Search This Blog

Showing posts with label Cryptocurrencies. Show all posts

North Korea Uses Stolen Cryptoassets to fund its Nuclear Weapons Programs

International investigators and researchers have claimed that North Korea, in recent months is responsible for stealing $300 million worth of Bitcoin and other cryptocurrencies, which was done through hacking and other mass cyberattacks. 
The crypto assets are allegedly stolen in order to pay for North Korea's nuclear weapons program. In regards to this, a row has broken out in South Korean political circles over Korea's politicians’ and other leaders' ties to crypto developer Virgil Griffith. 
This development comes after North Korea’s missile launches have intensified in the past 10 days. In the wake of the recent nuclear attacks on the island of Hokkaido, more than 5 million Japanese citizens were urgently ordered to take cover as a protective measure. Pyongyang claims that these missile launches were “simulations” for nuclear attacks on South Korea. 
As per Military analysts, a large part of this missile launch is being funded, using the stolen cryptocurrency. North Korea is believed to have employed thousands of well-trained hackers, who have affected South Korean businesses and organizations. It has also been accused of exploiting its cyber skills for financial gains. 
According to Yonhap, one of South Korea's major news sources, the UN Security Council’s North Korea Sanctions Panel has blamed the North Korean cyber organization such as ‘Lazarus Group’ for Ronin Bridge and the Harmony bridge hack. 
As per the experts, the hermit state is utilizing the absence of worldwide regulatory constraints on cryptocurrencies, in order to steal cryptocurrencies to fund nuclear weapons and missile projects. 
In an interview with the VOA Korean Service, Jason Barlett, a researcher at the Center for a New American Security (CNAS) stated, “Cryptocurrency offers Pyongyang a new kind of currency that is substantially less regulated and understood by national governments, financial institutions, and institutions, and international organizations.”  
In accordance with a report by Nikkei Asia, North Korea is in the penultimate phase, to prepare for a nuclear weapon test, with such incidents pointing to the excavation of an underground tunnel and testing of triggering mechanisms.

FBI Alerts of Rise in Attacks Targeting DeFi Platforms


The FBI is alerting of an increase in cryptocurrency theft attacks on decentralised finance (DeFi) platforms.

According to the agency, criminals are exploiting the increased interest in cryptocurrency, as well as the complex functionality and open-source nature of DeFi platforms, to carry out nefarious activities.

According to the FBI, cybercriminals are stealing virtual currency and causing investors to lose money by utilising security flaws in the smart contracts that govern DeFi platforms. Smart contracts, defined as self-executing contracts containing the terms of an agreement between a buyer and a seller within their lines of code, are present throughout the decentralised blockchain network.

DeFi platforms accounted for roughly 97% of the $1.3 billion in cryptocurrencies stolen by cybercriminals between January and March 2022, an increase from 72% in 2021 and 30% in 2020.

According to the FBI, cybercriminals have also initiated flash loans to trigger an exploit in the DeFi platform's smart contracts (resulting in $3 million in cryptocurrency losses), exploited a signature verification bug in a DeFi platform's token bridge (resulting in $3 million in cryptocurrency losses), and tampered cryptocurrency price pairs (to steal $35 million in cryptocurrency).

Before investing, investors should research DeFi platforms, protocols, and smart contracts to identify potential risks and ensure that the DeFi investment platform's code has been audited at least once.

Furthermore, they should be cautious of DeFi investment pools with short timeframes for joining and rapid deployment of smart contracts, as well as the dangers posed by crowdsourced solutions in terms of bug hunting and patching.

According to the FBI, DeFi platforms should implement real-time analytics, monitoring, and code testing to address vulnerabilities and possibly shady activity, as well as an incident response plan that includes informing investors of any suspicious activity, including smart contract exploitation.

CoinStomp Malware is Aimed at Asian Cloud Service Providers


Researchers have uncovered a new malware family that mines cryptocurrencies using cloud services. According to Cado Security, the malware, dubbed CoinStomp, is comprised of shell scripts that "try to target cloud compute instances hosted by cloud service providers for the purpose of mining cryptocurrencies." According to the company's researchers, the overall goal of CoinStomp is to silently breach instances in order to harness computational resources to illicitly mine for cryptocurrency, a type of attack known as cryptojacking. 

So far, a handful of attacks have targeted cloud service companies in Asia. Clues in code also referenced Xanthe, a cryptojacking threat group previously linked to the Abcbot botnet. However, the clue – found in a defunct payload URL – is insufficient to determine who is behind CoinStomp and may have been included in an "attempt to dodge attribution," according to the team. 

CoinStomp includes a variety of intriguing features. One example is its reliance on "timestomping." Timestomping is the process of modifying the timestamps of files dumped or used during a malware attack. This approach is commonly used as an anti-forensics strategy to confound investigators and thwart remedial efforts. Although the Rocke gang has previously utilized timestomping in cryptojacking assaults, it is not a common technique. On Linux, timestomping is simple with the -t flag of the touch command. 

"It seems likely that timestomping was employed to obfuscate usage of the chmod and chattr utilities, as forensic tools would display the copied versions of these binaries as being last accessed (executed) at the timestamp used in the touch command," Cado Security noted. 

Furthermore, the malware will attempt to mess with the cryptographic policies of Linux servers. Because these policies can prevent malicious executables from being dumped or run, the creator of CoinStomp has included options to disable system-wide cryptographic policies via a kill command. "This could undo attempts to harden the target machine by administrators, ensuring that the malware achieves its objectives," the researchers say. 

CoinStomp will then use a reverse shell to connect to its command-and-control (C2) server. The script then downloads and runs additional payloads as system-wide systemd services with root access. These include binaries that might be used to develop backdoors and a customized version of XMRig, which is genuine Monero mining software that has been abused for criminal purposes.

Georgia goes after crypto miners

On January 10, Georgian Economy Minister Natia Turnava told reporters that the Government of Georgia and the energy distribution company Energo-pro Georgia are engaged in solving the problem of illegal mining of cryptocurrencies in the Svaneti region, which leads to an overload of power grids.

The problem is connected with a sharp increase in electricity consumption over the past year in the Mestia region of Svaneti. Widespread mining in the area is associated with low tariffs for businesses in the highland area and free electricity for the local population.

In December, the Georgian authorities had to introduce an electricity supply schedule in Mestia due to network congestion and recurring accidents.

"Of course, illegal electricity consumption is unacceptable, especially the so-called problems with household mining, which, as we know, exist there. We are working with the local government, as well as with Energo-pro Georgia, which supplies electricity to Svaneti, to solve this issue step by step," Turnava said.

She added that she does not think it is justified to involve the police in identifying the mining farms. The Minister of Economy hopes that the population itself is aware of the threat to the tourism sector inherent in the district, and will draw conclusions about this based on its own interests.

It's interesting to note that at the end of December, Mestia residents held protests demanding the closure of mining farms and accused the authorities of patronizing miners.

Energo-pro Georgia announced that it will be forced to introduce tariffs for the population in this situation. Before the New Year, local residents swore on an icon in the church that they would turn off all mining farms in the area. But after the New Year, the energy distribution company said that electricity consumption has not decreased.

According to a study by the Cambridge Center for Alternative Finance, in 2018 Georgia was in second place in terms of the amount of electricity spent on mining cryptocurrencies — 60 megawatts.

BitMart Will Compensate Victims of $196 Million Hack


The global Cryptocurrency trading platform BitMart has recently witnessed a security breach in the wake of which the company has released a statement and confirmed that the hackers have managed to steal $150 million in various cryptocurrencies. Sheldon Xia, BitMart’s CEO, and founder confirmed the breach on Twitter. 

The company confirmed in the statement that although all wallets, except ETH and BSC, are “secure and unharmed,” Bitmart has temporarily paused all withdrawals until further notice. 

“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” the company said in a statement. 

Additionally, Sheldon Xia said that during the investigation they discovered that the cryptocurrencies were drained by using a stolen private key which usually enables a user to access their cryptocurrency.

Furthermore, the company’s intelligence confirmed that it will compensate victims, it will use its own assets to recompense victims of this large-scale security breach. As per the sources, hackers withdrew $150 million in assets. However, blockchain security and data analytics firm Peckshield, which first confirmed the attack, claims that the loss is closer to $200 million. 

Owing to the cyberattack, the trade volume of the company has gone down, CoinGecko CEO Bobby reported. “Crypto exchange hacks are fairly common. Exchanges are a honeypot for hackers because of the high potential payoff for any successful exploit,” he said.

Bitmart was created by cryptocurrency enthusiasts, the roadmap began in November 2017. It has worldwide offices, with the company being registered in the Cayman Islands. The platform offers a mix of spot trading, OTC trading, leveraged futures trading as well as lending and staking services, and other services for digital assets. Also, in April, Bitmart registered with US regulators and was named MSB. 

Miners began to leave Kazakhstan due to a shortage of electricity

Co-founder of the company Didar Bekbau said on Twitter on Wednesday that crypto-mining company Xive has closed a large farm for 2,500 devices in Southern Kazakhstan due to the lack of sufficient electricity supply from the national grid. According to Xive co-founder Didar Bekbau, mining in the south of Kazakhstan is no longer possible.

Kazakhstan is struggling with a shortage of electricity, partly caused by the influx of crypto miners from China. The southern part of the country is particularly vulnerable because there are not enough powerful power plants in the region, and the national grid cannot reliably transmit electricity from the energy-rich northern region.

Crypto miners such as Xive and Enegix have been facing electricity problems since September due to rationing introduced by the national grid operator KEGOC, which has not yet commented on the situation.

Xive is preparing a new project for more than 2,500 machines, but "it is obvious that mining in the south of Kazakhstan is no longer possible,” Bekbau said.

Other miners in the south of Kazakhstan are also looking for hosting sites to move their mining machines, but the country “has no options left”. Some managed to locate their farms in Russia and the United States.

Last month, the Ministry of Energy published a draft resolution limiting the construction of new farms to 100 megawatts. The ministry later stated that they would not restrict the supply of electricity to legitimate businesses unless it jeopardized the national grid.

Recently, the government announced that it wants to encourage crypto-miners to develop independent renewable energy capacities. According to Sapar Akhmetov, Chairman of the Board of the Kazakhstan Association of Blockchain Technologies, the industry hopes that after Kazakhstan expands its capacity with renewable energy sources in the next one or two years, the limit may change.

According to the Bitcoin Electricity Consumption Index conducted by the Center for Alternative Finance at the University of Cambridge, Kazakhstan is the second-largest country in the world in the production of cryptocurrencies after the United States.

The Russian billionaire urged the Central Bank to develop cryptocurrencies in Russia

Russian billionaire Oleg Deripaska (Forbes estimates his fortune at $5.1 billion since 2018 Deripaska has been under US sanctions) criticized the Central Bank for allegedly “infantilely closing his eyes to the growing cryptocurrency market.” As an argument, the billionaire cited the actions of the US Treasury, which, according to him, invests in the crypto industry.

“The United States has long understood that uncontrolled digital payments can not only negate the effectiveness of the entire mechanism of economic sanctions but also bring down the dollar,” Deripaska said.

The billionaire referred to the sanctions review issued by the US Treasury. In the document, the regulator claims that the growing possibilities of financial technologies, including those based on cryptocurrency and alternative payment systems, pose a serious threat to the dollar.

According to Deripaska, this means that the development of the cryptocurrency market, uncontrolled by the state, can put the US Treasury in front of the prospect of default on a debt of $30 trillion, which will require $700 billion to service.

“I wonder if anyone has read this document at the Bank of Russia? Or do they work on the principle of “what we don't see doesn't exist?” he says ironically.

Earlier, Deripaska repeatedly criticized the Bank of Russia's policy on digital assets. For example, the billionaire claimed that the regulator should have issued a digital ruble two years ago because it is “more important than Gagarin's flight into space in 61st.”

It is worth noting that the value of bitcoin has updated the historical maximum, reaching $67 thousand. Experts expect cryptocurrency growth to continue.

This Malware Botnet Gang has Made Millions With a Surprisingly Simple Trick


MyKings, a long-running botnet, is still active and has generated at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies. 

It is also known as Smominru and Hexen and is the world's largest botnet focused on mining cryptocurrencies by exploiting the CPUs of its victims' desktop and server computers. It's a profitable business that grabbed notoriety in 2017 after infecting more than half a million Windows machines to mine $2.3 million of Monero in a month. 

A security firm, Avast has now verified that its operators have received at least $24.7 million in cryptocurrencies, which have been transferred to Bitcoin, Ethereum, and Dogecoin accounts. It states, however, that the majority of this was accomplished by the group's 'clipboard stealer module.' When it detects that a cryptocurrency wallet address has been duplicated (for example, to make a payment), this module replaces it with a new cryptocurrency address authorized by the group. 

Since the beginning of 2020, Avast claims to have blocked the MyKings clipboard stealer from 144,000 computers: the clipboard stealer module has emerged in 2018. 

According to the study of the security firm Sophos, the clipboard stealer, a trojan, monitors PCs for the usage of various currency wallet formats. It operates because users frequently utilise the copy/paste option to enter rather lengthy wallet IDs when logging into an account. 

Sophos noted in a report, "This method relies on the practice that most (if not all) people don't type in the long wallet IDs rather store it somewhere and use the clipboard to copy it when they need it. Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals' own wallet, and the payment is diverted to their account." 

Sophos did mention, however, that the coin addresses it discovered "hadn't received more than a few dollars," implying that coin theft was a tiny component of the MyKings operation. Sophos estimates that the crypto-mining part of the company generated around $10,000 per month in October 2019. 

Avast now claims that MyKings is generating significantly more money from the clipboard trojan after extending the 49 coin addresses uncovered in Sophos' investigation to over 1,300 coin addresses. 

According to Avast, the clipboard stealer's involvement may be far greater than Sophos uncovered. Avast researchers explain in a report, "This malware count on the fact that users do not expect to paste values different from the one that they copied. It is easy to notice when someone forgets to copy and paste something completely different (e.g. a text instead of an account number), but it takes special attention to notice the change of a long string of random numbers and letters to a very similar looking string, such as crypto wallet addresses.” 

"This process of swapping is done using functions OpenClipboard, EmptyClipboard, SetClipboardData and CloseClipboard. Even though this functionality is quite simple, it is concerning that attackers could have gained over $24,700,000 using such a simple method." 

Remarks from users on Etherscan who claimed to have mistakenly sent amounts to accounts covered in Avast's study provide circumstantial evidence to support the idea that the clipboard stealer is certainly effective.

Avast recommended that people should always double-check transaction details before sending money.

Ukraine legalized cryptocurrency

The Verkhovna Rada of Ukraine adopted the bill "On virtual assets", which will legalize cryptocurrency and virtual hryvnia.

The bill on its legal use for settlement operations was supported by 276 deputies, six voted against, 71 deputies abstained. The document regulates the circulation of virtual assets in the country, which allows market participants to use banking services, pay taxes on income from "crypto", as well as receive legal protection in courts in case of violation of rights.

According to the Telegram channel of the Rada, the purpose of the law is a comprehensive regulation of relations arising during the circulation and conclusion of transactions with digital currency, as well as ensuring a unified approach to the organization of cryptocurrency trading.

Owners of cryptocurrencies will receive a number of benefits. Due to the fact that there will be a legislative regulation of this area, they will at least be able to protect their fortune in virtual assets if something happens.

They will also be able to legally exchange crypto assets, declare them. This process will be absolutely legal. In addition, it is expected that a whole market of intermediary services will appear for paying for goods with cryptoassets, their storage, exchange. This will expand the possibilities of their use.

The new law will make virtual assets an absolutely legal and familiar phenomenon for the authorities and society.

It should be noted that in September last year, the government of Ukraine stated that the country has the highest level of use of virtual assets by the population in the world.

Earlier, E Hacking News reported that, according to the First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

El Salvador was the first country in the world to recognize bitcoin. The relevant law entered into force there on September 7. Now it will be possible to pay with cryptocurrency along with dollars.

Hacker Behind $600 Million Crypto Heist Returned Stolen Funds


The hacker behind the biggest cryptocurrency heist of all time has finally handed access to the final tranche of stolen funds. 

Poly Network, a platform in the decentralized finance or "DeFi" area, was hacked last month, with the hacker or hackers acquiring almost $600 million in digital tokens. The criminal took advantage of Poly Network's software flaw to move the cash to their own accounts. 

In an unexpected twist, the Poly Network hacker did not flee with the funds. Instead, they initiated contact with the targeted organization, offering to return all funds. Last week, the hacker returned all of the funds virtually, except $33 million in tether, or USDT, a dollar-pegged bitcoin that was locked by its issuers. 

However, there was a problem, more than $200 million in assets were locked up in an account that needed both Poly Network and the hacker to enter passwords. The hacker has been refusing to provide out their password for several days, only stating that they would do it when "everyone is ready." 

Poly Network appealed to the hacker, dubbed "Mr. White Hat," to refund the money. The company guaranteed the anonymous person a $500,000 reward for assisting in identifying a security weakness in its systems, as well as a post as "chief security advisor." 

Poly Network now has access to the final batch of stolen cash. According to a blog post published Monday, hacker Mr. White Hat provided the so-called private key needed to restore control of the remaining assets. 

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network stated. 

“We are in the process of returning full asset control to users as swiftly as possible.” 

Last week, the Japanese cryptocurrency exchange Liquid announced that it had been the target of a cyberattack in which hackers obtained $97 million worth of cryptocurrencies. However, in the case of Poly Network, the hacker kept an open dialogue going with their victim, eventually reclaiming the assets they had stolen. 

Security experts believe the attacker recognized it would be impossible to launder the money and cash because all transactions are recorded on the blockchain, the public ledgers that underlie most major digital currencies. 

An unidentified individual claiming to be the hacker stated they were “(quitting) the show” in a message embedded in a digital currency transaction. 

“My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style,” the unidentified person stated. 

“The consensus was reached in a painful and obscure way, but it works. Some people even suspect that the whole story is a PR stunt.” 

Poly Network's team verified that the private key is authentic, according to the organization.

“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack. Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners, and the multiple security agencies for their assistance.”