billionaire urged the Central Bank to develop cryptocurrencies in Russia

Russian billionaire Oleg Deripaska (Forbes estimates his fortune at $5.1 billion since 2018 Deripaska has been under US sanctions) criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.

“The United States has long understood that uncontrolled digital payments can not only negate the effectiveness of the entire mechanism of economic sanctions but also bring down the dollar,” Deripaska said.

The billionaire referred to the sanctions review issued by the US Treasury. In the document, the regulator claims that the growing possibilities of financial technologies, including those based on cryptocurrency and alternative payment systems, pose a serious threat to the dollar.

According to Deripaska, this means that the development of the cryptocurrency market, uncontrolled by the state, can put the US Treasury in front of the prospect of default on a debt of $30 trillion, which will require $700 billion to service.

“I wonder if anyone has read this document at the Bank of Russia? Or do they work on the principle of “what we don't see doesn't exist?” he says ironically.

Earlier, Deripaska repeatedly criticized the Bank of Russia's policy on digital assets. For example, the billionaire claimed that the regulator should have issued a digital ruble two years ago because it is “more important than Gagarin's flight into space in 61st.”

It is worth noting that the value of bitcoin has updated the historical maximum, reaching $67 thousand. Experts expect cryptocurrency growth to continue.

Read more »
MyKings
Bitcoin Address Bitcoins Botnet Cryptocurrencies digital currency malware MyKings

This Malware Botnet Gang has Made Millions With a Surprisingly Simple Trick

 

MyKings, a long-running botnet, is still active and has generated at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies. 

It is also known as Smominru and Hexen and is the world's largest botnet focused on mining cryptocurrencies by exploiting the CPUs of its victims' desktop and server computers. It's a profitable business that grabbed notoriety in 2017 after infecting more than half a million Windows machines to mine $2.3 million of Monero in a month. 

A security firm, Avast has now verified that its operators have received at least $24.7 million in cryptocurrencies, which have been transferred to Bitcoin, Ethereum, and Dogecoin accounts. It states, however, that the majority of this was accomplished by the group's 'clipboard stealer module.' When it detects that a cryptocurrency wallet address has been duplicated (for example, to make a payment), this module replaces it with a new cryptocurrency address authorized by the group. 

Since the beginning of 2020, Avast claims to have blocked the MyKings clipboard stealer from 144,000 computers: the clipboard stealer module has emerged in 2018. 

According to the study of the security firm Sophos, the clipboard stealer, a trojan, monitors PCs for the usage of various currency wallet formats. It operates because users frequently utilise the copy/paste option to enter rather lengthy wallet IDs when logging into an account. 

Sophos noted in a report, "This method relies on the practice that most (if not all) people don't type in the long wallet IDs rather store it somewhere and use the clipboard to copy it when they need it. Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals' own wallet, and the payment is diverted to their account." 

Sophos did mention, however, that the coin addresses it discovered "hadn't received more than a few dollars," implying that coin theft was a tiny component of the MyKings operation. Sophos estimates that the crypto-mining part of the company generated around $10,000 per month in October 2019. 

Avast now claims that MyKings is generating significantly more money from the clipboard trojan after extending the 49 coin addresses uncovered in Sophos' investigation to over 1,300 coin addresses. 

According to Avast, the clipboard stealer's involvement may be far greater than Sophos uncovered. Avast researchers explain in a report, "This malware count on the fact that users do not expect to paste values different from the one that they copied. It is easy to notice when someone forgets to copy and paste something completely different (e.g. a text instead of an account number), but it takes special attention to notice the change of a long string of random numbers and letters to a very similar looking string, such as crypto wallet addresses.” 

"This process of swapping is done using functions OpenClipboard, EmptyClipboard, SetClipboardData and CloseClipboard. Even though this functionality is quite simple, it is concerning that attackers could have gained over $24,700,000 using such a simple method." 

Remarks from users on Etherscan who claimed to have mistakenly sent amounts to accounts covered in Avast's study provide circumstantial evidence to support the idea that the clipboard stealer is certainly effective.

Avast recommended that people should always double-check transaction details before sending money.
Read more »
Ukrainian Cyber Security
Crypto Currency Cryptocurrencies Technology Ukraine Ukrainian Cyber Security

Ukraine legalized cryptocurrency

The Verkhovna Rada of Ukraine adopted the bill "On virtual assets", which will legalize cryptocurrency and virtual hryvnia.

The bill on its legal use for settlement operations was supported by 276 deputies, six voted against, 71 deputies abstained. The document regulates the circulation of virtual assets in the country, which allows market participants to use banking services, pay taxes on income from "crypto", as well as receive legal protection in courts in case of violation of rights.

According to the Telegram channel of the Rada, the purpose of the law is a comprehensive regulation of relations arising during the circulation and conclusion of transactions with digital currency, as well as ensuring a unified approach to the organization of cryptocurrency trading.

Owners of cryptocurrencies will receive a number of benefits. Due to the fact that there will be a legislative regulation of this area, they will at least be able to protect their fortune in virtual assets if something happens.

They will also be able to legally exchange crypto assets, declare them. This process will be absolutely legal. In addition, it is expected that a whole market of intermediary services will appear for paying for goods with cryptoassets, their storage, exchange. This will expand the possibilities of their use.

The new law will make virtual assets an absolutely legal and familiar phenomenon for the authorities and society.

It should be noted that in September last year, the government of Ukraine stated that the country has the highest level of use of virtual assets by the population in the world.

Earlier, E Hacking News reported that, according to the First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

El Salvador was the first country in the world to recognize bitcoin. The relevant law entered into force there on September 7. Now it will be possible to pay with cryptocurrency along with dollars.


Read more »
Technology
Bitcoins Crypto heist Cryptocurrencies Poly Network Stolen Funds Technology

Hacker Behind $600 Million Crypto Heist Returned Stolen Funds

 

The hacker behind the biggest cryptocurrency heist of all time has finally handed access to the final tranche of stolen funds. 

Poly Network, a platform in the decentralized finance or "DeFi" area, was hacked last month, with the hacker or hackers acquiring almost $600 million in digital tokens. The criminal took advantage of Poly Network's software flaw to move the cash to their own accounts. 

In an unexpected twist, the Poly Network hacker did not flee with the funds. Instead, they initiated contact with the targeted organization, offering to return all funds. Last week, the hacker returned all of the funds virtually, except $33 million in tether, or USDT, a dollar-pegged bitcoin that was locked by its issuers. 

However, there was a problem, more than $200 million in assets were locked up in an account that needed both Poly Network and the hacker to enter passwords. The hacker has been refusing to provide out their password for several days, only stating that they would do it when "everyone is ready." 

Poly Network appealed to the hacker, dubbed "Mr. White Hat," to refund the money. The company guaranteed the anonymous person a $500,000 reward for assisting in identifying a security weakness in its systems, as well as a post as "chief security advisor." 

Poly Network now has access to the final batch of stolen cash. According to a blog post published Monday, hacker Mr. White Hat provided the so-called private key needed to restore control of the remaining assets. 

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network stated. 

“We are in the process of returning full asset control to users as swiftly as possible.” 

Last week, the Japanese cryptocurrency exchange Liquid announced that it had been the target of a cyberattack in which hackers obtained $97 million worth of cryptocurrencies. However, in the case of Poly Network, the hacker kept an open dialogue going with their victim, eventually reclaiming the assets they had stolen. 

Security experts believe the attacker recognized it would be impossible to launder the money and cash because all transactions are recorded on the blockchain, the public ledgers that underlie most major digital currencies. 

An unidentified individual claiming to be the hacker stated they were “(quitting) the show” in a message embedded in a digital currency transaction. 

“My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style,” the unidentified person stated. 

“The consensus was reached in a painful and obscure way, but it works. Some people even suspect that the whole story is a PR stunt.” 

Poly Network's team verified that the private key is authentic, according to the organization.

“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners, and the multiple security agencies for their assistance.”
Read more »
Subscribe to: Posts (Atom)