Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bitcoin. Show all posts
US Government
Bitcoin Cryptojacking Cyber Attacks Monero US Government

Hackers Exploit US Government agency’s Cloud System for Cryptojacking

 



A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service charges before the breach was detected. This incident highlights the growing threat of cryptojacking, a cybercrime where hackers hijack computing power for financial gain.  


How the Hackers Gained Access 

The attackers used a technique called password spraying, which involves trying a set of commonly used passwords on multiple accounts until one works. They managed to breach a high-level administrator account that was part of a test environment, gaining significant control over the system.  

Once inside, they created another account with similar privileges, allowing them to operate undetected for some time. Both accounts were then used to run cryptomining software, which consumes large amounts of processing power to generate digital currency. Since USAID was responsible for cloud costs, the agency unknowingly footed a massive bill for unauthorized usage.  


What is Cryptojacking?  

Cryptojacking is a cyberattack where hackers steal computing resources to mine cryptocurrencies like Bitcoin or Monero. Mining requires powerful hardware and electricity, making it expensive for individuals. By infiltrating cloud systems, cybercriminals shift these costs onto their victims, while reaping financial rewards for themselves.  

This attack is part of a larger trend:  

1. 2018: A cryptojacking incident compromised government websites in the U.S., U.K., and Ireland through a malicious web plugin.  

2. 2019: Hackers accessed an AWS cloud account of a U.S. federal agency by exploiting credentials leaked on GitHub.  

3. 2022: Iranian-linked hackers were found mining cryptocurrency on a U.S. civilian government network.  

Cybersecurity experts warn that cryptojacking often goes unnoticed because it doesn’t immediately disrupt services. Instead, it slowly drains computing resources, resulting in skyrocketing cloud costs and potential security risks.  


How USAID Responded

Once the attack was discovered, USAID took steps to secure its systems and prevent future breaches:  

  •  Tightened password policies to prevent unauthorized access.  
  •  Enabled multi-factor authentication (MFA) to add an extra layer of security.  
  •  Deleted compromised accounts and removed harmful scripts used in the attack.  
  •  Introduced continuous security monitoring to detect suspicious activity earlier.  

A USAID internal report emphasized the need for stronger cybersecurity defenses to prevent similar incidents in the future.  


Experts Warn of Increasing Cryptojacking Threats  

Cryptojacking attacks are typically carried out by individual hackers or cybercrime syndicates looking for quick profits. However, some state-sponsored groups, including those linked to North Korea, have also used this method to fund their operations.  

Cybersecurity professionals explain how these attacks work:  

“If I break into someone’s cloud system, I can mine cryptocurrency using their resources, while they get stuck with the bill,” — Hamish Eisler, Chainalysis.  

Jon Clay, a Threat Intelligence Expert at Trend Micro, describes cryptojacking as a persistent issue, where cybercriminals constantly look for new ways to exploit vulnerabilities.  


How to Protect Against Cryptojacking  

Organizations can take several measures to reduce the risk of cryptojacking attacks:  

  • Implement strong passwords and MFA to make unauthorized access harder.  
  • Monitor cloud usage for unexpected spikes in resource consumption.  
  • Limit administrative access to only essential personnel.  
  • Regularly review security settings to close potential loopholes.  

To combat these threats, Microsoft introduced mandatory MFA for Azure logins, which began rolling out in 2024. This security measure is expected to make it harder for hackers to take over cloud accounts.  

Cryptojacking is a growing cybersecurity threat that can lead to financial losses, operational disruption, and security risks. The USAID breach serves as a wake-up call for both government agencies and businesses to strengthen their cyber defenses. Without proactive measures, organizations remain vulnerable to attacks that silently drain resources and increase costs.

Read more »
Technology
Bitcoin Blockchain Cyberattacks Cyberhackers Cybersecurity CyberThreat Quantum Resistance Solana Technology

Solana Pioneers Quantum Resistance in Blockchain Technology

 


There is no denying that Solana, one of the fastest-growing blockchain networks, has introduced a groundbreaking security feature called the Winternitz Vault. This feature will protect digital assets from quantum computing threats while maintaining the platform's high performance. Solana intends to address the challenges posed by quantum computing proactively to safeguard its users' funds and ensure the longevity of its blockchain infrastructure. 

With the help of a decades-old cryptographic technique, Solana has developed a quantum-resistant vault that uses this technique to protect users' funds from quantum computer attacks. As part of the solution, known as the Solana Winternitz Vault, new keys are generated for every transaction as part of a hash-based signature system. 

The company introduced a system called the "Solana Winternitz Vault" that protects user funds from quantum threats. The vault utilises a hash-based signature system that generates new keys for every transaction, making it highly secure. The chief scientist at Zeus Network, Dean Little, who is also a cryptography researcher, elaborated in a GitHub post that this approach complicates quantum computing and makes it harder for quantum computers to orchestrate coordinated attacks on public keys that are exposed during transactions, diminishing their ability to execute coordinated attacks. Since the vault exists in the current version as an optional feature, rather than as part of the network security upgrade, no fork is in sight. 

As a result, users will need to actively store their funds in Winternitz Vaults instead of regular Solana Wallets if they wish to ensure that their funds remain quantum-proof. Even though the quantum-resistant vault is an optional feature rather than a system-wide requirement, it is important to note that it is still an optional feature. For this enhanced security to be realised, users need to choose to store their funds in the Winternitz Vault rather than the standard Solana wallet. 

The vault's operation includes creating a split-and-refund account system to ensure secure fund transfers while protecting residual balances. The Winternitz Vault, a quantum-resistant solution developed by Solana developers, has been implemented to counter this risk and is based on a cryptographic technique dating back decades. 

As a result of the vault's hash-based signature system, which generates new keys with each transaction, quantum computers are less likely to be able to crack the cryptographic keys because the vault employs a hash-based signature system. Using the Winternitz One-Time Signatures protocol, this vault creates 32 private key scalars that are hashed 256 times. It does not store the entire public key but only its hash for verification purposes. 

It is important to note that every time a transaction is carried out, the vault creates a new set of keys, so no hacker can predict or steal a key before it is used. Solana's Winternitz Vault sets a new benchmark for blockchain security in the face of quantum computing, allowing users to take advantage of the optional tools necessary to protect their digital assets against future threats. 

By implementing this forward-looking strategy, Solana reinforces its commitment to innovation and security that it has always displayed, placing it as a market leader in the blockchain space as quantum computing continues to develop, providing blockchain networks like Solana the flexibility to adapt to new challenges as they arise. It is Solana's goal to stay abreast of such advancements, ensuring its users can be assured that their digital assets can be safeguarded with confidence, regardless of future technological advances. 

Nonetheless, Cornell University researchers have found that breaking an elliptic curve cryptographic key with 160 bits would require approximately 1,000 qubits, which is far more than is currently available. The blockchain industry is still pushing forward despite this. In its beta stage, QAN, for example, claimed it had achieved "quantum hardness," and other protocols have quietly improved their cryptographic foundations. 

In recent years, quantum computing power has been predicted to grow exponentially – a phenomenon known as Neven's Law – and some experts believe that this will happen in the future. This forecast has driven more blockchain developers to implement quantum-resistant solutions, even though full-scale quantum computers are still years or decades away from seriously threatening the current cryptographic standards for coins, tokens, and other applications. Considering quantum resistance as an extra feature for many crypto projects may seem overkill, but Web3 developers are known for always being two steps ahead of the game.

Read more »
Technology
Bitcoin Crypto Israel Startups Technology

Tech Ventures: Israel Advances in Crypto Ecosystem

Tech Ventures: Israel Advances in Crypto Ecosystem

Israel, often known as the "Startup Nation," has emerged as a global leader in cybersecurity, defense, and internet technologies. Cryptocurrency has easily integrated into the high-tech ecosystem, transforming the digital asset class and blockchain technology into key drivers of the country's economic growth. 

Bitcoin ETFs: The Game Changer

In January 2024, when the Securities and Exchange Commission approved various Bitcoin ETFs in the United States, the worldwide crypto market had a 70% price increase, bringing more than $11 billion into the industry. BTC ETF options for US markets were announced in November 2024, resulting in increased retail and institutional investor inflows into the crypto markets. This contributed to the global crypto bull run.  

Blockaid, Ingonyama, Tres, Oobit, and Fordefi are all part of Israel's cryptocurrency ecosystem. In January 2024, Israel had 24 "unicorns". These are private enterprises worth more than $1 billion.  Then there's Starkware, a leader in the Ethereum scaling field, which has reached a $20 billion valuation since the creation of the $STARK token. 

According to a recent yearly assessment, Tel Aviv has the fifth most attractive startup ecosystem in the world. Despite geopolitical uncertainties, the crypto community will undoubtedly increase. These are cryptocurrency enthusiasts, after all.

Israel and Tech Startup Landscape

Israel has traditionally inspired the technology sector, so it was logical that the blockchain would find its place here. The country has a strong emphasis on education, research, and development, as well as a surplus of technical skills. 

They discovered an odd ally in military intelligence who has assisted in the development of tech entrepreneurs and the facilitation of their cryptocurrency investments. Unit 8200 is deeply involved in the cryptocurrency world, and its alumni have joined and established successful firms, bringing government ties, extensive cybersecurity knowledge, and a well-rounded computer education to the blockchain. The Mamram Blockchain Incubator is also associated with the IDF's Centre for Computing and Information Systems.

Tech Revolution in Israel

The Israeli government has contributed to the digital revolution by publicly experimenting with one of the world's first Central Bank Digital Coins. In 2021, the government released the first prototype of the Digital Shekel, and the Bank of Israel recently announced a Digital Shekel Challenge to investigate potential CBDC uses.

The country is also investing in supercomputer technology to compete in the Artificial Intelligence arms race and keep its position at the forefront of the tech start-up scene. 

Read more »
TraderTraitor
Bitcoin Cyber Attacks CyberCrime Cybersecurity CyberThreat DMM FBI Ginco lazarus TraderTraitor

Bitcoin Heist in Japan Attributed to North Korean Cybercriminals

 


A joint alert from the FBI, the Department of Defense (D.O.D.) Cyber Crime Center and the National Police Agency of Japan reveal that a North Korean threat group carried out a significant cryptocurrency theft from Japan's crypto firm DMM in May 2024. The group, referred to as TraderTraitor—also known as Jade Sleet, UNC4899, and Slow Pisces — is believed to be linked to the Lazarus Group, a notorious hacking collective with ties to Pyongyang authorities.

The Lazarus Group, infamous for high-profile cyberattacks, gained notoriety for hacking Sony Pictures in retaliation for the 2009 film The Interview, which mocked North Korean leader Kim Jong Un. Their recent activities, however, focus on cryptocurrency theft, leveraging advanced social engineering techniques and malicious code.

Social Engineering and the Ginco Incident

In late March 2024, a TraderTraitor operative posing as a recruiter contacted an employee of Ginco, a Japanese cryptocurrency wallet software company, via LinkedIn. Disguised as part of a pre-employment process, the operative sent a malicious Python script under the guise of a coding test. The employee unknowingly uploaded the script to their GitHub account, granting the attackers access to session cookie information and Ginco’s wallet management system.

The attackers intercepted legitimate transaction requests from DMM employees by maintaining this access. This led to the theft of over 4,500 bitcoins, valued at $308 million. The funds were traced to accounts managed by the TraderTraitor group, which utilized mixing and bridging services to obfuscate the stolen assets.

North Korea's Financial Strategy and Cryptocurrency Exploitation

With international sanctions severely restricting North Korea's access to global financial systems, the regime increasingly relies on cybercrime and cryptocurrency theft for revenue generation. Due to their decentralized and pseudonymous nature, cryptocurrency presents a lucrative target for laundering stolen funds and bypassing traditional banking systems.

Chainalysis Findings

Blockchain intelligence firm Chainalysis attributed the DMM Bitcoin hack to North Korean actors. The attackers exploited weaknesses in the platform's infrastructure to perform unauthorized withdrawals. The stolen cryptocurrency was routed through multiple intermediary addresses and processed via the Bitcoin CoinJoin mixing service to conceal its origins. Portions of the funds were further transferred through various bridge services before being channelled to HuiOne Guarantee, a website linked to the Cambodian conglomerate HuiOne Group, a known facilitator of cybercrime.

Additional Findings by AhnLab Security Intelligence Center

The AhnLab Security Intelligence Center (ASEC) has reported another North Korean threat actor, Andariel — part of the Lazarus Group — deploying a backdoor known as SmallTiger. This tool has been used in campaigns parallel to those executed by TraderTraitor, highlighting the group's continued evolution in cybercrime tactics.

The coordinated alert from international agencies underscores the urgent need for enhanced cybersecurity measures within the cryptocurrency industry to counter sophisticated threats like those posed by the Lazarus Group and its affiliates.


Read more »
Quantum computing
Bitcoin Bitcoin Vulnerability Blockchain Blockchain Technology Computing Cryptography Cyber Secuirty Encryption Quantum computing

Bitcoin Security Concerns Amid Quantum Computing Advancements

 

Chamath Palihapitiya, CEO of Social Capital, has raised alarms over Bitcoin’s future security, cautioning that its SHA-256 encryption may become vulnerable within the next two to five years. Speaking on the All-In Podcast, he highlighted rapid advancements in quantum computing, particularly Google’s unveiling of the Willow quantum chip featuring 105 qubits. Palihapitiya estimates that 8,000 such chips could potentially breach SHA-256 encryption, underscoring the pressing need for blockchain networks to adapt.

Quantum Computing's Impact on Cryptography

While acknowledging the infancy of quantum computing, Palihapitiya pointed to Google’s Willow chip as a pivotal development that could accelerate breakthroughs in cryptography. Despite scalability challenges, he remains optimistic that the cryptocurrency sector will evolve to develop quantum-resistant encryption methods.

Not all experts share his concerns, however. Ki Young Ju, founder of CryptoQuant, has expressed confidence that Bitcoin’s encryption is unlikely to face quantum threats within this decade.

Satoshi Nakamoto’s Early Solutions

Bitcoin’s pseudonymous creator, Satoshi Nakamoto, had anticipated such scenarios. In 2010, Satoshi proposed that the Bitcoin community could agree on the last valid blockchain snapshot and transition to a new cryptographic framework if SHA-256 were compromised. However, these early solutions are not without controversy.

Emin Gün Sirer, founder of Avalanche, has warned that some of Satoshi’s early-mined coins used an outdated Pay-To-Public-Key (P2PK) format, which exposes public keys and increases the risk of exploitation. Sirer suggested the Bitcoin community should consider freezing these coins or setting a sunset date for outdated transactions to mitigate risks.

Recent advancements in quantum computing, including Google’s Willow chip, briefly unsettled the cryptocurrency market. A sudden wave of liquidations resulted in $1.6 billion being wiped out within 24 hours. However, Bitcoin demonstrated resilience, reclaiming the $100,000 resistance level and achieving a 4.6% weekly gain.

Proactive Measures for Long-Term Security

Experts widely agree that proactive steps, such as transitioning to quantum-resistant cryptographic frameworks, will be essential for ensuring Bitcoin’s long-term security. As the quantum era approaches, collaboration and innovation within the cryptocurrency community will be pivotal in maintaining its robustness against emerging threats.

The ongoing advancements in quantum computing present both challenges and opportunities. While they highlight vulnerabilities in existing systems, they also drive the cryptocurrency sector toward innovative solutions that will likely define the next chapter in its evolution.

Read more »
Willow
Bitcoin Ethereum financial services Quantum computing Technology Willow

Bitcoin Hits $100,000 for the First Time Amid Market Volatility

 


The cryptocurrency market reached a historic milestone this week as Bitcoin closed above $100,000 for the first time in history. This marks a defining moment, reflecting both market optimism and growing investor confidence. Despite reaching a peak of $104,000, Bitcoin experienced significant price volatility, dropping as low as $92,000 before stabilizing at $101,200 by the end of the week. These sharp fluctuations resulted in a massive liquidation of $1.8 billion, primarily from traders holding long positions.

BlackRock's Record-Breaking Bitcoin ETF Purchase

In a major development, BlackRock's IBIT ETF purchased $398.6 million worth of Bitcoin on December 9. This acquisition propelled the fund's total assets under management to over $50 billion, setting a record as the fastest-growing ETF to reach this milestone in just 230 days. BlackRock's aggressive investment underscores the increasing institutional adoption of Bitcoin, solidifying its position as a mainstream financial asset.

Ripple made headlines this week with the approval of its RLUSD stablecoin by the New York Department of Financial Services. Designed for institutional use, the stablecoin will initially be launched on both Ripple's XRPL network and Ethereum. Analysts suggest this development could bolster Ripple's market standing, especially as rumors circulate about potential future partnerships, including discussions with Cardano's founder.

El Salvador created a buzz after announcing the discovery of $3 trillion worth of unmined gold. This announcement comes as the country negotiates with the International Monetary Fund (IMF) regarding its Bitcoin law. Reports indicate that El Salvador may make Bitcoin usage optional for merchants as part of an agreement to secure financial aid. This discovery adds an intriguing dimension to the nation’s economic strategy as it continues to embrace cryptocurrency alongside traditional resources.

Google’s Quantum Computing Progress and Bitcoin Security

Google showcased advancements in its quantum computing technology with its Willow chip, a quantum processor capable of solving problems exponentially faster than traditional supercomputers. While concerns have been raised about the potential impact on Bitcoin's security, experts confirm there is no immediate threat. Bitcoin's encryption, based on CDSA-256 and SHA-256, remains robust. With Willow currently at 105 qubits, it would take quantum technology reaching millions of qubits to penetrate Bitcoin's encryption methods effectively.

Market Outlook

Bitcoin's surge past $100,000 is undoubtedly a significant achievement, but analysts predict a short-term consolidation phase. Experts anticipate sideways price action as traders and investors take profits before year-end. Meanwhile, Ethereum experienced a 10% decline this week, reflecting broader market adjustments amid declining trading volumes.

The crypto space continues to evolve rapidly, with milestones and challenges shaping the future of digital assets. While optimism surrounds Bitcoin’s rise, vigilance remains essential as market dynamics unfold.

Read more »
Technology
Bitcoin Bitcoin Vulnerability CyberCrime Cybersecurity CyberThreat Google Quantum Technology

Is Bitcoin Vulnerable to Google’s Quantum Breakthrough?

 


Earlier this month, Google CEO Sundar Pichai announced the creation of their new quantum computing chips called "Willow", which caused a few ripples in the Bitcoin investment community, but also caused some skepticism among Bitcoin skeptics due to the announcement. A viral tweet sent out by Geiger Capital declaring "Bitcoin is dead" as a joke sparked a flood of mockery from skeptics who jumped at the opportunity to disparage the cryptocurrency. 

As the news cycle changes every few years, it happens every time there is news regarding quantum computing (QC) fear associated with Bitcoin. This may have been sparked by Google's successive chip announcements. Among the world's cryptocurrency communities, Google's newest quantum chip, Willow, has stirred up quite a bit of discussion. It has raised concerns over the possibility that Willow could breach Bitcoin's encryption, which is encrypted around the $2 trillion blockchain, which would allow any computer to perform a computation that would require a supercomputer billions of years to complete. 

As a result of the announcement, Bitcoin's price dipped briefly but quickly recovered back to its previous level. Those were the feelings for some people on Monday, at the unveiling of Willow, a quantum supercomputer, which is capable of performing certain computational tasks in just five minutes, which would otherwise take a classical supercomputer an astronomical amount of time -- specifically, 10 septillion years if it were classical. 

Even though there is an acknowledgement that quantum computing poses several theoretical risks, panic is still relatively low. The developers of Ethereum were among those who suggested that blockchains can be updated to resist quantum attacks, just as Bitcoin was upgraded in 2021 through the Taproot upgrade, which prepared the network for quantum attacks. There seems to be no immediate threat from this direction at the moment. Despite Willow's impressive achievements, there are no immediate commercial applications to be had from the company's technology. 

According to experts in the crypto industry, there is still time for the industry to adapt in anticipation of quantum computing's threat. A quantum computer also relies on entanglement to detect qubit states, where one qubit's state is directly correlated with another qubit's state. Their system is based on the use of quantum algorithms, such as Shor's and Grover's, that are already well-established and were designed to solve mathematical problems that would take classical computers billions of years to solve. 

Despite this, there's a catch: most machines are error-prone and require extreme conditions such as nearly absolute zero temperatures to operate, and they're far from the scale needed to handle the size of cryptographic systems like public key cryptography or bitcoin that exist in real life. As quantum computing is capable of solving problems at unprecedented speeds, it has long been considered that quantum computing can be a powerful tool for solving cryptographic problems, and this is true for both classical and elliptic curve-based cryptography. 

A Bitcoin transaction relies on two cryptographic pillars: the ECDSA (Elliptic Curve Digital Signature Algorithm) algorithm applies to securing the private keys and the SHA-256 algorithm for hashing the transaction. There are two types of computers, both of which are considered robust against conventional computers at present. However, the advent of powerful and error-correcting quantum computers will probably upend that assumption by making it trivial to solve classical cryptographic puzzles, thus making them obsolete. The recent announcement of Willow is being widely seen as a landmark achievement throughout the world of quantum computing. 

Despite this, experts still believe that Bitcoin will remain safe for the foreseeable future, according to a Coinpedia report. Even though researchers are hailing Willow as a breakthrough in the world of quantum computing, there is consensus among experts that Bitcoin remains safe, according to a report published in Coinpedia. As Willow works faster than classical computers at certain tasks, it is still nowhere near as powerful as the computers that crack Bitcoin's encryption. There is a theoretical possibility that quantum computers can be used to reduce Grover’s Algorithm to two times 128, thus making the problem, from a principle viewpoint, more manageable.

The problem, however, is that this still requires computation resources of a scale that humanity is undoubtedly far from possessing. In terms of quantum mechanics, as an example, the University of Sussex estimates that, depending on the speed of the operation, to break SHA-256 within a practical timeframe, 13 million to 317 million qubits will be required. It is interesting to note that there are only 105 qubits on Google's Willow chip, in comparison. 

The quantum computer represents a fascinating frontier in technology, but so far it is far from posing a credible threat to Bitcoin's cryptography despite its growing popularity. The use of QC is going to increase, and Bitcoin will become more vulnerable. However, bitcoin may only be vulnerable after other cryptographic systems with weaker encryption have been attacked first, such as systems used by banks and the military. Although the progress of quality control is uncertain, it is assumed that the worry is still decades away based on improvements made in the last five years.

While waiting for these solutions to be established, Bitcoin already has many of them in place. Since it is decentralized, the protocol can be updated whenever necessary to address these vulnerabilities. In recent years, several quantum-resistant algorithms, including Lamport signatures, have been examined, and new address types have been added through soft forks. In the wake of the Willow chip announcement, there has been much speculation about possible defects within bitcoin that are more a matter of confirmation bias among skeptics than even Bitcoin itself. 

Bitcoin is not going anywhere anytime soon. In fact, it is quite the opposite. It is important to note that Bitcoin has a robust cryptographic foundation and a clear path to quantum resistance if necessary, making it more resilient than other technologies that might be susceptible to the threat of quantum computing in the future. Despite Google's announcement, most people still believe that quantum computing will not directly threaten Bitcoin's hash rate or Satoshi's coins soon, even after the announcement was made. 

Additionally, Google plans to explore potential real-world applications for Willow, which suggests that Willow is already making impressive strides but also that its application scope is quite narrow by comparison. Although it’s not yet fully operational, this development serves as a crucial reminder for blockchain developers. The growing potential of quantum computing underscores the need to prepare digital assets for the challenges it may bring. 

To safeguard against future threats, Bitcoin may eventually require a protocol upgrade, possibly involving a hard fork, to incorporate quantum-resistant cryptographic measures. This proactive approach will be essential for ensuring the longevity and security of digital currencies in the face of rapidly advancing technology.
Read more »
Sextortion Scam
Bitcoin Cyber Security Email Scams Fraud Email Internet scammers Microsoft Microsoft 365 Ransom Demand Sextortion Scam

Beware of Fake Microsoft Emails Exploiting Microsoft 365 Vulnerabilities

 

The internet is rife with scams, and the latest involves hackers exploiting vulnerabilities in the Microsoft 365 Admin Portal to send fraudulent emails directly from legitimate Microsoft.com accounts. These emails bypass spam filters, giving them an appearance of credibility, but their true purpose is extortion. These scam emails claim to have sensitive images or videos of the recipient in compromising situations. To prevent this alleged content from being shared, the recipient is asked to pay a ransom—often in Bitcoin. This type of cybercrime, known as “sextortion,” is designed to prey on fear and desperation, making victims more likely to comply with the scammer’s demands. 

Unfortunately, sextortion scams are becoming increasingly common. While tech companies like Microsoft and Instagram implement protective measures, hackers find new ways to exploit technical vulnerabilities. In this case, scammers took advantage of a flaw in the Microsoft 365 Message Center’s “share” function, commonly used for legitimate service advisories. This loophole allows hackers to send emails that appear to come from a genuine Microsoft.com address, deceiving even cautious users. To identify such scams, it is crucial to evaluate the content of the email. Legitimate companies like Microsoft will never request payment in Bitcoin or other cryptocurrencies. 

Additionally, scammers often include personal information, such as a birthday, to make their claims more believable. However, it is important to remember that such information is easily accessible and does not necessarily mean the scammer has access to more sensitive data. Victims should also remember that scammers rarely have the incriminating evidence they claim. These tactics rely on psychological manipulation, where the fear of exposure often outweighs rational decision-making. Staying calm and taking deliberate action, such as verifying the email with official Microsoft support, can prevent falling prey to these schemes. Reporting such emails not only protects individual users but also helps cybersecurity teams track and combat the criminals behind these campaigns. 

Microsoft is actively investigating this criminal activity, aiming to close the exploited loopholes and prevent future scams. In the meantime, users must remain vigilant. Keeping software up to date, enabling multi-factor authentication, and using strong passwords can help mitigate risks. A scam email may look convincing, but its demands reveal its true intent. Always approach threatening emails critically, and when in doubt, seek guidance from the appropriate channels. By cultivating a habit of skepticism and digital hygiene, users can strengthen their defenses against cybercrime. Awareness and timely action are essential for navigating the modern threat landscape and ensuring personal and organizational security.
Read more »
Web3
Bitcoin Bull Market Crypto GitHub Technology Trading Web3

Crypto Bull Market Targeted: The Lottie-Player Security Breach


In an alarming development for the tech community, especially for those immersed in the Web3 ecosystem, a supply chain attack has targeted the popular animation library, Lottie-Player. If users fall for this prompt, it could enable attackers to drain cryptocurrency wallets. 

Given Lottie-Player's impressive tally of over 4 million downloads and its significant presence on many prominent websites for animation embedding, this incident underscores the security vulnerabilities associated with open-source libraries.

Understanding the Attack

The breach initially came to light on GitHub when a user noticed an unusual Web3 wallet prompt while integrating Lottie-Player on their website. Upon closer examination, it was discovered that versions 2.0.5, 2.0.6, and 2.0.7 of Lottie-Player, released between 8:12 PM and 9:57 PM GMT on October 30, 2024, had been tampered with and compromised.

The attack involved the introduction of malicious code into three new versions of the Lottie-Player library, a widely used tool for rendering animations on websites and applications. Threat actors infiltrated the distribution chain, embedding code designed to steal cryptocurrencies from users' wallets. This method of attack is particularly insidious because it leverages the trust developers place in the libraries they use.

The Broader Implications

Once the compromised versions were released, they were integrated into numerous high-profile projects, unknowingly exposing countless users to the threat—the malicious code activated during transactions, redirecting funds to wallets controlled by the attackers. In one notable case, a user reportedly lost 10 Bitcoin (BTC), worth hundreds of thousands of dollars, due to a phishing transaction triggered by the malicious script.

Following the discovery of the attack, the Lottie-Player team swiftly released a clean version, 2.0.8, which developers can use to replace the compromised files. To further contain the breach and limit exposure, versions 2.0.5 through 2.0.7 were promptly removed from npm and CDN providers like unpkg and jsdelivr.

Moving Forward

The attack occurred during a pivotal phase of the crypto bull market, intensifying efforts to steal increasingly valuable tokens. To mitigate risks, it's advisable to connect a wallet only for specific purposes rather than granting full-time permissions for signing transactions. Additionally, being prompted to connect a wallet immediately upon entering a website can serve as a potential warning sign.

Read more »
Phishing Attack
Bitcoin Cyber Attacks data security Email Phishing Email scam FTC Phishing Attack

Protect Yourself from Phishing Scams Involving Personal Data and Bitcoin Demands

 

A new phishing scam is emerging, where hackers send threatening emails to people with personal details like images of their homes and addresses. This scam tricks recipients into believing their privacy is compromised, urging them to pay money or Bitcoin to avoid exposure. According to cyber expert Al Iverson, scammers often use public sources like Google Maps and data from previous breaches to craft these threatening messages. He recommends confirming any images on Google Maps and checking email legitimacy to ensure the message isn’t a scam. 

One victim, Jamie Beckland, shared his experience, revealing that the scammers falsely claimed to have video evidence from spyware on his computer. Beckland, like others, was targeted with demands for Bitcoin in exchange for silence. Fortunately, by cross-referencing the address and photo in the email with Google Maps, he realized the threat wasn’t credible. To avoid falling for such scams, it’s critical to scrutinize email addresses and domains. Iverson advises checking SPF, DKIM, and DMARC results, which help verify the sender’s legitimacy. Scammers often spoof email addresses, making them appear familiar, but most don’t actually have access to sensitive data—they’re simply trying to scare people into paying. 

Zarik Megerdichian, founder of Loop8, strongly warns against clicking any unfamiliar links in these emails, especially those related to payments. Bitcoin and similar transactions are irreversible, making it crucial to avoid engaging with scammers. If you suspect financial information is at risk, Megerdichian advises reporting the incident to the Federal Trade Commission (FTC) and closely monitoring your accounts. Yashin Manraj, CEO of Pvotal Technologies, recommends changing passwords immediately if you suspect your data has been compromised. Moving sensitive accounts to a new email address can provide added protection. He also suggests notifying local authorities like the FBI, while ensuring that family members are informed of the scam to prevent further risks. 

Lastly, Manraj emphasizes that you should never engage with scammers. Responding to emails only increases your vulnerability, adding your information to target databases. To further protect yourself, isolating your home network, using a VPN, and avoiding public forums for help are essential steps in safeguarding your information from potential future attacks. These phishing scams, though threatening, rely on fear and manipulation. By taking steps to verify email legitimacy, securing your accounts, and staying cautious, you can avoid falling victim to these tactics.
Read more »
Ransomware
Bitcoin cryptocurrency Cyber Crime Cyber crimes DOJ Ransomware

Russian Nationals Charged in Billion-Dollar Cryptocurrency Fraud

 




A tremendous blow has been dealt to global cybercrime after US authorities charged two Russian nationals with masterminding a giant cryptocurrency money laundering network. After being charged by the U.S., the two Russian nationals are alleged to have headmastered a giant cryptocurrency money laundering network. The couple laundered the billions through crypto exchange services, concealing ill-gotten gains from cyber frauds, ransomware, and dark web narcotics.

DOJ officials collaborated with worldwide law enforcement to obtain servers and USD 7 million in cryptocurrency from the network, effectively crippling the criminal organisation.

Vast Money Laundering Scheme Exposed

DOJ says the two Russians to be arraigned, Sergey Ivanov and Timur Shakhmametov, played a significant role in one of the largest money laundering operations. They traded billions of dollars for international cybercriminals through various cryptocurrency exchanges, including platforms like Cryptex and Joker's Stash. Their operation enabled criminals to avail themselves of the anonymity associated with cryptocurrencies, avoiding financial regulations, and even making their laundered funds more portable and unobservable.

Investigators said Ivanov operated Cryptex, a site that processed more than $1.15 billion in cryptocurrency transactions. Of that, $441 million was directly linked to crimes, including $297 million in fraud and $115 million in ransomware payments. Cryptex offered criminals a loophole because it didn't require users to have their IDs verified—a "know-your-customer" (KYC) compliance process would have made their transactions traceable.

The medium to support darknet criminals

Besides Cryptex, the operation made it possible to conduct many other illegal activities on the dark web like carding sites-Rescator and Joker's Stash. The said platforms, especially Joker's Stash, deal in stolen payment card information. Estimated proceeds from these operations ranged around $280 million to up to $1 billion. One of the defendants, Shakhmametov was said to manage Joker's Stash, and hence the extent of this criminal network increased.

Seizing Servers and Crypto Currency

Indeed, international cooperation figured quite largely into taking down this elaborate criminal enterprise. US authorities teamed with law enforcement agencies from other countries, such as Dutch authorities, to take down servers hosting such platforms as PM2BTC and Cryptex, located in several different countries, which have disrupted the operation. Moreover, law enforcement seized more than $7 million in cryptocurrency on those servers from the organisation.

According to the Justice Department, bitcoin transactions through Cryptex were pegged at 28% to the darknet markets that are U.S.-sanctioned, as well as other crime enterprises. This percentage emphasises the colossal level of participation that such exchanges provided in furthering cybercrimes at a worldwide level.

Global Crackdown on Cybercrime

The case reminds everyone that efforts at a global level are aimed at fighting the same cybercrime supported by cryptocurrencies. The DOJ has already communicated while working with other U.S. agencies, including the Department of State and the Treasury, that it will continue the crusade against those who use digital currencies for nefarious activities. In this case, the dismantling of this billion-dollar laundering network makes it a milestone victory for law enforcement and a warning to others in similar operations.

As cryptocurrency increases in usage, so does its misuse. Even though digital currencies offer immense legitimate advantages, they also provide criminals with a conduit to bypass traditional financial systems. This makes it pretty evident that the breaking down of Cryptex and Joker's Stash serves as a harsh reminder of how much importance needs to be given to strict security and regulatory measures so that such practices cannot be made using the system for nefarious purposes.

The recent charges suggest that U.S. and international law enforcement agencies are attacking cybercrime networks, especially those using cryptocurrency as a cover for under-the-radar activities. By taking down these systems, the authorities would find it more challenging for cybercrimes to cover up their illegal sources of income and further reduce the threat of rising cybercrime globally.

Hence, this high-profile case should awaken business entities and private individuals dealing in cryptocurrencies to take extreme care that they do not engage in any activity contrary to regulations set to monitor money laundering and other illegal activities.


Read more »
Stolen Data
Bitcoin Cyber Attacks Ransom Attack Rhysida Rhysida Ransomware Rhysida ransomware gang Seattle Seattle Port Stolen Data

Port of Seattle Faces $5.9 Million Ransom Demand in Rhysida Cyberattack

 

The Port of Seattle is confronting a severe cybersecurity crisis as the Rhysida ransomware group demands a ransom of 100 bitcoins (approximately $5.9 million). Rhysida, which has gained notoriety for targeting organizations worldwide, released screenshots of stolen documents, claiming they possess sensitive data such as scanned U.S. passports, Social Security numbers, and tax forms. The group has threatened to sell this data on the dark web if their ransom demands are not met within a week. 

In a joint statement with Seattle-Tacoma International Airport, the Port of Seattle has made it clear they will not pay the ransom, despite threats to publicly release the stolen data. A Port spokesperson emphasized that refusing to comply is part of their firm stance against negotiating with cybercriminals. The extent of the data breach is still under investigation, but Rhysida’s involvement suggests a sophisticated attack that exploited vulnerabilities in the port’s systems. The attack was initially detected on August 24, leading to widespread service disruptions. 

Critical systems were impacted, including baggage handling, check-in kiosks, ticketing, Wi-Fi, and digital display boards, creating significant inconvenience for travelers. The port responded swiftly, isolating affected systems to prevent further breaches. This disruption highlights the real-world consequences of ransomware attacks on essential infrastructure, raising concerns about cybersecurity preparedness in public sectors. Rhysida operates as a ransomware-as-a-service group, enabling other cybercriminals to use its platform for extortion. The group, active since June 2023, has a history of targeting multiple sectors, including government, healthcare, and critical infrastructure, with a focus on the U.S. 

According to cybercrime research platform eCrime.ch, Rhysida has claimed nearly 150 victims since its emergence, demonstrating its rapid growth and effectiveness in breaching high-value targets. The breach at the Port of Seattle emphasizes the growing threat of ransomware attacks on critical infrastructure and serves as a wake-up call for organizations to prioritize cybersecurity measures. Authorities, cybersecurity experts, and the port’s internal IT team are working together to assess the full impact of the attack and develop strategies to restore normal operations. Given the evolving tactics of ransomware groups like Rhysida, this incident underscores the urgent need for comprehensive security strategies and employee training to protect against future breaches. 

In light of this attack, cybersecurity agencies have warned other U.S. ports and critical infrastructure organizations to strengthen their defenses against similar threats. This breach represents a broader trend of ransomware groups targeting critical infrastructure, which, if left unchecked, could have far-reaching implications on national security and economic stability. The Port of Seattle’s refusal to pay the ransom aligns with federal guidelines discouraging negotiations with cybercriminals, but it remains to be seen whether this approach will mitigate the impact of the breach or provoke further retaliation from Rhysida. 

The incident serves as a stark reminder that cybersecurity threats are increasingly sophisticated, requiring organizations to adapt their defense strategies to safeguard sensitive data and operations.
Read more »
Web3
Bitcoin Crypto Currency ETF Ether lazarus North Korea Web3

North Korean Hackers Attacking Crypto Industry, Billions at Risk

North Korean Hackers Attacking Crypto Industry, Billions at Risk

The United States Federal Bureau of Investigation (FBI) has recently highlighted a significant cybersecurity threat posed by North Korean cybercriminals targeting the web3 and cryptocurrency sectors. 

Why Hackers Target ETFs?

The cryptocurrency industry has witnessed tremendous growth, Ether and Bitcoin are game changers. The rise has led to financial instruments like ETFs (Exchange-traded funds) that allow investors access without owning them directly. But, with the increase of crypto technologies, security questions have also surfaced. 

The United States FBI recently warned about a major cybersecurity threat from North Korean hackers targeting cryptocurrency and web3 sectors. Billions of dollars go into these crypto ETFs, but investors shouldn’t be hasty to think their assets are secure. 

Lazarus Behind Attacks

Lazarus (a North Korean state-sponsored group) is no stranger to the cryptocurrency market and is allegedly responsible for various attacks against famous exchanges and blockchain protocols. Officials are concerned about hackers attacking crypto-backed ETFs by targeting the underlying assets. 

North Korean hackers are using advanced engineering methods to fool employees at decentralized finance (DeFi) and cryptocurrency firms. The hackers impersonate high-profile figures within an organization and or make specific scenarios based on the target’s position, business interests, or skills to get in their good books. 

“The actors may also impersonate recruiting firms or technology companies backed by professional websites designed to make the fake entities appear legitimate. Examples of fake North Korean websites can be found in affidavits to seize 17 North Korean domains, as announced by the Department of Justice in October 2023,” the FBI warned.

The FBI Warning

The FBI has warned against storing private cryptocurrency wallet data on web-connected devices as they may be victims of hacking attacks. If these requests come from unfamiliar sources, organizations should be careful when using non-standard software or applications on their network.

North Korean hackers have already stolen sensitive data from Bitcoin companies by using fake job ads. The FBI’s warning is a wake-up call for web3 and cryptocurrency firms to advance their cybersecurity systems and be careful against these rising attacks. 

“The actors usually attempt to initiate prolonged conversations with prospective victims to build rapport and deliver malware in situations that may appear natural and non-alerting. If successful in establishing bidirectional contact, the initial actor, or another member of the actor’s team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust,” the FBI reports.

Read more »
Technology
Bitcoin Data Decentralization Nostr Technology

Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

Bitcoin and Nostr: What Lies Beyond Decentralization and Freedom

In today's digital expanse, in some countries governments and corporations wield immense power, two remarkable projects—Bitcoin and Nostr—have emerged as champions of decentralization. Their stories are quite similiar, revealing their struggle for financial autonomy, censorship resistance, and individual empowerment.

Bitcoin: The Genesis of Digital Gold

The Mysterious Creator

In 2009, an enigmatic figure known as Satoshi Nakamoto introduced Bitcoin to the world. Nakamoto's true identity remains shrouded in mystery, but their creation sparked a revolution. Bitcoin wasn't just a currency; it was a paradigm shift—a departure from centralized financial systems.

The Decentralized Ledger

At its core, Bitcoin operates on a decentralized ledger called the blockchain. Imagine a vast, incorruptible book where every transaction is recorded. Miners—individuals who dedicate computational power—verify these transactions, ensuring transparency and security. No central authority governs Bitcoin; it thrives on collective trust.

Digital Gold and Pseudonymity

Bitcoin's scarcity—capped at 21 million coins—gives it a unique allure. Investors liken it to digital gold, a store of value immune to inflation. Yet, unlike gold, Bitcoin transactions occur in the digital realm. Users remain pseudonymous, their identities veiled behind cryptographic addresses.

Nostr: A Community's Rebellion

The Rise of Nostr

Enter Nostr, a lesser-known but equally significant tech. Nostr's story diverges from Bitcoin's, emphasizing community governance and censorship resistance.

Community-Driven Governance

Nostr's strength lies in its community. Decisions—upgrades, proposals, and network changes—are made collectively. No central authority dictates terms; instead, users shape the network's destiny. Transparency prevails, and the community guards against undue influence.

Censorship Resistance

Nostr's architecture is a fortress against censorship. Content creators, developers, and users participate without fear of suppression. In a world where platforms silence dissenting voices, Nostr stands firm—a bastion of free expression.

Proof of Reputation (PoR)

While Bitcoin relies on proof-of-work (PoW) and proof-of-stake (PoS), Nostr pioneers a different path: Proof of Reputation (PoR). Reputation is earned through contributions, expertise, and positive interactions. It's a nod to meritocracy, where influence aligns with genuine value.

Why They Matter

1. Evading State Repression

In regions where there is censorship on data, Bitcoin and Nostr offer escape routes. Citizens preserve wealth and communicate freely, shielded from state interference. Nostr's community-driven model ensures that no single entity can silence dissent.

2. Financial Inclusion

Both projects empower the unbanked. Bitcoin's global accessibility and Nostr's community-driven ethos allow participation in the global economy. No longer bound by traditional banking, individuals find newfound freedom.

3. Hedging Against Fiat Devaluation

As governments print money, inflation erodes fiat currency value. Bitcoin's scarcity and Nostr's stability provide a hedge. They're shields against economic uncertainty.

4. Technological Pioneering

Bitcoin's Lightning Network accelerates transactions, while Nostr experiments with consensus mechanisms. Both drive technological progress, shaping the future of finance.

Bitcoin and Nostr- although they can be different yet intertwined—remind us that decentralization isn't a mere buzzword. It's a way forward, heading the way toward financial sovereignty and individual empowerment.

Read more »
PeckShield
Bitcoin Bitcoin hacked Chainalysis cryptocurrency cryptocurrency hack Cyber Attacks Lazarus Group PeckShield

DMM Bitcoin Hack: 500 BTC Transfer Linked to $305 Million Theft Raises New Concerns

 

A cryptocurrency address linked to the $305 million DMM Bitcoin hack in May has reportedly transferred 500 Bitcoin, valued at approximately $30.4 million. On August 22, PeckShield Alert reported that the suspect address initially split the funds into two separate addresses, each receiving around 250 BTC. This movement of funds marks a significant development in the aftermath of the DMM Bitcoin hack, which remains one of the most substantial cryptocurrency thefts of 2024. The DMM Bitcoin hack, which occurred in May, resulted in the theft of 4,502.9 BTC, valued at approximately $305 million at the time. 

The current value of the stolen Bitcoin is just over $274 million. In response to the breach, DMM Bitcoin quickly raised $320 million to reimburse affected users, demonstrating the exchange’s commitment to mitigating the impact of the hack on its customers. Blockchain investigator ZachXBT previously attributed the attack to the Lazarus Group, a notorious hacking organization allegedly linked to the Democratic People’s Republic of Korea. The Lazarus Group has been implicated in several high-profile cyberattacks, and its involvement in the DMM Bitcoin hack highlights the growing sophistication of cybercriminals targeting the cryptocurrency industry. 

According to on-chain analysts, the methods used to launder the stolen funds and various off-chain indicators strongly suggest the Lazarus Group’s involvement in the heist. Following the hack, the attackers reportedly split the stolen Bitcoin into smaller batches of 500 BTC and transferred them to new wallets. PeckShield identified that the latest funds moved since the May 31 incident originated from one of these wallets. This strategy of splitting and moving funds is a common tactic among cybercriminals to obfuscate the trail of stolen assets and avoid detection. 

In July, ZachXBT alleged that the attackers transferred approximately $35 million worth of Bitcoin to the Cambodia-based exchange Huione Guarantee. The exchange has faced accusations of facilitating the laundering of funds from various crypto hacks, pig butchering scams, and other illicit activities. The involvement of exchanges like Huione underscores the challenges in tracking and recovering stolen cryptocurrency, as these platforms can serve as intermediaries for converting stolen assets into fiat currency or other cryptocurrencies. 

The DMM Bitcoin hack is a significant addition to the growing list of cryptocurrency thefts in 2024, which had already claimed over $473 million in losses before this incident. The hack is the second largest in Japan’s history, following the 58 billion yen loss suffered by Coincheck in 2018. In the aftermath of the DMM Bitcoin hack, the exchange halted all spot trading on its platform and warned that withdrawals in Japanese yen might take longer than usual, as they implemented measures to prevent further unauthorized outflows. This incident also highlights broader trends in the cryptocurrency industry. 

According to a Chainalysis report, while illegal activity on blockchain networks has decreased by almost 20% year-to-date, malware attacks and stolen funds have surged. Stolen funds inflows doubled to $1.58 billion compared to $857 million last year, and ransomware inflows climbed around 2%, reaching $459.8 million. The DMM Bitcoin hack serves as a stark reminder of the ongoing vulnerabilities in the cryptocurrency sector and the need for enhanced security measures to protect digital assets from increasingly sophisticated cyber threats.
Read more »
TRX
Bitcoin Crypto Cyber Attacks CyberCrime Cyberhackers Cybersecurity Cyberthreats Cybervictimes Secret Steal TRX

Hackers Exploit Dark Skippy Attacks to Steal Secret Keys from Secure Devices

 


An element of the Dark Skippy attack involves the subtle manipulation of nonces during the signature creation process to create the signature. To obtain the private key of a cryptocurrency wallet, attackers craft carefully crafted nonces, thereby gaining full access to the wallet by extracting the private key. The nature of this attack is particularly insidious.

Due to the covert nature of its execution, no trace of how it was carried out can be found. Additionally, it can impact every user of an infected device. Earlier this year, security researchers from the University of Cambridge were able to disclose an entirely new type of malware attack that will allow hackers to access hardware wallets and private keys held by users after two signed transactions. 

Known as Dark Skippy by the researchers, the attack occurs when a hacker becomes aware of a user's device and tricks him into downloading malware to gain access. As part of the disclosure, Nick Farrow, Lloyd Fournier, and Robin Linus included information regarding Dark Skippy that can be found here. A new hardware wallet software company called Frostsnap was founded by Nick Farrow and Lloyd Fournier in 2012. Currently, Robin Linus is one of the people who are in charge of BitVM and ZeroSync protocols that relate to Bitcoin. Every signer device inserts random numbers, or nonces, into every transaction that is signed with Bitcoin, which is explained in the report. 

Even though the vulnerability was not discovered until March 8, 2024, about 15 vendors were privately informed about it during that period. As a result of Dark Skippy, it is possible to leak private keys with a sophisticated attack technique that exploits the corrupted firmware of Bitcoin hardware wallets and signing devices. 

Although the technique has primarily been identified in the context of cryptocurrency security, it could have applications in other types of cryptographic systems as well, despite its focus on cryptocurrency security. However, even though this malware is theoretically powerful, it has not yet been observed in a real-world attack environment. 

Generally, if a device is maliciously designed, it will be able to execute this process. It is still considered an academic concept at the moment, and real-world attacks based on this concept have not yet been witnessed. A key aspect of protecting against Dark Skippy is to use only genuine devices that come with a firmware that was not modified in any way. 

The user's funds are immediately lost as soon as the attacker compromises a device with malicious firmware that supports executing a Dark Skippy attack, and this can have a devastating impact on the user's funds. There is no doubt that cryptocurrency is becoming more popular and the value of secure hardware wallets and constant vigilance is on the rise. 

A cryptocurrency signing device equipped with Dark Skippy is vulnerable to Schnorr signature technology, which is used to sign cryptocurrency transactions. In a recent development, a sophisticated attack method known as the "Dark Skippy" attack has emerged, allowing hackers to compromise the security of signing devices by manipulating nonces during the creation of digital signatures. This attack targets the firmware of these devices, exploiting vulnerabilities to extract secret keys, which are crucial for secure cryptographic operations. 

The Dark Skippy attack offers several key advantages to attackers, making it particularly concerning. It operates covertly, leaving little trace of its activity, and does not require additional communication channels to execute. Furthermore, it is effective against stateless devices, which typically lack the memory to track previous states. It can exfiltrate the master secret, putting every user of a compromised device at risk. In response to this emerging threat, Nick, a cybersecurity expert, took to Twitter to discuss protocol-based mitigations used to combat similar attacks. 

These include anti-exfiltration measures and deterministic nonces to prevent unauthorized key extraction. Additionally, three researchers have presented new mitigation strategies in a recently published report. These strategies are designed to coexist with partially signed Bitcoin transactions (PSBT) signing workflows, offering enhanced protection against attacks like Dark Skippy. The two primary mitigation measures suggested in the report are the mandatory use of adaptor signatures and the implementation of mandatory nonce proof-of-work. 

These measures are intended to disrupt the effectiveness of Dark Skippy and similar attacks by introducing new fields into the PSBT process, thereby strengthening the overall security of the signing workflow. The co-founder of Frostsnap, a prominent figure in the cybersecurity community, has emphasized the importance of ongoing discussions and the implementation of mitigation strategies to address this new threat. 

The researchers behind the report have also called upon readers and industry experts to provide feedback on the proposed mitigation measures, underlining the collaborative effort needed to safeguard the ecosystem. In a related issue, a data analytics company has highlighted a new type of scam involving QR codes. In these scams, attackers deceive victims by suggesting over-the-counter transactions and offering lower rates than those provided by legitimate crypto market services. 

The scammers often offer TRX as a fee for long-term cooperation and initiate a USDT payment to build trust with the victim. They then request a small payment as a test, using it as a means to access the victim's wallet. The company, Bitrace, conducted an experiment using an empty wallet and the QR code provided by a victim. The scan led to a third-party website that requested a repayment amount. Once the victim confirmed the transaction, the scammers were able to steal the wallet's authorization and transfer all the funds from the victim’s account. 

Bitcoin wallet vulnerabilities have led to significant financial losses for users in the past. In August 2023, cybersecurity firm Slowmist reported that over $900,000 worth of Bitcoin had been stolen due to a flaw in the Libbitcoin explorer library. Similarly, in November of the same year, Unciphered revealed that $2.1 billion worth of Bitcoin held in old wallets might be at risk of being drained by attackers exploiting a flaw in the bitcoin wallet software. These incidents underscore the critical need for enhanced security measures and vigilant monitoring to protect digital assets.
Read more »
Vulnerability management
Bank Security Bitcoin Digital Assets Technology Vulnerability management

Xapo Bank Aims To Boost Bitcoin Safety With Tech And Bunkers

 

Satoshi Nakamoto, the pseudonymous developer of Bitcoin, published the system's whitepaper in 2008, bluntly criticising financial institutions and the confidence they demand. However, in 2010, one of the most notable Bitcoin collaborators in its early days and the recipient of the first Bitcoin transaction in history, cypherpunk and cryptography specialist Hal Finney, predicted the existence of bitcoin banks. Today, bitcoin-native banks such as Xapo Bank exist in this grey area between the ethos and the potential deployment of this system across the global financial sector. 

Finney claims that Xapo Bank, which was founded in 2013, is among the leaders in the custodial space of Bitcoin. Wences Casares, an Argentinean entrepreneur and innovator who is well-known in Silicon Valley for his support of this technology, developed it as a solution for his friends and family. However, it expanded significantly. Currently, it is one of the few fully licensed banks in the world that deals with Bitcoin and other digital assets. 

Its business idea combines cutting-edge Bitcoin technology with a physical bunker in the Swiss highlands. This physical location blends old-fashioned Swiss standards with the latest safety technology. It's an atomic bunker that serves as the foundation of what Xapo provides its clients: high-quality security for digital assets. Xapo is exploring new technical opportunities. The custody business is dominated by multi-signature solutions, but the greatest alternative and security solution for the Gibraltar-registered bitcoin bank is the multi-party computation protocol. On a broad level, MPC enables several parties to share information without fully exposing the shared data. 

In the case of Xapo, this works by breaking the digital asset master private key into several unique fragments known as "key shares," which Xapo Bank has stored and distributed in hidden places around the world, including the Swiss bunker. The MPC protocol ensures that participants' contributions remain private during key creation and signing, without being revealed. This functionality assures that no single participant in the quorum has total access to or control over the stored assets, reducing the chance of collusion to nearly zero. 

"MPC is a much more modern and secure setup compared to a still more popular multi-signature approach. The fact that the private key is not put together at any point in the transaction means there is no moment it can be potentially exposed or hacked, which is not the case with the more traditional multi-sig technology," Xapo Bank's Chief Technology Officer, Kamil DziubliÅ„ski, stated. 

However, there are threats and concerns, even with a movie-style bunker and this novel method of securing the keys and transaction signing process. Security threats include hacking and phishing attempts. Financial risks include money laundering, terrorist financing, and various types of financial attacks.
Read more »
Security Breach
Bitcoin cryptocurrency Cyber Security Elliptic Security Breach

Bitcoin Heist Hits Japanese Exchange DMM Bitcoin

 



In a security breach, Japanese cryptocurrency exchange DMM Bitcoin announced the theft of approximately 4,502.9 Bitcoin, valued at around 48.2 billion yen (approximately $304 million). The incident marks one of the largest cryptocurrency heists in recent history.

The breach was detected on May 31, 2024, at approximately 1:26 p.m. when DMM Bitcoin identified an unauthorised leak of Bitcoin from its wallets. The exchange immediately took steps to mitigate the leak and implement additional security measures to prevent further unauthorised access. The company is still investigating the full extent of the damage.

DMM Bitcoin has reassured its customers that their Bitcoin deposits will be fully guaranteed despite the breach. However, the exchange has implemented several temporary restrictions on its services to enhance security. These measures include the suspension of new account openings, the processing of cryptocurrency withdrawals, and the placing of new buy orders for spot trading. Only sell orders will be accepted for spot trading, and new open positions for leveraged trading are also suspended, with only settlement orders being processed.


Impact on Customers

The company has informed customers that existing limit orders for both spot and leveraged trading will remain unaffected. However, withdrawals of Japanese yen may experience delays. DMM Bitcoin has apologised for the inconvenience caused and assured customers that their assets are secure.


Response and Analysis

Cryptocurrency security firm Elliptic has reported that this heist ranks as the eighth-largest crypto theft of all time. It is the most significant since the $477 million hack suffered by FTX in November 2022. Elliptic has also confirmed the identification of the wallets involved in the DMM Bitcoin attack.


Ongoing Investigation

DMM Bitcoin continues to work on understanding the details of the attack and has not yet provided specific information about how the breach occurred. The company remains focused on ensuring the security of its platform and protecting customer assets.

The broader cryptocurrency community will be closely monitoring the developments of this case and the measures taken by DMM Bitcoin to prevent future incidents.


Read more »
VPN
Bitcoin BTC Chivo Wallet Code Leak cryptocurrency Cyberattacks CyberCrime Cybersecurity El Salvador Privacy Security Breach Technical Breach VPN

Cryptocurrency Chaos: El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk

 


There was a security breach with El Salvador's state Bitcoin wallet, Chivo, after hackers from the group CiberInteligenciaSV leaked a part of its source code to a hacking forum. In the earlier leak of personal data belonging to nearly all of El Salvador's adults, the code from Chivo Wallet ATMs as well as VPN credentials had been exposed. According to the wallet administration, there has been no compromise with the security of the wallet's data. 

Chivo Wallet had several challenges since it was revealed that it would be the official Bitcoin storage tool after its launch, so this event has become another blight on the Chivo Wallet. President Nayib Bukele set Bitcoin (BTC) as legal tender in El Salvador in 2021 to make digital payments more convenient. However, security breaches and technical issues have made the adoption of Bitcoin (BTC) difficult. 

The Chivo Wallet has been criticized by consumers for its slow operation, app crashes, vulnerabilities to exploitation, and lack of official backing, despite its official backing. The Chivo Wallet company has responded to allegations that it was linked to a data breach in which over 5 million Salvadorans' personal information was allegedly exposed. 

In addition to full names, unique identifiers, dates of birth, addresses, phone numbers, emails, and photographs, all of this data was leaked. The data had been rumoured to be related to the KYC processes that the Salvadoran government required its citizens to complete before they could be offered incentives, such as $30 in Bitcoin at the wallet’s launch, by the Salvadoran government. 

On April 6, the hacker group CiberInteligenciaSV compromised 5.1 million Salvadoran data. Recently, the same hackers leaked the source code for Chivo Wallet and the VPN credentials for the ATM network. The Chuvo Bitcoin wallet, backed by the government, has caused controversy among peer-to-peer money enthusiasts and crypto punks alike for its custodial status. 

In a press release published on X (formerly Twitter) on April 24, the company commented on the matter, describing it as “fake news.” Furthermore, a group of individuals from the Salvadoran community who downloaded the wallet have released over 144 GB of data containing their personal information. Even though it was available for purchase on various channels since August, it was only leaked for download on April 5. 

This data includes a user's full name, unique identifier, date of birth, address, and a high-definition picture of their face, as well as their full name, unique identifier, and date of birth. Also included in this week's leaked information was the file Codigo.rar, which contained information on El Salvador's Chivo ATM network, including the code and VPN credentials for the network.

Government officials have yet to come out with a formal statement regarding either of the hacks that took place this month. As a result of the leak of the code and VPN details of the source, the Chivo wallet system is at risk of being compromised, making hackers able to gain access to users' accounts or control them unauthorizedly. 

The particularity of the data exposed previously affects almost the entire adult population of El Salvador, which makes them fear identity theft and fraud as a result of the exposure of personal data previously exposed. In light of these breaches, security experts advise users to be vigilant and to monitor their accounts for any suspicious behaviour if they see anything strange. 

El Salvador is a country where incompetence is prevalent and there is a good chance that this will have a significant impact on the financial ecosystem as well, as trust in the government's digital solutions might wane as a result. In the beginning, the Chivo software was plagued with numerous software bugs and technical glitches as users reported numerous problems with the software. 

Despite the President's promise to give them $30 for downloading the Chivo wallet, some people were not able to withdraw money from Chivo because some had trouble getting it. The Salvadoran government announced last year that over 100 ATMs across the country will be equipped with lightning network technology in Q4 2024. 

Over 100 ATMs across the country will be equipped with this technology. In theory, this technology could allow Salvadorians to withdraw and deposit Bitcoins in an easier and faster manner with a lower fee. It was reported in October by a Salvadoran newspaper that only about 2% of the Salvadoran population was making remittance payments through the wallet, which had been its main selling point for a long time. 

It has yet to be decided whether or not the Salvadoran government will declare a policy on this issue or formally address the issue. The state of El Salvador has become the first in the world to adopt Bitcoin as a legal tender in 2021, promoting the Chivo wallet as one of the official mediums used to engage with Bitcoin by its citizens. 

The fact that these security issues exist in addition to the absence of communication from the authorities leaves the Salvadorans with an uncomfortable sense of uncertainty as to whether or not their personal information is safe and if this digital wallet offered by the state is reliable.
Read more »
Subscribe to: Posts (Atom)