Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Digital Assets. Show all posts

Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology

 

In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.  

Shadow IT refers to the unauthorized use of software, tools, or cloud services by employees without the knowledge or approval of the IT department. Essentially, it occurs when employees seek quick solutions to problems without fully understanding the potential risks to the organization’s security and compliance.

Once a rare occurrence, Shadow IT now poses serious security challenges, particularly in terms of data leaks and breaches. A recent amendment to Israel’s Privacy Protection Act, passed by the Knesset, introduces tougher regulations. Among the changes, the law expands the definition of private information, aligning it with European standards and imposing heavy penalties on companies that violate data privacy and security guidelines.

The rise of Shadow IT, coupled with these stricter regulations, underscores the need for organizations to prioritize the control and management of their information systems. Failure to do so could result in costly legal and financial consequences.

One technology that has gained widespread usage within organizations is ChatGPT, which enables employees to perform tasks like coding or content creation without seeking formal approval. While the use of ChatGPT itself isn’t inherently risky, the lack of oversight by IT departments can expose the organization to significant security vulnerabilities.

Another example of Shadow IT includes “dormant” servers—systems connected to the network but not actively maintained. These neglected servers create weak spots that cybercriminals can exploit, opening doors for attacks.

Additionally, when employees install software without the IT department’s consent, it can cause disruptions, invite cyberattacks, or compromise sensitive information. The core risks in these scenarios are data leaks and compromised information security. For instance, when employees use ChatGPT for coding or data analysis, they might unknowingly input sensitive data, such as customer details or financial information. If these tools lack sufficient protection, the data becomes vulnerable to unauthorized access and leaks.

A common issue is the use of ChatGPT for writing SQL queries or scanning databases. If these queries pass through unprotected external services, they can result in severe data leaks and all the accompanying consequences.

Rather than banning the use of new technologies outright, the solution lies in crafting a flexible policy that permits employees to use advanced tools within a secure, controlled environment.

Organizations should ensure employees are educated about the risks of using external tools without approval and emphasize the importance of maintaining information security. Proactive monitoring of IT systems, combined with advanced technological solutions, is essential to safeguarding against Shadow IT.

A critical step in this process is implementing technologies that enable automated mapping and monitoring of all systems and servers within the organization, including those not directly managed by IT. These tools offer a comprehensive view of the organization’s digital assets, helping to quickly identify unauthorized services and address potential security threats in real time.

By using advanced mapping and monitoring technologies, organizations can ensure that sensitive information is handled in compliance with security policies and regulations. This approach provides full transparency on external tool usage, effectively reducing the risks posed by Shadow IT.

Continuous Threat Exposure Management: A Proactive Cybersecurity Approach

 

Continuous Threat Exposure Management (CTEM) represents a significant shift in cybersecurity strategy, moving beyond the limitations of traditional vulnerability management. In an era where data breaches and ransomware attacks remain prevalent despite substantial cybersecurity investments, CTEM offers a comprehensive approach to proactively identify, prioritize, and mitigate risks while ensuring alignment with business goals and compliance requirements. 

Introduced by Gartner in July 2022, CTEM is a continuous program that evaluates the accessibility, exposure, and exploitability of an organization’s digital and physical assets. Unlike reactive vulnerability management, which focuses on patching known vulnerabilities, CTEM addresses potential threats before they escalate into major security incidents. It employs various tools, such as Penetration Testing as a Service (PTaaS), attack surface management (ASM), automated pen-testing, and red-teaming, to maintain a proactive defense posture. 

At the core of CTEM is its iterative approach, emphasizing integration, continuous improvement, and communication between security personnel and executives. This alignment ensures that threat mitigation strategies support organizational goals, thereby enhancing the effectiveness of security programs and fostering a culture of cybersecurity awareness across the organization. The CTEM process, as defined by Gartner, involves several stages: scoping, discovery, prioritization, validation, and mobilization. Scoping identifies the organization’s total attack surface, including internal and external vulnerabilities. 

Discovery uses ASM tools to detect potential threats and vulnerabilities, while prioritization focuses on assessing risks based on their likelihood of exploitation and potential impact. Validation confirms the existence and severity of identified threats through techniques like red-teaming and automated breach-and-attack simulations. Mobilization then implements remediation measures for validated high-priority threats, ensuring that they are aligned with business objectives and effectively communicated across departments. 

Exposure management, a critical aspect of CTEM, involves determining the attack surface, assessing exploitability, and validating threats in a continuous cycle, thereby minimizing vulnerabilities and enhancing security resilience. CTEM and exposure management are crucial for fostering a proactive security culture and addressing cybersecurity challenges before they escalate. By leveraging existing security tools and processes, organizations can integrate CTEM into their operations more efficiently, optimizing resource usage and complying with regulatory requirements. CTEM focuses on outcome-driven, business-aligned metrics that facilitate informed decision-making at the executive level. 

It recognizes that while complete risk elimination is impossible, strategic risk reduction aligned with organizational objectives is essential. By prioritizing vulnerabilities based on their impact and feasibility, CTEM enables organizations to navigate the complex cybersecurity landscape effectively. CTEM offers a pragmatic and systematic framework to continuously refine priorities and mitigate threats. By adopting CTEM, organizations can proactively protect their assets, improve resilience against evolving cyber threats, and ensure that their security initiatives align with broader business imperatives.

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.

Here's How NFTs Can Transform Asset Management

 

NFTs are frequently discussed in terms of their role in digital art, but beneath the surface, there is a massive, unexplored potential for revolutionising real-world asset ownership and transaction.

This possibility was the focus of a recent conversation between Roundtable host Rob Nelson and Brittany Kaiser, chair of the board of Gryphon Digital Mining (GRYP) and co-founder of the Own Your Own Data Foundation. 

Together, they analysed the broader ramifications of tokenization beyond digital collectibles. Nelson began the conversation by clarifying common misconceptions about NFTs and emphasising their value beyond art collecting. 

"NFTs and tokenization bring real utility, wealth sharing, and growth opportunities," he said, laying the groundwork for an informative discussion of how these technologies may be applied in more traditional sectors. 

Kaiser presented a rudimentary overview of what a "token" actually entails, stating that at its foundation, a token is a smart contract. With her legal knowledge, she skillfully illustrated how these contracts automate and enforce themselves technologically rather than legally.

"A smart contract is a self-executing digital contract that encapsulates data or transactions in a secure, enforceable format," Kaiser said. 

She highlighted the practical advantages of this technology, particularly in data management. Individuals can govern how their data is utilised and ensure it is inaccessible after a set amount of time by using smart contracts, as opposed to traditional techniques, which leave data susceptible indefinitely.

Kaiser's ideas were applied on a broad scale, including the transfer of real-world assets and financial transactions. She described how tokenization may expedite the time-consuming due diligence processes traditionally connected with real estate purchases, transforming them into efficient and secure exchanges.

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.

Cybersecurity Breach Hits Global Software Developer PSI Software SE

 


According to a recent announcement, German software company PSI Software SE revealed that it fell victim to a ransomware attack, disrupting its internal infrastructure. The company, specialising in software solutions for energy suppliers worldwide, including control systems for operations, network utilisation, and energy trading, confirmed the incident on February 15. As a precautionary measure, PSI Software disconnected several IT systems, including email, to prevent potential data loss.

The attack was initially detected on the night of February 15, with the company noticing unusual activity in its network. To contain the threat, PSI Software swiftly shut down external connections and systems. Although the exact entry point of the cyberattack remains unknown, the company is actively investigating the incident.

The ransomware attack prompted PSI Software to engage in collaboration with the Federal Office for Information Security, seeking assistance for incident response and remediation efforts. Authorities were promptly notified, and since February 16, experts have been working closely with the company to mitigate the impact of the cyber incident.

Despite the disruption, PSI Software reassures its customers that there is currently no evidence suggesting the attackers breached customer systems. The focus remains on securing and restoring the company's internal infrastructure. The situation has raised concerns about the potential consequences of such attacks on critical infrastructure, given PSI Software's role in providing software solutions for major energy suppliers globally.

This incident highlights the growing threat of ransomware attacks targeting critical infrastructure and how crucial it is to adapt robust cybersecurity measures. As businesses increasingly rely on digital systems, the risk of cyber threats becomes more significant. PSI Software's proactive response in disconnecting systems and collaborating with cybersecurity experts demonstrates the urgency and seriousness with which companies must address such incidents.

Cybersecurity experts emphasise the need for organisations to adopt comprehensive security measures, including regular system audits, employee training on recognising phishing attempts and implementing strong network security protocols. The investigation into the PSI Software SE ransomware attack serves as a reminder for businesses to be conscientious and proactive in safeguarding their digital assets.

This ransomware attack on PSI Software SE, a global player in critical infrastructure software development, highlights the fluid and emerging nature of the threats confronting businesses. As cybersecurity incidents become more sophisticated, organisations must prioritise robust security measures to protect against potential disruptions and data breaches. The cooperative engagement with cybersecurity authorities accentuates the necessity for a unified endeavour to minimise the repercussions of such attacks. It further stresses upon the critical significance of adopting a well-informed stance towards cybersecurity in the contemporary digital era.


The United States is Monitoring Vulnerabilities in Bitcoin

 

The United States has shown a keen interest in the cybersecurity aspects of Bitcoin, particularly honing in on a vulnerability associated with the Ordinals Protocol in 2022. The National Vulnerability Database (NVD), overseen by the National Institute of Standards and Technology (NIST), a branch of the U.S. Department of Commerce, has brought attention to this issue for public awareness. This underscores the growing focus of government agencies on the security dimensions of cryptocurrencies.

The vulnerability at the core of this development is specific to certain versions of Bitcoin Core and Bitcoin Knots. It enables the bypassing of the datacarrier limit by disguising data as code. In practical terms, this vulnerability could result in the Bitcoin network being inundated with non-transactional data, potentially causing congestion in the blockchain and affecting performance and transaction fees. This concern is not merely theoretical, as evidenced by the exploitation of the Ordinals inscriptions in 2022 and 2023.

The Ordinals gained prominence in late 2022, involving the embedding of additional data onto a satoshi, the smallest Bitcoin unit, similar to the concept of nonfungible tokens (NFTs) on the Ethereum network. However, the increased usage of Ordinals transactions has led to heightened network congestion, resulting in elevated transaction fees and slower processing times. For blockchain enthusiasts, these issues are not just technical glitches but critical challenges that could influence the future trajectory of Bitcoin.

Luke Dashjr, a Bitcoin Core developer, has been outspoken about this vulnerability, likening it to receiving a flood of junk mail that obstructs essential communications. This metaphor aptly encapsulates the essence of the vulnerability, disrupting the otherwise streamlined process of Bitcoin transactions.

In response to these concerns, a patch has been developed in Bitcoin Knots v25.1. However, Dashjr notes that Bitcoin Core remains vulnerable in its upcoming v26 release. He expresses hope that the issue will be addressed in the v27 release next year. The implications of this vulnerability and its subsequent patching are substantial. Rectifying the bug could limit Ordinals inscriptions, although existing inscriptions would persist due to the immutable nature of the network.

This situation underscores a broader theme in the cryptocurrency world: the constant evolution and the need for vigilance in maintaining network security. The involvement of U.S. federal agencies in tracking and cataloging these vulnerabilities may signify a step toward more robust and secure blockchain technologies. While the identification of Bitcoin's vulnerability by the NVD serves as a cautionary tale, it also presents an opportunity for growth and improvement in the cryptocurrency ecosystem.

"Securing Your Digital Assets: Uncovering the Untraceable Data Theft Bug in Google Workspace's Drive Files"

 


Security consultants say hackers can steal information from Google Drive accounts through a method known as password mining. It is all done to conceal the fact that they have taken away a lot of information without leaving any trace behind. 

Google Workspace has been found vulnerable to a critical security flaw revealed in the past few days. Thousands of files on people's drives are at risk of silent theft by hackers due to this vulnerability. Due to the current trend of increased remote working and digital collaboration, and as a result of this alarming vulnerability, immediate attention must be given to ensuring the security and privacy of sensitive information. 

Mitiga Security researchers discovered a security vulnerability in Google Workspace that was previously unknown. The attacker could use this technique to exfiltrate data from Google Drive without leaving a trace. Due to a forensic vulnerability, this vulnerability allows a user to exfiltrate data from an application. This is without leaving a trail for anyone to see what they did. 

There is a security issue pertaining specifically to actions taken by users without a Google Workspace enterprise license. This makes it a particularly serious issue. There will be no documentation for the actions carried out on private drive-by users without a paid Google Workspace license. 

When hackers cancel their paid license and switch to a free "Cloud Identity Free" license, they can disable logging and recording on their computers. 

A great collaboration tool that Google offers is Google Workspace. There are, however, several security holes that exist in its security system. There is no such thing as an untouchable threat when it comes to data. When there is a lot of connectivity between things, cloud services can be extremely risky. An entire department's work can be overturned by one wrong link in a chain of documents that are all dependent on one another. 

There is a "Cloud Identity Free" license available by default to all Google Drive users. There are no logs kept in the system regarding actions performed by a user on their private drive. This is unless an administrator assigns a paid license to the user. In this environment, due to the lack of visibility, threat actors can manipulate or steal data without being detected. Two different methods can be used to exploit security vulnerabilities in a computer system. 

As a first method, a threat actor compromises a user's account, manipulates the license of that user, and allows the threat actor access to and download private files through the user's account. The only thing that is preserved during license revocation and reassignment is the logs that accompany the process. During the revoking of a paid license, the second method targets employees who are involved in the process. Despite being revoked, a license can still be useful for downloading sensitive files from a private drive if the account is not disabled before the license is revoked. 

A threat actor could easily revoke a cloud storage account's paid license by following a few simple steps, thereby reverting an account to the free "Cloud Identity Free" license if the account is compromised by a threat actor.

There is no record-keeping or logging functionality in the system, so this would turn it off. Once that was done, they could exfiltrate any files they wanted, without leaving any trace of what they did behind. As far as an administrator is concerned, all they may notice later is the fact that someone has revoked a paid license. 

A company called Mitiga says it notified Google that it had found the information, but the company has not responded. An important step of any post-mortem or hacking forensics process is to identify which files have been taken during a data breach so you can conduct your investigation accordingly. It can assist victims in determining what types of information were taken and, as a consequence, if there is a need to worry about identity theft, wire fraud, or something similar, help them establish if they are in danger. 

In addition to logging, one of the standard methods by which IT teams keep track of potential intrusions before causing severe damage is to ensure that all activity is logged appropriately. Google Drive accounts, on the other hand, are often left without adequate controls by hackers, which makes it easier for them to steal data undetected.

It is also imperative that cloud storage providers take more robust steps to protect user data to prevent vulnerabilities like this from occurring in the future. Even though Google has yet to reply to Mitiga's findings, the company will likely address this problem shortly. It will result in an enhanced level of security for its platform as a result. 

The users should remain vigilant while they are awaiting the emergence of the attacks and make sure they are protecting their data. It is also recommended that they regularly monitor their Google Drive accounts to make sure that there are no suspicious activities or unauthorized access. Further, it must be noted that strong passwords must be used and two-factor authentication must be used to prevent unauthorized access from happening. 

Many documents and files can be stolen, including confidential business documents, proprietary information, financial records, intellectual property, and personal documentation. Regulatory violations, as well as financial fraud, corporate espionage, reputation damage, and other potential economic repercussions, can result from data breaches on a large scale. This is far beyond a mere failure to recover data. 

Due to the alarming nature of this discovery, you must take immediate action to protect your sensitive data and protect yourself against potentially harmful hacks. 

To improve your organization's security posture, it is recommended you take the following steps: 

Make sure two-factor authentication is enabled in your account. Two-factor authentication on your Google Workspace account adds extra security. As a result, even if your login credentials are compromised, this will apply an additional security layer. This will ensure you cannot access your account until you pass an additional verification step. 

Stay Educated: Make the most of Google Workspace security alerts and advisories and keep up to date on the latest security threats. It is imperative to keep an eye on official sources, including Google's security bulletins and blogs, for more information regarding security threats. 

You need to educate your employees about the risks of phishing attacks. You need to give them the tools to act when interacting with suspicious emails and websites. Educate them about phishing risks and the importance of action when providing login credentials. Reporting suspicious activity promptly should be encouraged as part of organizational culture.

Alert! Scam Pixelmon NFT Website Hosts Password-stealing Malware

 

A bogus Pixelmon NFT site tempts visitors with free tokens and collectables while infecting them with spyware that steals their cryptocurrency wallets. Pixelmon is a popular NFT project with plans to create an online metaverse game where users can gather, train, and battle other players with pixelmon pets. 

The project has attracted a lot of attention, with nearly 200,000 Twitter followers and over 25,000 Discord members. Threat actors have replicated the original pixelmon.club website and built a fake version at pixelmon[.]pw to deliver malware to take advantage of this interest. Instead of providing a demo of the project's game, the malicious site provides executables that install password-stealing malware on a device. 

The website is selling a package named Installer.zip that contains a faulty executable that does not infect customers with malware. However, MalwareHunterTeam, which was the first to identify this malicious site, detected other dangerous files transmitted by it, allowing to see what malware it was spreading. Setup.zip, which contains the setup.lnk file, is one of the files sent by this fraudulent site. Setup.lnk is a Windows shortcut that runs a PowerShell command to download pixelmon[.]pw's system32.hta file. 

When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing malware that is no longer widely used. Security researcher Fumik0_, who has previously examined this malware family, confirmed this. When launched, the Vidar sample from the threat actor connects to a Telegram channel and retrieves the IP address of a malware's command and control server. The malware will then obtain a configuration instruction from the C2 and download further modules to steal data from the afflicted device. 

Vidar malware may steal passwords from browsers and apps, as well as scan a computer for files with certain names, which it subsequently sends to the threat actor. The C2 commands the malware to seek for and steal numerous files, including text files, cryptocurrency wallets, backups, codes, password files, and authentication files, as seen in the malware setup below. Because this is an NFT site, visitors are expected to have bitcoin wallets installed on their PCs. 

As a result, threat actors focus on looking for and stealing cryptocurrency-related files. While the site is presently not distributing a functioning payload, BleepingComputer has observed evidence that the threat actors have been modifying the site in recent days, as payloads that were available two days ago are no longer available. 

One can expect this campaign to continue to be active, and working threats to be added soon, based on the site's activity. Due to the high number of fraudsters attempting to steal the bitcoin from NFT projects, one should always double-check that the URL they are viewing is indeed associated with  their interested project.

OpenSea Warns of Discord Channel Hack

 

The nonfungible token (NFT) marketplace OpenSea had a server breach on its primary Discord channel, with hackers posting phoney "Youtube partnership" announcements. A screenshot shared on Friday reveals a phishing site linked to fraudulent collaboration news. 

The marketplace's Discord server was hacked Friday morning, according to OpenSea Support's official Twitter account, which urged users not to click links in the channel. OpenSea has "partnered with YouTube to bring their community into the NFT Space," according to the hacker's original post on the announcements channel. 

It also stated that they will collaborate with OpenSea to create a mint pass that would allow holders to mint their project for free. The attacker appeared to have been able to stay on the server for a long time before OpenSea staff was able to recover control. The hacker uploaded follow-ups to the initial totally bogus statement, reiterating the phoney link and saying that 70% of the supply had already been coined, in an attempt to generate "fear of missing out" in the victims. 

The scammer also tried to persuade OpenSea users by claiming that anyone who claimed the NFTs would receive "insane utilities" from YouTube. They state that this offer is one-of-a-kind and that there would be no other rounds to engage in, which is typical of scammers. As of this writing, on-chain data indicates that 13 wallets have been infiltrated, with the most valued stolen NFT being a Founders' Pass worth about 3.33 ETH ($8,982.58). 

According to initial reports, the hacker used webhooks to get access to server controls. A webhook is a server plugin that lets other software get real-time data. Hackers are increasingly using webhooks as an attack vector since they allow them to send messages from official server accounts. The OpenSea Discord server isn't the only one that uses webhooks. 

In early April, a similar flaw enabled the hacker to utilise official server identities to post phishing links on several popular NFT collections' channels, including Bored Ape Yacht Club, Doodles, and KaijuKings.

Hackers Steal NFTs Worth $3M in Bored Ape Yacht Club Heist

 

Hackers stole non-fungible tokens (NFTs) estimated to be worth $3 million after getting into the Bored Ape Yacht Club's Instagram account and uploading a link to a replica website that tried to capture marks' assets.

The fake post offered a free airdrop – essentially a promotional token giveaway, to customers who clicked the link and connected their MetaMask crypto-asset wallets to the scammer's wallet. Rather than receiving free items, victims had their digital wallets drained. 

Bored Ape Yacht Club tweeted Monday morning in a warning that came too late for some of its members, "It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything,"  

The Bored Ape Yacht Club, or BAYC, is a collection of photographs depicting bored primates in various attitudes and costumes, which can be used as internet profile avatars and sell for hundreds of dollars in crypto coins. 

Miscreants stole four Bored Apes, six Mutant Apes, and three Bored Ape Kennel Club NFTs, as well as "assorted additional NFTs estimated at a total value of $3 million," according to Yuga Labs, the company that launched Bored Ape Yacht Club. 

"We are actively working to establish contact with affected users," a Yuga Labs spokesperson said, adding that its hijacked Instagram account did have two-factor authentication enabled, "and the security practices surrounding the IG account were tight." 

"Yuga Labs and Instagram are currently investigating how the hacker was able to gain access to the account," the spokesperson stated. 

This is the second time in less than a month that the NFT collection has been hacked. Bored Ape Yacht Club said on March 31 that their Discord server had been compromised. According to security firm PeckShield, a cybercriminal stole one NFT: Mutant Ape Yacht Club #8662 in a previous incident. 

In March, following the launch of the ApeCoin cryptocurrency by the Bored Ape Yacht Club, fraudsters stole around $1.5 million by claiming a huge amount of tokens using NFTs they did not own and obtaining bogus flash loans. Flash loans are given and repaid in a single blockchain transaction, which might take as little as seconds to get and return the funds. These and other recent hacks have raised security concerns about NFT and cryptocurrency technologies.

NFT Minting Platform Lympo Got Compromised for $18.7M

 

Lympo, a sports NFT minting platform and an Animoca Brands firm, was hacked and lost 165.2 million LMT tokens worth $18.7 million, the platform said in a blog post on 10 January.

According to the short Medium report, the hack exploited ten separate project wallets. Most of the stolen tokens were sent to a single address where the funds were swapped for Ether on SushiSwap or Uniswap before being sent to other addresses. Lympo claims that during the attack the threat actors connected to its internet-facing crypto wallet and used it to send/receive cryptocurrency.

“In response to this attack, Lympo enacted safeguards to ensure that no additional LMT could be stolen by the hackers. We are temporarily removing LMT from various liquidity pools in order to minimize disruption to token prices following the hack,” the company’s blog post read. 

Following the security breach, the price of LMT has dropped to $0.01882, which is the current all-time low of the token, Coinmarketcap reported. 

In response to this, the LMT team tweeted on 11 January that they were trying to stabilize the platform and are temporarily removing LMT from various liquidity pools in order to prevent further disruption of the token’s price. This is a remedial measure since after suspending the liquidity pool of the token, larger order volumes by traders are not fulfilled instantly, and traders also do not face any losses.

Lympo’s parent firm Animoca, a Hong Kong-based game venture capital company, stated that it is ready to support its subsidiary to deal with the challenges caused by the hacking. Animoca’s CEO, Yat Siu, released a statement that read: “We are working with Lympo to assist them on a recovery plan, but we don’t have any specific mechanisms.” 

This is the second hot wallet hack in the last week, with Liechtenstein-based crypto exchange LCX losing $7 million worth of tokens last Saturday. The hacker converted most of the stolen tokens to ETH and then sent them to the privacy mixer Tornado Cash. The team behind LCX has already stated that they will use their own funds to compensate the affected users.