CySecurity News - Latest Information Security and Hacking Incidents: Bitcoin

AI Bitcoin Cryptocurrencies Google Quantum Quantum computing Technology

Quantum Computing Could Threaten Bitcoin Security Sooner Than Expected, Study Finds

New research suggests the cryptocurrency industry may have less time than anticipated to prepare for the risks posed by quantum computing, with potential implications for Bitcoin, Ethereum, and other major digital assets.

A whitepaper released on March 31 by researchers at Google indicates that breaking the cryptographic systems securing these networks may require fewer than 500,000 physical qubits on a superconducting quantum computer. This marks a sharp reduction from earlier estimates, which placed the requirement in the millions.

The study brings together contributors from both academia and industry, including Justin Drake of the Ethereum Foundation and Dan Boneh, alongside Google Quantum AI researchers led by Ryan Babbush and Hartmut Neven. The research was also shared with U.S. government agencies prior to publication, with input from organizations such as Coinbase and the Ethereum Foundation.

At present, no quantum system is capable of carrying out such an attack. Google’s most advanced processor, Willow, operates with 105 qubits. However, researchers warn that the gap between current hardware and attack-capable machines is narrowing. Drake has estimated at least a 10% probability that a quantum computer could extract a private key from a public key by 2032.

The concern centers on how cryptocurrencies are secured. Bitcoin relies on a mathematical problem known as the Elliptic Curve Discrete Logarithm Problem, which is considered practically unsolvable using classical computers. However, Peter Shor demonstrated that quantum algorithms could solve this problem far more efficiently, potentially allowing attackers to recover private keys, forge signatures, and access funds.

Importantly, this threat does not extend to Bitcoin mining, which relies on the SHA-256 algorithm. Experts suggest that using quantum computing to meaningfully disrupt mining remains decades away. Instead, the vulnerability lies in signature schemes such as ECDSA and Schnorr, both based on the secp256k1.

The research outlines three potential attack scenarios. “On-spend” attacks target transactions in progress, where an attacker could intercept a transaction, derive the private key, and submit a fraudulent replacement before confirmation. With Bitcoin’s average block time of 10 minutes, the study estimates such an attack could be executed in roughly nine minutes using optimized quantum systems, with parallel processing increasing success rates. Faster blockchains such as Ethereum and Solana offer narrower windows but are not entirely immune.

“At-rest” attacks focus on wallets with already exposed public keys, such as reused or inactive addresses, where attackers have significantly more time. A third category, “on-setup” attacks, involves exploiting protocol-level parameters. While Bitcoin appears resistant to this method, certain Ethereum features and privacy tools like Tornado Cash may face higher exposure.

Technically, the researchers developed quantum circuits requiring fewer than 1,500 logical qubits and tens of millions of computational operations, translating to under 500,000 physical qubits under current assumptions. This is a substantial improvement over earlier estimates, such as a 2023 study that suggested around 9 million qubits would be needed. More optimistic models could reduce this further, though they depend on hardware capabilities not yet demonstrated.

In an unusual move, the team did not publish the full attack design. Instead, they used a zero-knowledge proof generated through the SP1 zero-knowledge virtual machine to validate their findings without exposing sensitive details. This approach, rarely used in quantum research, allows independent verification while limiting misuse.

The findings arrive as both industry and governments begin preparing for a post-quantum future. The National Security Agency has called for quantum-resistant systems by 2030, while Google has set a 2029 target for transitioning its own infrastructure. Ethereum has been actively working toward similar goals, aiming for a full migration within the same timeframe. Bitcoin, however, faces slower progress due to its decentralized governance model, where major upgrades can take years to implement.

Early mitigation efforts are underway. A recent Bitcoin proposal introduces new address formats designed to obscure public keys and support future quantum-resistant signatures. However, a full transition away from current cryptographic systems has not yet been finalized.

For now, users are advised to take precautionary steps. Moving funds to new addresses, avoiding address reuse, and monitoring updates from wallet providers can reduce exposure, particularly for long-term holdings. While the threat is not immediate, researchers emphasize that preparation must begin well in advance, as advances in quantum computing continue to accelerate.

Ransomware Attack Hits South Africa’s Land Bank, Hackers Demand Bitcoin Payment



 

South Africa

Bitcoin Data Breach IT system land bank Microsoft Server Ransomware South Africa

Ransomware Attack Hits South Africa’s Land Bank, Hackers Demand Bitcoin Payment

South Africa’s Finance Minister Enoch Godongwana has disclosed that the Land and Agricultural Development Bank of South Africa was targeted in a ransomware incident earlier this year.

The cyberattack took place on January 12, according to official confirmation.

Details of the breach were made public through a parliamentary response after Adil Nchabeleng requested clarification on how the incident occurred, which systems were impacted, and whether the attackers issued any ransom demands.

In his response, the Minister stated that the attackers demanded 5 Bitcoin, estimated to be worth around R5.4 million. The bank chose not to comply with this demand. He further confirmed that core banking infrastructure and data related to farmers were not accessed or compromised.

Initial investigations revealed that suspicious activity was detected within certain parts of the bank’s IT environment. Further analysis suggested that an external party gained entry by exploiting a vulnerability in an internet-facing server. Following this, ransomware was deployed, leading to encryption of portions of the bank’s server systems as well as several employee laptops.

The attack specifically affected servers operating within virtual environments that run on Microsoft systems. Authorities have identified the perpetrators as part of a Ransomware-as-a-Service group, indicating the use of commercially distributed ransomware tools.

In response to the breach, the bank acted swiftly to contain the damage. Affected systems were isolated, indicators of compromise were removed, and additional security measures were implemented to strengthen defenses.

Officials emphasized that critical platforms, including enterprise resource planning systems, core banking infrastructure, and customer relationship management tools, were not accessed. This was attributed to the fact that the SAP environment is maintained separately from other server systems, providing an additional layer of protection.

However, other parts of the IT environment were significantly impacted. Systems outside the SAP infrastructure were either encrypted or rendered inaccessible to staff, and multiple laptops were also locked by the ransomware.

The attackers reportedly demanded payment in Bitcoin in exchange for restoring access to data and refraining from releasing any stolen information. Despite this, the bank confirmed that it did not make any ransom payment.

During the recovery phase, the bank continued to isolate affected environments, remove malicious traces, and enhance its cybersecurity posture. This included strengthening firewall configurations, patching known vulnerabilities, and improving detection mechanisms to better respond to future threats.

This incident follows a series of cyberattacks affecting organizations in South Africa. In May of the previous year, South African Airways experienced a major cyber disruption that affected its website, mobile application, and several internal systems. Immediate steps were taken at the time to reduce the impact on flight operations and customer services.

The Land Bank attack sheds light on the increasing frequency of ransomware incidents targeting key institutions. It also underscores the importance of proactive cybersecurity measures, including system segmentation, timely updates, and continuous monitoring to prevent and mitigate such threats.

Too Much Data Regulation Can Create Security Risks



 

Technology

Bitcoin Blockchain Cloud Crypto Data Technology

Too Much Data Regulation Can Create Security Risks

Bitcoin transactions are transparent by design, they work as a pseudonym where operations are visible but identity is hidden. But the increasing amount of identity-based data around users is affecting the transparency into a personal security threat.

The problem

The increasing regulatory data collection is now mixing with bitcoin’s on-chain transparency, making a trove of identity linked data that hackers can abuse for forced, real-world attacks.

What makes data a target?

Physical attacks against cryptocurrency holders are on the rise due to a number of factors, including social engineering, frequent major data breaches, KYC requirements, and regulatory data collection.

These occurrences, which are frequently referred to as "wrench attacks," entail coercion to gain private keys or force transactions by threats or physical violence. With France emerging as a focus point, this movement is highlighting a weakness in the industry's regulation.

Threats has become the rule rather than the exception, with at least 47.2% of cases involving verified torture or physical assault and 51.5% including firearms. There were 19 fatal occurrences, which resulted in 24 deaths overall and a 6.2% fatality rate. 2025 was the most violent year on record in terms of recorded cases, but analysts warn that the actual number of occurrences is probably greater because of underreporting. All numbers are based on cases that were publicly available at the time of reporting.

What are the risks?

The risk profile for Bitcoin holders is very harsh. Transactions are irreversible once private keys are turned over under duress. Chargebacks, account freezes, and institutional recovery procedures are nonexistent. When coupled with actual compulsion, the protocol's famed finality becomes a liability.

France serves as an example of how rapidly this risk might increase. In France, there were twenty bitcoin-related physical attacks in 2025, compared to a total of just four between 2017 and 2024. Eight more cases had already been reported by early February 2026, indicating that the rise is continuing rather than leveling down. Europe now accounts for around 40% of all events worldwide, up from about 22% in 2024.

Rhysida Claims Responsibility for November 2025 Ransomware Attack on Southold, New York



 

Southold cyber attack

Bitcoin Cyber Security government breach New York local Ransom Demand ransomware-as-a-service Rhysida Ransomware Southold cyber attack

Rhysida Claims Responsibility for November 2025 Ransomware Attack on Southold, New York

A ransomware gang known as Rhysida has claimed it was behind a cyberattack carried out in November 2025 against the local government of Southold, New York.

Town authorities first disclosed the incident on November 24, 2025, revealing that a ransomware attack had disrupted critical municipal services. Impacted systems included email communications, payroll processing, tax collection, permitting, and other essential operations. While most systems were restored within two weeks, some remained offline through mid-January.

On its data leak portal, Rhysida demanded a ransom payment of 10 bitcoin—valued at approximately $661,400 at the time of reporting. The group gave the town a seven-day deadline, threatening to auction the allegedly stolen data to other cybercriminal actors if the ransom was not paid. Southold Supervisor Al Krupski stated that the town does not plan to comply with the ransom demand.

Town officials have not confirmed Rhysida’s involvement, and independent verification of the gang’s claims has not been established. It remains unclear what specific data may have been compromised or how attackers gained access to the town’s network. Officials were contacted for further comment, and updates are expected if additional information becomes available.

Following the breach, the town allocated $500,000 toward cybersecurity enhancements.

“Please be advised that the Town of Southold is investigating a potential cyber incident affecting town servers, which affects our ability to communicate with residents via email,” said the city’s November 24 announcement. “During the course of this investigation, we regret to inform you that all town services will be limited.”

Rhysida emerged in May 2023 and operates a ransomware-as-a-service (RaaS) model. The group’s malware is capable of encrypting systems and exfiltrating sensitive data. Victims are typically pressured to pay for both a decryption key and assurances that stolen information will be deleted. Affiliates can lease Rhysida’s infrastructure to conduct attacks and share in ransom proceeds.

In 2025, the group claimed responsibility for 21 verified ransomware incidents and made an additional 70 unconfirmed claims. Several confirmed attacks targeted public-sector entities, including:

Oregon Department of Environmental Quality (April 2025 – $2.6 million ransom, unpaid)
Maryland Department of Transportation (August 2025 – $3.4 million ransom, unpaid)
Cleveland County Sheriff’s Office (November 2025 – $782,000 ransom)
Cheyenne and Arapaho Tribes (December 2025 – $682,000 ransom, unpaid)

So far in 2026, the group has claimed six additional breaches.

Security researchers documented 84 confirmed ransomware incidents targeting U.S. government entities in 2025, exposing roughly 639,000 personal records. The average ransom demand across these cases reached $987,000.

In 2026, confirmed government-sector victims include Midway, Florida, Winona County, Minnesota, New Britain, Connecticut, and Tulsa International Airport.

Ransomware attacks on public institutions often involve both data theft and system encryption, disrupting services such as bill payments, court records management, and emergency response operations. Governments that refuse to pay may face prolonged outages, data loss, and heightened risks of fraud for affected residents.

Southold is a town located on Long Island in New York, with a population of approximately 24,000 residents. It falls within Suffolk County, which experienced a significant ransomware incident in 2021 that exposed the personal data of around 470,000 residents and severely disrupted county services.

Bithumb Error Sends 620,000 Bitcoins to Users, Triggers Regulatory Scrutiny in South Korea



 

Korea

Bitcoin Bitcoin Cyber Threat Bithumb cryptocurrency Cryptocurrency news Cyber Security digital currency Financial Regulators Korea

Bithumb Error Sends 620,000 Bitcoins to Users, Triggers Regulatory Scrutiny in South Korea

A huge glitch at Bithumb, South Korea’s second-biggest digital currency platform, triggered chaos when users suddenly found themselves holding vast quantities of bitcoin due to a flawed promotion. Instead of issuing minor monetary rewards, a technical oversight allowed 620,000 bitcoins to be wrongly allocated. Regulators quickly stepped in, launching investigations as the scale of the incident became clear. Recovery efforts are now underway for assets exceeding $40 billion, stemming directly from the mishap. Legal pressure mounts on the firm while authorities assess compliance failures. What began as a routine marketing effort has turned into one of the largest operational blunders in crypto trading history.

On 6 February, a mistake unfolded amid a promotion meant to give rewards to 695 qualifying users - totaling 620,000 Korean won, about $423. Instead of using local currency, one employee typed in bitcoin by accident; this shifted the reward value dramatically. What should have been small bonuses became 620,000 bitcoins, valued around $42 billion then. Among those who qualified, nearly half accessed their digital boxes before anyone noticed. These 249 people ended up with massive deposits, exceeding the entire crypto balance held by the platform.

Bithumb said it fixed many incorrect deposits through adjustments in its internal records. Still, regulators noted approximately 13 billion won - about $9 million - was unaccounted for, lost when certain users moved or cashed out funds prior to detection. During the half-hour span before freezing actions began, 86 individuals allegedly offloaded close to 1,788 bitcoins, sparking temporary shifts in pricing across the site's trading system.

Criticism came fast once news broke. "Catastrophic" was the word used by Lee Chan-jin - head of South Korea’s Financial Supervisory Service - to describe what happened to those who offloaded their bitcoin. With prices climbing afterward, people forced to give back holdings might now owe money instead. Not just a one-off error, according to Lee; it revealed deeper flaws in how crypto platforms handle internal ledgers and transaction safeguards.

Disagreement persists among legal professionals regarding possible criminal consequences for users who withdrew accidentally deposited bitcoin. Though crypto assets were central to a 2021 South Korean high court decision, their exclusion from the definition of "property" in penal statutes muddies enforcement paths. Instead of pursuing drawn-out lawsuits, Bithumb initiated private talks with around eighty individuals who converted the digital value into local currency, asking repayment in won amounts.

Now probing deeper, the Financial Supervisory Service has opened a comprehensive review; meanwhile, lawmakers in Seoul will hold an urgent session on 11 February to press officials and platform leaders for answers. Speaking publicly, Bithumb admitted changes are underway - its payout systems being rebuilt, oversight tightened - even though they insist no cyberattack occurred nor did outside actors gain access.

Bithumb Mistakenly Credits Users With Billions in Bitcoin During Promotion Error



 

South Korea

Bitcoin Bithumb cryptocurrency Cyber Security phishing South Korea

Bithumb Mistakenly Credits Users With Billions in Bitcoin During Promotion Error

A promotional campaign at South Korean cryptocurrency exchange Bithumb turned into a large scale operational incident after a data entry mistake resulted in users receiving bitcoin instead of a small cash-equivalent reward.

Initial reports suggested that certain customers were meant to receive 2,000 Korean won as part of a routine promotional payout. Instead, those accounts were credited with 2,000 bitcoin each. At current market valuations, 2,000 bitcoin represents roughly $140 million per account, transforming what should have been a minor incentive into an extraordinary allocation.

Bithumb later confirmed that the scope of the error was larger than early estimates. According to the exchange, a total of 620,000 bitcoin was mistakenly credited to 695 user accounts. Based on prevailing prices at the time of the incident, that amount corresponded to approximately $43 billion in value. The exchange stated that the issue stemmed from an internal processing mistake and was not connected to external hacking activity or a breach of its security infrastructure. It emphasized that customer asset custody systems were not compromised.

The sudden appearance of large bitcoin balances had an immediate effect on trading activity within the platform. Bithumb reported that the incident contributed to a temporary decline of about 10 percent in bitcoin’s price on its exchange, as some affected users rapidly sold the credited assets. To contain further disruption, the company restricted withdrawals and suspended certain transactions linked to the impacted accounts. It stated that 99.7 percent of the mistakenly issued bitcoin has since been recovered.

The event has revived discussion around the concept often described as “paper bitcoin.” On centralized exchanges, user balances are reflected in internal ledgers rather than always corresponding to coins held in individual blockchain wallets. In practice, exchanges may not maintain a one-to-one on-chain reserve for every displayed balance at every moment. This structural model has previously drawn criticism, most notably during the collapse of Mt. Gox in 2014, which was then the largest bitcoin exchange globally. Its failure exposed major discrepancies between reported and actual holdings.

Data from blockchain analytics firm Arkham Intelligence indicates that Bithumb currently controls digital assets worth approximately $5.3 billion. That figure is substantially lower than the $43 billion temporarily reflected in the erroneous credits, underscoring that the allocation existed within internal accounting records rather than as newly transferred blockchain assets.

Observers on social media platform X questioned how such a large discrepancy could occur without automated safeguards preventing the issuance. Bithumb has faced security challenges in the past. In 2017, an employee’s device was compromised, exposing customer data later used in phishing attempts. In 2018, around $30 million in cryptocurrency was stolen in an attack attributed to the Lazarus Group, an organization widely linked to North Korea. A further breach in 2019 resulted in losses of roughly $20 million and was initially suspected to involve insider participation. In each instance, Bithumb stated that it compensated affected users for lost funds, though earlier incidents included exposure of personal information.

Beyond cybersecurity events, the exchange has also been subject to regulatory scrutiny, including investigations related to alleged fraud, embezzlement, and promotional practices. Reports indicate it was again raided this week over concerns involving misleading advertising.

Bithumb maintains that no customer ultimately suffered a net financial loss from the recent error, though the price movement raised concerns about potential liquidations for leveraged traders. A comparable situation occurred at decentralized exchange Paradex, which reversed trades following a pricing malfunction.

The incident unfolds amid broader market strain, with digital asset prices astronomically below their October peaks and political debate intensifying around cryptocurrency-linked business interests connected to U.S. public figures. Recent disclosures from the U.S. Department of Justice concerning Jeffrey Epstein’s early involvement in cryptocurrency ventures have further fueled online speculation and conspiracy narratives across social platforms.

Google Owned Mandiant Finds Vishing Attacks Against SaaS Platforms



 

saaS

Bitcoin Crypto Cyber Security Google Mandiant saaS

Google Owned Mandiant Finds Vishing Attacks Against SaaS Platforms

Mandiant recently said that it found an increase in threat activity that deploys tradecraft for extortion attacks carried out by a financially gained group ShinyHunters.

These attacks use advanced voice phishing (vishing) and fake credential harvesting sites imitating targeted organizations to get illicit access to victims systems by collecting sign-on (SSO) credentials and two factor authentication codes.
The attacks aim to target cloud-based software-as-a-service (SaaS) apps to steal sensitive data and internal communications and blackmail victims.

Google owned Mandiant’s threat intelligence team is tracking the attacks under various clusters: UNC6661, UNC6671, and UNC6240 (aka ShinyHunters). These gangs might be improving their attack tactics. "While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations of threat activity preceding ShinyHunters-branded extortion, the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion," Mandiant said.

"Further, they appear to be escalating their extortion tactics with recent incidents, including harassment of victim personnel, among other tactics.”

Theft details

UNC6661 was pretending to be IT staff sending employees to credential harvesting links tricking them into multi-factor authentication (MFA) settings. This was found during mid-January 2026.

Threat actors used stolen credentials to register their own device for MFA and further steal data from SaaS platforms. In one incident, the hacker exploited their access to infected email accounts to send more phishing emails to users in cryptocurrency based organizations.

The emails were later deleted to hide the tracks. Experts also found UNC6671 mimicking IT staff to fool victims to steal credentials and MFA login codes on credential harvesting websites since the start of this year. In a few incidents, the hackers got access to Okta accounts.

UNC6671 leveraged PowerShell to steal sensitive data from OneDrive and SharePoint.

Attack tactic

The use of different domain registrars to register the credential harvesting domains (NICENIC for UNC6661 and Tucows for UNC6671) and the fact that an extortion email sent after UNC6671 activity did not overlap with known UNC6240 indicators are the two main differences between UNC6661 and UNC6671.

This suggests that other groups of people might be participating, highlighting how nebulous these cybercrime organizations are. Furthermore, the targeting of bitcoin companies raises the possibility that the threat actors are searching for other opportunities to make money.

Google’s Quantum Breakthrough Rekindles Concerns About Bitcoin’s Long-Term Security



 

Technology

Bitcoin ECC Google Quantum computing Technology

Google’s Quantum Breakthrough Rekindles Concerns About Bitcoin’s Long-Term Security

Google has announced a verified milestone in quantum computing that has once again drawn attention to the potential threat quantum technology could pose to Bitcoin and other digital systems in the future.

The company’s latest quantum processor, Willow, has demonstrated a confirmed computational speed-up over the world’s leading supercomputers. Published in the journal Nature, the findings mark the first verified example of a quantum processor outperforming classical machines in a real experiment.

This success brings researchers closer to the long-envisioned goal of building reliable quantum computers and signals progress toward machines that could one day challenge the cryptography protecting cryptocurrencies.

What Google Achieved

According to Google’s study, the 105-qubit Willow chip ran a physics algorithm faster than any known classical system could simulate. This achievement, often referred to as “quantum advantage,” shows that quantum processors are starting to perform calculations that are practically impossible for traditional computers.

The experiment used a method called Quantum Echoes, where researchers advanced a quantum system through several operations, intentionally disturbed one qubit, and then reversed the sequence to see if the information would reappear. The re-emergence of this information, known as a quantum echo, confirmed the system’s interference patterns and genuine quantum behavior.

In measurable terms, Willow completed the task in just over two hours, while Frontier, one of the world’s fastest publicly benchmarked supercomputers, would need about 3.2 years to perform the same operation. That represents a performance difference of nearly 13,000 times.

The results were independently verified and can be reproduced by other quantum systems, a major step forward from previous experiments that lacked reproducibility. Google CEO Sundar Pichai noted on X that this outcome is “a substantial step toward the first real-world application of quantum computing.”

Willow’s superconducting transmon qubits achieved an impressive level of stability. The chip recorded median two-qubit gate errors of 0.0015 and maintained coherence times above 100 microseconds, allowing scientists to execute 23 layers of quantum operations across 65 qubits. This pushed the system beyond what classical models can reproduce and proved that complex, multi-layered quantum circuits can now be managed with high accuracy.

From Sycamore to Willow

The Willow processor, unveiled in December 2024, is a successor to Google’s Sycamore chip from 2019, which first claimed quantum supremacy but lacked experimental consistency. Willow bridges that gap by introducing stronger error correction and better coherence, enabling experiments that can be repeated and verified within the same hardware.

While the processor is still in a research phase, its stability and reproducibility represent significant engineering progress. The experiment also confirmed that quantum interference can persist in systems too complex for classical simulation, which strengthens the case for practical quantum applications.

Toward Real-World Uses

Google now plans to move beyond proof-of-concept demonstrations toward practical quantum simulations, such as modeling atomic and molecular interactions. These tasks are vital for fields like drug discovery, battery design, and material science, where classical computers struggle to handle the enormous number of variables involved.

In collaboration with the University of California, Berkeley, Google recently demonstrated a small-scale quantum experiment to model molecular systems, marking an early step toward what the company calls a “quantum-scope” — a tool capable of observing natural phenomena that cannot be measured using classical instruments.

The Bitcoin Question

Although Willow’s success does not pose an immediate threat to Bitcoin, it has revived discussions about how close quantum computers are to breaking elliptic-curve cryptography (ECC), which underpins most digital financial systems. ECC is nearly impossible for classical computers to reverse-engineer, but it could theoretically be broken by a powerful quantum system running algorithms such as Shor’s algorithm.

Experts caution that this risk remains distant but credible. Christopher Peikert, a professor of computer science and engineering at the University of Michigan, told Decrypt that quantum computing has a small but significant chance, over five percent, of becoming a major long-term threat to cryptocurrencies.

He added that moving to post-quantum cryptography would address these vulnerabilities, but the trade-offs include larger keys and signatures, which would increase network traffic and block sizes.

Why It Matters

Simulating Willow’s circuits using tensor-network algorithms would take more than 10 million CPU-hours on Frontier. The contrast between two hours of quantum computation and several years of classical simulation offers clear evidence that practical quantum advantage is becoming real.

The Willow experiment transitions quantum research from theory to testable engineering. It shows that real hardware can perform verified calculations that classical computers cannot feasibly replicate.

For cybersecurity professionals and blockchain developers, this serves as a reminder that quantum resistance must now be part of long-term security planning. The countdown toward a quantum future has already begun, and with each verified advance, that future moves closer to reality.

Cryptoexchange SwissBorg Suffers $41 Million Theft, Will Reimburse Users



 

SwissBorg

AI Bitcoin Cloud cryptocurrency Cyber Security Cypto wallet Internet SwissBorg

Cryptoexchange SwissBorg Suffers $41 Million Theft, Will Reimburse Users

According to SwissBorg, a cryptoexchange platform, $41 million worth of cryptocurrency was stolen from an external wallet used for its SOL earn strategy in a cyberattack that also affected a partner company. The company, which is based in Switzerland, acknowledged the industry reports of the attack but has stressed that the platform was not compromised.

CEO Cyrus Fazel said that an external finance wallet of a partner was compromised. The incident happened due to hacking of the partner’s API, a process that lets software customers communicate with each other, impacting a single counterparty. It was not a compromise of SwissBorg, the company said on X.

SwissBorg said that the hack has impacted fewer than 1% of users. “A partner API was compromised, impacting our SOL Earn Program (~193k SOL, <1% of users). Rest assured, the SwissBorg app remains fully secure and all other funds in Earn programs are 100% safe,” it tweeted. The company said they are looking into the incident with other blockchain security firms.

All other assets are secure and will compensate for any losses, and user balances in the SwissBorg app are not impacted. SOL Earn redemptions have been stopped as recovery efforts are undergoing. The company has also teamed up with law enforcement agencies to recover the stolen funds. A detailed report will be released after the investigations end.

The exploit surfaced after a surge in crypto thefts, with more than $2.17 billion already stolen this year. Kiln, the partner company, released its own statement: “SwissBorg and Kiln are investigating an incident that may have involved unauthorized access to a wallet used for staking operations. The incident resulted in Solana funds being improperly removed from the wallet used for staking operations.”

After the attack, “SwissBorg and Kiln immediately activated an incident response plan, contained the activity, and engaged our security partners,” it said in a blogpost, and that “SwissBorg has paused Solana staking transactions on the platform to ensure no other customers are impacted.”

Fazel posted a video about the incident, informing users that the platform had suffered multiple breaches in the past.

Malicous npm package exploit crypto wallets



 

Windows

AI Bitcoin Cloud Crypto Ethereum Internet Technology Windows

Malicous npm package exploit crypto wallets

Experts have found a malicious npm package that consists of stealthy features to deploy malicious code into pc apps targeting crypto wallets such as Exodus and Atomic.

About the package

Termed as “nodejs-smtp,” the package imitates the genuine email library nodemailer with the same README descriptions, page styling, and tagline, bringing around 347 downloads since it was uploaded to the npm registry earlier this year by a user “nikotimon.”

It is not available anymore. Socket experts Krill Boychenko said, "On import, the package uses Electron tooling to unpack Atomic Wallet's app.asar, replace a vendor bundle with a malicious payload, repackage the application, and remove traces by deleting its working directory.”

What is the CIS build kit?

The aim is to overwrite the recipient address with hard-coded wallets handled by a cybercriminal. The package delivers by working as an SMTP-based mailer while trying to escape developers’ attention.

This has surfaced after ReversingLabs found an npm package called "pdf-to-office" that got the same results by releasing the “app.asar” archives linked to Exodus and Atomic wallets and changing the JavaScript file inside them to launch the clipper function.

According to Boychenko, “this campaign shows how a routine import on a developer workstation can quietly modify a separate desktop application and persist across reboots. He also said that “by using import time execution and Electron packaging, a lookalike mailer becomes a wallet drainer that alters Atomic and Exodus on compromised Windows systems."

What next?

The campaign has exposed how a routine import on a developer's pc can silently change a different desktop application and stay alive in reboots. By exploiting the import time execution and Electron packaging, an identical mailer turns into a wallet drainer. Security teams should be careful of incoming wallet drainers deployed through package registries.

German Mobile Insurance Giant Falls After Devastating Ransomware Attack



 

insurance

Akira Bitcoin Customer Data Cyber Attacks Germany insurance

German Mobile Insurance Giant Falls After Devastating Ransomware Attack

A cyberattack has brought down one of Germany’s largest phone insurance and repair networks, forcing the once-thriving Einhaus Group into insolvency. The company, which at its peak generated around €70 million in annual revenue and partnered with big names such as Deutsche Telekom, Cyberport, and 1&1, has been unable to recover from the financial and operational chaos that followed the attack.

The Day Everything Stopped

In March 2023, founder Wilhelm Einhaus arrived at the company’s offices to an unsettling sight. Every printer had churned out the same note: “We’ve hacked you. All further information can be found on the dark web.” Investigations revealed the work of the hacking group known as “Royal.” They had infiltrated the company’s network, encrypting all of its core systems, the very tools needed to process claims, manage customer data, and run daily operations.

Without these systems, business ground to a halt. The hackers demanded around $230,000 in Bitcoin to unlock the computers. Facing immediate and heavy losses, and with no way to operate manually at the same scale, Einhaus Group reportedly agreed to pay. The financial damage, however, was already severe, estimated in the multi-million-euro range. Police were brought in early, but the payment decision was made to avoid even greater harm.

Desperate Measures to Stay Afloat

Before the attack, the company employed roughly 170 people. Within months, more than 100 positions were cut, leaving only eight employees to handle all ongoing work. With so few staff, much of the processing had to be done by hand, slowing operations dramatically.

To raise funds, the company sold its headquarters and liquidated various investments. These moves bought time but did not restore the business to its former state.

Seized Ransom, But No Relief

In a twist, German authorities later apprehended three suspects believed to be linked to the “Royal” group. They also seized cryptocurrency valued in the high six-figure euro range, suspected to be connected to the ransom payments.

However, Einhaus Group has not received its money back. Prosecutors have refused to release the seized funds until investigations are complete — a process that could take years. Other ransomware victims in Germany are in the same position, with no guarantee they will ever recover the full amount.

Final Stages of the Collapse

Three separate companies tied to the Einhaus Group have now formally entered insolvency proceedings. While liquidation is a strong possibility, founder Wilhelm Einhaus, now 72, insists he has no plans to retire. If the business is dissolved, he says he will start again from scratch.

The Einhaus case is not unique. Just recently, the UK’s 158-year-old transport company Knights of Old collapsed after a ransomware attack by a group known as “Akira,” leaving 700 people jobless. Cyberattacks are increasingly proving fatal to established businesses not just through stolen data, but by dismantling the very infrastructure needed to survive.

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply



 

Russia

Bitcoin Crypto Mining Cyber Crime electricity Russia

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply

In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.

What Is Crypto Mining, and Why Is It Controversial?

Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.

Why Was This Setup a Problem?

While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.

The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.

Not the First Incident

This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.

Wider Energy and Security Impacts

Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.

Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.

The Environmental Cost

Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.

Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.

Elon Musk Introduces XChat: Could This Be the Future of Private Messaging?



 

xchat

Bitcoin Elon Musk Privacy xchat

Elon Musk Introduces XChat: Could This Be the Future of Private Messaging?

Elon Musk has recently introduced a new messaging tool for X, the platform formerly known as Twitter. This new feature, called XChat, is designed to focus on privacy and secure communication.

In a post on X, Musk shared that XChat will allow users to send disappearing messages, make voice and video calls, and exchange all types of files safely. He also mentioned that this system is built using new technology and referred to its security as having "Bitcoin-style encryption." However, he did not provide further details about how this encryption works.

Although the phrase sounds promising, Musk has not yet explained what makes the encryption similar to Bitcoin’s technology. In simple terms, Bitcoin uses very strong methods to protect data and keep user identities hidden. If XChat is using a similar security system, it could offer serious privacy protections. Still, without exact information, it is difficult to know how strong or reliable this protection will actually be.

Many online communities, especially those interested in cryptocurrency and secure communication, quickly reacted to the announcement. Some users believe that if XChat really provides such a high level of security, it could become a competitor to other private messaging apps like Signal and Telegram. People in various online groups also discussed the possibility that this feature could change how users share sensitive information safely.

This update is part of Musk’s ongoing plan to turn X into more than just a social media platform. He has often expressed interest in creating an "all-in-one" application where users can chat, share files, and even manage payments in a secure space.

Just last week, Musk introduced another feature called X Money. This payment system is expected to be tested with a small number of users later this year. Musk highlighted that when it comes to managing people’s money, safety and careful testing are essential.

By combining private messaging and payment services, X seems to be following the model of platforms like China’s WeChat, which offers many services in one place.

At this time, there are still many unanswered questions. It is not clear when XChat will be fully available to all users or exactly how its security will work. Until more official information is released, people will need to wait and see whether XChat can truly deliver the level of privacy it promises.

Reports Indicate Social Engineering Attacks on Binance and Kraken



 

Kraken

Artifical Intelligence Binance Binance Coins (BNB) Bitcoin Bybit Coinbase Cyber Attacks Cybersecurity CyberThreat Engineering Attacks FTX Kraken

Reports Indicate Social Engineering Attacks on Binance and Kraken

As a result of sophisticated social engineering attacks mimicking a recent attempt to breach Coinbase Global Inc., Binance and Kraken exchanges have both been able to thwart such attacks. In the report by Bloomberg, sources familiar with the matter claim that Binance and Kraken (NASDAQ: COIN) have successfully neutralised the threats before any customer information was compromised.

Despite the fact that information remains confidential and neither exchange has publicly commented, insiders indicate that neither platform has been compromised. This attempt to breach a digital asset firm is part of a broader, ongoing trend where cybercriminals are increasingly targeting digital asset companies, particularly when the cryptocurrency market is experiencing a surge.

The latest wave of attacks, which have cost the crypto industry billions, impacted platforms such as Bitfinex, Bybit, and now-defunct FTX, was reported to be a result of Binance and Kraken having robust internal controls and security protocols in place to prevent them from taking place. Based on the findings of the sources, it appears that the attackers employed elaborate manipulation tactics aimed at customer service personnel, which had striking similarities to the attack Coinbase faced earlier.

The scammers were alleged to have attempted to bribe Binance support agents, even going so far as to share their Telegram contact address in order to facilitate illicit communication with the agents. As a result of the resilience demonstrated by these exchanges, it is clear that cybersecurity strategies in the crypto industry have become more sophisticated, despite adversaries continuing to develop more deceptive methods of infiltration.

Despite the increasing complexity of cyber threats, both Binance and Kraken proved to be incredibly effective against these threats by successfully preventing potentially damaging data breaches, despite the fact that the threats have become more complex and challenging. Several individuals with knowledge of the matter have told me that the exchanges were targeted by social engineering schemes meant to exploit human weaknesses rather than technical flaws in order to get access to the exchanges.

The criminals have been reported to impersonate legitimate contact information and bribe customer service representatives via encrypted messaging platforms such as Telegram in order to gain access to confidential user information, including home addresses, account credentials, and other information relating to the individual. The response of Binance was notably facilitated by its sophisticated artificial intelligence-driven detection systems, which had a significant impact on identifying and intercepting suspicious communications, leading to a successful outcome.

As soon as these Artificial Intelligence tools were able to recognise deceptive patterns across multiple languages, they flagged malicious attempts immediately, before any breaches could occur. Furthermore, Binance's internal security protocols strictly limit data access privileges, which ensure that only verified personnel can retrieve sensitive user information under controlled circumstances during official support interactions. With the multi-layered approach, human error or manipulation was drastically reduced as a result of the multiple layers of security.

In addition, Kraken implemented rigorous protective measures to counter the threat, though it has not released specific technical details of what was done. A swift and structured internal response was critical in neutralising the attack, according to sources. During the exchange's confirmation process, all user data, including login credentials, private keys, and digital assets, was assured to be completely secure. As a result of these incidents, there is an increasing need to strengthen proactive defence mechanisms and internal accountability to protect customer assets, especially at a time when social engineering is continuing to become more popular among cyber adversaries targeting the cryptocurrency industry as a tactic.

The recent cyberattacks that occurred on Coinbase, Binance, and Kraken suggest that cybercriminals are shifting their tactics in the cryptocurrency industry in a significant way. Several high-profile breaches have historically been the result of direct technical exploits, including the collapse of Mt. Gox, which resulted in the loss of approximately $460 million, and the hack of Bitstamp in 2015, which cost the exchange $5 million.

Often, these attacks are based on weaknesses in platform infrastructure, such as code, server configurations, or security protocols, which are exploited to attack platforms. The latest wave of attacks, on the other hand, seems to have adopted a psychologically more refined, socially oriented approach. Cybercriminals are now focusing on manipulating individuals within organisations, specifically those who have access to sensitive systems, rather than attempting to penetrate hardened technical defences.

They are using psychological manipulation to gain access to sensitive systems within a company. It has been reported that the attackers who are responsible for these recent incidents are using platforms such as Telegram to impersonate trustworthy sources and offer bribes in exchange for confidential customer data, including their home addresses, credentials, and other personal identifiers. In addition to this change in strategy, technical security frameworks within top crypto exchanges are becoming increasingly resilient, demonstrating the growing resilience of these frameworks.

Binance and Kraken, among others, continue to strengthen their digital defences by utilising artificial intelligence and behaviour-detection systems, leading threat actors to exploit the human element, which is considered to be one of the most vulnerable components of cybersecurity. As a result, they are more likely to exploit the human element.

A notable difference between Coinbase and Binance, and Kraken is that, despite similar manipulation tactics successfully compromising Coinbase systems, similar attempts were swiftly identified and neutralised near-instantly due to robust internal safeguards and real-time AI monitoring conducted at those exchanges. These recent attacks have many parallels to earlier incidents, including the Bitstamp breach, which was also a result of employee phishing, which illustrates that while tools and platforms may have evolved, the fundamental tactic of targeting insider access remains a persistent threat, even though they are using a different approach.

In order to combat the increasing sophistication of social engineering threats in the cryptocurrency space, continuous training, layered security policies, and proactive detection mechanisms are needed to combat the evolving landscape. As sources familiar with the matter have reported, attempts at hacking Binance and Kraken closely resembled those of Coinbase in recent months, but the attacks were ultimately stopped due to strict internal protocols and advanced security technology, sources familiar with the matter said.

In Binance, scammers are reportedly offering bribes to customer service representatives and providing them with Telegram handles for further communication, and these scammers are reportedly targeting customers at Binance. As a result of AI-powered monitoring tools, it was possible for the exchange to intercept and halt malicious interactions before any data was compromised by detecting suspicious messages across multiple languages. There are many leading platforms, but Binance is one of the most restrictive.

Binance limits access to customer data to sessions initiated by users themselves. Over the past two years, it has become increasingly evident that social engineering is an increasing threat in the cryptocurrency sector. For example, Coinbase's support staff was bribed by hackers to obtain sensitive client information, including personal and banking details. The hackers then demanded $20 million as a ransom. It has also been observed that hackers have used stolen user data, obtained through malware and traded on the dark web, to impersonate support teams and to trick their victims, as they have done in recent incidents targeting Binance users in Israel, where attackers used convincing accents and fake credentials to trick them.

According to cybersecurity experts, the most effective way to protect yourself against social engineering attacks is by strengthening procedures and maintaining an organisational culture that is vigilant. Several recent incidents have demonstrated the importance of conducting comprehensive employee training, ensuring stricter contractor vetting, minimising privileged access, and deploying real-time monitoring processes to detect anomalies in the behaviour of support personnel. As a result, key strategies are emerging, such as implementing a zero-trust access framework, where internal employees only have access to the limited information they need, and using artificial intelligence (AI) to identify indicators of bribery, unauthorised data requests, or attempts to communicate outside official channels.

A whistleblower system can also provide employees with the confidence they need to report suspicious activity without fear of reprisals. Moreover, smart contracts and automated logs can be integrated into the on-chain auditing process to ensure transparency and traceability of data access. By sharing intelligence among exchanges, the sector will be strengthened by allowing platforms to learn from emerging attack patterns, by enhancing the level of resilience on the platform.

In the opinion of experts, it is highly likely that if such measures had been fully implemented, the Coinbase breach might have been significantly reduced—or perhaps even avoided altogether. Trust has remained a fundamental pillar in the realm of digital finance, especially for centralised cryptocurrency exchanges that are responsible for the protection of billions of dollars worth of user assets.

An investment can be eroded quickly by high-profile security incidents, so robust cybersecurity is not only a technical necessity but also a business imperative if such an incident occurs. In response to recent social engineering attacks, Binance and Kraken responded quickly and transparently to send a strong message to their users and stakeholders that they have strengthened their platforms and that cybersecurity is a top priority for them.

It has been a real pleasure to watch both exchanges stand up to sophisticated attacks and maintain a transparent posture while acting decisively in the face of such attacks; as a result, they have set new benchmarks for operational integrity and responsiveness within the crypto industry. Additionally, these events serve as a warning to the industry as a whole-highlighting the need for continued investment into employee education, internal controls, and incident response mechanisms.

While firewalls and encryption will always be an important part of security systems, it is the human element that often poses the greatest threat. By continuing to train and conduct simulations, it is imperative that we strengthen this vulnerability. As a result of these thwarted cyberattacks, Binance and Kraken continue to advance the advancement of secure, trustworthy, and resilient digital asset platforms, which underscores their leadership.

As the crypto industry continues to evolve, lessons from these thwarted breaches have been instrumental in defining digital asset security for years to come. Centralised exchanges will need to be aware that as their platforms grow and attract a wider variety of participants, they will face increasingly targeted and nuanced attacks. The emphasis must move from deploying cutting-edge technology to building resilient organisational frameworks that anticipate risks proactively, and not just deploy them.

Security should be a top priority at every level of organisation, as well as investing in specialised training for frontline personnel, as well as cultivating robust incident response ecosystems that can respond rapidly and efficiently. A regulatory agency and an industry alliance should also use this opportunity to encourage transparent reporting and the sharing of intelligence networks as a means of strengthening collective defences.

Ultimately, the future of the crypto infrastructure depends not just on innovation in blockchains and finance but also on an unwavering commitment to protecting users from emerging threats in the future. It is in this regard that Binance and Kraken serve as not only success stories but, more importantly, as clarion calls for all digital financial institutions to prioritise resilience, accountability, and trust as the foundation for sustainable digital finance, especially in times of crisis.

Hackers Exploit US Government agency’s Cloud System for Cryptojacking



 

US Government

Bitcoin Cryptojacking Cyber Attacks Monero US Government

Hackers Exploit US Government agency’s Cloud System for Cryptojacking

A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service charges before the breach was detected. This incident highlights the growing threat of cryptojacking, a cybercrime where hackers hijack computing power for financial gain.

How the Hackers Gained Access

The attackers used a technique called password spraying, which involves trying a set of commonly used passwords on multiple accounts until one works. They managed to breach a high-level administrator account that was part of a test environment, gaining significant control over the system.

Once inside, they created another account with similar privileges, allowing them to operate undetected for some time. Both accounts were then used to run cryptomining software, which consumes large amounts of processing power to generate digital currency. Since USAID was responsible for cloud costs, the agency unknowingly footed a massive bill for unauthorized usage.

What is Cryptojacking?

Cryptojacking is a cyberattack where hackers steal computing resources to mine cryptocurrencies like Bitcoin or Monero. Mining requires powerful hardware and electricity, making it expensive for individuals. By infiltrating cloud systems, cybercriminals shift these costs onto their victims, while reaping financial rewards for themselves.

This attack is part of a larger trend:

1. 2018: A cryptojacking incident compromised government websites in the U.S., U.K., and Ireland through a malicious web plugin.

2. 2019: Hackers accessed an AWS cloud account of a U.S. federal agency by exploiting credentials leaked on GitHub.

3. 2022: Iranian-linked hackers were found mining cryptocurrency on a U.S. civilian government network.

Cybersecurity experts warn that cryptojacking often goes unnoticed because it doesn’t immediately disrupt services. Instead, it slowly drains computing resources, resulting in skyrocketing cloud costs and potential security risks.

How USAID Responded

Once the attack was discovered, USAID took steps to secure its systems and prevent future breaches:

Tightened password policies to prevent unauthorized access.
Enabled multi-factor authentication (MFA) to add an extra layer of security.
Deleted compromised accounts and removed harmful scripts used in the attack.
Introduced continuous security monitoring to detect suspicious activity earlier.

A USAID internal report emphasized the need for stronger cybersecurity defenses to prevent similar incidents in the future.

Experts Warn of Increasing Cryptojacking Threats

Cryptojacking attacks are typically carried out by individual hackers or cybercrime syndicates looking for quick profits. However, some state-sponsored groups, including those linked to North Korea, have also used this method to fund their operations.

Cybersecurity professionals explain how these attacks work:

“If I break into someone’s cloud system, I can mine cryptocurrency using their resources, while they get stuck with the bill,” — Hamish Eisler, Chainalysis.

Jon Clay, a Threat Intelligence Expert at Trend Micro, describes cryptojacking as a persistent issue, where cybercriminals constantly look for new ways to exploit vulnerabilities.

How to Protect Against Cryptojacking

Organizations can take several measures to reduce the risk of cryptojacking attacks:

Implement strong passwords and MFA to make unauthorized access harder.
Monitor cloud usage for unexpected spikes in resource consumption.
Limit administrative access to only essential personnel.
Regularly review security settings to close potential loopholes.

To combat these threats, Microsoft introduced mandatory MFA for Azure logins, which began rolling out in 2024. This security measure is expected to make it harder for hackers to take over cloud accounts.

Cryptojacking is a growing cybersecurity threat that can lead to financial losses, operational disruption, and security risks. The USAID breach serves as a wake-up call for both government agencies and businesses to strengthen their cyber defenses. Without proactive measures, organizations remain vulnerable to attacks that silently drain resources and increase costs.

Solana Pioneers Quantum Resistance in Blockchain Technology



 

Technology

Bitcoin Blockchain Cyberattacks Cyberhackers Cybersecurity CyberThreat Quantum Resistance Solana Technology

Solana Pioneers Quantum Resistance in Blockchain Technology

There is no denying that Solana, one of the fastest-growing blockchain networks, has introduced a groundbreaking security feature called the Winternitz Vault. This feature will protect digital assets from quantum computing threats while maintaining the platform's high performance. Solana intends to address the challenges posed by quantum computing proactively to safeguard its users' funds and ensure the longevity of its blockchain infrastructure.

With the help of a decades-old cryptographic technique, Solana has developed a quantum-resistant vault that uses this technique to protect users' funds from quantum computer attacks. As part of the solution, known as the Solana Winternitz Vault, new keys are generated for every transaction as part of a hash-based signature system.

The company introduced a system called the "Solana Winternitz Vault" that protects user funds from quantum threats. The vault utilises a hash-based signature system that generates new keys for every transaction, making it highly secure. The chief scientist at Zeus Network, Dean Little, who is also a cryptography researcher, elaborated in a GitHub post that this approach complicates quantum computing and makes it harder for quantum computers to orchestrate coordinated attacks on public keys that are exposed during transactions, diminishing their ability to execute coordinated attacks. Since the vault exists in the current version as an optional feature, rather than as part of the network security upgrade, no fork is in sight.

As a result, users will need to actively store their funds in Winternitz Vaults instead of regular Solana Wallets if they wish to ensure that their funds remain quantum-proof. Even though the quantum-resistant vault is an optional feature rather than a system-wide requirement, it is important to note that it is still an optional feature. For this enhanced security to be realised, users need to choose to store their funds in the Winternitz Vault rather than the standard Solana wallet.

The vault's operation includes creating a split-and-refund account system to ensure secure fund transfers while protecting residual balances. The Winternitz Vault, a quantum-resistant solution developed by Solana developers, has been implemented to counter this risk and is based on a cryptographic technique dating back decades.

As a result of the vault's hash-based signature system, which generates new keys with each transaction, quantum computers are less likely to be able to crack the cryptographic keys because the vault employs a hash-based signature system. Using the Winternitz One-Time Signatures protocol, this vault creates 32 private key scalars that are hashed 256 times. It does not store the entire public key but only its hash for verification purposes.

It is important to note that every time a transaction is carried out, the vault creates a new set of keys, so no hacker can predict or steal a key before it is used. Solana's Winternitz Vault sets a new benchmark for blockchain security in the face of quantum computing, allowing users to take advantage of the optional tools necessary to protect their digital assets against future threats.

By implementing this forward-looking strategy, Solana reinforces its commitment to innovation and security that it has always displayed, placing it as a market leader in the blockchain space as quantum computing continues to develop, providing blockchain networks like Solana the flexibility to adapt to new challenges as they arise. It is Solana's goal to stay abreast of such advancements, ensuring its users can be assured that their digital assets can be safeguarded with confidence, regardless of future technological advances.

Nonetheless, Cornell University researchers have found that breaking an elliptic curve cryptographic key with 160 bits would require approximately 1,000 qubits, which is far more than is currently available. The blockchain industry is still pushing forward despite this. In its beta stage, QAN, for example, claimed it had achieved "quantum hardness," and other protocols have quietly improved their cryptographic foundations.

In recent years, quantum computing power has been predicted to grow exponentially – a phenomenon known as Neven's Law – and some experts believe that this will happen in the future. This forecast has driven more blockchain developers to implement quantum-resistant solutions, even though full-scale quantum computers are still years or decades away from seriously threatening the current cryptographic standards for coins, tokens, and other applications. Considering quantum resistance as an extra feature for many crypto projects may seem overkill, but Web3 developers are known for always being two steps ahead of the game.

Tech Ventures: Israel Advances in Crypto Ecosystem



 

Technology

Bitcoin Crypto Israel Startups Technology

Tech Ventures: Israel Advances in Crypto Ecosystem

Israel, often known as the "Startup Nation," has emerged as a global leader in cybersecurity, defense, and internet technologies. Cryptocurrency has easily integrated into the high-tech ecosystem, transforming the digital asset class and blockchain technology into key drivers of the country's economic growth.

Bitcoin ETFs: The Game Changer

In January 2024, when the Securities and Exchange Commission approved various Bitcoin ETFs in the United States, the worldwide crypto market had a 70% price increase, bringing more than $11 billion into the industry. BTC ETF options for US markets were announced in November 2024, resulting in increased retail and institutional investor inflows into the crypto markets. This contributed to the global crypto bull run.

Blockaid, Ingonyama, Tres, Oobit, and Fordefi are all part of Israel's cryptocurrency ecosystem. In January 2024, Israel had 24 "unicorns". These are private enterprises worth more than $1 billion. Then there's Starkware, a leader in the Ethereum scaling field, which has reached a $20 billion valuation since the creation of the $STARK token.

According to a recent yearly assessment, Tel Aviv has the fifth most attractive startup ecosystem in the world. Despite geopolitical uncertainties, the crypto community will undoubtedly increase. These are cryptocurrency enthusiasts, after all.

Israel and Tech Startup Landscape

Israel has traditionally inspired the technology sector, so it was logical that the blockchain would find its place here. The country has a strong emphasis on education, research, and development, as well as a surplus of technical skills.

They discovered an odd ally in military intelligence who has assisted in the development of tech entrepreneurs and the facilitation of their cryptocurrency investments. Unit 8200 is deeply involved in the cryptocurrency world, and its alumni have joined and established successful firms, bringing government ties, extensive cybersecurity knowledge, and a well-rounded computer education to the blockchain. The Mamram Blockchain Incubator is also associated with the IDF's Centre for Computing and Information Systems.

Tech Revolution in Israel

The Israeli government has contributed to the digital revolution by publicly experimenting with one of the world's first Central Bank Digital Coins. In 2021, the government released the first prototype of the Digital Shekel, and the Bank of Israel recently announced a Digital Shekel Challenge to investigate potential CBDC uses.

The country is also investing in supercomputer technology to compete in the Artificial Intelligence arms race and keep its position at the forefront of the tech start-up scene.

Bitcoin Heist in Japan Attributed to North Korean Cybercriminals



 

TraderTraitor

Bitcoin Cyber Attacks CyberCrime Cybersecurity CyberThreat DMM FBI Ginco lazarus TraderTraitor

Bitcoin Heist in Japan Attributed to North Korean Cybercriminals

A joint alert from the FBI, the Department of Defense (D.O.D.) Cyber Crime Center and the National Police Agency of Japan reveal that a North Korean threat group carried out a significant cryptocurrency theft from Japan's crypto firm DMM in May 2024. The group, referred to as TraderTraitor—also known as Jade Sleet, UNC4899, and Slow Pisces — is believed to be linked to the Lazarus Group, a notorious hacking collective with ties to Pyongyang authorities.

The Lazarus Group, infamous for high-profile cyberattacks, gained notoriety for hacking Sony Pictures in retaliation for the 2009 film The Interview, which mocked North Korean leader Kim Jong Un. Their recent activities, however, focus on cryptocurrency theft, leveraging advanced social engineering techniques and malicious code.

Social Engineering and the Ginco Incident

In late March 2024, a TraderTraitor operative posing as a recruiter contacted an employee of Ginco, a Japanese cryptocurrency wallet software company, via LinkedIn. Disguised as part of a pre-employment process, the operative sent a malicious Python script under the guise of a coding test. The employee unknowingly uploaded the script to their GitHub account, granting the attackers access to session cookie information and Ginco’s wallet management system.

The attackers intercepted legitimate transaction requests from DMM employees by maintaining this access. This led to the theft of over 4,500 bitcoins, valued at $308 million. The funds were traced to accounts managed by the TraderTraitor group, which utilized mixing and bridging services to obfuscate the stolen assets.

North Korea's Financial Strategy and Cryptocurrency Exploitation

With international sanctions severely restricting North Korea's access to global financial systems, the regime increasingly relies on cybercrime and cryptocurrency theft for revenue generation. Due to their decentralized and pseudonymous nature, cryptocurrency presents a lucrative target for laundering stolen funds and bypassing traditional banking systems.

Chainalysis Findings

Blockchain intelligence firm Chainalysis attributed the DMM Bitcoin hack to North Korean actors. The attackers exploited weaknesses in the platform's infrastructure to perform unauthorized withdrawals. The stolen cryptocurrency was routed through multiple intermediary addresses and processed via the Bitcoin CoinJoin mixing service to conceal its origins. Portions of the funds were further transferred through various bridge services before being channelled to HuiOne Guarantee, a website linked to the Cambodian conglomerate HuiOne Group, a known facilitator of cybercrime.

Additional Findings by AhnLab Security Intelligence Center

The AhnLab Security Intelligence Center (ASEC) has reported another North Korean threat actor, Andariel — part of the Lazarus Group — deploying a backdoor known as SmallTiger. This tool has been used in campaigns parallel to those executed by TraderTraitor, highlighting the group's continued evolution in cybercrime tactics.

The coordinated alert from international agencies underscores the urgent need for enhanced cybersecurity measures within the cryptocurrency industry to counter sophisticated threats like those posed by the Lazarus Group and its affiliates.

Bitcoin Security Concerns Amid Quantum Computing Advancements



 

Quantum computing

Bitcoin Bitcoin Vulnerability Blockchain Blockchain Technology Computing Cryptography Cyber Secuirty Encryption Quantum computing

Bitcoin Security Concerns Amid Quantum Computing Advancements

Chamath Palihapitiya, CEO of Social Capital, has raised alarms over Bitcoin’s future security, cautioning that its SHA-256 encryption may become vulnerable within the next two to five years. Speaking on the All-In Podcast, he highlighted rapid advancements in quantum computing, particularly Google’s unveiling of the Willow quantum chip featuring 105 qubits. Palihapitiya estimates that 8,000 such chips could potentially breach SHA-256 encryption, underscoring the pressing need for blockchain networks to adapt.

Quantum Computing's Impact on Cryptography

While acknowledging the infancy of quantum computing, Palihapitiya pointed to Google’s Willow chip as a pivotal development that could accelerate breakthroughs in cryptography. Despite scalability challenges, he remains optimistic that the cryptocurrency sector will evolve to develop quantum-resistant encryption methods.

Not all experts share his concerns, however. Ki Young Ju, founder of CryptoQuant, has expressed confidence that Bitcoin’s encryption is unlikely to face quantum threats within this decade.

Satoshi Nakamoto’s Early Solutions

Bitcoin’s pseudonymous creator, Satoshi Nakamoto, had anticipated such scenarios. In 2010, Satoshi proposed that the Bitcoin community could agree on the last valid blockchain snapshot and transition to a new cryptographic framework if SHA-256 were compromised. However, these early solutions are not without controversy.

Emin Gün Sirer, founder of Avalanche, has warned that some of Satoshi’s early-mined coins used an outdated Pay-To-Public-Key (P2PK) format, which exposes public keys and increases the risk of exploitation. Sirer suggested the Bitcoin community should consider freezing these coins or setting a sunset date for outdated transactions to mitigate risks.

Recent advancements in quantum computing, including Google’s Willow chip, briefly unsettled the cryptocurrency market. A sudden wave of liquidations resulted in $1.6 billion being wiped out within 24 hours. However, Bitcoin demonstrated resilience, reclaiming the $100,000 resistance level and achieving a 4.6% weekly gain.

Proactive Measures for Long-Term Security

Experts widely agree that proactive steps, such as transitioning to quantum-resistant cryptographic frameworks, will be essential for ensuring Bitcoin’s long-term security. As the quantum era approaches, collaboration and innovation within the cryptocurrency community will be pivotal in maintaining its robustness against emerging threats.

The ongoing advancements in quantum computing present both challenges and opportunities. While they highlight vulnerabilities in existing systems, they also drive the cryptocurrency sector toward innovative solutions that will likely define the next chapter in its evolution.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Menu Item

The problem

What makes data a target?

What are the risks?

Theft details

Attack tactic

About the package

What is the CIS build kit?

What next?

Bitcoin ETFs: The Game Changer

Israel and Tech Startup Landscape

Tech Revolution in Israel

Quantum Computing's Impact on Cryptography

Satoshi Nakamoto’s Early Solutions

Proactive Measures for Long-Term Security