Search This Blog

Showing posts with label Crypto Crime. Show all posts

Is Bitcoin Actually Safe? Here’s All You Need to Know


Since its creation in 2009, Bitcoin, the first and best-known cryptocurrency in the world, has had many ups and downs. One bitcoin was essentially useless when it first started. 

In May 2010, Laszlo Hanyecz purchased two pizzas for around 10,000 bitcoins, marking the first bitcoin transaction for the purchase of tangible items (BTC). The cost of those pizzas would have been approximately $650 million USD at the highest recorded price of bitcoin, which was almost $65,000 USD per coin. 

However, this year Bitcoin witnessed a fall of roughly 60%. In the meanwhile, the absence of a regulatory framework led to an increase in crypto crimes. The Federal Trade Commission estimated that bitcoin fraud cost INR 27 billion in just the first three months of this year. 

Despite the cryptocurrency market's volatility, advocates of Bitcoin have consistently argued that it provides anonymity and security that traditional money cannot. That's not actually true, though. Contrary to popular belief, Bitcoin is not at all secure or private. Bitcoin privacy issues Bitcoin does include some privacy precautions that most fiat currencies do not, such as the ability to create addresses that are unrelated to a person's identity. But it's not at all private. Here are the primary three justifications. 

Transactions are openly disclosed 

The blockchain, a public ledger, contains a record of every Bitcoin transaction. This implies that every transaction is visible to everyone who has access to the blockchain and that anyone may see all the transactions connected to a specific Bitcoin address. A threat actor or law enforcement agency might track every transaction you ever made if they were able to connect your Bitcoin address to your identity. 

The Use of Third-Party Services Required 

Bitcoin is dependent on outside services. For instance, you must register with an exchange if you want to purchase Bitcoin. The vast majority of exchanges demand multiple forms of identity verification from users. Your name, email address, street address, and other details are all covered by this. Most will also require a photo of an ID issued by the government. 

Government surveillance 

Governments worldwide are warming up to the idea of regulating Bitcoin since it has long been favored by criminals of all sorts. However, surveillance also endangers privacy in addition to controlling it. Law enforcement organizations swiftly adjusted to this new reality and now employ blockchain analysis to identify Bitcoin users and track their transactions. Even if you don't mind a third-party service knowing your identity, consider what may happen if it experienced a data breach. 

How to Safeguard Your Bitcoin 

The safety of your Bitcoin largely depends on how you store it. Your choice of crypto wallet and the degree of encryption it employs are key factors in ensuring the security of your currencies. 

Ryan Burke, general manager at Invest at M1 asserts that convenience and security are not always mutually exclusive. 

Although less practical than hot wallets, he claims that offline "cold" wallets that are not connected to the internet are safe against attack. Cold wallets can also be stolen or destroyed. Burke warns that if you misplace your private key or lose a device or drive, you will have trouble. 

Because you can access your cryptocurrencies from everywhere there is an internet connection or phone service, hot wallets are more practical but also more prone to hacking. 

“A prudent strategy is to use a combination of hot and cold storage, with most assets being held in cold storage,” Burke added. 

Before registering for a wallet or service, experts advise reading the terms and conditions so that your bitcoin doesn't unintentionally become another victim of the crypto liquidity crisis. Investigate whether buying Bitcoin is a good fit for your financial portfolio, just like with any other investment. Be ready for highs and lows if you decide to purchase BTC as part of your investing plan.

Hackers Leaked Stolen Data of 5.7M Gemini Users

Gemini crypto exchange recently made an announcement this week that its customers have been victimized in a phishing campaign after a group of malicious actors collected their personal credentials by breaching a third-party vendor. 

The notification of the attack came to light after multiple posts on hacker forums observed by BleepingComputer offered to sell a database reportedly from the Gemini crypto exchange containing email addresses and phone numbers of 5.7 million customers. 

 “Some Gemini customers have recently been the target of phishing campaigns that we believe are the result of an incident at a third-party vendor. This incident led to the collection of Gemini customer email addresses and partial phone numbers...,” reads the advisory published by the crypto exchange. “…No Gemini account information or systems were impacted as a result of this third-party incident, and all funds and customer accounts remain secure.” 

The Gemini security team released a short notice in which it described the attack but did not disclose the name of a third-party vendor who suffered an "incident" that allowed unauthorized access to malicious actors. Because of the breach, customers of the company received phishing emails. 

However, as per the analysis of the attack, it has been observed that the mission of the threat actors is unknown. In the short report, the company wrote that the account information and its systems are safe from the attack and that fund and customer accounts "remain secure." 

After the attack, the company came back online after seven hours due to scheduled maintenance. "The Gemini Spaceship will undergo scheduled Exchange maintenance on Thursday, December 15th from approximately 10:00 p.m. until Friday, December 16th at 12:30 a.m. ET, and all user interfaces and trading will be unavailable during that time”, a notice on the exchange's status page read. 

Gemini advised its customers to use strong authentication methods and two-factor authentication (2FA) and/ or the hardware security keys to protect their networks and systems.

International Summit Agrees Crack Down on Digital Tokens to Counter Ransomware


In recent years, hackers have repeatedly requested crypto as their primary currency for ransomware payments. 

Earlier this week, The White House's second International Counter Ransomware Initiative summit which included 36 nations led by the US agreed to improve ransomware prevention measures, specifically regarding the use of cryptocurrencies to finance ransomware operations. 

The summit was far more explicit on digital tokens than it was during its inaugural outing last year, as concerns continue to rise over the ease with which hackers are able to access the digital tokens. One of the primary issues identified by the Counter Ransomware Initiative (CRI) was the laundering of cryptocurrency. 

To counter money laundering and the financing of terrorism, the CRI group said its anti-crypto work will focus on sharing information regarding nefarious crypto wallets across agencies worldwide, run workshops to enhance blockchain tracing, and implement identity authentication for crypto transactions.

As a result of the summit, a number of nations agreed to the establishment of an International Counter Ransomware Task Force (ICRTF) that will initially be chaired by Australia and work "to coordinate resilience, disruption, and counter illicit finance activities." 

The Lithuanian Regional Cyber Defense Center (RCDC) will also begin playing host to a new "fusion cell" that will be utilized as a test case for a more extensive information-sharing program. 

Meanwhile, over the next year, the CRI will design a roadmap for the identification of primary targets and warn multiple law enforcement agencies, put together a toolkit for other organizations to use for the investigation of ransomware attacks, and design channels between private and public bodies to share ransomware information. 

Ransomware is becoming an increasingly popular modus operandi employed by cybercriminals to extort unwitting victims. According to data reported by banks to the U.S. Treasury Department, U.S. financial entities observed approximately $1.2 billion in costs associated with ransomware attacks in 2021, a nearly 200 percent surge compared to 2020. 

“We may approach the challenge of ransomware with a different lens — and in some cases, an entirely different set of tools — but we are all here because we know that ransomware remains a critical threat to victims across the globe and continues to be profitable for bad actors,” Deputy Secretary of the Treasury Wally Adeyemo stated. 

“In fact, we know that hackers around the world consider conducting ransomware attacks the most profitable scheme on the internet. More profitable even than selling illegal drugs via dark net markets and stealing and selling stolen credit cards.”

Spidark Stole Ed Sheeran’s Unreleased Songs, Sentenced To 18 Months In Prison

A 23-year-old hacker, named Adrian Kwiatkowski who allegedly stole two unreleased songs from English singer-songwriter Ed Sheeran and 12 songs from American rapper Lix Uzi Vert has been sentenced to 18 months in prison. 
The hacker is charged with hacking the artists’ cloud-based accounts, the stolen songs were then sold for cryptocurrencies. He allegedly generated a sum of $147,000 from these nefarious transactions. 
Kwiatkowski pleaded guilty to a total of 19 charges, including copyright infringement and possessing criminal property. The hacker was charged with three instances of unauthorized access to computer data, 14 of making an article that violates copyright available for sale, one of converting criminal property, and two of possession of the criminal property, as per a report by the CPS. 
A search in the hacker’s laptop also unveiled 565 audio files, seven devices storing 1,263 unreleased songs by 89 different music artists, including the unreleased songs from Ed Sheeran and Lix Uzi Vert. Additionally, the hacker also admitted to receiving bitcoins in return for the unreleased songs. 
“Kwiatkowski had complete disregard for the musicians’ creativity and hard work producing original songs and the subsequent loss of earning” says Joanne Jakymec from the CPS. “He selfishly stole their music to make money for himself by selling it on the dark web […] We will be pursuing ill-gotten gains from these proceeds of crime.” 
According to a press release, Kwiatkowski was arrested on October 21st, Friday at Ipswich Crown Court, England. The hacker has been operating under the mononym Spirdark, and his operations were allegedly reported by numerous music companies. 
In 2019, an investigation took place by the Manhattan District Attorney’s Office, after a few musicians reported of someone with the name Spirdark has hacked their accounts. The investigation then led to the convict’s identification as Kwiatkowski via his email address and IP address. Later that year, London police detained the hacker. Eventually, he pleaded guilty to the charges.

Missing Cryptoqueen: Leaked Police Files May Have Alerted the OneCoin Fraudster Ruja Ignatova


Best known as the “Missing CryptoQueen,” convicted fraudster Ruja Ignatova who was included on the most wanted list by the US Federal Bureau of Investigation (FBI) is assumed to be receiving the information of the investigation before her disappearance. 
The 42-year-old fraudster, based in Bulgaria is convicted of her suspected involvement in the $4 billion OneCoin cryptocurrency fraud. The details of the scam were uncovered in a BBC podcast ‘The Missing Cryptoqueen’ devoted to the infamous fraudster. 

The police documents related to the case were apparently shown in the podcast by Frank Schneider, a former spy and trusted adviser to Ignatova. Following the allegations, Schneider is now facing extradition to the US for his role in the OneCoin fraud. 

While the metadata on the files suggests that Ignatova acquired the said documents through her own contacts in Bulgaria, Schneider denies the claims of obtaining the documents himself, which he says were obtained on a USB memory stick by Ignatova. 
Ignatova disappeared on October 25th, 2017, after being made aware of the police investigation into her OneCoin cryptocurrency. Following this, in June 2022 she was included in the FBI's most wanted list.
In an interview with the BBC, Schneider informed about the police files containing presentations made at a Europol meeting named ‘Operation Satellite.’ The meeting was attended by officials from Dubai, Bulgaria, the UK, Germany, and the Netherlands along with the FBI, the US Department of Justice, and the New York District Attorney five months before the disappearance of Ignatova. 
The said documents contained details of US authorities having a “high-placed confidential informant”, bank accounts from OneCoin receiving investor funds, and failed attempts of the UK's City of London to interview Ignatova. 

On being asked about the aforementioned files, Schneider said "When the Bulgarians participated at certain Europol meetings, it only took hours for her to get a complete rundown and get the minutes of what was said in those meetings.” “I can only deduce that it came from the circles that she was in and the she had through a variety of influential personalities.”

Hacked Devices Generated $53 for Every $1 Cryptocurrency Through Crypto Jacking


The team of security researchers evaluated the financial impact of crypto miners affecting cloud servers. They stated that this costs cloud server victims about $53 for every $1 of cryptocurrency mined by threat actors through crypto-jacking. 

Cryptojacking refers to the illegal method of extracting cryptocurrency from unauthorized devices, including computers, smartphones, tablets, and even servers with an intent of making a profit. Its structure allows it to stay hidden from the victims. The malicious actors generate income through hijacking hardware, as the mining programs use the CPUs of hijacked devices.  

The mining of cryptocurrency through the hijacked devices was primarily an activity of financially motivated hacking groups, especially Team TNT. It was responsible for most of the large-scale attacks against vulnerable Doctors Hub, AWS, Redis, and Kubernetes deployments.  

The cyber attackers updated the OS image by distributing the network traffic across servers that contained XMRig. It is a CPU miner for a privacy-oriented hard-to-trace cryptocurrency that has recently been considered the most profitable CPU mining.   

As opposed to ransomware, software that blocks access to systems until the money is paid, and includes aggressive law enforcement, rouge crypto mining is less risky for the cyber attackers.  

The Sysdig researchers used "Chimaera", a large campaign of TeamTNT for estimating the financial damage caused by crypto miners. The research revealed that over 10,000 endpoints were disclosed to unauthorized persons. 

In order to hide the wallet address from the hijacked machines and make tracking even harder, the cyber-attackers used XMRig-Proxy but the analysts were still able to discover 10 wallet IDs used in the campaign. 

Later the researchers disclosed that the 10 wallets held a total of 39XMR, valuing $8,120. However, they also mentioned that the estimated cost to victims incurred from mining those 29 XMR is $429,000 or $11,000 per 1 XMR. 

Moreover, they explained that, according to their estimates, the amount does not include amounts that are stored in unknown older wallets, the damage suffered by the server owner as a result of hardware damage, the potential interruptions of online services caused by hogging processing power, or the strategic changes firms had to make to sustain excessive cloud bills as a result of hogging processing power.

Lazarus Group Responsible For $100M Crypto-Heist

Cyber security researchers have found Lazarus Group responsible for stealing $100m worth of crypto via Harmony's Horizon Bridge, a California-based company. Lazarus group is a popular North Korean state-sponsored hacking group that was also behind $620 million worth of crypto theft from the Ronin exchange in March. 

Following the incident, the Harmony cybersecurity team was warned of the attack last week by blockchain forensics company Elliptic that the institution has been attacked by a cross-chain bridge. 

“There are strong indications that North Korea’s Lazarus Group may be responsible for this theft, based on the nature of the hack and the subsequent laundering of the stolen funds,” Elliptic wrote. 

Additionally, Reuters reported that Chainalysis, a blockchain firm is also investigating with Harmony; it claims that the attack style is similar to previous attacks attributed to North Korea-linked actors.

“On Thursday, June 23, 2022, the Harmony Protocol team was notified of a malicious attack on our proprietary Horizon Ethereum Bridge. At 5:30 AM PST, multiple transactions occurred that compromised the bridge with 11 transactions that extracted tokens stored in the bridge,” the company said in its blog. 

As the name suggests, Blockchain bridges allow users to transfer their crypto assets from one blockchain to another. The malicious actors stole $100 million in crypto assets, including Ethereum (ETH), Binance Coin, Tether, USD Coin, EOS, and Dai. 

Elliptic said that the hack was carried out by compromising the cryptographic keys of a multi-signature wallet, a technique that is popularly used by the suspected groups. 

“Lazarus Group tends to focus on APAC-based targets, perhaps for language reasons referring to the Asia-Pacific region. Although Harmony is based in the US, many of the core team has links to the APAC region,” Elliptic added. 

Further, the report suggests that after two days of attack Harmony offered to pay a $1 million bounty to the group for the return of Horizon bridge funds. Also, researchers reported that they have found the offenders behind the $100 million hack.

AUSTRAC Publishes New Guidance on Ransomware and Crypto Crime


The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released two new financial guides for businesses to detect and prevent criminal abuse of digital currencies and ransomware. 

Each guide provides practical recommendation to assist businesses detect if a payment is related to a ransomware assault, or if someone is exploiting digital currencies and blockchain technology to commit crimes such as tax evasion, terror financing, scams or money laundering. 

The guideline implored businesses to be on the lookout for users who tried to obfuscate the trail of their digital assets transactions by using mixers, privacy assets, and decentralized finance (DeFi) platforms suspiciously. 

Among the particular indicators, Austrac recommends being careful when figuring out if somebody is using digital currencies for terrorism financing, for example, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism centered boards, or when a buyer account receives a number of small deposits, that are instantly transferred to private wallets. 

In the meantime, some indicators of identifying when an individual is a sufferer of a ransomware assault, according to Austrac, include when a customer increases the limit on their account after which rapidly sends funds to a third party; following a preliminary giant digital currency transfer, a customer has little or no additional digital forex exercise; and when a newly onboarded customer desires to make a direct and huge buy of digital currency, followed by a direct withdrawal to an exterior digital currency address. 

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Austrac CEO Nicole Rose said in a statement. 

The guides have been released in response to the increase in cyber threats to Australia. In 2020-21, 500 ransomware attacks were reported, marking a 15% increase from the previous fiscal year, analysts at Austrac noted. 

Earlier this month, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online. The details included the driver's license, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders. 

IDCare initially discovered the breach in late January when it noticed a post for sale on a Chinese-speaking platform for $150, before it was eventually posted to be accessed without spending a dime on another online forum called Breached.

"This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us," IDCare said.