Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Wallet. Show all posts
Ransom
Coinbase Crypto Crypto Wallet cryptocurrency Cyber Security Data Theft Extortion Ransom

$400Million Coinbase Breach Linked to Customer Data Leak from India


Coinbase data breach linked to India

A Reuters investigation revealed that cryptocurrency exchange Coinbase knew in January about a breach affecting outsourced customer support agents in India. Six people who knew about the incident said Coinbase was aware of sensitive user data compromise through its contractor, TaskUs, before it was officially announced in May. 

On 14th May, TaskUs filed an SEC document revealing that an India-based TaskUs employee was found taking pictures of a computer screen with her phone. Five former TaskUs employees confirmed that the worker and one accomplice were bribed by threat actors to get Coinbase user data.

The breach cost $400 million

After this information, more than 200 TaskUs employees were fired in a mass layoff from the Indore center, which drew media attention in India. Earlier, Coinbase suspected ‘overseas support agents’ but now the breach is estimated to cost 400 million dollars.

Coinbase had been a long-term partner of TaskUs, a Texas-based outsourcing firm, cost-cutting labor by giving customer support work to offshore teams. After 2017, TaskUs agents, mostly from developing countries, handled Coinbase customer inquiries. 

In the May SEC filing, Coinbase said it didn’t know about the full scale of the breach until it received an extortion demand of $20 Million on 11th May. As a cautionary measure, Coinbase cut ties with TaskUs employees and other unknown foreign actors. Coinbase has notified regulators, compensated affected users, and taken strict measures to strengthen security. 

In a public statement, TaskUs confirmed it had fired two staff (unnamed) for data theft but didn’t mention Coinbase. The company found the two staff involved in a cyber attack campaign that targeted other service providers linked to the client. 

Hackers use social engineering tactic

Hackers did not breach the Coinbase crypto wallets directly, they cleverly used the stolen information to impersonate the Coinbase employees in a series of social engineering scams. The hackers posed as support agents, fooling victims into transferring their crypto assets. 

According to Money Control, “The person familiar with the matter confirmed that Coinbase was the client and that the incident took place in January. Reuters could not determine whether any arrests have been made. Police in Indore did not return a message seeking comment.”

Read more »
Technology
Crypto Wallet Google Analyst Quantum computing RSA Encryption Technology

Google Researcher Claims Quantum Computing Could Break Bitcoin-like Encryption Easier Than Thought

 

Craig Gidney, a Google Quantum AI researcher, has published a new study that suggests cracking popular RSA encryption would take 20 times less quantum resources than previously believed.

Bitcoin, and other cryptocurrencies were not specifically mentioned in the study; instead, it focused on the encryption techniques that serve as the technical foundation for safeguarding cryptocurrency wallets and, occasionally, transactions.

RSA is a public-key encryption method that can encrypt and decrypt data. It uses two separate but connected keys: a public key for encryption and a private key for decryption. Bitcoin does not employ RSA and instead relies on elliptic curve cryptography. However, ECC can be overcome by Shor's algorithm, a quantum method designed to factor huge numbers or solve logarithm issues, which is at the heart of public key cryptography.

ECC is a method of locking and unlocking digital data that uses mathematical calculations known as curves (which compute only in one direction) rather than large integers. Consider it a smaller key that has the same strength as a larger one. While 256-bit ECC keys are much more secure than 2048-bit RSA keys, quantum risks scale nonlinearly, and research like Gidney's shrinks the period by which such assaults become feasible.

“I estimate that a 2048-bit RSA integer could be factored in under a week by a quantum computer with fewer than one million noisy qubits,” Gidney explained. This was a stark revision from his 2019 article, which projected such a feat would take 20 million qubits and eight hours. 

To be clear, no such machine exists yet. Condor, IBM's most powerful quantum processor to date, contains little over 1,100 qubits, while Google's Sycamore has 53. Quantum computing applies quantum mechanics concepts by replacing standard bits with quantum bits, or qubits. 

Unlike bits, which can only represent 0 or 1, qubits can represent both 0 and 1 at the same time due to quantum phenomena such as superposition and entanglement. This enables quantum computers to execute several calculations concurrently, potentially solving issues that are now unsolvable for classical computers. 

"This is a 20-fold decrease in the number of qubits from our previous estimate,” Gidney added. A 20x increase in quantum cost estimation efficiency for RSA might be an indication of algorithmic patterns that eventually extend to ECC. RSA is still commonly employed in certificate authorities, TLS, and email encryption—all of which are essential components of the infrastructure that crypto often relies on.
Read more »
phishing
Coinbase credit freeze Crypto Wallet cryptocurrency Cybersecurity Data Breach Identity Theft phishing

Coinbase Confirms Data Breach Impacting Over 69,000 Users, Refuses $20M Extortion Demand

 

Coinbase, the leading cryptocurrency exchange in the United States, disclosed a recent cybersecurity breach affecting 69,461 users, according to a notification submitted to the Maine attorney general’s office. Although the hackers failed to access individual accounts or sensitive login details such as two-factor authentication codes, private keys, or crypto wallets, they were able to obtain a wide array of personal data.

The compromised information includes:
  • Full names
  • Residential addresses
  • Phone numbers
  • Email addresses
  • Partial Social Security numbers
  • Masked bank account details
  • Government-issued ID images (e.g., driver’s licenses, passports)
  • Account-related data such as transaction history and snapshots
In an SEC filing, Coinbase revealed that the attackers paid offshore contractors to gain access to internal systems. This information was weaponized to launch a social engineering scam. The perpetrators demanded $20 million in exchange for not leaking the stolen data—an offer Coinbase declined.

"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," the company said in its statement.

Coinbase is currently collaborating with law enforcement and has established a $20 million reward fund to incentivize tips that could lead to the identification and capture of the individuals responsible.

Meanwhile, reports on Reddit suggest that some users received unsolicited password reset notifications as early as last week. It is still unclear whether these incidents are directly connected to the breach. CNET contacted Coinbase for a response, but no comment was issued at the time.

Steps to Protect Your Crypto and Data
Although Coinbase has confirmed that seed phrases and investor accounts remain secure, the exposure of personal data is significant. Here’s what you should do now to safeguard your information:

1. Use a Cold Wallet
security, coldwallet, hardwarewallet, cryptoassets
For regular crypto investors, shifting funds to a cold wallet—a device not connected to the internet—can provide an extra layer of security in case of future breaches

2. Freeze Your Credit Reports
creditfreeze, SSN, financialsecurity
Freeze your credit reports with all three major bureaus and consider placing a lock on your Social Security number to prevent identity misuse. Be cautious of phishing attempts that may exploit this situation.

"It's worth the hassle of setting up accounts with all three major credit bureaus. I get peace of mind at zero cost to me," said Danni Santana, CNET’s identity theft editor.

3. Notify Your Bank
banking, accountsecurity, financialfraud
Even if only partial account information was exposed, contact your bank to report the incident. You may want to open new checking or savings accounts as a precaution.

4. Enroll in Identity Monitoring Services
identitytheft, monitoring, datasecurity, insurance
Opt into a free credit and identity monitoring service. While these platforms don’t take direct action, they provide alerts if your data appears on the dark web. Paid services like Aura go further, offering identity restoration support and up to $1 million in identity theft insurance.
Read more »
North Korea Hackers
Crypto Wallet Cyber Fraud Fake Firm Lazarus Group North Korea Hackers

North Korean Hackers Create Fake U.S. Firms to Dupe Crypto Developers

 

Threat analysts at Silent Push, a U.S. cybersecurity firm, told Reuters that North Korean cyber spies established two companies in the U.S., Blocknovas LLC and Softglide LLC, using fictitious personas and addresses to infect developers in the cryptocurrency industry with malicious software, in violation of Treasury sanctions. A third firm, Angeloper Agency, is connected to the campaign but does not seem to be registered in the United States. 

“This is a rare example of North Korean hackers actually managing to set up legal corporate entities in the U.S. in order to create corporate fronts used to attack unsuspecting job applicants,” noted Kasey Best, director of threat intelligence at Silent Push. 

The hackers are members of a subsection inside the Lazarus Group, an elite team of North Korean hackers which is part of the Reconnaissance General Bureau, Pyongyang’s principal foreign intelligence agency, Silent Push added. 

Blocknovas and Softglide were not explicitly mentioned by the FBI. On Thursday, however, the FBI submitted a seizure notice on Blocknovas' website, stating that the name was taken "as part of a law enforcement action against North Korean Cyber Actors who utilised this domain to deceive individuals with fake job postings and distribute malware."

FBI sources told Reuters ahead of the seizure that the agency is still "focused on imposing risks and consequences, not only on the DPRK actors themselves, but anybody who is facilitating their ability to conduct these schemes.” 

One FBI officer stated that North Korean cyber operations are "perhaps one of the most advanced persistent threats" to the United States. The North Korean delegation to the United Nations in New York did not immediately respond to a request for comment. 

“These attacks utilize fake personas offering job interviews, which lead to sophisticated malware deployments in order to compromise the cryptocurrency wallets of developers, and they also target the developers' passwords and credentials which could be used to further attacks on legitimate businesses,” Best stated. 

Silent Push was able to authenticate several victims of the operation, "specifically via Blocknovas, which is by far the most active of the three front companies," the researchers stated in their report.
Read more »
Databreach
Crypto Wallet Cryptocurrency Breach Cyber Fraud Cyberattacks Cybersecurity Databreach

$494 Million Stolen in Cryptocurrency Wallet Breaches This Year

 


As a result of the churning threat landscape, new threats are always emerging while others disappear or fade into irrelevance. Wallet drainers trick their victims into signing malicious transactions in order to steal their assets. As the name implies, Wallet Drainer is a malicious malware that is used on phishing websites in order to steal crypto assets through the enticement of users to sign malicious transactions. It was estimated that such attacks would result in an average loss of about $494 million in 2024. 

As part of its web3 anti-scam platform, Scam Sniffer, which has been monitoring wallet drainer activity for some time, these insights are derived. Previously, the platform has flagged attacks that have affected up to 100,000 people at the same time, and these tools are phishing tools that are intended to swindle cryptocurrency from users' wallets through fake or compromised websites, thereby stealing money from the wallets of users. 

As a result of the thefts, 30 large-scale thefts involving more than $1 million were reported, with the largest single heist being worth $55.4 million. As a result of this, the number of victims increased by a whopping 6.7% compared to 2023, suggesting that victims held higher amounts on average. According to web3's anti-scam platform, Scam Sniffer, which has been tracking wallet drainer activity for some time now has reported attack waves that have affected up to 100,000 individuals at the same time. The large-scale theft incidents in 2024 were characterized by distinct phases of fraud, phishing, and other sophisticated methods for stealing digital assets. 

The purpose of wallet drainers is to trick users into connecting their wallets to suspicious websites or applications in order to steal digital assets. The first halff of the year (January-June) saw frequent, but smaller-scale incidents, resulting in individual losses that ranged from $1-8 million. In August and September, major losses accounted for 52% of the year's total large-scale losses, with $55.48 million and $32.51 million losses respectively during August and September. 

There was a significant reduction in both frequency and scale of losses during the final quarter, with individual losses typically ranging between $2-6 million, which indicated a significant improvement in market awareness of security threats. It was announced in the second quarter of this year that a drainer service known as Pink Drainer had halted operations, previously known for impersonating journalists in phishing attacks, used to compromise Discord and Twitter accounts in the name of cryptocurrency theft, has been seen to be a drainer service. This caused a decrease in phishing activity, but the scammers gradually picked up the pace in the third quarter, with the Inferno service taking the lead in August and September by causing $110 million in losses. 

The final quarter of the year was considered to be one of the quieter quarters of the year. The annual losses were only about 10.3% of the total losses recorded during 2024 as a whole. Acedrainer emerged at that time as a major player as well, claiming 20% of the drainer market, according to ScamSniffer. It was reported that a total of 90,000 victims had been identified in the second and third quarters when the losses combined ttotalled$257 million; an additional 30,000 victims had been observed in the fourth quarter, which resulted in $51 million in losses. 

There were more attacks in 2024 than at the beginning of the year, but in August and September, in particular, the two largest attacks of last year were observed, at $55.48 million and $32.51 million, respectively. According to this report, Q1 was the busiest time of the year for phishing website activity, resulting in a high rate of theft. The market adjustments made in the second half of the year, as well as the exit of major drainers such as Pink and Inferno, contributed to reduced activity levels in the second half of the year." Scam Sniffer notes. 

As far as tactics were concerned, scammers became more creative during 2024. A study by Scam Sniffer found a significant increase in the use of fake CAPTCHAs and Cloudflare pages, as well as IPFS deployments in order to evade detection. Attackers are also heavily reliant on specific signature types in order to evade detection. In 56.7% of thefts, the “Permit” signature is used to authorize token expenditure, whereas in 31.9%, the “setOwner” signature is used to change ownership rights or admin rights in smart contracts. 

It was also noted that Google Adwords and Twitter ads were used by attackers to lure victims to phishing websites. Attackers manipulated compromised accounts, bots, and fake token airdrops to reel people in through these channels. 

Defending Against Cryptocurrency Attacks 

Currently, cryptocurrency scams are on the rise, so users need to take proactive measures to protect their assets from being harmed, as the prevalence of these scams is on the rise. It is emphasized by experts that one should only interact with vetted websites to reduce exposure to fraudulent platforms. 

To prevent falling victim to phishing schemes, it is equally important that one verifies URLs meticulously before engaging in any transaction. Additionally, users are encouraged to carefully review the transaction approval prompts in order to verify that the details presented are accurate. The ability to simulate a transaction before proceeding increases the level of security by allowing individuals to identify potential risks before investing money. This is a key recommendation that should not be overlooked as well. 

In addition to these practices, it is also advisable to use the built-in wallet warnings for malicious activities. It is common for modern wallets to provide users with alerts that can help detect suspicious behaviour, allowing them to take action before it's too late. It is also possible to remove unauthorized or suspicious permissions from wallets by using token revocation tools. In addition, as cryptocurrency adoption grows globally, there will come a rising trend towards the sophistication of scams that will accompany it. 

Users must remain vigilant, and use the best practices and tools available to ensure that they navigate this evolving landscape safely and effectively in the future. In a constantly changing threat environment, it will be imperative to maintain a proactive approach to security in order to safeguard digital assets.
Read more »
ZKP
Crypto Wallet Data Privacy Technology Web3 ZKP

ZKP Emerged as the "Must-Have" Component of Blockchain Security.

 

Zero-knowledge proof (ZKP) has emerged as a critical security component in Web3 and blockchain because it ensures data integrity and increases privacy. It accomplishes this by allowing verification without exposing data. ZKP is employed on cryptocurrency exchanges to validate transaction volumes or values while safeguarding the user's personal information.

In addition to ensuring privacy, it protects against fraud. Zero-knowledge cryptography, a class of algorithms that includes ZKP, enables complex interactions and strengthens blockchain security. Data is safeguarded from unauthorised access and modification while it moves through decentralised networks. 

Blockchain users are frequently asked to certify that they have sufficient funds to execute a transaction, but they may not necessarily want to disclose their whole amount. ZKP can verify that users meet the necessary standards during KYC processes on cryptocurrency exchanges without requiring users to share their paperwork. Building on this, Holonym offered Human Keys to ensure security and privacy in Zero Trust situations. 

Each person is given a unique key that they can use to unlock their security and privacy rights. It strengthens individual rights through robust decentralised protocols and configurable privacy. The privacy-preserving principle applies to several elements of Web3 data security. ZKP involves complex cryptographic validations, and any effort to change the data invalidates the proof. 

Trustless data processing eases smart contract developer work 

Smart contract developers are now working with their hands tied, limited to self-referential opcodes that cannot provide the information required to assess blockchain activities. To that end, the Space and Time platform's emphasis on enabling trustless, multichain data processing and strengthening smart contracts is worth mentioning, since it ultimately simplifies developers' work. 

Their SXT Chain, a ZKP data blockchain, is now live on testnet. It combines decentralised data storage and blockchain verification. Conventional blockchains are focused on transactions, however SXT Chain allows for advanced data querying and analysis while preserving data integrity through blockchain technology.

The flagship DeFi generation introduced yield farming and platforms like Aave and Uniswap. The new one includes tokenized real-world assets, blockchain lending with dynamic interest rates, cross-chain derivatives, and increasingly complicated financial products. 

To unlock Web3 use cases, a crypto-native, trustless query engine is required, which allows for more advanced DeFi by providing smart contracts with the necessary context. Space and Time is helping to offer one by extending on Chainlink's aggregated data points with a SQL database, allowing smart contract authors to execute SQL processing on any part of Ethereum's history. 

Effective and fair regulatory model 

ZKP allows for selective disclosure, in which just the information that regulators require is revealed. Web3 projects comply with KYC and AML rules while protecting user privacy. ZKP even opens up the possibility of a tiered regulation mechanism based on existing privacy models. Observers can examine the ledger for unusual variations and report any suspect accounts or transactions to higher-level regulators. 

Higher-level regulators reveal particular transaction data. The process is supported by zero-knowledge SNARKs (Succinct Non-interactive Arguments of Knowledge) and attribute-based encryption. These techniques use ZKP to ensure consistency between transaction and regulatory information, preventing the use of fake information to escape monitoring. 

Additionally, ZK solutions let users withdraw funds in a matter of minutes, whereas optimistic rollups take approximately a week to finalise transactions and process withdrawals.
Read more »
Webflow
Crypto Wallet Cyber Fraud Phishing Site User Privacy Webflow

Webflow Sites Employed to Trick Users Into Sharing Login Details

 

Security experts have warned of an upsurge in phishing pages built with Webflow, a website builder tool, as attackers continue to use legitimate services such as Microsoft Sway and Cloudflare. 

The malicious campaign targets login credentials for multiple corporate webmail services, Microsoft 365 login credentials, and sensitive data from cryptocurrency wallets like Coinbase, MetaMask, Phantom, Trezor, and Bitbuy.

According to the researchers, between April and September 2024, the number of visitors to Webflow-created phishing pages jumped tenfold, and the attacks targeted over 120 organisations worldwide. The majority of the people targeted work in the banking, technology, and financial services industries in North America and Asia.

Attackers have utilised Webflow to create standalone phishing pages as well as to redirect unsuspecting users to additional phishing pages under their control. Because there are no phishing lines of code to write and identify, the former provides attackers with convenience and stealth, but the latter allows them to carry out more complex activities as required. 

Webflow is far more appealing than Cloudflare R2 or Microsoft Sway since it allows clients to create custom subdomains for free, as opposed to auto-generated random alphanumeric subdomains, which are likely to raise suspicion.

To increase the chances of success, phishing sites are designed to resemble the login pages of their legitimate counterparts. This method is used to deceive users into disclosing their credentials, which are subsequently at times exfiltrated to another server. 

Security experts have also discovered Webflow cryptocurrency phoney websites that use screenshots of genuine wallet homepages as their landing pages. When a visitor clicks anywhere on the fake website, they are taken to the real scam site. The final goal of a crypto-phishing campaign is to gain the victim's seed phrases, allowing the attackers to take over cryptocurrency wallets and pilfer funds. 

When users enter the recovery phrase in one of the assaults identified by the cybersecurity firm, they are presented with an error message saying that their account has been suspended due to "unauthorised activity and identification failure." Additionally, the message directs the user to start an online chat session on Tawk.to to contact their support personnel. 

It is worth noting that Avast's CryptoCore fraud operation exploited chat services such as LiveChat, Tawk.to, and Smartsupp. Instead of using search engines or clicking on other links, users should always enter the URL into their web browser to access important pages like their webmail or banking portal.
Read more »
SpyAgent
Crypto Crypto Wallet malware McAfee SpyAgent

SpyAgent Malware Uses OCR Tech to Attack Crypto Wallets

SpyAgent Malware Uses OCR Tech to Attack Crypto Wallets

Malware Using OCR to Steal Crypto Keys

Cybersecurity experts have found a new malware threat that lures users into downloading a malicious app to grow. An advanced malware strain campaign has surfaced from North Korea, it attacks cryptocurrency wallets by exploiting the mnemonic keys of the users. McAfee researcher SangRyo found the malware after tracking stolen data from malicious apps for breaking servers and gaining access. 

The working of SpyAgent

The malware is called SpyAgent, and it targets cryptocurrency enthusiasts. What makes this malware unique is its ability to use OCR technology for scanning images, it leverages Optical Character Recognition (OCR) technology to steal mnemonic keys stored in the images of infected devices. Hackers use these mnemonic keys to gain unauthorized entry into digital assets. 

These keys are twelve-word phrases used for recovering cryptocurrency wallets. There has been a rise in the use of mnemonic phrases for crypto wallet security because they are easy to remember if compared to a long strain of random characters. 

Spy Agent pretends to be a legitimate application, such as banking, streaming, government services, or utility software. McAfee has discovered over 280 fake applications.

Distribution of SpyAgent

When a victim downloads a malicious app containing SpyAgent, the malware builds a command and control  (C2 )server that allows threat actors to launch remote commands. Later, the attacker extracts contact lists, text messages, and stored images from the compromised device. 

“Due to the server’s misconfiguration, not only were its internal components unintentionally exposed, but the sensitive personal data of victims, which had been compromised, also became publicly accessible. In the ‘uploads’ directory, individual folders were found, each containing photos collected from the victims, highlighting the severity of the data breach,” the report says.

Reach of SpyAgent

SpyAgent has been found working in Korea, but its range has widened to other countries as well. The malware is capable of disguising itself as a legitimate application, which makes it dangerous. SpyAgent has recently expanded to the United Kingdom. 

It has also moved from simple HTTP requests to web socket connections, allowing real-time two-way communication with the C2 server. It escapes security researchers via techniques like function remaining and string encoding. 

The McAfee report recommends “users to be cautious about their actions, like installing apps and granting permissions. It is advisable to keep important information securely stored and isolated from devices. Security software has become not just a recommendation but a necessity for protecting devices.”

Read more »
Subscribe to: Posts (Atom)