Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cryptocurrency exchange. Show all posts
North Korea Hackers
Crypto Attack Cryptocurrency exchange Cyber Attacks DMM Hacker attack North Korea North Korea Hackers

North Korean Hackers Suspected in $70M Phemex Crypto Exchange Exploit

 

A significant cyberattack on the Singapore-based cryptocurrency exchange Phemex has resulted in the loss of over $70 million in digital assets. Blockchain security experts believe the incident may be linked to North Korean hackers. The breach was detected on Thursday, prompting Phemex to suspend withdrawals after receiving alerts from security firms about unusual activity. 

Initially, approximately $30 million was reported stolen, but the attack persisted, leading to further asset depletion. The company’s CEO, Federico Variola, confirmed that the exchange’s cold wallets remained intact and unaffected. According to cybersecurity analysts, the tactics used in this attack resemble previous high-profile exploits targeting crypto exchanges.

The perpetrators swiftly transferred various tokens across multiple blockchain networks, beginning with high-value assets such as Bitcoin (BTC), Ethereum (ETH), and Solana (SOL), along with stablecoins like USDC and USDT. Since stablecoins can be frozen, the attackers quickly converted them into Ethereum before moving on to smaller, less liquid tokens. 

Researchers tracking the breach noted that hundreds of different cryptocurrencies were stolen, with attackers draining even minor altcoins. The process was reportedly carried out manually rather than through automated scripts, with assets transferred to fresh addresses before being laundered through additional layers of transactions. Experts believe the scale and coordination suggest the involvement of an experienced hacking group.  

A pseudonymous investigator known as SomaXBT.eth pointed to a North Korean-affiliated group as the likely culprit, noting similarities between this incident and previous attacks attributed to state-backed hackers. Another security analyst compared the breach to the attack on Japan’s DMM platform, which resulted in the theft of $308 million and was linked to the North Korean hacking group TraderTraitor. Data from blockchain explorers shows that the attackers utilized at least 275 transactions across Ethereum-based chains, using multiple addresses to siphon funds from networks such as Arbitrum, Base, Polygon, Optimism, and zkSync. 

Additionally, transactions were tracked across Avalanche, Binance Smart Chain, Polkadot, Solana, and Tron. A primary wallet connected to the breach handled at least $44 million in stolen funds, while notable amounts included $16 million in SOL, $12 million in XRP, and $5 million in BTC. Despite the losses, Phemex still holds roughly $1.8 billion in assets, the majority of which are in its native PT token, followed by significant holdings in Bitcoin and USDT. 

The exchange has announced that it is developing a compensation plan for affected users. As of the latest reports, activity from the attacker’s addresses appears to have ceased, with the final recorded transactions occurring around 10:00 AM ET.
Read more »
User Security
Binance Cryptocurrency exchange Cyber Security GitHub User Security

Leaked Data from Binance Taken Down


One of the biggest cryptocurrency exchanges in the world's security has come under scrutiny following the recent disclosure of private information from Binance on GitHub. Several documents, including code, internal passwords, and architecture diagrams, were purportedly released by an account on GitHub going by the name "Termf" and were accessible to the public for several months. The content was removed after Binance requested a copyright takedown.

Binance has effectively removed its GitHub data breach

Various technical details, including code about Binance's security procedures, were included in the leaked material. Interestingly, this contained details on multi-factor authentication (MFA) and passwords. A large portion of the code that was made public concerned systems that were identified as "prod," denoting a link to Binance's operational website as opposed to test or development environments.

On January 5, 2024, 404 Media contacted Binance to inform the exchange about the compromised data, which is when the problem became apparent. Binance then retaliated by sending GitHub a copyright removal request. Binance admitted in this request that internal code from the disclosed material "poses a significant risk" to the exchange, resulting in "severe financial harm" as well as possible user misunderstanding or harm.

What next?

Even after admitting the leak, Binance sent out a representative to try and reassure its user base. According to the spokesman, Binance's security team examined the circumstances and came to the conclusion that the code that had been leaked was not similar to the code that was being produced at the time. The representative emphasized the protection of users' data and assets and stated that there was only a "negligible risk" from the compromised information.

The significance of strong security procedures in the Bitcoin sector is highlighted by this occurrence. Crypto exchanges are required to uphold strict security procedures because of their role in managing users' sensitive information and financial assets. The prolonged public disclosure of security-related code and internal passwords on a public forum calls into doubt the effectiveness of Binance's security protocols.

The necessity of heightened security protocols

Another level of worry is raised by the exposed data, especially the code about security protocols like multi-factor authentication and passwords. These kinds of security lapses can have serious repercussions, including the compromise of user funds and accounts. It draws attention to the continuous difficulties Bitcoin platforms have in maintaining the integrity and confidentiality of their internal systems.

Read more »
Unibot
Apple MacOS Cryptocurrency exchange KandyKorn KandyKorn malware lazarus Lazarus Group malware North Korean Hackers Unibot

KandyKorn: Apple MacOS Malware Targets Blockchain Engineers of Crypto Exchange Platform


A new malware linked to the North Korean threat group Lazarus was discovered on Apple’s macOS, and it appears that it was intended for the blockchain engineers of a crypto exchange platform. 

KandyKorn Malware 

According to a study conducted by Elastic Security Labs, the malware, dubbed as ‘KandyKorn’ is a sophisticated backdoor that could be used to steal data, directory listing, file upload/download, secure deletion, process termination, and command execution.

At first, the attackers used Discord channels to propagate Python-based modules by pretending to be active members of the community.

Apparently, the social engineering attacks pose as an arbitrage bot intended to generate automatic profits by coercing its members into downloading a malicious ZIP archive called “Cross=platform Bridges.zip.” However, there are 13 malicious modules that are being imported by the file to work together in order to steal and alter the stolen information. 

The report reads, “We observed the threat actor adopting a technique we have not previously seen them use to achieve persistence on macOS, known as execution flow hijacking.”

Users of Unibot were notified by blockchain analytics company Scopescan about an ongoing hack, which was subsequently verified by an official source:

“We experienced a token approval exploit from our new router and have paused our router to contain the issue.” Later, Unibot guaranteed that it would compensate all the victims who lost their funds in the exploit. 

Lazarus Group/ Lazarus is a North Korean state-sponsored cyber threat group, linked to the Reconnaissance General Bureau that operates out of North Korea. As part of a campaign called Operation Blockbuster by Novetta, the group, which has been operating since at least 2009, is said to have been behind the devastating wiper attack against Sony Pictures Entertainment in November 2014. The malware that Lazarus Group uses is consistent with other known campaigns, such as DarkSeoul, Operation Flame, Operation 1Mission, Operation Troy, and Ten Days of Rain.

However, in certain definitions of the North Korean group, security researchers apparently report all North Korean state-sponsored cyber activities under the term Lazarus Group instead of tracking clusters or subgroups like Andariel, APT37, APT38, and Kimsuky.

The crypto industry remains a main target for Lazarus, with a primary motivation of profit rather than espionage, which is their second primary operational focus.

The fact that KandyKorn exists proves that macOS is well within Lazarus's target range and highlights the threat group's amazing ability to create subtle and sophisticated malware specifically designed for Apple devices.  

Read more »
User Information
Compliance crypto transactions Cryptocurrency exchange Cyber Security IRS data sharing IRS summons Kraken tax evasion tax reporting User Information

Data of Users on Prominent Crypto Exchange Set to be Shared with IRS

 

Starting in November, Kraken, a cryptocurrency exchange based in San Francisco, will begin sharing the personal information of over 40,000 users with the United States Internal Revenue Service (IRS) to comply with a court order issued in June. 

This change will affect American users whose transactions exceed $20,000 on the platform from 2016 to 2020. Kraken notified its U.S. users of this development, stating that the information covered by the court's order will be shared in early November 2023.

In May 2021, Kraken and its subsidiaries received an IRS summons, known as a "John Doe" summons, requesting a substantial amount of data related to U.S. customers. The IRS aimed to address tax evasion in the cryptocurrency space, where individuals were accumulating wealth without reporting it to tax authorities. 

The International Monetary Fund (IMF) has also highlighted the challenges posed by crypto assets due to their decentralized and pseudonymous nature, suggesting that tax systems need to adapt.

The IMF emphasized that crypto transactions are pseudonymous, meaning they use public addresses that are challenging to link to individuals or entities, potentially facilitating tax evasion. The IMF acknowledged that centralized exchanges are more accessible targets for implementing know-your-customer checks and already possess extensive customer data. 

Initially, Kraken resisted disclosing user data but was compelled to do so by a court order in June. The number of affected users was reduced to approximately 42,000 from an initial request for data from nearly 60,000 users.

Kraken will be required to provide user information such as names, dates of birth, Tax IDs or social security numbers, addresses, and contact details including phone numbers and emails, along with transaction history from 2016 to 2020. 

However, the exchange clarified that it will not share data on IP addresses, net worth, bank information, employment details, or sources of wealth. Kraken assured users that sensitive account information is encrypted for security.

Despite these measures, the IMF warned that determined tax evaders may turn to centralized exchanges located outside the U.S. to keep tax authorities uninformed. Additionally, there is concern that reporting requirements could lead people to conduct transactions through decentralized exchanges or peer-to-peer trades, which are harder for tax administrators to monitor.
Read more »
User Privacy
Cryptocurrency exchange Cyber Fraud Scam trading apps Trading Forex infected United States User Privacy

US Forex Scam Lasted for Ten Years

Two US men, Patrick Gallagher, 44, of Middleborough, Massachusetts, and Michael Dion, 49, of Orlando, Florida, both pled guilty to one charge of conspiracy to commit financial crimes in a foreign exchange operation that spanned a decade. 

Forex: Is it a con?

The world's currencies are traded on the Forex market, a credible platform.  It would be tricky to trade the currencies required to pay for imports, sell exports, travel, or conduct cross-border business without the Forex market. However, because there is no centralized or regulated exchange and massive leverage positions (which theoretically have the potential to earn traders a lot of money), are available, con artists use the scenario and rookie traders' desire to join the market. 

Since the forex market is a 'zero-sum' market, in order for one trader to profit, another dealer must lose money. As a result, the forex market does not by itself increase market value. 

About the Scam  

According to the Department of Justice, hackers established a fake organization called Global Forex Management and lured investors by assuring them large profits based on falsified trading performances from the past.

Hackers alleged that IB Capital, the business of a conspirator, would use an online trading platform to trade the victims' money. Rather, Gallagher and Dion were stealing the money from the victim investors while collaborating with other criminals in the Netherlands.

Gallagher and Dion carried out their scheme in May 2012 by deliberately setting up negative trades for the investors, effectively stealing $30 million from their victims.

After fabricating the enormous trading loss, Gallagher and Dion used shell businesses they had built up all across the world to transfer the stolen funds.

How can we detect a forex scam?

Learning how to correctly trade on the Forex market is the single most crucial thing a person can do to avoid getting conned. Finding reliable Forex brokers, on the other hand, is a challenge in this situation. Before trading with real money, practice making long-term profits on demo accounts. Be aware that it can take years to thoroughly learn the Forex trade, just like it does with any professional ability. Avoid any claim that suggests 'you can generate money quickly.'

Furthermore, don't accept the assertions made at face value; instead, take the time to conduct your own investigation. The legitimacy of the business that makes the claims or offers the course or expertise is something else a person might wish to investigate. 

Read more »
User Security
Crypto Wallet Cryptocurrency exchange Data Breach User Security

Malicious Actors Target CoinSpot Cryptoexchange to Steal User Information

 

Cyber security researchers at the Cofense Phishing Defense Center (PDC) have unearthed a new phishing campaign targeting CoinSpot cryptocurrency exchange users via a new technique revolving around withdrawal confirmations with the ultimate goal of stealing two-factor authentication (2FA) codes. 

The attackers are sending emails from a Yahoo email address, mimicking authentic emails from CoinSpot that ask the users to confirm or cancel a withdrawal transaction. The malicious texts also include details such as the transaction amount and a Bitcoin wallet address to add authenticity to the phishing campaign. 

By clicking on any of the buttons embedded in the email, the victim is directed to a phishing landing page. The page clones the CoinSpot login page and uses a spoofed domain name to gain the target's attention. 

"The style appears authentic, and there is even a Bitcoin address included to add to legitimacy. The user is prompted to either confirm or cancel the withdrawal, but both links have the same SendGrid hyperlink," reads the Cofense report. 

Additionally, the attackers use a digital certificate that adds a lock symbol to the URL address bar to make the victim believe they've reached CoinSpot's authentic and secure login form. The malicious landing page prompts the victims to enter their account credentials, and if they fall into the trap, they receive a two-factor authentication page, which is the last shield against account takeover attempts.

Upon inputting a 2FA code, the victims are redirected to the official CoinSpot website in a final push to mitigate the chances of suspicion. The hackers can then use the account credentials and the stolen 2FA codes to gain control of the victim's account.

How to safeguard crypto-investments? 

According to security experts, the excitement around cryptocurrency investment has led to an influx of inexperienced and potentially gullible users, allowing attackers to target a particular field. 

“The threat actor observed here been meticulous in obtaining access to lucrative crypto accounts. By playing on the recipient’s fears with carefully crafted steps, it could be easy for targets to perceive this as legitimate,” Cofense researchers explained. 

Cryptocurrency exchanges recommend users to review basic elements such as the sender’s address calmly, and look for anything suspicious while receiving emails. Even if everything looks genuine, don’t click the built-in messaging buttons. Instead, open a new tab on your browser, visit the official website manually, log into your account, and check for any alerts or messages that need your attention.
Read more »
Cyber Attacks
Crypto Currency Crypto Exchange Crypto Hack Crypto Wallets cryptocurrency Cryptocurrency exchange Cyber Attacks

As Crypto Exchange Attacks Surge Users Must Protect Their Crypto Wallets



As cryptocurrency goes from being an academic concept to becoming a type of transaction that has the potential to significantly reduce cyber fraud, cryptocurrency crimes have seen a likewise rise with cybercriminals targeting cryptocurrency exchanges and crypto-wallets. 

Despite the global pandemic wreaking havoc on economies, cryptocurrency has continued to grow, leading to a rise in the number of crypto exchanges worldwide. Subsequently, several top crypto companies in the Bay area were seen investing in Indian exchanges as well. 

While cryptocurrencies are particularly secure, crypto exchanges are susceptible to a number of vulnerabilities as they remain largely unregulated. It has resulted in exchanges being hacked every year in large numbers. The sudden surge in the popularity of cryptocurrency has meant investments by many amateur investors who didn't take time to fully understand how the crypto scene works. The lack of knowledge has been rampantly exploited by threat actors who saw it as a chance to scam and exploit crypto space. 

Throughout 2020, attacks linked to Blockchain alone accounted for nearly a third of all time attacks targeted at blockchain. Reportedly, the total monetary losses in a total of 122 attacks were almost $3.78 billion. Ethereum (ETH) DApps were the most often targeted – costing users nearly $436.36 million in 2020 alone. There were 47 successful attacks aimed at decentralized applications based on the Ethereum smart contract. 

New-Zealand-based, Cryptopia exchange was breached in 2019 as hackers managed to siphon $11 million worth of funds from the exchange. Following the security breach, the exchange went dark citing an announcement that read: “We are experiencing an unscheduled maintenance, we are working to resume the services as soon as possible. We will keep you updated.” 

Altsbit, an Italian crypto exchange, lost $70,000 in a hack within a few months of being around. The exchange announced that it will refund the affected users and will terminate its services in May 2020. “We will refund whatever we are holding on cold storage to users and then the platform will close down, ” the company stated in an email to Cointelegraph. Though it remained unclear how the hackers pulled off the attack, reports stated that the cybercrime group 'Lulzsec' was behind the hack. 

UPbit, a popular South Korean cryptocurrency exchange lost approximately $45 million (342,000 ETH) in a 2019 crypto theft. It went on to become the seventh-largest crypto exchange hack of the year. 

Liquid Global, a Japanese crypto exchange reported suffering a massive hacking incident, which resulted in the loss of digital assets worth $97 million. It included Bitcoin, Ethereum, XRP, and stablecoins. Liquid claimed that the attacker targeted a Multi-Party Computation wallet (an advanced cryptographic technique). 

In order to stay ahead of the crypto hackers, a few ways to secure your cryptocurrency are: ensuring the security of the Internet, using a cold wallet, changing passwords at regular periods, maintaining multiple wallets, staying wary of phishing attacks, and securing your personal device.
Read more »
malware
Cinobi Banking Trojan Cryptocurrency exchange Japan Malvertising Campaign malware

Cinobi Banking Malware Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign

 

Researchers at Trend Micro discovered a new social engineering-based malvertising campaign targeting Japanese users with a malicious application disguised as a free porn game, a reward points application, or a video streaming app. 

The malicious application uses a sideloading methodology to show the victim arbitrary web pages and ultimately deploy the Cinobi banking trojan. Researchers say that the malvertising campaign shares much in common with the Cinobi banking trojan they identified last year, but consider it to be a rebranded version of it. The campaign’s configuration remained the same, except that it targets a list of cryptocurrency exchange websites in Japan.

Last year, researchers at Trend Micro unearthed a new banking trojan which was dubbed as Cinobi Banking Trojan. The banking malware was a part of a campaign called “Operation Overtrap”. The campaign was operated by a malicious group known as “Water Kappa”. The malicious group has deployed the trojan in two ways: either via spam or making use of the Bottle exploit kit that contained CVE-2020-1380 and CVE-2021-26411 (2 Internet Explorer exploits). Interestingly, only Internet Explorer users were targeted through these malvertising attacks. 

Throughout 2020 and the first half of 2021, researchers noticed limited activity from the malicious group, with traffic decreasing during the middle of June — possibly suggesting that the group was turning to new tools and techniques. Earlier this month, researchers discovered the banking malware targeting users in Japan by abusing sideloading bugs. Researchers at TrendMicro believe that the same attackers that engaged in the “Operation Overtrap” campaign are behind this new one.

The malvertising campaign targets users by sending malvertisements with five different themes. These malvertisements trick victims into installing the same archive with the malware files. After the victim clicks the download button (“index.clientdownload.windows”), the site downloads the ZIP archive for the main executable file.

Researchers noted that the malicious website can be accessed only via Japanese IP addresses and that malicious threat actors behind the malvertising campaign are trying to steal cryptocurrency as  Cryptocurrency accounts’ credentials are now what hackers want to obtain by deploying the banking trojan called Cinobi. 

Threat actors have designed few more versions of banking malware with slight differences. The most important is the configuration file responsible for the form-grabbing functionality. The banking trojan has been spotted targeting users of 11 Japanese financial institutions, including banks and cryptocurrency trading companies. To avoid getting infected, researchers advised users to be extra cautious of suspicious advertisements and install only legitimate applications from trusted sources.
Read more »
Money Laundering
Bitcoin Cryptocurrency exchange Cyber Security Money Laundering

3 Unique Procedures to Counter Money Laundering in India

 

The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges deployed their own KYC regulations and anti-money laundering protocols for users.

Nishal Shetty, CEO of India’s largest cryptocurrency exchange WazirX said we follow all the necessary protocols such as asking users for ID and address proof like Aadhar and PAN Card. Our platform also emphasizes that money must come from the concerned customers' bank account and not from the third party bank account.

Cryptocurrency exchanges use various procedures to conduct KYC, one such method is penny drop. Penny drop method helps in verifying the user’s personal information and bank details, for example, a token of 10 rupees is transferred to the user’s account to confirm bank account details. This method confirms the account holder’s name as registered with the bank, to the transferor.

Neeraj Khandelwal, co-founder of CoinDCX stated that “for corporate clients who are given higher trading limits, more documents like articles of association, board resolutions authorizing crypto investment, etc. are needed”.

Chainlink is one of the most familiar software among cryptocurrency exchanges which helps in identifying rogue addresses. Khandelwal further stated “we use a globally renowned crypto AML tool to check for blacklisted crypto addresses. If a legitimate user has got crypto from such an address, maybe through peer-to-peer and he or she wants to transact on our exchange, we ask for additional KYC such as source of funds and profession”.

Bitcoins and other cryptos are not held in bank or demat accounts contrary to other financial assets such as stocks, bonds, and FDs. The cold wallet is the method that can be used for holding on to the bitcoins and other cryptos, it is the hardware device or even paper that is not linked to the internet. Therefore, cold wallets cannot be easily seized by law enforcement authorities.
Read more »
Subscribe to: Posts (Atom)