Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital Assets. Show all posts
Security Breach
Crypto Exchange Crypto Hack cryptocurrency Cyber Attacks Digital Assets Lazarus Group Security Breach

Bybit Crypto Exchange Hacked for $1.5 Billion in Largest Crypto Heist

 

Bybit, one of the world’s largest cryptocurrency exchanges, has suffered a massive security breach, resulting in the loss of $1.5 billion in digital assets. The hack, now considered the largest in crypto history, compromised the exchange’s cold wallet—an offline storage system designed to provide enhanced security against cyber threats. 

Despite the breach, Bybit CEO Ben Zhou assured users that other cold wallets remain secure and that withdrawals continue as normal. Blockchain analysis firms, including Elliptic and Arkham Intelligence, traced the stolen funds as they were quickly moved across multiple wallets and laundered through various platforms. Most of the stolen assets were in ether, which were liquidated swiftly to avoid detection. 

The scale of the attack far exceeds previous high-profile crypto thefts, including the $611 million Poly Network hack in 2021 and the $570 million stolen from Binance’s BNB token in 2022. Investigators later linked the attack to North Korea’s Lazarus Group, a state-sponsored hacking organization known for targeting cryptocurrency platforms. The group has a history of siphoning billions from the digital asset industry to fund the North Korean regime. 

Experts say Lazarus employs advanced laundering techniques to hide the stolen funds, making recovery difficult. Elliptic’s chief scientist, Tom Robinson, confirmed that the hacker’s addresses have been flagged in an attempt to prevent further transactions or cash-outs on other exchanges. However, the sheer speed and sophistication of the operation suggest that a significant portion of the funds may already be out of reach. The news of the breach sent shockwaves through the crypto community, triggering a surge in withdrawals as users feared the worst. 

While Bybit has managed to stabilize outflows, concerns remain over the platform’s ability to recover from such a massive loss. To reassure customers, Bybit announced that it had secured a bridge loan from undisclosed partners to cover any unrecoverable losses and maintain operations. The Lazarus Group’s involvement highlights the persistent security risks in the cryptocurrency industry. Since 2017, the group has orchestrated multiple cyberattacks, including the theft of $200 million in bitcoin from South Korean exchanges. 

Their methods have become increasingly sophisticated, exploiting vulnerabilities in crypto platforms to fund North Korea’s financial needs. Industry experts warn that large-scale thefts like this will continue unless exchanges implement stronger security measures. Robinson emphasized that making it harder for criminals to profit from these attacks is the best deterrent against future incidents. 

Meanwhile, law enforcement agencies and crypto-tracking firms are working to trace the stolen assets in hopes of recovering a portion of the funds. While exchanges have made strides in improving security, cybercriminals continue to find ways to exploit weaknesses, making robust protections more crucial than ever.
Read more »
zkLend
Cyvers Alerts Data Breach DeFi Digital Assets zkLend

zkLend DeFi Platform Hacked, Loses $9.5 Million

 



A major hacking incident has hit zkLend, a decentralized lending platform that operates on the Starknet blockchain. The attacker managed to steal about $9.5 million worth of cryptocurrency by exploiting a vulnerability in the system.

According to blockchain security company Cyvers, the stolen digital assets were initially moved to the Ethereum network through a bridging mechanism. The hacker then tried to hide the transactions using Railgun, a privacy-focused tool that makes it difficult to trace funds. However, due to Railgun’s internal restrictions, the stolen funds were redirected back to the hacker’s original wallet.

In reaction to the security breach, zkLend temporarily disabled all withdrawals and advised its users to avoid making deposits or repaying loans until the issue was fully investigated. The company is working with law enforcement agencies and cybersecurity experts, including StarkWare, Starknet Foundation, and Binance Security, to track the stolen assets and identify the culprit.

The incident has raised fresh concerns about security vulnerabilities in the decentralized finance (DeFi) sector. Data from DeFiLlama reveals that cybercriminals have already stolen over $110 million from blockchain projects since the beginning of 2024. This attack on zkLend is now considered one of the most significant breaches to affect the Starknet ecosystem.

Efforts to Recover Stolen Funds

To retrieve the lost assets, zkLend has reached out to the hacker via an on-chain message. They have offered the attacker a 10% “white hat” reward, allowing them to keep a portion of the funds if they return the remaining amount. The total sum requested back is around 3,300 ETH, valued at approximately $8.78 million. zkLend has set a strict deadline of February 14, warning that legal action will follow if the assets are not returned.

Preetam Rao, CEO of security firm QuillAudits, pointed out that this is likely the most significant security breach on Starknet in recent years. He commended zkLend for maintaining transparency and offering a bounty to incentivize the hacker to return the funds.

Meir Dolev, Co-founder and CTO of Cyvers, highlighted that the breach exposes major risks in DeFi lending. He noted that the vulnerability lay in zkLend’s smart contract structure rather than in the core cryptographic system of Starknet’s zero-knowledge rollup technology.

Understanding Railgun’s Role in the Attack

Unlike other tools such as Tornado Cash, which mixes funds to hide their source, Railgun is built into DeFi applications, ensuring user privacy while they interact with blockchain networks. The hacker used Railgun to obscure the movement of stolen assets, but due to its built-in policies, the funds were eventually sent back to the original wallet.

What Happens Next?

zkLend has promised to provide a full report detailing how the breach occurred once their investigation is complete. The company is urging its users to remain patient as they work to strengthen security measures and prevent similar attacks in the future.

This hack serves as a reminder of the risks in DeFi platforms. It highlights the importance of continuous security upgrades to protect digital assets from increasingly sophisticated cyber threats.



Read more »
unauthorized software
ChatGPT risks Cybersecurity Data Leaks Data protection Digital Assets Information Security privacy laws server vulnerabilities Shadow IT Technology unauthorized software

Mitigating the Risks of Shadow IT: Safeguarding Information Security in the Age of Technology

 

In today’s world, technology is integral to the operations of every organization, making the adoption of innovative tools essential for growth and staying competitive. However, with this reliance on technology comes a significant threat—Shadow IT.  

Shadow IT refers to the unauthorized use of software, tools, or cloud services by employees without the knowledge or approval of the IT department. Essentially, it occurs when employees seek quick solutions to problems without fully understanding the potential risks to the organization’s security and compliance.

Once a rare occurrence, Shadow IT now poses serious security challenges, particularly in terms of data leaks and breaches. A recent amendment to Israel’s Privacy Protection Act, passed by the Knesset, introduces tougher regulations. Among the changes, the law expands the definition of private information, aligning it with European standards and imposing heavy penalties on companies that violate data privacy and security guidelines.

The rise of Shadow IT, coupled with these stricter regulations, underscores the need for organizations to prioritize the control and management of their information systems. Failure to do so could result in costly legal and financial consequences.

One technology that has gained widespread usage within organizations is ChatGPT, which enables employees to perform tasks like coding or content creation without seeking formal approval. While the use of ChatGPT itself isn’t inherently risky, the lack of oversight by IT departments can expose the organization to significant security vulnerabilities.

Another example of Shadow IT includes “dormant” servers—systems connected to the network but not actively maintained. These neglected servers create weak spots that cybercriminals can exploit, opening doors for attacks.

Additionally, when employees install software without the IT department’s consent, it can cause disruptions, invite cyberattacks, or compromise sensitive information. The core risks in these scenarios are data leaks and compromised information security. For instance, when employees use ChatGPT for coding or data analysis, they might unknowingly input sensitive data, such as customer details or financial information. If these tools lack sufficient protection, the data becomes vulnerable to unauthorized access and leaks.

A common issue is the use of ChatGPT for writing SQL queries or scanning databases. If these queries pass through unprotected external services, they can result in severe data leaks and all the accompanying consequences.

Rather than banning the use of new technologies outright, the solution lies in crafting a flexible policy that permits employees to use advanced tools within a secure, controlled environment.

Organizations should ensure employees are educated about the risks of using external tools without approval and emphasize the importance of maintaining information security. Proactive monitoring of IT systems, combined with advanced technological solutions, is essential to safeguarding against Shadow IT.

A critical step in this process is implementing technologies that enable automated mapping and monitoring of all systems and servers within the organization, including those not directly managed by IT. These tools offer a comprehensive view of the organization’s digital assets, helping to quickly identify unauthorized services and address potential security threats in real time.

By using advanced mapping and monitoring technologies, organizations can ensure that sensitive information is handled in compliance with security policies and regulations. This approach provides full transparency on external tool usage, effectively reducing the risks posed by Shadow IT.
Read more »
Threat Management
Cyber Security Cyber Threats Risk data security Digital Assets Gartner ransomware attacks Threat Management

Continuous Threat Exposure Management: A Proactive Cybersecurity Approach

 

Continuous Threat Exposure Management (CTEM) represents a significant shift in cybersecurity strategy, moving beyond the limitations of traditional vulnerability management. In an era where data breaches and ransomware attacks remain prevalent despite substantial cybersecurity investments, CTEM offers a comprehensive approach to proactively identify, prioritize, and mitigate risks while ensuring alignment with business goals and compliance requirements. 

Introduced by Gartner in July 2022, CTEM is a continuous program that evaluates the accessibility, exposure, and exploitability of an organization’s digital and physical assets. Unlike reactive vulnerability management, which focuses on patching known vulnerabilities, CTEM addresses potential threats before they escalate into major security incidents. It employs various tools, such as Penetration Testing as a Service (PTaaS), attack surface management (ASM), automated pen-testing, and red-teaming, to maintain a proactive defense posture. 

At the core of CTEM is its iterative approach, emphasizing integration, continuous improvement, and communication between security personnel and executives. This alignment ensures that threat mitigation strategies support organizational goals, thereby enhancing the effectiveness of security programs and fostering a culture of cybersecurity awareness across the organization. The CTEM process, as defined by Gartner, involves several stages: scoping, discovery, prioritization, validation, and mobilization. Scoping identifies the organization’s total attack surface, including internal and external vulnerabilities. 

Discovery uses ASM tools to detect potential threats and vulnerabilities, while prioritization focuses on assessing risks based on their likelihood of exploitation and potential impact. Validation confirms the existence and severity of identified threats through techniques like red-teaming and automated breach-and-attack simulations. Mobilization then implements remediation measures for validated high-priority threats, ensuring that they are aligned with business objectives and effectively communicated across departments. 

Exposure management, a critical aspect of CTEM, involves determining the attack surface, assessing exploitability, and validating threats in a continuous cycle, thereby minimizing vulnerabilities and enhancing security resilience. CTEM and exposure management are crucial for fostering a proactive security culture and addressing cybersecurity challenges before they escalate. By leveraging existing security tools and processes, organizations can integrate CTEM into their operations more efficiently, optimizing resource usage and complying with regulatory requirements. CTEM focuses on outcome-driven, business-aligned metrics that facilitate informed decision-making at the executive level. 

It recognizes that while complete risk elimination is impossible, strategic risk reduction aligned with organizational objectives is essential. By prioritizing vulnerabilities based on their impact and feasibility, CTEM enables organizations to navigate the complex cybersecurity landscape effectively. CTEM offers a pragmatic and systematic framework to continuously refine priorities and mitigate threats. By adopting CTEM, organizations can proactively protect their assets, improve resilience against evolving cyber threats, and ensure that their security initiatives align with broader business imperatives.
Read more »
Vulnerability management
Bank Security Bitcoin Digital Assets Technology Vulnerability management

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.
Read more »
Token Management
Digital Assets NFTs Technology Token Management

Here's How NFTs Can Transform Asset Management

 

NFTs are frequently discussed in terms of their role in digital art, but beneath the surface, there is a massive, unexplored potential for revolutionising real-world asset ownership and transaction.

This possibility was the focus of a recent conversation between Roundtable host Rob Nelson and Brittany Kaiser, chair of the board of Gryphon Digital Mining (GRYP) and co-founder of the Own Your Own Data Foundation. 

Together, they analysed the broader ramifications of tokenization beyond digital collectibles. Nelson began the conversation by clarifying common misconceptions about NFTs and emphasising their value beyond art collecting. 

"NFTs and tokenization bring real utility, wealth sharing, and growth opportunities," he said, laying the groundwork for an informative discussion of how these technologies may be applied in more traditional sectors. 

Kaiser presented a rudimentary overview of what a "token" actually entails, stating that at its foundation, a token is a smart contract. With her legal knowledge, she skillfully illustrated how these contracts automate and enforce themselves technologically rather than legally.

"A smart contract is a self-executing digital contract that encapsulates data or transactions in a secure, enforceable format," Kaiser said. 

She highlighted the practical advantages of this technology, particularly in data management. Individuals can govern how their data is utilised and ensure it is inaccessible after a set amount of time by using smart contracts, as opposed to traditional techniques, which leave data susceptible indefinitely.

Kaiser's ideas were applied on a broad scale, including the transfer of real-world assets and financial transactions. She described how tokenization may expedite the time-consuming due diligence processes traditionally connected with real estate purchases, transforming them into efficient and secure exchanges.
Read more »
security measures
Axie Infinity co-founder crypto community cryptocurrency theft Cyber Security Cybersecurity Breach Digital Assets Hackers personal accounts security measures

Hackers Steal Nearly $10 Million from Axie Infinity Co-founder’s Personal Accounts

 

A significant amount of cryptocurrency, valued at nearly $10 million, has been reported stolen from personal accounts belonging to Jeff "Jihoz" Zirlin, one of the co-founders associated with the video game Axie Infinity and its affiliated Ronin Network.

According to reports, Zirlin's wallets were compromised, resulting in the theft of 3,248 ethereum coins, equivalent to approximately $9.7 million. Zirlin took to social media to confirm the incident, stating that two of his accounts had been breached. 

However, he emphasized that the attack solely targeted his personal accounts and did not affect the validation or operations of the Ronin chain or Axie Infinity,as reiterated by Aleksander Larsen, another co-founder of the Ronin Network.

The method through which the intruders gained access to Zirlin's wallets remains unclear. The Ronin Network serves as the underlying infrastructure for Axie Infinity, a game renowned for its play-to-earn model based on ethereum, particularly popular in Southeast Asia. 

Notably, the system had previously fallen victim to a $600 million cryptocurrency heist in March 2022, an attack attributed by U.S. prosecutors to the Lazarus Group, a cybercrime operation allegedly backed by North Korea.

Analysts tracking the recent theft traced the stolen funds to activity on Tornado Cash, a cryptocurrency mixer designed to obfuscate the origin of funds. It's worth noting that Lazarus had previously utilized this mixer to launder proceeds from the 2022 hack. The U.S. government, in response, had separately imposed sanctions on Tornado Cash.

Blockchain investigator PeckShield described the incident as a "wallet compromise," indicating a breach in security measures. Despite the breach, Zirlin assured stakeholders of the stringent security protocols in place for all activities related to the Ronin chain.
Read more »
Ransomware
Cyber Crime Cybersecurity Data Compromise Digital Assets PSI software Ransomware

Cybersecurity Breach Hits Global Software Developer PSI Software SE

 


According to a recent announcement, German software company PSI Software SE revealed that it fell victim to a ransomware attack, disrupting its internal infrastructure. The company, specialising in software solutions for energy suppliers worldwide, including control systems for operations, network utilisation, and energy trading, confirmed the incident on February 15. As a precautionary measure, PSI Software disconnected several IT systems, including email, to prevent potential data loss.

The attack was initially detected on the night of February 15, with the company noticing unusual activity in its network. To contain the threat, PSI Software swiftly shut down external connections and systems. Although the exact entry point of the cyberattack remains unknown, the company is actively investigating the incident.

The ransomware attack prompted PSI Software to engage in collaboration with the Federal Office for Information Security, seeking assistance for incident response and remediation efforts. Authorities were promptly notified, and since February 16, experts have been working closely with the company to mitigate the impact of the cyber incident.

Despite the disruption, PSI Software reassures its customers that there is currently no evidence suggesting the attackers breached customer systems. The focus remains on securing and restoring the company's internal infrastructure. The situation has raised concerns about the potential consequences of such attacks on critical infrastructure, given PSI Software's role in providing software solutions for major energy suppliers globally.

This incident highlights the growing threat of ransomware attacks targeting critical infrastructure and how crucial it is to adapt robust cybersecurity measures. As businesses increasingly rely on digital systems, the risk of cyber threats becomes more significant. PSI Software's proactive response in disconnecting systems and collaborating with cybersecurity experts demonstrates the urgency and seriousness with which companies must address such incidents.

Cybersecurity experts emphasise the need for organisations to adopt comprehensive security measures, including regular system audits, employee training on recognising phishing attempts and implementing strong network security protocols. The investigation into the PSI Software SE ransomware attack serves as a reminder for businesses to be conscientious and proactive in safeguarding their digital assets.

This ransomware attack on PSI Software SE, a global player in critical infrastructure software development, highlights the fluid and emerging nature of the threats confronting businesses. As cybersecurity incidents become more sophisticated, organisations must prioritise robust security measures to protect against potential disruptions and data breaches. The cooperative engagement with cybersecurity authorities accentuates the necessity for a unified endeavour to minimise the repercussions of such attacks. It further stresses upon the critical significance of adopting a well-informed stance towards cybersecurity in the contemporary digital era.


Read more »
Subscribe to: Posts (Atom)