Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label cryptocurrency hack. Show all posts

DMM Bitcoin Hack: 500 BTC Transfer Linked to $305 Million Theft Raises New Concerns

 

A cryptocurrency address linked to the $305 million DMM Bitcoin hack in May has reportedly transferred 500 Bitcoin, valued at approximately $30.4 million. On August 22, PeckShield Alert reported that the suspect address initially split the funds into two separate addresses, each receiving around 250 BTC. This movement of funds marks a significant development in the aftermath of the DMM Bitcoin hack, which remains one of the most substantial cryptocurrency thefts of 2024. The DMM Bitcoin hack, which occurred in May, resulted in the theft of 4,502.9 BTC, valued at approximately $305 million at the time. 

The current value of the stolen Bitcoin is just over $274 million. In response to the breach, DMM Bitcoin quickly raised $320 million to reimburse affected users, demonstrating the exchange’s commitment to mitigating the impact of the hack on its customers. Blockchain investigator ZachXBT previously attributed the attack to the Lazarus Group, a notorious hacking organization allegedly linked to the Democratic People’s Republic of Korea. The Lazarus Group has been implicated in several high-profile cyberattacks, and its involvement in the DMM Bitcoin hack highlights the growing sophistication of cybercriminals targeting the cryptocurrency industry. 

According to on-chain analysts, the methods used to launder the stolen funds and various off-chain indicators strongly suggest the Lazarus Group’s involvement in the heist. Following the hack, the attackers reportedly split the stolen Bitcoin into smaller batches of 500 BTC and transferred them to new wallets. PeckShield identified that the latest funds moved since the May 31 incident originated from one of these wallets. This strategy of splitting and moving funds is a common tactic among cybercriminals to obfuscate the trail of stolen assets and avoid detection. 

In July, ZachXBT alleged that the attackers transferred approximately $35 million worth of Bitcoin to the Cambodia-based exchange Huione Guarantee. The exchange has faced accusations of facilitating the laundering of funds from various crypto hacks, pig butchering scams, and other illicit activities. The involvement of exchanges like Huione underscores the challenges in tracking and recovering stolen cryptocurrency, as these platforms can serve as intermediaries for converting stolen assets into fiat currency or other cryptocurrencies. 

The DMM Bitcoin hack is a significant addition to the growing list of cryptocurrency thefts in 2024, which had already claimed over $473 million in losses before this incident. The hack is the second largest in Japan’s history, following the 58 billion yen loss suffered by Coincheck in 2018. In the aftermath of the DMM Bitcoin hack, the exchange halted all spot trading on its platform and warned that withdrawals in Japanese yen might take longer than usual, as they implemented measures to prevent further unauthorized outflows. This incident also highlights broader trends in the cryptocurrency industry. 

According to a Chainalysis report, while illegal activity on blockchain networks has decreased by almost 20% year-to-date, malware attacks and stolen funds have surged. Stolen funds inflows doubled to $1.58 billion compared to $857 million last year, and ransomware inflows climbed around 2%, reaching $459.8 million. The DMM Bitcoin hack serves as a stark reminder of the ongoing vulnerabilities in the cryptocurrency sector and the need for enhanced security measures to protect digital assets from increasingly sophisticated cyber threats.

North Korea-Backed Hackers Breach US Tech Company to Target Crypto Firms


A North Korean state-sponsored hacking group has recently breached a US IT management company, in a bid to further target several cryptocurrency companies, cybersecurity experts confirmed on Thursday. 

The software company – JumpCloud – based in Louisville, Colorado reported its first hack late in June, where the threat actors used their company’s systems to target “fewer than 5” of their clients. 

While the IT company did not reveal the identity of its affected customers, cybersecurity firms CrowdStrike Holding and Alphabet-owned Mandiant – managing JumpCloud and its client respectively – claims that the perpetrators are known for executing heists targeting cryptocurrency. 

Moreover, two individuals that were directly connected to the issue further confirmed the claim that the JumpCloud clients affected by the cyberattack were in fact cryptocurrency companies. 

According to experts, these North Korea-backed threat actors, who once targeted firms piecemeal are now making efforts in strengthening their approach, using tactics like a “supply chain attack,” targeting companies that could provide them wider access to a number of victims at once.

However, Pyongyang’s mission to the UN did not respond to the issue. North Korea has previously denied claims of it being involved in cryptocurrency heists, despite surplus evidence claiming otherwise.

CrowdStrike has identified the threat actors as “Labyrinth Collima,” one of the popular North Korea-based operators. The group, according to Mandiant, works for North Korea’s Reconnaissance General Bureau (RGB), its primary foreign intelligence agency.

However, the U.S. cybersecurity agency CISA and the FBI did not confirm the claim. 

Labyrinth Chollima is one of North Korea’s most active hackers, claiming responsibility for some of the most notorious and disruptive cyber threats in the country. A staggering amount of funds has been compromised as a result of its cryptocurrency theft: An estimated $1.7 billion in digital currency was stolen by North Korean-affiliated entities, according to data from blockchain analytics company Chainalysis last year.

JumpCloud hack first came to light earlier this month when an email from the firm reached its customers, mentioning how their credentials would be changed “out of an abundance of caution relating to an ongoing incident.”

Adam Meyers, CrowdStrike’s Senior Vice President for Intelligence further warns against Pyongyang’s hacking squads, saying they should not be underestimated. "I don't think this is the last we'll see of North Korean supply chain attacks this year," he says.  

DeFi Protocol Cream Finance Suffers a $130 Million Hack

 

Cream Finance, an Ethereum-based lending and borrowing protocol, has suffered a loan flash assault, losing over $130 million worth of ether and ERC-20 tokens. 

According to Peckshield, a block security firm, threat actors exploited a security loophole in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their possession before splitting them through other wallets.

Following the assault, the value of the Cream LP tokens witnessed a substantial decline of 27 percent and is currently priced at around $111 (roughly Rs. 8,300), as per CoinGecko. The protocol that has over 72,000 followers on Twitter confirmed the attack and revealed that an investigation into the case is underway. 

Additionally, the Cream Finance group is trying to negotiate with the hackers, offering to present them 10% of all of the tokens that had been lost. This is a known strategy that has paid off for some protocols which were exploited in the past. 

Unfortunately, this is the third time Cream Finance suffered a loan flash attack this year, in August threat actors stole $29 million and another $37 million were stolen in February. However, this latest hack is the third-largest Defi hack in history. 

According to a recent report released by CipherTrace, DeFi assaults are becoming very profitable for cybercriminals. The attacks accounted for 76% of all major hacks in 2021 and earned a profit of 361 million.

“By July 2021, DeFi-related hacks total $361 million, already making up three-quarters of the total hack volume this year—a 2.7x increase from 2020. DeFi-related fraud continues to rise, as well. At the time of this report, DeFi-related fraud accounted for 54% of major crypto fraud volume, whereas last year DeFi-related fraud only made up 3% of the year’s total,” states CipherTrace. 

“The three hacks that Cream Finance has experienced are all related to flash loans, and the hackers from the [August attack] returned [most of] the stolen funds,” Sun Huang, general manager and vice president for security development operations at XREX Inc. stated. “This time we can expect the hacker to return as well, especially when the tracking technology for blockchain has become more mature and many could catch the hints and chase down attackers.”

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020


Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies – 46,000 bitcoin, 2.04 million ethereum, 56,000 bitcoin cash, 292,000 litecoin, and 684,000 EOS.

Cryptocurrency is a virtual or digital currency that uses cryptographical functions to make financial transactions. In order to gain transparency and immutability, it makes use of blockchain technology. It is decentralized in nature as there is no central authority controlling or interfering in the processes that include making cryptocurrency exchanges directly between two parties using private and public keys. Equating to money in the real-world it attracts a large possibility of cyber fraud.

On June 2, 2020, CipherTrace released its Cryptocurrency Crime and Anti-Money Laundering Report covering the global trends and latest developments to fight money laundering, terrorism financing, and sanctions evasion. It highlighted the need for regulation and compliance while reporting that 74% of bitcoin in exchange-to-exchange transactions was the cross border and 88% of funds sent to exchanges in 2019 by US Bitcoin ATMs were offshore. Researchers also noted that phishing sites are the most popular COVID-19 related products marketed on the dark web.

“While only 9.8% of the dark market’s one-hop (direct) interactions went directly to exchanges, 30.7% of its two-hop (once removed) interactions went to exchanges—more than tripling the risk exposure to exchanges,” the report read.

In addition, cryptocriminals are also employing several new malware to target cryptocurrencies, an undocumented Trojan called ‘KryptoCibule’ has been found targeting various cryptocurrencies by replacing wallet addresses and stealing cryptocurrency-related files. Previously reported P2P botnet, FritzFrog attempted to brute-force SSH servers of government, education and medical institutions, and telecom players, with an objective of mining cryptocurrency via XMRig miner. Over two weeks ago, a new botnet, dubbed as TeamTNT was observed stealing AWS credentials from affected servers.

With the old techniques being upgraded and the new ones being continually introduced to mine illicit financial gains, cryptocurrencies have become one of the most increasingly targeted areas at present. Users are advised to stay perceptive to indicatives of criminal behavior.

Teen Hacker Elliott Gunton Taking Cryptocurrency for Stolen Data


In April 2018, Elliott Gunton, a teenager from Norwich, England, was caught by the police on the charges of hacking and his PC was taken hold of by the authorities.

He was convicted at Norwich Crown Court where he admitted five charges which included illegal data exchanges, computer exploitation and money laundering offences.

Gunton was subjected to a three and a half year community  order which kept him from using internet and software and he was made to pay a sum of £407,359 by the court order.

On the charges of stealing sensitive information of people and selling it in exchange of pounds in cryptocurrency, the Norwich Crown Court sentenced him to 20 months imprisonment and let out owing to the time spent on remand.

On the examination of Gunton's computer, it was found that he had scheduled supplies of stolen data of people which included their contact information for malicious purposes like texts to carry out fraud.

At the age of 16, Gunton hacked a telecommunications firm and was found guilty of the same.

The teen made constant and sophisticated efforts to conceal his fraudulent acts and hide the payments from police and therefore he dealt in Bitcoin instead of hard currency. However, he happened to leave behind some parts of conversations where he negotiated criminal deals.

Referencing from a tweet made by Gunton last year, "Having lots of money is cool… but having lots of money without people knowing is cooler." He called himself as a "full-time crypto trader."

Cryptocurrency exchanges losses $40 million to hackers




A cryptocurrency exchange Binance reported a ‘’large scale’’ data breach in which hackers managed to steal 7,000 bitcoins worth of about $40 million.

The company said that hackers used various techniques including phishing, viruses and other attacks to obtain large numbers of user API keys, 2FA codes and other info. 

“The hackers had the patience to wait, and execute well-prepared actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks,” said Binance’s CEO, Changing Zhao.

According to the initial investigation, the hacker attacked through multiple seemingly independent accounts at the most opportune time. 

The company has halted all the withdrawals immediately after the reports of hack. 

In a public statement released by the company,  they admitted that, ’’the transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system.’’

They further added that they need to conduct a thorough security review, and it would include all parts of our systems and data, which might take one week. 

However, till the whole time, deposits and withdrawals will ‘’REMAIN SUSPENDED’’. 






The Ukrainian man stole half a million from crypto-wallets



The man, who stole 500 000 UAH (18 350 USD) from the crypto-wallets of clients of the online cryptocurrency exchange, was detained in the Kiev region.

The Ukrainian cyber police stated that the 35-year-old man provided technical support to the British stock exchange with online cryptocurrency exchange and had access to personal data of customers. He used them to steal from Bitcoin and various Altcoin accounts. Thus, he stole 500 000 UAH for several months.

Theft of cryptocurrency occurred in several stages. At first, the attacker was looking for accounts of clients who for a long time did not open their accounts and did not have a complex authentication system.

After that, the Ukrainian made a substitution of backup e-mail boxes or added them to accounts where they were not specified. Thus, he restored the passwords to the wallets and initiated the debiting of electronic money.

Conversion and withdrawal of money took place through an online exchange.

At the moment the amount of damage is 720 000 UAH (26 400 USD). The received funds the attacker spent on gambling on virtual simulators of slot machines.

Cryptocurrency Trading App Taylor loses 2,578 ETH in hack


The creators of Taylor, a cryptocurrency trading app, have claimed that they have lost about 2,578.98 Ether (which is currently valued at over $1.49 million) from the company’s wallet in an attack by an unidentified hacker.

Taylor posted on Medium on May 22, revealing that they had been hacked and almost all their funds stolen. The company said that apart from the Ether, TAY tokens were also stolen from the Team and Bounty pools, amounting to over 7 percent of the total supply.

“The only tokens that were not stolen are the ones from the Founders’ and Advisors’ pools, because there’s a vesting contract making them inaccessible for now,” the report read.

The company wrote that since they are still investigating the attack, they cannot reveal much, but said, “What we can say is that it was not a smart contract exploit. Somehow the hacker got access to one of our devices and took control of one of our 1Password files.”

Taylor believes that the hacker is the same person or group that hacked CypheriumChain and stole over 17,000 ETH (amounting to about $9 million), as the hacker worked by collecting the amount from multiple sources into a single wallet then transferring it to a bigger wallet, which is allegedly the same wallet where the tokens from the CypheriumChain hack were transferred.

The team also noticed an attempt to dump the stolen TAY tokens on IDEX and asked them to delist TAY until they knew more about the situation, which means that the market is down for TAY and even legitimate token holders cannot trade.

“We are considering to issue a new token and swap the old one,” the company said. “The goal is to make sure the hacker does not receive the new token. We analyzed all transactions made by him, and we know exactly where the stolen tokens are.”

Taylor warned token owners to stop all trading of TAY tokens until more information is revealed and new tokens are sent out, “otherwise, you may lose your money and will not be able to receive the new token.”

“We reassure that we will spare no efforts to find a way to mitigate the implications of this incident for every single legit token holder. We are not going anywhere!” the company said after the attack.

Japan Cryptocurrency Exchange Coincheck starts refunds for $530m hack

The cryptocurrency exchange that fell to a hack of about $534 million in January this year has now started reimbursing the affected customers that lost fund in the hack.

In its blog post, Coincheck said that it will refund users as per its original compensation plan at the rate of 88.549JPY ($0.83) per NEM stolen and that to qualify for reparations, users must have held that amount of NEM on their platform at 23:59:59 JST on 26 January, 2018.

The total amount reimbursed will equal to about $420 million.

After the hack, Coincheck had imposed restrictions on trading and withdrawal of some cryptocurrencies on the exchange. The company is now going to lift some of these restrictions to allow for withdrawals and sales, according to another blog post.

It also said that it is working on evaluating the risks associated with each currency and will “confirm the technical security of our systems regarding these currencies in order to resume normal operations.”

The exchange also plans to resume deposits and purchases of all currencies, and open for new registrations once security and management systems have been updated.

“Once again, we would like to apologize for the inconveniences that the illicit transfer of NEM from out platform and the resulting suspension in services has caused our customers and anyone else affected by this incident. Thank you for your patience,” the company said in its blog post.