Search This Blog
Load More
Trendy Right Now

Popular Posts

Showing posts with label Blockchain. Show all posts
Web3
Artificial Intelligence Blockchain Cyber Security Encryption Machine learning Web3

Zero-Knowledge Encryption Might Protect User Rights

 

Web3 is an evaluation of the internet that moves past a centralized structure and tries to connect data in a decentralized way in order to offer a speedy and individualized user experience. This version of the internet is sometimes referred to as the third generation of the web.Web3 sometimes referred to as the Semantic Web, is based on AI and ML and employs blockchain technology to protect the security and privacy of user data.

Role of Zero-Knowledge Encryption

Using specific user keys, zero-knowledge encryption protects data. No one other than the user may access their encrypted files because administrators and developers do not know or have access to them. 

Zero-knowledge proofs, which may verify the truth of a proposition without revealing the underlying data, make this possible. Zero-knowledge cryptography enables information to be "private and useable at the same time," according to Aleo's CEO Alex Pruden, in contrast to other well-known types of encryption such as end-to-end models used in private messaging apps, through which only users and senders may read information. Without disclosing personal information about yourself, you can demonstrate your trustworthiness with zero-knowledge proof.

Decentralized identity (DCI) constructions, tokenization, and self-hosted wallets are three features of Web3 that promote user ownership of data and algorithms. Zero-knowledge proofs and least privilege are two techniques used in decentralized computing (DCI).

Reasons for  Zero-Knowledge Encryption

One drawback of zero-knowledge encryption is that it frequently leaves users unable to access their data moving forward if they ever need to find their encryption key or password. Because it requires more work to securely transfer and store user data, service providers that offer the full zero-knowledge encryption guarantee are often slower than their less secure competitors.

There is no better alternative than zero-knowledge encryption if a user wishes to maintain the privacy and security of their data while still hosting it on an external server for simple data management.








Read more »
Web3
Blockchain cryptocurrency Data Safety Security Technology Web3

Web3, Blockchain, and Cryptocurrency: Here's All You Need to Know

 

Web3? Blockchain? Cryptocurrency? These modern technological terms can be very perplexing because they all seem to blend together. However, each of these terms differs from the other in a number of ways. What are the key distinctions between Web3, blockchain, and cryptocurrency? 

Web3 has undoubtedly become a buzzword in recent years. This refers to Web 3.0, the most recent version of the internet. Web3 can be difficult to grasp because it incorporates so many different concepts and technologies. However, we will reduce it to its most basic form. Web3 combines decentralization, blockchain technology, and cryptocurrency. This internet isn't entirely different from the one most of us use today, but Web3 has some key differences.

We can still use social media, buy products, read the news, and do anything else we want on the internet. However, some key features of Web3 distinguish it from previous iterations, beginning with decentralization.

Web3 is based on the idea of using decentralization to keep things distributed, fair, and transparent. Blockchain technology will be used in conjunction with decentralization. We'll go over blockchains in more detail later, but it's worth noting that they, too, use decentralization and allow organizations to store data in a secure setting.

Web3 is also closely associated with virtual reality, a technology that allows users to immerse themselves in a virtual, digital world by wearing a headset and using controllers.

Another important concept underlying Web3 is ownership. Ownership has long been a source of contestation in the online world, as large corporations (or "big tech") now own vast amounts of sensitive user information. Data breaches, data misuse, and unauthorized data collection have been common news topics over the last decade, prompting many to reconsider the ownership aspect of the internet. So, how does Web3 deal with this?

Web3 focuses on transferring ownership of platforms and data to users. It establishes a permissionless ecosystem in which all users are included in platform decision-making processes. Furthermore, these platforms will operate on a token-based system, with tokens being used for products, services, and community voting (or governance). In comparison to Web 2.0, this internet model provides more equity in control and participation, handing power to the majority rather than the minority.

Blockchain

Blockchains are not the easiest technology to grasp because they operate in a complex manner. On the surface, a blockchain appears to be nothing more than a chain of blocks.  Each block contains information and is chronologically connected to the next.

Each block in a typical blockchain that hosts a cryptocurrency stores transactional data as well as information about the block itself. A given block contains the block header, block size, transaction size, and timestamp, as well as the "magic number," hash of the hashPrevBlock, and hashMerklRoot.

Anyone can see the entire ledger of previous transactions on public blockchains. Most cryptocurrencies, including Bitcoin, Ethereum, Dogecoin, Litecoin, and others, exist on a public blockchain, though private blockchains have applications in certain industries.

Another advantage of blockchains is that they are difficult to hack. An attacker would need to control 51% of the overall power to successfully control a blockchain. Because blockchains are made up of hundreds or thousands of nodes, the attacker needs to compromise more than half of the active nodes in order to gain control. This gives blockchain technology an advantage over other methods of data storage and recording.

Blockchains also provide greater privacy to users than traditional financial services. Blockchains will display the sender and recipient's wallet addresses, but that's it. Your name, contact information, and other sensitive information will never be displayed on the blockchain, allowing you to remain anonymous. It should be noted that a skilled cybercriminal could learn someone's identity.

Cryptocurrency

In its most basic form, cryptocurrency is a virtual asset that exists on a blockchain. Consider cryptocurrency to be the groceries, and blockchains to be the conveyor belt.

Cryptography, as the name implies, is a key component of cryptocurrency. It is a coding process that protects data by converting it from plaintext to encrypted text. The encrypted text is random and unintelligible, making it much more difficult to exploit the stored data. This layer of security is what draws many people to cryptocurrency because it provides privacy and a higher level of protection against malware activity.

Cryptocurrencies have no physical representation because they are entirely virtual. In short, cryptocurrencies are nothing more than code. You may have seen images of gold Bitcoin coins, also known as Casascius coins, but these are only used to store virtual Bitcoins and have no inherent market value.

Cryptocurrencies have value and some are worth tens of thousands of dollars. However, the value of a cryptocurrency is almost always determined by demand. If demand for a cryptocurrency falls, the price will almost certainly fall with it. Because there is little regulation surrounding cryptocurrency, scams, fraud, and other crimes are common, with many perpetrators going unnoticed. Governments all over the world are attempting to solve the problem.

There's no shame in being perplexed by crypto, Web3, and blockchains. These technologies are extremely complex in many ways and have only recently entered mainstream discussions. But understanding crypto, Web3, and blockchains and how they differ is entirely possible.
Read more »
Technology
Artifical Inteligence Blockchain Crypto Cryptominers Investement Apps Machine learning Privacy Technology

Cryptocurrencies Industry is Impacted by AI and ML

Artificial intelligence (AI) and Machine Learning is a fast expanding technology with the power to completely alter how we operate and live. Blockchain technology, a decentralized digital ledger system, is also thought to form the foundation of other upcoming technologies. These two methods can work together to develop strong new solutions across a range of sectors.

A number of indicators are used often by cryptocurrency traders. Nevertheless, given the prevalence of unorganized data in the digital world, manually creating trustworthy signals might be unfeasible. Massive amounts of information must be accurate, relevant, and clean prior to being assessed for investment insights.

In order to find investments and buy/sell signals as the number of investment alternatives increases, manual inquiry, extraction, and analysis procedures are no longer useful. AI has become a common tool in the financial sector, and it is much more powerful when integrated with blockchain.

Disadvantages of adopting blockchain with AI and ML:

1. Security: Employing blockchain with AI and ML might expose businesses to security issues. Blockchain-based solutions need a high level of trust since they exchange sensitive data, which is susceptible to malicious assaults.

2. Privacy: The integration of AI and blockchain technology has the risk of jeopardizing users' privacy because data recorded on the blockchain is indelible and accessible to all network users.

3. Scalability: When users upload more data to a blockchain, the size of the blockchain grows rapidly, creating scalability problems that can hamper performance and slow down processing rates.

4. Interoperability: Since different blockchains use dissimilar protocols, it is challenging to develop solutions that work well for all of them. As a result, they have trouble communicating with one another.

Blockchain technology, AI & ML successfully balance out each other's shortcomings, enabling reciprocal benefits, technological improvements, and robust enterprise support. AI in the blockchain sector can produce smart contracts and blockchain oracles that are more reliable, effective, and secure. These remedies have the power to lower expenses, boost efficiency, and open up fresh business prospects. One may anticipate more as technology develops further.

Read more »
User Security
Blockchain Data Breach Data Leak Data Privacy Data Safety data security Decentralized User Data User Privacy User Security

How Blockchains Can Prevent Data Breaches?

 

Today, data breaches have become all too common. Based on the Varonis 2021 Data Risk Report, most businesses have poor cybersecurity practices and unprotected data, putting them at risk for cyberattacks and data loss. Mitigating risks is no longer a luxury, with a single data breach costing a company an average of $3.86 million and eroding a firm's image and consumer trust. 

However, as cyberattacks become more widespread and sophisticated, simply patching up traditional cybersecurity measures may not be sufficient to prevent future data breaches. Instead, it is critical to look specifically for more advanced security solutions. As far as innovative solutions go, using blockchain to prevent data breaches may be our best bet.

The fundamentals of blockchain technology

Blockchain technology, also known as distributed ledger technology (DLT), is the result of decades of cryptographic and cybersecurity research and development. The term "blockchain" was popularised by cryptocurrency because it is the technology underlying record-keeping in the Bitcoin network.

Since it enables data to be recorded and distributed but not copied, this technology makes it extremely difficult to change or hack a system. It can be a promising solution for data breaches in any environment with high-security requirements because it provides a completely new method to securely store information.

A blockchain, which is based on the concept of peer-to-peer networks, is a public, digital ledger of stored data that is shared across an entire network of computer systems. Each block contains several transactions, and whenever a new transaction occurs, a record of that transaction is added to the ledger of every network participant.

Its strong encryption, decentralized and immutable nature and decentralized and immutable nature could be the answer to preventing data breaches.

Tim Berners-Lee, the inventor of the World Wide Web, recently stated that "we've lost control of our personal data." Companies store massive amounts of personally identifiable information (PII), such as usernames, passwords, payment details, and even social security numbers, as demonstrated by Domino's data leak in India (among others).

While almost always encrypted, this data is never as secure as it would be in a blockchain. Blockchain can finally put an end to data breaches by utilizing the best aspects of cryptography.

How is a shared ledger more secure than traditional encryption methods?

Blockchain uses two types of cryptographic algorithms to safeguard stored data: hash functions and asymmetric-key algorithms. This way, the data can only be shared with the member's permission, and they can also specify how the recipient of their data can use the data and the time frame within which the recipient is permitted to do so.

Asymmetric Encryption

Asymmetric encryption, also known as public-key cryptography, uses two keys to encrypt plain text: a private key generated by a random number algorithm and a public key. The public key is freely available and can be transferred via unsecured channels.

The private key, on the other hand, is kept secret so that only the user knows it. It is nearly impossible to access the data without it. It functions as a digital signature, similar to physical signatures.

In this way, blockchain empowers individual consumers to manage their own data and choose who they share it with via cryptographically encoded networks.

Hash functions

When a chain's first transaction occurs, the blockchain's code assigns it a unique hash value. As more transactions occur, their hash values are hashed and encoded into a Merkle tree, resulting in the formation of a block. Every block is assigned a unique hash that is encoded with the hash of the previous block's header and timestamp.

This creates a link between the two blocks, which becomes the chain's first link. Because this link is created with unique information from each block, the two are inextricably linked.

Immutability

Blockchains, in addition to being decentralized, are also designed to be immutable, which increases data integrity. Because blockchains are immutable, all data stored on them is nearly impossible to alter.

Because each member of the network has access to a copy of the distributed ledger, any corruption in a member's ledger is automatically rejected by the rest of the network members. As a result, any change or alteration to the block data will cause inconsistency and break the blockchain, rendering it invalid.

Despite the fact that blockchain technology has been around since 2009, it has a lot of unrealized potential in the field of cybersecurity, particularly in terms of preventing data breaches. Blockchain protocols use top-tier cryptography to ensure the security of all data stored in the ledger, making it a promising solution.

Since nodes running the blockchain must always check the legitimacy of any transaction before it is executed, cybercriminals are almost always stopped in their tracks before gaining access to any private data.
Read more »
North Korean Hackers
APT actors Binance Blockchain Crypto Cyber Crime Ethereum Lazarus Group North Korean Hackers

North Korean Cybercriminals Attempt to Steal $27M in ETH

Hacking organizations 'Lazarus' and 'APT38' supported by the North Korean government were responsible for the loss of $100 million worth of Ethereum from Harmony Horizon in June 2022. 

The funds and the seizure of stolen assets were reported to the authorities. The exploiters' activities closely resembled the attempt, which was undertaken on January 13, 2023, since more than $60 million was attempted to be laundered.

The Binance chain, Bitcoin, and Ethereum transfers are made possible through Harmony's Horizon Bridge. Numerous tokens worth $100,000,000  were taken from the network on June 23, 2022.

North Korean cybercriminals were actively shifting a portion of Harmony's Horizon bridge funds during the last weekend as the price of bitcoin approached $24,000. While several cryptocurrency exchanges instantly froze certain cash, Binance CEO Changpeng Zhao (CZ) claimed that some exchanges are not helpful in fighting crime, which made it easier to convert ETH to BTC.

According to reports, the APT38 was able to convert some of the $27 million in Ethers to Bitcoin and withdraw the money from exchanges. The Lazurus group has reportedly been shifting laundered money to a number of addresses in order to mask their true identity through multiple layers.

With the use of its Horizon Bridge, Harmony can transmit data to and from the Ethereum network, Binance Chain, and Bitcoin. On June 23, a number of tokens from the network valued at roughly $100 million were taken.

After the exploit, the Tornado Cash mixer processed 85,700 Ether, which was then deposited at various addresses. The hackers began transferring about $60 million of the stolen money via the Ethereum-based anonymity protocol RAILGUN on January 13. 350 addresses have been linked to the attack through numerous exchanges in an effort to escape detection, according to research by the cryptocurrency tracking tool MistTrack.

Cryptocurrency exchanges like Binance and Huobi have alerted authorities about stolen Harmony's Horizon Bridge funds by freezing them. This demonstrates how DeFi platforms and centralized exchanges are dependent on one another.





Read more »
Technology
Blockchain Data Data Safety Safety Security Technology

Blockchain: Is it hackable?

 


Following high-profile blockchain hacks in the last year, many people have been left wondering: is the blockchain hackable? The short answer is that any system can be attacked. However, because blockchain is decentralized, hackers may find it more difficult to target.  

Blockchain technology and it's working:

Blockchain technology, also known as a distributed ledger, is primarily an intrinsic digital record of transactions kept across multiple computers in a network, typically the internet. Each block in the blockchain contains information such as timestamps and data, which are secured by an algorithm, making it nearly impossible to tamper with or hack the blockchain.

Furthermore, blockchain employs cryptography to prevent users from manipulating stored data without access to the blockchain's associated keys or passwords.

Is blockchain secure?

Blockchain is not immune to attack; in the past, hackers have successfully targeted blockchain systems. Some of the most successful blockchain hacks have involved exploiting flaws in blockchain implementations, such as smart contract vulnerabilities or human error in the verification process.
It is critical to be aware of blockchain technology's potential vulnerabilities, which can be exploited by hackers.

A "51% attack" (also known as a "majority attack") is one of the main potential vulnerabilities of blockchain systems that hackers could exploit. In this type of attack, a group of miners controls more than 50% of the computing power on the blockchain network, allowing them to modify transactions and double-spend.

There's also the replay attack. A hacker can resend a blockchain transaction from one blockchain to another, enabling them to exploit systems that aren't ready for this type of attack.

The Denial-of-Service (DoS) attack is another type. Hackers can overload and disrupt the functionality of blockchain networks by flooding them with requests. Finally, there is the smart contract attack. Hackers can take advantage of flaws in blockchain smart contracts to gain access to sensitive data and steal funds.

Can these exploits be mitigated?

One method is to use private blockchain networks. Before anyone can join a private blockchain network, the blockchain network administrator must grant permission. You can limit the number of users who have access to the blockchain by establishing a private blockchain, preventing malicious actors from exploiting any vulnerabilities in blockchain technology.

You should also be conscious of the risks of using exchanges, as many exchange platforms have previously been hacked. It is critical to conduct research and only use trusted exchanges with a proven track record of security.

Furthermore, verify that blockchain applications are built securely, as this helps mitigate attacks such as those targeting smart contracts. To prevent their blockchain accounts from being hacked, blockchain users should always keep their passwords secure and regularly update them.

Final thoughts

At last, blockchain technology is a safe and efficient way to store data. However, it, like all systems, has potential vulnerabilities that hackers could exploit. The likelihood that a hacker will effectively breach a blockchain's security and steal information or funds stored on the network is determined by a number of factors, including the blockchain's security protocols and protections, user vigilance and education, blockchain application implementation, and general market conditions.

Read more »
Technology
Blockchain Crypto Crime Crypto Currency Crypto Market Crypto Safety Technology

Is Bitcoin Actually Safe? Here’s All You Need to Know

 

Since its creation in 2009, Bitcoin, the first and best-known cryptocurrency in the world, has had many ups and downs. One bitcoin was essentially useless when it first started. 

In May 2010, Laszlo Hanyecz purchased two pizzas for around 10,000 bitcoins, marking the first bitcoin transaction for the purchase of tangible items (BTC). The cost of those pizzas would have been approximately $650 million USD at the highest recorded price of bitcoin, which was almost $65,000 USD per coin. 

However, this year Bitcoin witnessed a fall of roughly 60%. In the meanwhile, the absence of a regulatory framework led to an increase in crypto crimes. The Federal Trade Commission estimated that bitcoin fraud cost INR 27 billion in just the first three months of this year. 

Despite the cryptocurrency market's volatility, advocates of Bitcoin have consistently argued that it provides anonymity and security that traditional money cannot. That's not actually true, though. Contrary to popular belief, Bitcoin is not at all secure or private. Bitcoin privacy issues Bitcoin does include some privacy precautions that most fiat currencies do not, such as the ability to create addresses that are unrelated to a person's identity. But it's not at all private. Here are the primary three justifications. 

Transactions are openly disclosed 

The blockchain, a public ledger, contains a record of every Bitcoin transaction. This implies that every transaction is visible to everyone who has access to the blockchain and that anyone may see all the transactions connected to a specific Bitcoin address. A threat actor or law enforcement agency might track every transaction you ever made if they were able to connect your Bitcoin address to your identity. 

The Use of Third-Party Services Required 

Bitcoin is dependent on outside services. For instance, you must register with an exchange if you want to purchase Bitcoin. The vast majority of exchanges demand multiple forms of identity verification from users. Your name, email address, street address, and other details are all covered by this. Most will also require a photo of an ID issued by the government. 

Government surveillance 

Governments worldwide are warming up to the idea of regulating Bitcoin since it has long been favored by criminals of all sorts. However, surveillance also endangers privacy in addition to controlling it. Law enforcement organizations swiftly adjusted to this new reality and now employ blockchain analysis to identify Bitcoin users and track their transactions. Even if you don't mind a third-party service knowing your identity, consider what may happen if it experienced a data breach. 

How to Safeguard Your Bitcoin 

The safety of your Bitcoin largely depends on how you store it. Your choice of crypto wallet and the degree of encryption it employs are key factors in ensuring the security of your currencies. 

Ryan Burke, general manager at Invest at M1 asserts that convenience and security are not always mutually exclusive. 

Although less practical than hot wallets, he claims that offline "cold" wallets that are not connected to the internet are safe against attack. Cold wallets can also be stolen or destroyed. Burke warns that if you misplace your private key or lose a device or drive, you will have trouble. 

Because you can access your cryptocurrencies from everywhere there is an internet connection or phone service, hot wallets are more practical but also more prone to hacking. 

“A prudent strategy is to use a combination of hot and cold storage, with most assets being held in cold storage,” Burke added. 

Before registering for a wallet or service, experts advise reading the terms and conditions so that your bitcoin doesn't unintentionally become another victim of the crypto liquidity crisis. Investigate whether buying Bitcoin is a good fit for your financial portfolio, just like with any other investment. Be ready for highs and lows if you decide to purchase BTC as part of your investing plan.
Read more »
Malware Report
Blockchain Glupteaba Google malware Malware Report

Glupteba Malware has Returned After Being Disrupted by Google



After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google's efforts, the blockchain-enabled botnet could be seriously disrupted in December 2021 by securing court orders for control of its infrastructure as well as filing legal claims against two Russian operators. 

Based on Nozomi's analysis, blockchain transactions, TLS certificate registrations, and reverse engineering Glupteba samples, there is a new, large-scale campaign of Glupteba that started in May 2022 and continues to be conducted today. 

Blockchain as a hiding place

The virus Glupteba is modular and designed using blockchain technology. It aims to mine cryptocurrencies, steal user credentials and cookies, and deploy proxy servers on Windows and IoT systems. A large percentage of the malware is distributed through malvertising on a pay-per-install (PPI) network or traffic distribution system (TDS) pushing installers disguised as free software, videos, and movies by cybercriminals, after which they are sold to other cybercriminals as 'residential proxies.' 

As part of its evasion strategy, Glupteba utilizes the Bitcoin blockchain to obtain updated lists of command and control servers so that it can contact them to execute commands. 

A discover function in the botnet's clients allows them to find the address of the C2 server in an encrypted format. With this method, they enumerate the servers of Bitcoin wallets, retrieve their transactions, and then parse them to find an AES-encrypted address in an encoded format. Since Glupteba has employed this approach for many years, they offer a resilient stance against attacks. 

There is no way to wipe out blockchain transactions, so C2 address takedown efforts have a limited impact on the botnet since blockchain transactions cannot be erased. Additionally, law enforcement cannot plant payloads onto the controller address of Bitcoin without a Bitcoin private key. It means there can be no sudden botnet takeovers or global deactivations, like what happened to Emotet in early 2021. 

It is pertinent to note that Bitcoin is a public blockchain, which means anyone is entitled to access it and scrutinize transactions to gather information. 

It was reported by Nozomi that Glupteba continues to use blockchain in the same manner as it used years ago. Therefore, it was only a matter of scanning the whole blockchain to reveal hidden C2 domains within the network. 

Tremendous effort was put into the process, which involved the scrutiny of more than 1,500 Glupteba samples uploaded to VirusTotal. Several samples were analyzed so that wallet addresses could be extracted and encryption keys associated with the malware could be used to decrypt transaction payload data. 

Further, Nozomi made use of passive DNS records to find domains and hosts associated with Glupteba. 

The team examined the latest set of TLS certificates issued by the malware to unearth more information about the infrastructure the malware relies upon. 

An investigation by Nozomi identified 15 Bitcoin addresses that participated in the Glupteba campaign four times. This was the most recent one starting in June 2022, six months after Google disrupted the campaign. It is still in the midst of this campaign. 

The botnet is now even more resilient because it uses more Bitcoin addresses than ever. As a result of similar redundancy efforts, the number of TOR hidden services used as C2 servers has increased 10-fold since the 2021 campaign, following the same model. 

A particularly prolific address had 11 transactions over the past year, and more than 1,197 samples were connected to it. The last activity occurred on 11/8/2022, which made it the most active address. Also, Nozomi reports that many Glupteba domain registrations have been discovered in passive DNS data since November 22, 2022. 

Based on the information provided above, it is obvious that the Glupteba botnet has struck back at the scene and is again in attack mode. This organization is now much larger than it once was and has the potential to become even more resilient as a result. Because of the number of fallback addresses, it has set up, it is resisting any takedown attempts by researchers and law enforcement agencies due to their tightening up of security.

Read more »
Hacking
Blockchain Blockchain Security Crypto cryptocurrency Cyber Crime Hacking

The Sprouting Connection Between Cybercrime and Cryptocurrency


The wild journey of cryptocurrencies has not only been influencing people to mine or trade crypto. But, the enigmatic stages behind crypto have also become a significant link for cybercrime activities.

According to the latest report by Interisle Counseling Gathering, illegal activities pertaining to cryptocurrencies have grown by 257% over the past year, with wallets and trades being the most vulnerable to attacks. 

Cybercriminals are experiencing exceptional results in their operations, by engaging in techniques similar to methods used in other online monetary crimes on virtual monetary forms. 

How is Cryptocurrency the Most Suitable for Cybercrime? 

The autonomous, anonymous and permanent attributes of crypto transactions make cryptocurrency ideal for cybercrime activities. 

Crypto has emerged as a highly-priced vehicle for threat actors for the following reasons: 

1. No Oversight: Fundamental authorities such as banks, or government agencies, which generally play the role of a middleman in financial transactions, do not intervene in crypto transactions. 

2. Anonymity of threat actors: Crypto transactions do not transmit any detail that could possibly disclose the hacker in any way, such as names, email addresses, or other background information. There is only one wallet address, which is a collection of otherwise cryptic letters and numbers. Additionally, hackers frequently use numerous wallets to further "wash" transactions. 

3. Transactions are permanent: In crypto, money being exchanged cannot be reversed. The transaction is out of an individual's hands, just like using cash. Additionally, hackers can easily flee the scene of cybercrime, like ransomware, without being detected. 

With the constant decline in the value of cryptocurrency, cybercriminals who have considerable expertise in ransomware attacks are compelled to reconsider how they collect their payoffs and the amount they could demand. 

The crypto crash has as well resulted in the bankruptcy of many online crypto-trade commercial centers, where cybercriminals apparently deal with their cash or payoffs. For an instance, last year, at least 30 more modest dim web trade centers went bankrupt, and later closed down. Hackers still retain the mentality of a conventional financial backer: if the value of a resource starts to decline, they usually cash out rapidly to limit their losses. 

Blockchain Paving Way for Advanced Network Protection: 

Blockchain technology emerged as a significant founding for Bitcoin over 10 years ago, while it was also largely compared to the cryptocurrencies at that time. However, advanced blockchain application, like Ethereum has become more widely popular, for it has newer market segments such as non-fungible tokens (NFTs) and decentralized, distributed-computing led finance platforms. 

This decentralized and consensus-oriented characteristic of Blockchain allows higher resilience to cyberattacks. In the presence of Blockchain, the threat actor will need to acquire control of the majority of nodes to alter ledger transactions, which is extremely difficult and costly, in order to be able to carry out a hack successfully. 

Moreover, a domain name server (DNS) that maps IP addresses to a website name can also be moved to a blockchain platform, dispersing resources across various nodes and making it more difficult for the hacker to access the data. Thus, making blockchain systems a technology that could be a game changer in combating future cybercrimes. 

Crypto and Cyber Skills Rules the Day

The new generation of tech experts is currently in the forefront to combat cybercrime, with their advanced skillsets and tools that operate a step ahead of threat actors. From becoming a Blockchain Developer, where one can master architectural principles of blockchain and develop apps in a corporate environment, to becoming a Certified Ethical Hacker (CEH), where you are trained to investigate vulnerabilities in target systems and utilize the same techniques as malicious hackers, one can procure great opportunities to combat cybercrimes in crypto.  

Read more »
Technology
Blockchain cryptocurrency Digital Wallet FTX Security Technology

The Hunt for the FTX Thieves Has Started

 

Cryptocurrency has always provided an interesting mix of temptations and difficulties for those trying to steal it.  It is a lucrative target because it is digital cash held in multibillion-dollar sums on hackable, internet-connected networks. However, once stolen, the blockchains on which almost every cryptocurrency is built allow for tracking the money's every move and, in many cases, identifying the thieves.  

Recently, unknown transactions were reported to have drained FTX wallets. As per observers, FTX was hacked or insiders stole client funds during the abrupt FTX collapse. There have been "unauthorized transactions" from the group's wallets to addresses not controlled by FTX, according to FTX US general counsel Ryne Miller. FTX filed for Chapter 11 bankruptcy protection from its creditors yesterday. These creditors are concerned that some of their funds will be unavailable for payment.

On Twitter, a developer announced that "hundreds of millions of dollars" in cryptocurrency were being transferred from FTX wallets. Because of the late hour of the transactions, it appeared that liquidators were not assisting creditors.

Afterward, on-chain forensics expert ZachXBT tweeted that the receiving addresses were not FTX wallets, according to former FTX employees. Because FTX and FTX US are supposedly separate businesses and were operated as such, a hacker would be unlikely to gain simultaneous access to the private keys of both exchanges unless they had inside information or were insiders.

However, given FTX's demise, anything is possible. According to Bloomberg, junior employees took the initiative to sell off some of FTX's troubled assets. There are two major drainage areas that have been identified. It is possible that up to $383 million in cryptocurrency was stolen:
Main draining address: 
https://etherscan.io/address/0x59abf3837fa962d6853b4cc0a19513aa031fd32b

Shitcoin draining address:
https://etherscan.io/address/0xd8019a114e86ad41d71a3eeb6620b19dd166a969

According to Nansen, a crypto analytics research firm, the outflows totaled at least $266 million. As per the Australian Financial Review, the number of missing funds in Ethereum, Solana, BNB LINK, AVAX, and MATIC could be as high as $600 million.

Were the FTX app and website also compromised?

There are also unconfirmed reports that the FTX app has been infected with malware and should no longer be used, as well as the FTX website. However, Rey, an FTX Telegram administrator, uploaded it.

Nevertheless, the puzzling scenario for the 1,2 million FTX customers is still evolving. The FTX app has been updated, but for the time being, experts recommend all FTX clients avoid running the update or interacting with their FTX account.

Customers are advised not to make any changes to their accounts until further information, presumably in the form of an official announcement from FTX, becomes available. According to his most recent tweet, Binance founder and CEO Changpeng Zhao (CZ) is unimpressed with the latest turn of events. Elon Musk also contributed, despite the fact that he was expected to be preoccupied with the blue tick scandal.
Read more »
Google
Blockchain Cloud Services Crypto Currency Cyber Security DDOS Attacks Google

Google Cloud Delivers Web3 Developers for Blockchain Node Engine

The Blockchain still has more than 38 million customers in 140 countries worldwide, according to the Google Cloud website. In a news release, the business stated that the launch represents a resolve to aid Web3 developers in creating and deploying new products on platforms based on blockchain technology. 

Blockchains serve as a sort of decentralized database because they are made up of transaction data that is encrypted and permanently stored. The governing infrastructure is a node, which is a computer or server that holds the whole copy of the blockchain's transaction history in addition to depending on a central authority to confirm data.

Amit Zavery, GM and VP of engineering and platform, and James Tromans, director of cloud web3, announced the new service in a blog post that explained how difficult it is for blockchain nodes to stay in sync since they must continually exchange the most relevant blockchain data. It requires a lot of resources and data.

By providing a service model to handle node creation and a safe development environment in a fully managed product, Google Cloud aims to make it simpler. From Google's standpoint, it is far simpler to let them handle the labor-intensive tasks while you focus on creating your web3 application.

Additionally, Web3 businesses that need dedicated nodes can create effective contracts, relay transactions, read or write blockchain data, and more using the dependable and fast network architecture of Google Cloud. Organizations using Web3 benefit from quicker system setup, secure development, and managed service operations.

The goal of Google's blockchain service is to deploy nodes with the security of a virtual private cloud firewall that restricts networking and communication to vetted users and computers. The ability to access the notes from processes like distributed denial of service assaults will be restricted by other services like Google Cloud Armor.

Gains from Node Engine

The majority will adopt this method after Ethereum, which will employ it first. The following are some advantages that businesses could gain from using this Google Cloud Node Engine.

It takes a significant amount of time to manually node, and it can prove difficult for a node to sync with the network. However, the developers can deploy nodes using Google Cloud's Node Engine in a single transaction, simplifying and speeding up the procedure.

In the realm of cryptocurrency, data security is of utmost importance. The developers will benefit from the Engine Node's assistance in protecting their data and preventing illegal access to the nodes. Additionally, Google Cloud shields the nodes from DDoS assaults, just like Cloud Armor.

This development seeks to "assist enterprises with a stable, easy-to-use blockchain node web host so they can focus their efforts on developing and scaling their Web3 apps," according to Google Cloud's official website.

An approved group fully manages the Google Cloud Engine Node. The staff will administer the system during an outage, therefore you will have no concerns about availability. Nodes need to be restarted and monitored during an outage; the group will take care of it for clients.

Read more »
Technology
Binance Bitcoin Blockchain China Crypto Currency Digital Asset HahKey Fintech FTX Hong Kong Singapore Technology

Hong Kong Will Legalize Retail Crypto Trading to Establish a Cryptocurrency Hub

 


A plan to legalize retail cryptocurrency trading has been announced by Hong Kong to create a more friendly regulatory regime for cryptocurrencies. There has been an opposite trend over the last few years in the city, with skeptical views, as well as China's ban on the practice. 

According to sources familiar with the matter, an upcoming mandatory licensing program for crypto platforms scheduled to take effect in March next year will allow retail traders access to crypto platforms. There has been a request not to name these people since they are not authorized to release this information publicly.

There have been reports that the regulators are planning to allow the listing of higher-value tokens in the coming months but will not endorse specific coins such as Bitcoin or Ether, according to the people. They noted that the details and timeframe are yet to be finalized since a public consultation is due first.

At a fintech conference that starts on Monday, the government is expected to provide more details regarding its recently announced goal of creating a top crypto hub in the region. To restore Hong Kong's reputation as a financial center after years of political turmoil and the aftermath of Covid curbs sparked a talent exodus, the marketing campaign comes amid a larger effort to put Hong Kong back on the map.

Gary Tiu, executive director at crypto firm BC Technology Group Ltd, said that, while mandatory licensing in Hong Kong is one of the most effective things regulators can do, they cannot forever satisfy the needs of retail investors who are investing in crypto assets. 

Criteria for listing 

According to people familiar with the matter, the upcoming regime for listing tokens on retail exchanges is likely to include criteria such as the token's market value, liquidity, and membership in third-party crypto indexes to determine eligibility for listing. Their approach resembles the one they used when it came to structured products such as warrants, they continued. 

Hong Kong's Securities and Futures Commission spokesperson did not respond to a request for comment regarding the details of the revised stance adopted by the agency. 

Several crypto-related Hong Kong companies that are listed on the stock exchange increased their share prices on Friday. In the same report, BC Technology climbed 4.8% to its highest in three weeks during the third quarter, whilst Huobi Technology Holdings Ltd. rose slightly. 

In a world where more and more regulators are grappling with how to manage the volatile area of digital assets. This area has gone through a $2 trillion rout, following a peak in early November 2021. The sector is finding it difficult to regain its previous strength. Firms that dealt in cryptocurrency were crushed by the crash because their leverage grew without limit and their risk management methods were exposed.

It is widely believed that Singapore has tightened up its digital-asset rules to curb retail trading in digital assets to deal with the implosion that has hit Hong Kong. 

There was a proposal earlier this week by Singapore to ban the purchase of leveraged retail tokens on the retail market. There was a ban on cryptos in China a year ago because it was largely illegal. 

Michel Lee, executive president of digital-asset specialist HashKey Group, said that Hong Kong is trying to frame a crypto regime that extends beyond the retail token trading market to incorporate all types of digital assets, including cryptocurrencies. 

Bringing the ecosystem to the next level 

Among other things, Lee believes that tokenized versions of stocks and bonds could become a much more significant segment in the future as time passes on. Lee said, "Just trading digital assets on its own is not the goal". According to Lee, digital assets are not intended to be traded on their own but the ecosystem must grow as quickly as possible.”

A big exchange such as Binance and FTX once had their base in Hong Kong. Their attraction was the reputation of a laissez-faire regime and their strong ties to China. A voluntary licensing regime, that was introduced by the city in 2018, limited crypto platforms' access to clients with portfolios exceeding HK$8 million ($1 million) to those with portfolios of less than that amount. 

It has been confirmed that only two firms have been approved to operate under the license, BC Group and HashKey. FTX successfully managed to turn away the more lucrative consumer-facing business to the Bahamas last year as a result of the signal of a tough approach. 

However, the plan to attract crypto entrepreneurs back to Hong Kong seems to be a bit short of what is needed to usher them back. Among other things, it remains to be seen if mainland Chinese investors would be able to trade in tokens through Hong Kong if that were to be permitted. 

Leonhard Weese, the co-founder of the Bitcoin Association of Hong Kong, expressed a fear that there might be a very strict licensing regime in the future. "The conversations I have had indicate that people still fear it will be very stressful," he said. The company claims that it is not competitive on the same level as overseas platforms. Therefore, it will not be as attractive to customers as it would be if it dealt directly with retail users. 

According to blockchain specialist Chainalysis Inc., the volume of digital-token transactions in Hong Kong through June declined less than 10% from a year earlier, the most modest increase in the region outside of a slump in China, in the 12 months through June. It has fallen two positions from its global ranking of 39 in 2021 to 46 in 2022 when it comes to crypto adoption throughout the city. 

The Securities and Futures Commission of Hong Kong's Fintech Department has also suggested that the city could take further steps in this area, including the establishment of a regime to authorize exchange-traded funds seeking exposure to mainstream virtual assets. 

It shows that the one country, two systems principle is being put into action in financial markets, Wong said at an event last week. He said that the fact that the city can introduce a cryptocurrency framework distinct from China's indicates how far it has come.
Read more »
Protocols
Blockchain Cryptocurrencies Cyber Security DeFi Platforms FBI Protocols

FBI Alerts of Rise in Attacks Targeting DeFi Platforms

 

The FBI is alerting of an increase in cryptocurrency theft attacks on decentralised finance (DeFi) platforms.

According to the agency, criminals are exploiting the increased interest in cryptocurrency, as well as the complex functionality and open-source nature of DeFi platforms, to carry out nefarious activities.

According to the FBI, cybercriminals are stealing virtual currency and causing investors to lose money by utilising security flaws in the smart contracts that govern DeFi platforms. Smart contracts, defined as self-executing contracts containing the terms of an agreement between a buyer and a seller within their lines of code, are present throughout the decentralised blockchain network.

DeFi platforms accounted for roughly 97% of the $1.3 billion in cryptocurrencies stolen by cybercriminals between January and March 2022, an increase from 72% in 2021 and 30% in 2020.

According to the FBI, cybercriminals have also initiated flash loans to trigger an exploit in the DeFi platform's smart contracts (resulting in $3 million in cryptocurrency losses), exploited a signature verification bug in a DeFi platform's token bridge (resulting in $3 million in cryptocurrency losses), and tampered cryptocurrency price pairs (to steal $35 million in cryptocurrency).

Before investing, investors should research DeFi platforms, protocols, and smart contracts to identify potential risks and ensure that the DeFi investment platform's code has been audited at least once.

Furthermore, they should be cautious of DeFi investment pools with short timeframes for joining and rapid deployment of smart contracts, as well as the dangers posed by crowdsourced solutions in terms of bug hunting and patching.

According to the FBI, DeFi platforms should implement real-time analytics, monitoring, and code testing to address vulnerabilities and possibly shady activity, as well as an incident response plan that includes informing investors of any suspicious activity, including smart contract exploitation.
Read more »
Security
Blockchain Crypto Cyber Fraud Data Fraud Deepfake Fraud Holograms Scam Scammers Security

Binance Executive: Scammers Created a 'Deep Fake Hologram' of him to Fool Victims

 

According to a Binance public relations executive, fraudsters created a deep-fake "AI hologram" of him to scam cryptocurrency projects via Zoom video calls.

Patrick Hillmann, chief communications officer at the crypto hypermart, stated he received messages from project teams thanking him for meeting with them virtually to discuss listing their digital assets on Binance over the past month. This raised some suspicions because Hillmann isn't involved in the exchange's listings and doesn't know the people messaging him.

"It turns out that a sophisticated hacking team used previous news interviews and TV appearances over the years to create a 'deep fake' of me," Hillmann said. "Other than the 15 pounds that I gained during COVID being noticeably absent, this deep fake was refined enough to fool several highly intelligent crypto community members."

Hillmann included a screenshot of a project manager asking him to confirm that he was, in fact, on a Zoom call in his write-up this week. The hologram is the latest example of cybercriminals impersonating Binance employees and executives on Twitter, LinkedIn, and other social media platforms.

Scams abound in the cryptocurrency world.
Despite highlighting a wealth of security experts and systems at Binance, Hillman insisted that users must be the first line of defence against scammers. He wrote that they can do so by being vigilant, using the Binance Verify tool, and reporting anything suspicious to Binance support.

“I was not prepared for the onslaught of cyberattacks, phishing attacks, and scams that regularly target the crypto community. Now I understand why Binance goes to the lengths it does,” he added.

The only proof Hillman provided was a screenshot of a chat with someone asking him to confirm a Zoom call they previously had. Hillman responds: “That was not me,” before the unidentified person posts a link to somebody’s LinkedIn profile, telling Hillman “This person sent me a Zoom link then your hologram was in the zoom, please report the scam”.

The fight against deepfakes
Deepfakes are becoming more common in the age of misinformation and artificial intelligence, as technological advancements make convincing digital impersonations of people online more viable.

They are sometimes highly realistic fabrications that have sparked global outrage, particularly when used in a political context. A deepfake video of Ukrainian President Volodymyr Zelenskyy was posted online in March of this year, with the digital impersonation of the leader telling citizens to surrender to Russia.

On Twitter, one version of the deepfake was viewed over 120,000 times. In its fight against disinformation, the European Union has targeted deepfakes, recently requiring tech companies such as Google, Facebook, and Twitter to take countermeasures or face heavy fines.
Read more »
zero Day vulnerability
Blockchain Crypto heist Data Breach Supply Chain Attack zero Day vulnerability

Solana Funds Breached via Unknown Bug

After customers complained about their funds being stolen, Solana, a blockchain that is growing in popularity for its quick transactions, became the subject of the most recent breach in the cryptocurrency world.

The platform has launched an inquiry and is currently attempting to ascertain how the hackers were able to steal the money. 

What is SOL?

The value of Solana's stake, dropped by 7% to $38.4 in the past day, marking its lowest level in a week.

Solana is an open-source project that relies on the permissionlessness of blockchain technology to offer decentralized financial (DeFi) solutions. According to CoinGecko, end-user applications in the Solana ecosystem include non-fungible tokens (NFT), marketplaces, gaming, e-commerce, and decentralized finance (DeFi).

According to CoinGecko, Solana is one of the top 10 cryptocurrency assets in terms of market value, although its value has fallen significantly from its all-time high of $259.96 reached in November 2021.

The primary reason for the breach

The security problem appears to have affected more than 8,000 wallets, depleting them of their SOL tokens and USDC stablecoins, according to Changpeng  Zhao, CEO of cryptocurrency exchange Binance.

A blockchain consulting firm called Elliptic stated that the attack started on August 2 and has already resulted in the data theft of $5.8 million for its clients. The Solana cryptocurrency, and non-fungible tokens, as per the report, were among the stolen goods.

Elliptic noted that the issue didn't seem to be with the blockchain core, the digital ledger of transactions that serves as the foundation of cryptocurrency assets, but rather with software utilized by such wallets.

Phantom, Slope, and TrustWallet are among the other wallets that have been compromised by the hack.

Several blockchain security experts believe that a supply chain attack, a browser zero-day vulnerability, or a flawed random number generator used during the key generation process might have been leveraged to access such a huge number of private keys.


Read more »
U.S. Crypto
Blockchain Crypto Hack cryptocurrency Technology U.S. Crypto

Hacker Steals $100 million Worth of Crypto from Harmony Horizon Bridge

 

Earlier this week, the Horizon bridge linking Harmony – a Layer-1 PoS blockchain designed for native token ONE – to the Ethereum and Binance Chain ecosystem was exploited, resulting in a loss of nearly $100 million in Ethereum. Fortunately, the BTC bridge remained unaffected and has been shut down to prevent further losses. 

The U.S. crypto startup has notified the FBI and requested to assist with an investigation in identifying the culprit and retrieving stolen assets. 

“The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds,” the company posted on Twitter. 

“We have also notified exchanges and stopped the Horizon bridge to prevent further transactions. The team is all hands-on deck as investigations continue. We will keep everyone up-to-date as we investigate this further and obtain more information.”

The attack appears to have taken place over the span of 17 hours, starting at about 7:08 am EST until 7:26 am EST. The value of the first transaction was 4,919 ETH, followed by multiple smaller transactions ranging from 911 to 0.0003 ETH. The last one took place after the bridge had been shut down. 

The hack is the latest in a series of exploits affecting the crypto space. So far, Frax (FRAX), Wrapped Ether (wETH). Aave (AAVE), SushiSwap (SUSHI), Frax Share (FXS), AAG (AAG), Binance USD (BUSD), Dai (DAI), Tether (USDT), Wrapped BTC (wBTC), and USD Coin (USDC) have been stolen from the bridge via this exploit. 


Interestingly, a warning was issued by an independent researcher and blockchain developer Ape Dev back on the 2nd of April. In a series of tweets, the researcher warned that the security of the Horizon bridge hinged on a multisignature — or “multisig” — a wallet that required just two signatures to initiate transactions. The hackers could exploit this loophole to execute a very simple attack by getting 2 of the owners to sign off on transfers worth up to $330million. 

The hack adds to a series of negative news in the crypto space lately. Crypto lenders Celsius and Babel Finance put a freeze on withdrawals after a sharp drop in the value of their assets resulted in a liquidity crunch. Meanwhile, crypto hedge fund Three Arrows Capital could be declared as a defaulter for failing to repay a $660 million loan from brokerage firm Voyager Digital.
Read more »
Passwords
Blockchain cryptocurrency Digital Assets Fake Sites malware NFT Passwords

Alert! Scam Pixelmon NFT Website Hosts Password-stealing Malware

 

A bogus Pixelmon NFT site tempts visitors with free tokens and collectables while infecting them with spyware that steals their cryptocurrency wallets. Pixelmon is a popular NFT project with plans to create an online metaverse game where users can gather, train, and battle other players with pixelmon pets. 

The project has attracted a lot of attention, with nearly 200,000 Twitter followers and over 25,000 Discord members. Threat actors have replicated the original pixelmon.club website and built a fake version at pixelmon[.]pw to deliver malware to take advantage of this interest. Instead of providing a demo of the project's game, the malicious site provides executables that install password-stealing malware on a device. 

The website is selling a package named Installer.zip that contains a faulty executable that does not infect customers with malware. However, MalwareHunterTeam, which was the first to identify this malicious site, detected other dangerous files transmitted by it, allowing to see what malware it was spreading. Setup.zip, which contains the setup.lnk file, is one of the files sent by this fraudulent site. Setup.lnk is a Windows shortcut that runs a PowerShell command to download pixelmon[.]pw's system32.hta file. 

When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing malware that is no longer widely used. Security researcher Fumik0_, who has previously examined this malware family, confirmed this. When launched, the Vidar sample from the threat actor connects to a Telegram channel and retrieves the IP address of a malware's command and control server. The malware will then obtain a configuration instruction from the C2 and download further modules to steal data from the afflicted device. 

Vidar malware may steal passwords from browsers and apps, as well as scan a computer for files with certain names, which it subsequently sends to the threat actor. The C2 commands the malware to seek for and steal numerous files, including text files, cryptocurrency wallets, backups, codes, password files, and authentication files, as seen in the malware setup below. Because this is an NFT site, visitors are expected to have bitcoin wallets installed on their PCs. 

As a result, threat actors focus on looking for and stealing cryptocurrency-related files. While the site is presently not distributing a functioning payload, BleepingComputer has observed evidence that the threat actors have been modifying the site in recent days, as payloads that were available two days ago are no longer available. 

One can expect this campaign to continue to be active, and working threats to be added soon, based on the site's activity. Due to the high number of fraudsters attempting to steal the bitcoin from NFT projects, one should always double-check that the URL they are viewing is indeed associated with  their interested project.
Read more »
RedLine Stealer
Binance Blockchain Crypto Scam Crypto Wallets Cyber Security Netskope NFTs Phishing Attacks RedLine Stealer

Users' Crypto Wallets are Stolen by Fake Binance NFT Mystery Box Bots

 

Researchers have discovered a new campaign to disperse the RedLine Stealer — a low-cost password seeker sold on underground forums — by mutating oneself with the data malware from GitHub repositories using a fake Binance NFT mystery box bots, an array of YouTube videos that take advantage of global interest in NFTs. 

The enticement is the promise of a bot that will automatically purchase Binance NFT Mystery Boxes as they become available. Binance mystery boxes are collections of non-fungible token (NFT) things for users to purchase in the hopes of receiving a one-of-a-kind or uncommon item at a discounted price. Some of the NFTs obtained in such boxes can be used in online blockchain games to add unusual cosmetics or identities. However, the bot is a hoax. According to Gustavo Palazolo, a malware analyst at Netskope Threat Labs, the video descriptions on the YouTube pages encourage victims to accidentally download RedLine Stealer from a GitHub link. 

In the NFT market, mystery boxes are popular because they provide individuals with the thrill of the unknown as well as the possibility of a large payout if they win a rare NFT. However, marketplaces such as Binance sell them in limited quantities, making some crates difficult to obtain before they sell out. 

"We found in this attempt that the attacker is also exploiting GitHub in the threat flow, to host the payloads," Palazolo said. "RedLine Stealer was already known for manipulating YouTube videos to proliferate through false themes," Palazolo said. The advertising was spotted by Netskope in April. "While RedLine Stealer is a low-cost malware, it has several capabilities that might do considerable harm to its victims, including the loss of sensitive data," Palazolo said. This is why prospective buyers frequently use "bots" to obtain them, and it is exactly this big trend that threat actors are attempting to exploit. 

The Ads were uploaded during March and April 2022, and each one includes a link to a GitHub repository that purports to host the bot but instead distributes RedLine. "BinanceNFT.bot v1.3.zip" is the name of the dropped file, which contains a program of a similar name, which is the cargo, a Visual C++ installation, and a README.txt file. Because RedLine is written in.NET, it demands the VC redistributable setup file to run, whereas the prose file contains the victim's installation instructions.

If the infected machine is found in any of the following countries, the virus does not run, according to Palazolo: Armenia, Azerbaijan,  Belarus,  Kazakhstan,  Kyrgyzstan,  Moldova,  Russia,  Tajikistan Ukraine, and Uzbekistan.

The repository's GitHub account, "NFTSupp," began work in March 2022, according to Palazolo. The same source also contains 15 zipped files including five different RedLine Stealer loaders. "While each of the five loaders we looked at is slightly different, they all unzip and inject RedLine Stealer in the same fashion, as we discussed earlier in this report. The oldest sample we identified was most likely created on March 11, 2022, and the newest sample was most likely compiled on April 7, 2022," he said. These promotions, on the other hand, use rebrand.ly URLs that lead to MediaFire downloads. This operation is also spreading password-stealing trojans, according to VirusTotal. 

RedLine is now available for $100 per month on a subscription basis to independent operators, and it allows for the theft of login passwords and cookies from browsers, content from chat apps, VPN keys, and cryptocurrency wallets. Keep in mind that the validity of platforms like YouTube and GitHub doesn't really inherently imply content reliability, as these sites' upload checks and moderation systems are inadequate.
Read more »
non-fungible token
Bitcoin Scam Blockchain Crypto Scam Cyber Attacks Ethereum NFTs non-fungible token

 Ferrari Subdomain was Seized over to Promote a Bogus Ferrari NFT Collection

 

Cyberattackers hacked Ferrari's subdomains website to promote a fake NFT collection that pretended to be the much-anticipated official one and duped its consumers. 

Non-fungible tokens, or NFTs, are a new sort of digital asset that has been gaining popularity as big tech constructs the Metaverse. NFT is data recorded on a cryptocurrency blockchain that has been signed by a digital certificate to verify it is unique and cannot be copied. Having an NFT is similar to having a real asset, except the real deal is digital. The NFT trend is quickly spreading and is closely tied to cryptocurrency. It's also expanding rapidly. To mention a few, One Plus, Budweiser, Nike, Visa, Adidas, and Louis Vuitton have all entered the NFT realm. NFTs usually sell for a few dollars, however, in rare situations, the price of NFTs can surge. 

Sam Curry, an ethical hacker and bug bounty hunter, reported seeing one of Ferrari's subdomain forms on Thursday. A false NFT (Non-Fungible Token) fraud is hosted on ferrari.com.

Having a brand new Ferrari is exclusive for the wealthy, with prices ranging from $250,000.00 to 1.8 million dollars. Last year Ferrari announced it might soon sell digital Ferrari NFTs to appease its fan base, which made this scam all very convincing. 

Ferrari and Velas Network AG have established a new relationship. Velas stated that they would break into Formula 1 in 2022 alongside Ferrari. Internationally, the company is noted for its transparency and leadership in blockchain, digital products, and services. 

"Mint your Ferrari," a crypto scam, encouraged users to buy NFT tokens by falsely claiming Ferrari had launched "a collection of 4,458 horsepower [sic] NFTs on the Ethereum network." 

Further analysis by Curry and a security engineer is known as d0nut found how attackers hacked the subdomain and used an Adobe Experience Manager weakness to host its bitcoin fraud.

"After more investigation, it appears that this was an Adobe Experience Manager exploit. By poking around, you can still uncover remains of the unpatched site," Curry wrote.

Many people have criticized blockchains for conducting crypto trading and NFT services because of it's large energy consumption and environmental impact. Ferrari picked Velas for more than just the speed. The company operates in a carbon-neutral manner. Ferrari while announcing the big news claimed that "they have transformed the world of blockchain by inventing a pioneering, energy-efficient platform that functions at unprecedented speed."
Read more »
Subscribe to: Posts (Atom)