Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Theft. Show all posts
User Security
Blockchain Developer Crypto Theft Cyber Fraud Malicious Campaign User Security

Online Criminals Steal $500K Crypto Via Malicious AI Browser Extension

 

A Russian blockchain engineer lost over $500,000 worth of cryptocurrencies in a sophisticated cyberattack, highlighting the persisting and increasing threats posed by hostile open-source packages. Even seasoned users can be duped into installing malicious software by attackers using public repositories and ranking algorithms, despite the developer community's growing knowledge and caution.

The incident was discovered in June 2025, when the victim, an experienced developer who had recently reinstalled his operating system and only employed essential, well-known applications, noticed his crypto assets had been drained, despite rigorous attention to cybersecurity. 

The researchers linked the breach to a Visual Studio Code-compatible extension called "Solidity Language" for the Cursor AI IDE, a productivity-boosting tool for smart contract developers. The extension, which was made public via the Open VSX registry, masqueraded as a legal code highlighting tool but was actually a vehicle for remote code execution. After installation, the rogue extension ran a JavaScript file called extension.js, which linked to a malicious web site to download and run PowerShell scripts. 

These scripts, in turn, installed the genuine remote management tool ScreenConnect, allowing the perpetrators to maintain remote access to the compromised PC. The attackers used this access to execute further VBScripts, which delivered additional payloads such as the Quasar open-source backdoor and a stealer module capable of syphoning credentials and wallet passphrases from browsers, email clients, and cryptocurrency wallets. 

The masquerade was effective: the malicious extension appeared near the top of search results in the extension marketplace, thanks to a ranking mechanism that prioritised recency and perceived activity over plain download counts. The attackers also plagiarised descriptions from legitimate items, thus blurring the distinction between genuine and fraudulent offerings. When the bogus extension failed to deliver the promised capabilities, the user concluded it was a glitch, allowing the malware to remain undetected. 

In an additional twist, after the malicious item was removed from the store, the threat actors swiftly uploaded a new clone called "solidity," employing advanced impersonation techniques. The malicious publisher's name differed by only one character: an uppercase "I" instead of a lowercase "l," a discrepancy that was nearly hard to detect due to font rendering. The bogus extension's download count was intentionally boosted to two million in a bid to outshine the real program, making the correct choice difficult for users.

The effort did not end there; similar attack tactics were discovered in further malicious packages on both the Open VSX registry and npm, which targeted blockchain developers via extensions and packages with recognisable names. Each infection chain followed a well-known pattern: executing PowerShell scripts, downloading further malware, and communicating with attacker-controlled command-and-control servers. This incident highlights the ongoing threat of supply-chain attacks in the open-source ecosystem.
Read more »
digital finance
Bybit Crypto Theft Data Breach digital finance

Crypto Theft Hits $2 Billion in 2025: A Growing Threat to Digital Finance

 


In the first six months of 2025, the cryptocurrency sector has suffered thefts exceeding $2 billion, marking the highest ever recorded for this period. The findings, based on verified research from industry watchdogs, highlight a sharp rise in both the frequency and scale of digital asset breaches.


Surge in Attacks: Over 75 Major Incidents

Between January and June, at least 75 confirmed hacks and exploits were reported. These incidents collectively amounted to around $2.1 billion in losses, surpassing previous mid-year records. Losses of over $100 million occurred in multiple months, indicating that the threat is persistent and widespread, not isolated to one-off events.


A Single Breach Makes Up Majority of Losses

One particular cyberattack early in the year stood out for its scale. In February 2025, a high-profile breach of a crypto exchange caused losses estimated at $1.5 billion, accounting for nearly 70% of total thefts in the first half of the year. This incident has skewed the average size of each attack upward to $30 million, double what it was during the same period last year. However, large-scale thefts have continued even outside this major event, showing a broader trend of growing risk.


Geopolitical Dimensions: Government-Linked Groups Involved

Cybercrime experts have attributed a substantial share of these losses—approximately $1.6 billion to attackers allegedly tied to nation-states. Analysts suggest these operations may be used to bypass economic restrictions or finance state agendas. The involvement of politically motivated groups points to the increasingly strategic nature of cyber theft in the crypto space.

A separate incident in June targeted a leading exchange in the Middle East, resulting in nearly $90 million in losses. Investigators believe this attack may have had symbolic motives, as funds were transferred to unusable wallets, hinting it wasn’t purely financially driven.


Methods of Attack: Internal Weaknesses Prove Costly

Reports reveal that infrastructure-based breaches, such as stolen private keys, employee collusion, and vulnerabilities in user-facing systems were responsible for over 80% of the losses. These types of attacks tend to cause far more financial damage than technical bugs in blockchain code.

While smart contract vulnerabilities, including re-entrancy and flash loan exploits, still pose risks, they now represent a smaller share of total thefts. This is partly due to quicker response times and faster security patching in decentralized protocols.


Industry Response: The Call for Stronger Security

Experts are urging all crypto companies to reinforce their defenses. Key recommendations include storing assets offline (cold storage), using multi-factor authentication for all access points, and conducting regular audits. Addressing insider threats and improving staff awareness through training is also critical.

Additionally, collaboration between law enforcement agencies, financial crime units, and blockchain analysts has been identified as essential. Timely sharing of data and cross-border tracking could prove vital in curbing large-scale thefts as digital assets become more intertwined with national security concerns.

Read more »
Web3 insider attack
blockchain hacks Crypto Theft Data Breach Favrr Replicandy ChainSaw hack minting contract exploit NFT security breach Web3 insider attack

Hackers Impersonate IT Staff to Drain $1 Million from NFT Projects in Days

 

NFT projects lost an estimated $1 million in cryptocurrency last week after attackers infiltrated their core minting infrastructure by posing as IT personnel. The breach affected the fan-token marketplace Favrr along with Web3 ventures Replicandy and ChainSaw, among others.

Onchain investigator and cybersecurity analyst ZackXBT reported that the perpetrators rapidly issued massive waves of NFTs, crashing floor prices to zero. They then liquidated their holdings before project teams could mount a response.

According to findings, the attackers quietly embedded themselves within development teams by using fake identities. With insider access to minting contracts secured, they unleashed thousands of tokens and NFTs in a matter of minutes.

The sudden influx of minted assets tanked floor prices and allowed the thieves to convert assets into liquid funds almost immediately. Within just a week, approximately $1 million disappeared from the affected treasuries. Favrr endured some of the heaviest losses as the attackers dumped tokens faster than the market could absorb them. Replicandy and ChainSaw were hit with similar tactics—Replicandy’s floor prices collapsed nearly instantaneously.

ChainSaw’s stolen crypto remains dormant in wallets, awaiting laundering operations to funnel the funds back through exchanges. ZackXBT noted, “Nested services then further obscured the money trail.”

Investigators revealed that onchain transactions moved the stolen assets through multiple wallets and exchanges, making the flow challenging to trace. Analysts warn that following mixed outputs could take weeks as exchanges comb through extensive transaction logs. This process slows or even prevents law enforcement from freezing compromised accounts.

In a related incident from May 2025, the Coinbase data breach exposed personal information of roughly 69,461 customers after contractors were bribed to hand over user details, sparking an extortion attempt against the platform.

The NFT and Web3 infiltration closely resembles the tactics of Ruby Sleet, a group that in November 2024 targeted aerospace and defense companies before pivoting to IT firms via fraudulent recruitment campaigns. Their strategy combined social engineering, credential theft, and malware to compromise systems.

Experts say these blockchain and NFT breaches highlight how open, irreversible ledgers amplify operational errors—especially when insiders gain privileged access. As ZackXBT underscored, “When insiders gain privileges, there’s often no undo button.”

Security professionals are advising NFT and Web3 organizations to adopt stricter zero-trust models that restrict each developer’s permissions. Requiring multi-party approvals before any large-scale minting can help prevent sudden attacks. Additionally, deploying real-time monitoring tools can quickly detect suspicious activity, while thorough code reviews and identity verification for every hire are critical to closing vulnerabilities before they can be exploited.
Read more »
United States
Crypto Theft Cyber Crime DOJ Fraud Campaign United States

Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft

 

A multi-national cryptocurrency fraud ring that allegedly defrauded victims worldwide over a quarter of a billion dollars has come under increased scrutiny from the US Department of Justice (DOJ). 

The case now has 27 defendants in total after the charges were filed under the Racketeer Influenced and Corrupt Organisations Act (RICO). Malone Lam, a 20-year-old who is at the centre of the investigation, is charged with planning one of the biggest individual cryptocurrency thefts in American history. 

Lam is suspected of stealing over 4,100 Bitcoin, or about US $230 million, from a single victim in Washington, DC. Lam, who went by multiple internet aliases such as "Anne Hathaway" and "$$$," is accused of collaborating with Jeandiel Serrano (also known as "VersaceGod") to carry out a complex social engineering attack on a guy identified as an extremely wealthy early crypto investor. 

After bombarding the victim with phoney Google security warnings warning of unauthorised login attempts, Lam and Serrano are said to have called the guy and impersonated Google support professionals. Investigators say they misled the victim into revealing multi-factor authentication codes, allowing them to access his accounts and steal a fortune in cryptocurrency. 

Following the theft, Lam and Serrano are accused of laundering the stolen funds in a variety of ways and using their wealth to fund a lavish lifestyle. Lam is claimed to have bought at least 31 expensive cars, including custom Lamborghinis, Ferraris, Porsches, Mercedes G Waggons, a Rolls-Royce, and a McClaren, some of which were worth more than $3 million. He also rented many high-end residences in Los Angeles and Miami, some for up to $68,000 per month, and spent hundreds of thousands of dollars on nightclub trips. 

Now, the DOJ has revealed that more defendants have been indicted in connection with the racketeering scheme. According to court documents, the defendants, who met through online gaming platforms, performed a variety of roles, including database hackers, organisers, target identifiers, callers, money launderers, and burglars who physically broke into victims' homes to steal their hardware cryptocurrency wallets. 

According to court documents, one of the defendants, 21-year-old Joel Cortes of Laguna Niguel, California, assisted members of the gang by "changing stolen virtual currency into fiat currency and shipping the currency across the United States, hidden in squishmallow stuffed animals, each containing approximately $25,000 apiece.” 

When it came to drawing attention to themselves, other gang members allegedly adopted Lam's strategy by, among other things, renting private jets, buying luxury handbags valued at tens of thousands of dollars to give to young women they deemed attractive, and paying up to US $500,000 per night for nightclub services.

Lam is accused of continuing to engage with the group even after his arrest in September 2024, assisting them in stealing cryptocurrencies and arranging for his claimed associates to purchase luxury Hermes Birkin handbags for his girlfriend in Miami, Florida. 

This case serves as a stark reminder of the ever-increasing confluence of cyber fraud and psychology. While the crypto technology is new, the scam is old as time: acquire trust, play the long game, and walk away with the loot.
Read more »
Ransomware
Block Chain Crypto Theft Cyber Security North Korea Ransomware

North Korean Actors Behind $600M in Crypto Thefts: TRM Labs


North Korean Hackers

According to a TRM Labs analysis, hackers with ties to North Korea were responsible for one-third of all cryptocurrency exploits and thefts last year, taking away about $600 million in cash.

The blockchain analytics company claimed on Friday that the amount takes the Democratic People's Republic of Korea's (DPRK) total revenue from cryptocurrency initiatives to about $3 billion over the previous six years.

Nevertheless, according to Ari Redbord, head of legal and government affairs at TRM, the amount is roughly 30% lower than in 2022. Actors with ties to the DPRK stole about $850 million that year, "a huge chunk" of which came from the Ronin Bridge exploit, Redbord said. 

Current Scenario

The latter few months of 2023 saw the majority of the stolen money seized.

"They're clearly attacking the crypto ecosystem at a really unprecedented speed and scale and continue to take advantage of sort of weak cyber controls," said Redbord. Many of the attacks continue to use so-called social engineering, allowing the perpetrators to acquire private keys for projects, he said.

TRM links around $200 M in stolen funds to North Korea last year. The fact that the earnings of North Korean attacks go toward the development of WMDs raises worries about national security and sets them apart from other attacks.

Stolen Money: 2023

In 2023, the total amount of money obtained through hacking was approximately $1.7 billion, as opposed to $4 billion, which was taken the year before.

Redbord gave multiple reasons for the decline. Less significant hacks, such as the Ronin theft in 2022, have occurred. Other contributing factors include stronger cybersecurity measures, effective law enforcement initiatives, and, to a lesser degree, price volatility in the previous year.

During a recent trilateral meeting over North Korea's WMD efforts, national security officials from the United States, the Republic of Korea, and Japan brought up these concerns directly.

"North Korean hackers are different, because it's not for greed or money or the typical hacker mentality; it's about taking those funds and using them for weapons proliferation and other types of destabilizing activity, which is a global threat," Redbord said. "And that's why there's such a focus on it from a national security perspective."
Read more »
Orbit Chain
Crypto Hack Crypto Theft Cyber Crime Orbit Chain

Orbit Chain Loses $86M in Cross-Chain Bridge Hack

 

Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. The company disclosed an "unidentified access to Orbit Bridge," its decentralised cross-chain technology, which resulted in the theft of more than $80 million in cryptocurrency. 

Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency mixer Tornado Cash to fund an initial Ethereum wallet before attacking Orbit Chain's Ethereum vault. Last year, Tornado Cash made headlines when its co-founders were charged with money laundering. 

The stolen funds were then transferred to a number of Ethereum wallets. Orbit Chain's Bridge balance fell from $115 million to $31 million between December 31 and January 1, according to blockchain analytics company Arkham Intelligence. Orbit Chain stated in a post on X earlier this week (2 January) that the stolen assets "remain unmoved" at the time of publishing and that the team is constantly tracking the stolen funds. 

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach. Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies,” the firm explained in a post. “We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.” 

Crypto turmoil

Over the past few years, the crypto industry has come under more scrutiny; many have dubbed it an unregulated "wild west." Particularly in 2023, there were several widely reported crypto attacks. Hackers exploited vulnerable code to steal an estimated $197 million from the UK-based cryptocurrency platform Euler Finance in March. The money was later refunded by the hackers, though.

In the meantime, a significant hack on the Ethereum-based cryptocurrency exchange Curve occurred in July 2023. A few months later, in September, a report published by the blockchain analytics firm Elliptic claimed that the well-known North Korean hacker group Lazarus had stolen nearly $240 million in cryptocurrency in less than four months. 

Apart from cybercriminal attacks, the crypto business has received attention for the exploits of its own executives. Sam Bankman-Fried, the founder of crypto exchange FTX, was likely the most notorious, having been convicted of conspiracy to conduct wire fraud and money laundering. Binance CEO Changpeng Zhao pleaded guilty to federal money-laundering crimes in November 2023.

Despite all of this illicit activity, efforts have been made to regulate this unregulated industry. Markets in Crypto Assets, often known as MiCA, was passed by EU lawmakers in April of last year as a major piece of legislation for managing and preserving the crypto industry. 

The legislation went into effect in June 2023 and is now in the implementation phase, which involves consultations on a variety of technical standards. The European Securities and Markets Authority intends to submit the proposed technical standards for approval to the European Commission by June 30, 2024.
Read more »
Harpie
Crypto scams Crypto Theft Cyber Security Harpie

Harpie Launches Proactive Mechanism to Stop Crypto Theft

 
Last year, hackers, mainly from North Korea, stole a whopping $3.8 billion in cryptocurrency, making it the worst year ever for crypto theft, according to experts at Chainalysis, a company that tracks cybercrime. This is a significant jump from the $3.3 billion stolen in 2021. A secret United Nations report also revealed that North Korea stole more cryptocurrency in 2022 than in any other year. Most of the money that was lost comes from decentralized finance, but almost anyone can be a victim of crypto scams. 

Amid the COVID-19 pandemic, American investors directed millions into cryptocurrencies such as bitcoin, ether, and dogecoin, anticipating substantial profits. However, a subset of these investors experienced financial setbacks as hackers targeted their digital wallets on platforms lacking robust cybersecurity measures. 

However, Harpie, a security company supported by Coinbase Ventures and Dragonfly Capital, aims to make a difference in this situation. 

Harpie is equipped with an address scanner designed to notify users about potential phishing, cybercrime, or theft attempts, with the aim of thwarting even the most advanced cyber criminals. In a significant development last October, the company introduced a crypto wallet monitoring service that provides instant alerts for suspicious transactions, serving as a proactive measure to prevent unauthorized transfers. 

Let’s Understand Does Harpie Stop Theft and Scams? 

Daniel Chong, co-founder of Harpie, explains the mechanism behind their theft and scam prevention. When a user initiates a transaction from their wallet, Harpie intervenes if any suspicious activity is detected. Drawing a parallel with how banks halt transactions when detecting unusual behavior on credit cards, Harpie adopts a similar approach, meticulously scanning each transaction leaving the user's wallet. 

The assessment is swift, typically taking around 300 milliseconds. This quick response time enables us to temporarily halt transactions before they are sent to the blockchain, allowing us to conduct thorough checks and prevent any potential issues. 

What is the Three Engines Mechanism? 

Daniel further said that the platform has a sophisticated system that quickly determines if a transaction seems suspicious or not by analyzing the information attached to it. Our advanced engine allows us to specifically block only transactions that appear to be malicious. This engine has two components: One identifies addresses that are confirmed to be good. Second flags addresses that are confirmed to be bad. 

“We maintain a database of approximately one million verified good addresses, which are essentially addresses we have approved or whitelisted for secure transactions”, Daniel further added. 

Additionally, the platform possesses another engine dedicated to searching for negative indicators associated with each Ethereum address. Essentially, this functions as our blacklist. 

What is the Mechanism for Registering Reports? 

Further, Denial reported that in terms of databases, the primary resources include the OFAC sanction lists, which we regularly consult. Additionally, we leverage publicly available police reports to gather relevant data, specifically focusing on wallet addresses. 

Distinguishing between regular users and potential scammers is facilitated by analyzing distinct transaction histories and on-chain behaviors. The approach involves utilizing advanced big data models to make these determinations effectively.
Read more »
Vulnerability and Exploits.
Credit Card Fraud Crypto Theft Cyber Fraud Hacktivism Law Enforcement Malicious actor Ransomware Attacks. Vulnerability and Exploits.

Hacktivists Embrace Cybercrime Tactics for Funding

Hacktivism, the fusion of hacking and activism, has become an increasingly prevalent form of online protest and advocacy. While hacktivists are driven by social or political motivations, it is crucial to understand that some of these individuals or groups fund their operations through methods commonly associated with cybercrime. Recent research has shed light on this intriguing intersection between hacktivism and cybercrime, revealing how these hacktivists leverage tactics typically associated with malicious cyber actors to finance their endeavors.

According to a report by Kela, a cybersecurity intelligence firm, hacktivists have been exploring avenues beyond traditional donations to secure the resources they need. The report highlights instances where hacktivist groups engage in activities such as ransomware attacks, cryptocurrency theft, and credit card fraud. These illicit activities provide them with a substantial financial influx, enabling them to sustain and amplify their campaigns.

One alarming example involves the deployment of ransomware by certain hacktivist factions. By encrypting valuable data and demanding ransom payments, these groups not only fund their endeavors but also attract attention to their causes through the media coverage generated by such attacks. This fusion of monetary gain and ideological motivation blurs the lines between hacktivism and cybercrime, leaving security experts and law enforcement agencies grappling with multifaceted challenges.

Cybersecurity news sources note that hacktivists have started using strategies frequently used by cybercriminals, taking advantage of the same flaws in software and systems. This confluence of techniques not only makes identification more difficult, but also emphasizes the need for an all-encompassing response to these changing threats.

The line between hacktivists and hackers has become increasingly complex in light of these developments. The intentions behind these efforts are essential in separating hacktivist behavior from that of malicious hackers. While hacktivists aim to advance social or political causes, their strategies are becoming more and more like those of cyber criminals.

It is crucial that cybersecurity experts, policymakers, and society at large handle these new concerns as the digital landscape continues to change. A nuanced viewpoint is crucial, as Dr. Jane Mitchell, a cybersecurity expert, emphasizes: "Formulating effective strategies that balance security concerns with the legitimate grievances that hacktivist groups frequently spotlight is essential."

Digital activism has undergone a substantial change as a result of the fusion of hacktivism and criminal strategies. Now using standard cybercrime techniques to fund their operations, hacktivist groups were largely concentrated on ideological campaigns. 

Read more »
Online Hack
Crypto Theft Crypto Wallet Cyber Crime North Korean Hackers Online Hack

Notorious Lazarus Hacking Outfit Linked to a $60 Million Alphapo Crypto Theft

 

The latest attack on payment processing site Alphapo, in which the attackers stole over $60 million in cryptocurrency, is attributed by blockchain researchers to the North Korean Lazarus hacker gang.

The hack on Sunday, July 23rd, targeted Alphapo, a centralised cryptocurrency payment provider for gaming websites, e-commerce subscription services, and other online platforms. The initial sum stolen is thought to have been $23 million. Over 6 million USDT, 108k USDC, 100.2 million FTN, 430k TFL, 2.5k ETH, and 1,700 DAI were stolen from hot wallets, most likely as a result of a private key leak. The total cash taken from Alphapo has already reached $60,000,000, according to data from Dune Analytics, which was also spotted by renowned crypto chain investigator "ZackXBT" earlier this week. 

Furthermore, ZackXBT claimed that the heist looks to have elements of a Lazarus attack and supported the claim by stating that Lazarus leaves "a very distinct fingerprint on-chain," but no additional information was provided. 

The $35 million Atomic Wallet theft, the $100 million Harmony Horizon hack, and the $617 million Axie Infinity theft were all attributed to the North Korean threat actor known as The Lazarus Group, which has ties to the North Korean government. 

Typically, Lazarus employs fake job offers to tempt employees of crypto companies to open malicious files, compromise their devices, and steal their login information.

This opens up a potential attack route into the victim's employer's network, where they can gain access without authorization and meticulously plan and carry out expensive attacks. 

Laundering attempts were made through Bitget, Bybit, and other services, according to analysts monitoring the flow of stolen money to cryptocurrency exchanges. Lazarus is also renowned for utilising specialised services for mixing small amounts of cryptocurrencies. 

The attackers probably took the private keys that gave them access to the wallets, Dave Schwed, COO of the blockchain security firm Halborn, stated.

"While we lack specifics, it seems that the alleged "hack" likely pertains to the theft of private keys. This inference comes from observing the movement of funds from independent hot wallets and the sudden halting of trading," he explained. "Moreover, the subsequent transactions have led ZachXBT, a renowned "on-chain sleuth", to surmise that North Korea's notorious Lazarus group is the perpetrator of this attack. Given their history of similar exploits, I find myself agreeing with this theory."
Read more »
Two Factor Authentication
Blockchain Crypto Crypto Crime Crypto Theft Data Breach. Developers Two Factor Authentication

Over $30 Billion Stolen from Crypto Sector, Reveals SlowMist's

A recent report by cybersecurity firm SlowMist has uncovered a shocking revelation regarding the vulnerability of the crypto sector. According to the report, blockchain hacks have resulted in the theft of over $30 billion from the cryptocurrency industry since 2012. This alarming figure highlights the pressing need for enhanced security measures within the blockchain ecosystem.

The report from SlowMist, a renowned cybersecurity company specializing in blockchain technology, brings to light the magnitude of the problem facing the crypto sector. The findings emphasize the urgent requirement for robust security protocols to safeguard digital assets and protect investors.

The report reveals that hackers have been successful in exploiting vulnerabilities across various blockchain networks, resulting in significant financial losses. SlowMist's research indicates that these attacks have been carried out through a range of methods, including exchange hacks, smart contract vulnerabilities, and fraudulent schemes.

One of the primary areas of concern is the vulnerability of cryptocurrency exchanges. These platforms serve as a vital link between users and their digital assets, making them lucrative targets for hackers. SlowMist's report highlights the need for exchanges to prioritize security measures and implement robust systems to safeguard user funds.

The rise in smart contract-based attacks has also been a cause for concern. Smart contracts, which automate and facilitate transactions on blockchain platforms, have been exploited by hackers who identify vulnerabilities within the code. This highlights the need for thorough security audits and ongoing monitoring of smart contracts to prevent potential breaches.

Industry experts emphasize the significance of preemptive actions to thwart these threats in response to the report's conclusions. Renowned blockchain security expert Jack Smith emphasizes the value of ongoing surveillance and quick response mechanisms. According to him, "It is crucial for crypto companies to prioritize security and adopt a proactive approach to identify and mitigate vulnerabilities before hackers exploit them."

The report also highlights the demand for a greater user understanding of cryptocurrencies. If consumers don't employ prudence when transacting with and holding their digital assets, even the most comprehensive security measures won't be enough. By educating people about best practices, like as using hardware wallets and turning on two-factor authentication, the danger of being a victim of hacking efforts can be greatly decreased.

The cryptocurrency industry has grown rapidly in recent years, drawing both investors and bad actors looking to take advantage of its weaknesses. The SlowMist report is a wake-up call, highlighting the critical need for better security procedures to protect the billions of dollars invested in the sector.

The adoption of more robust security measures must continue to be a primary focus as the blockchain sector develops. The report's conclusions underscore that everyone is accountable for building a secure ecosystem that promotes trust and protects against possible dangers, including blockchain developers, cryptocurrency exchanges, and individual users.



Read more »
Økokrim
Axie Infinity Hack Crypto heist Crypto Theft cryptocurrency Cyber Fraud Norwegian Authority Økokrim

Norwegian Authority Recovers Crypto Stolen in the North Korea Based Axie Heist


Civil authorities in Norway have announced this Thursday that they have recovered $5.9 million worth cryptocurrency. This enormous amount of crypto was apparently stolen in the Axie Infinity hack, largely believed to have been caused by the Lazarus Group, which as its ties to North Korea. 

According to the Norwegian National Authority of Investigation and Prosecution of Economic and Environmental Crime (Økokrim), this seizure is the largest-ever cryptocurrency-related money seizure ever made by Norway. 

"Økokrim are experts at following the money. This case shows that we are also good at following the money on the blockchain even though criminals use advanced techniques to avoid detection," says Marianne Bender, a senior public prosecutor. 

The firm added that that it would work in collaboration with Sky Mavis, owner of Axie Infinity game in order to get the funds back to its victims. 

Axie Infinity gives players the chance to win Ethereum. Its "flagship offering," according to Sky Mavis, is the "#1 game on Ethereum by daily, weekly, and monthly active players. 

Attackers who had access to five out of the nine private keys used by the transaction validators for Ronin Network, the Ethereum-based DeFi decentralized finance platform utilized by Sky Mavis, were able to steal $620 million in March 2022. The game, publisher describes its Ronin side chain as "a tool that allows game developers to deliver the benefits of blockchain to their players without any of the complications.

"Upon gaining access to the organization, the attackers approved cryptocurrency transactions and started promptly transferring the funds through the Ethereum-based cryptocurrency mixer Tornado Cash, which is currently the target of US sanctions. In September 2022, around $30 million worth of illicit proceeds were discovered and seized by US officials. 

The FBI and Økokrim allegedly collaborated to recover an additional $5.9 million. "This is money that can be used to finance the North Korean regime and their nuclear weapons program. It has therefore been important to trace the cryptocurrency and try to stop the assets from being converted into regular currency," explained Bender. 

More Crypto Comeuppance 

Cryptocurrency thieves with ties to the Korean peninsula had a tough day on Thursday. The same day, Terraform Labs and its wanted fugitive chief, South Korean national Do Kwon, were accused of scamming investors by the US Securities and Exchange Commission (SEC). 

"We allege that Terraform and Do Kwon failed to provide the public with full, fair, and truthful disclosure as required for a host of crypto asset securities, most notably for LUNA and Terra USD[…]We also allege that they committed fraud by repeating false and misleading statements to build trust before causing devastating losses for investors," says SEC chairman Gary Gensler. 

Moreover, the collapse of Terraform Labs' TerraUSD “stablecoin” and linked “Luna” tokens sparked the so called “crypto winter.” Since the cryptocurrency's value was tied to the US dollar, the crash was portrayed as being impossibly unlikely. But, that was not the case, and as a result, a lot of investors lost a loads of money. 

Apparently, Kwon has fled with the last known address in Singapore. While, the city-state claims he left the island in September 2022. His passport was revoked by the South Korean government and he has since been added to Interpol's Red Notice list. 

While this is going on, Terraform Labs continues announcing new findings as if it had not nearly brought about the end of the world. With its TerraLuna ecosystem, it introduced a decentralized automation layer function yesterday.  

Read more »
User Security
Crypto Crime Crypto Theft Cyber Crime Data Theft Illegal Activity User Security

Evaluation by Chainalysis Declare 2022 to be "The Year of Crypto Thefts"

 

A recent Chainalysis analysis stated that ransomware and fraud increased cryptocurrency theft last year. "The 2023 Crypto Crime Report" was published by Chainalysis. The paper also discussed the reasons why 2022 established records for cryptocurrency hacking and the effects of sanctions against Hydra, Tornado Cash, and other companies on cryptocurrency crime. In addition, case studies on the greatest hacks, darknet markets, and ransomware variants of the year were included in the paper. 

Rise in crypto crime

Chainalysis is a well-known blockchain data platform that serves more than 70 nations' worth of exchanges, financial institutions, insurance organisations, and cybersecurity firms with data, software, services, and research.

The 2022 instability on the cryptocurrency markets was addressed in the 2023 crypto crime report. The paper also highlighted the most recent methods used by fraudsters for laundering money using cryptocurrencies. 

For cryptocurrency criminals, 2017 was a good year. Over $3.8 billion, more than any other year, was stolen from various services and processes, with $775.7 million of that total occurring in just one month, according to Chainalysis. The research also claims that fraudsters' and ransomware hackers' overall revenue decreased.

As stated in the papers, DeFi methods accounted for 82.1% of the stolen money. "In particular, cross-chain bridges, which are protocols that let users exchange assets between two separate blockchains."

"Bridges are an enticing target for hackers as the smart contracts in effect become massive, centralised warehouses of monies backing the assets that have been crossed to the new chain – a more desirable honeypot could barely be imagined," the paper states. 

Oracle manipulation, according to Chainalysis, is a growing trend in DeFi hacks. This is when an attacker subverts the mechanisms used by a decentralised protocol to determine the price of traded assets and establishes favourable conditions for quick and extremely profitable trades.

DeFi protocols lost $386.2 million in 2022 as a result of 41 different oracle manipulation attacks. A case in point is the Mango Markets exploit, which led to the arrest of the suspected attacker, Avraham Eisenberg, who is now accused of manipulating commodities in a US court. 

The Lazarus squad of North Korean hackers surpassed their previous record in 2022, stealing $1.7 billion from numerous victims. The majority of that money was sent to decentralised exchanges and a number of mixers, including Tornado Cash, Blender(dot)io, and Sinbad after Blender was shut down

The Russian darknet marketplace Hydra, the exchange Garantex, the cryptocurrency mixers Blender(dot)io, and Tornado Cash were all sanctioned by the United States last year. However, not all of the money processed by these sanctioned services had criminal origins; according to the Chainalysis analysis, just 6.1% of the money Garantex received and 34% of the money received by Tornado Cash came from illegal sources. 

Sanctions, as stated by Chainalysis, significantly reduced the amount of money that could enter Tornado Cash, however, Garantex continued to operate as usual and reported an increase in receiving funds from recognised darknet and fraud sites.
Read more »
Cyber Crime
Blockchain Crypto Gaming Crypto Theft Cyber Crime

Attackers Exploit WonderHero NFT Gaming Platform

 

WonderHero, a mainstream multi-platform GameFi for iOS and Android devices has deactivated its services after attackers stole nearly $320,000 worth of Binance Coin (BNB). The WND token’s value plummeted by 50% after the information surfaced online. 

WonderHero is one of the many popular games where players earn cryptocurrency and NFT revenue via gameplay. The platform currently has around 11,000 active users. Last week, PeckShield, a top-tier cybersecurity firm notified WonderHero that their platform was breached. To mitigate further damage, the play-to-earn cryptocurrency platform quickly disabled the game and its website before telling users it was aware of the price drop in WonderHero’s coin. 

In an official statement, WonderHero confirmed that “there was an attack on our blockchain bridging system and the attackers managed to get the signature and minted 80 million WND (the in-game cryptocurrency).” 

The company explained that attackers targeted their “cross-chain bridging withdrawal.” A cross-chain bridge permits users to transfer tokens, assets, smart contract instructions, and data between blockchains. In recent months, the cross-chain bridge has become a ripe target for hackers, and exploits in it have led to millions of dollars in losses.

In its announcement, the company promised it would work to address the breach on their cross-chain bridge before auditing the entire system and creating a new smart contract, and “fairly” compensating all of its followers with new tokens based on the amount of WND they owned before the hack. 

“Users can be assured that their HON, WND, NFT, and accounts on Polygon are safe. WonderHero website, marketplace, game, and other services will be temporarily disabled as the team works on the rectification,” the company said. A snapshot of users’ assets on the BNB Chain prior to the attack will be taken. WonderHero is committed to not just making the game fun but also keeping the assets of our players safe and we will spare no effort in doing so. The team will conduct checks and leave no stones unturned.” 

The incident took place just weeks after another play-to-earn cryptocurrency game, Axie Infinity, was hit by an attack that saw attackers steal more than $600 million worth of crypto. In this case, Sky Mavis, the company behind the game was able to raise 150 million dollars to pay the victims of the hack.
Read more »
Subscribe to: Posts (Atom)