Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cryptocurrency Breach. Show all posts

Privnote Secure Messaging App Is Under Phishing Threat

 

Privnote.com, launched in 2008, revolutionized secure messaging with its encryption technology. It allows users to send messages with a unique link, ensuring privacy as the content self-destructs after reading. However, its popularity among cryptocurrency enthusiasts also drew the attention of malicious actors who engaged in phishing activities. 

Phishers exploit Privnote's model by creating clones, such as privnote[.]co, that mimic its functionality. These clones surreptitiously replace cryptocurrency addresses when users create notes containing crypto wallets. Thus, unsuspecting users fall victim to sending funds to the phisher's address instead of the intended recipient. 

GitHub user, fory66399, lodged a complaint last month against MetaMask, a cryptocurrency wallet, alleging wrongful flagging of privnote[.]co as malicious. Threatening legal action, fory66399 demanded evidence and compensation. However, MetaMask's lead product manager, Taylor Monahan, swiftly debunked these claims by providing screenshots showing the fraudulent activities of privnote[.]co. 

According to DomainTools.com, the domain privatenote[.]io has changed hands between two individuals: Andrey Sokol from Moscow and Alexandr Ermakov from Kiev, over two years. While these names may not be the real identities of the scammers, they provide clues to other sites targeting Privnote since 2020. 

Furthermore, Alexandr Ermakov is linked to several other domains, including pirvnota[.]com, privatemessage[.]net, privatenote[.]io, and tornote[.]io, as per DomainTools. This suggests a potential network of fraudulent activities associated with Privnote, emphasizing the need for caution in identifying phishing attempts. 

Let’s Understand Suspicious Activities on Privnote: 

Domain Registrations: The domain pirvnota[.]com saw a change in registration details from Andrey Sokol to "BPW" and "Tambov district" as the registrant's state/province. This led to the discovery of pirwnote[.]com, along with other suspicious domains like privnode[.]com, privnate[.]com, and prevnóte[.]com, all linking to the same internet address. Interestingly, pirwnote[.]com is now selling security cameras from a Hong Kong-based internet address. 

Deceptive Legitimacy: Tornote[.]io appears to have undergone efforts to establish credibility. A Medium account has published numerous blog posts endorsing Tornote as a secure messaging service. However, testing reveals its malicious intent, as it also alters cryptocurrency addresses in messages. 

Search Engine Manipulation: Phishing sites manipulate search engine results to appear prominently for terms like "privnote." Currently, a Google search for "privnote" lists tornote[.]io as the fifth result. These sites rotate cryptocurrency addresses every five days to evade detection. 

According to the Privnote website, it is a web-based service focused on privacy, allowing users to create encrypted notes shared via unique one-time-use HTTPS links. Notes and their contents are processed securely in users' browsers, with no readable data stored on Privnote's servers. 

IP addresses are processed solely for communication and promptly deleted thereafter. Personal data within notes remains encrypted and inaccessible to Privnote. The service uses cookies for functional and non-functional purposes, respecting user privacy preferences. Privnote does not target children under 16 and commits to regularly updating its Privacy Policy.

North Korean Hackers Steal Crypto to Fund ‘Nuclear Weapon Program’


North Korea based hackers have reportedly carried out another attack, stealing hundreds of millions in crypto in order to fund their regime’s ‘nuclear weapon program.’

According to blockchain intelligence company TRM Labs, almost 20% of all cryptocurrency stolen this year, equivalent to $200 millions in US Dollars, has been taken by hackers connected to North Korea between January and August 18.

The TRM Labs, in a discussion with North Korea experts, in June, stated, “In recent years, there has been a marked rise in the size and scale of cyberattacks against cryptocurrency-related businesses by North Korea. This has coincided with an apparent acceleration in the country’s nuclear and ballistic missile programs,”

In the aforementioned discussion, TRM Labs also emphasized the way there has been a shift away from North Korea's "traditional revenue-generating activities" — a sign that the government may be "increasingly turning to cyber attacks to fund its weapons proliferation activity."

In another comment on the issue, blockchain analytics firm Chainalysis noted in their February issue that “most experts agree the North Korean government is using these stolen assets to fund its nuclear weapons programs.”

On the other hand, CNBC's request for a comment on the matter from the North Korean regime's diplomatic mission to the UN – the Permanent Mission of North Korea in New York – was denied.

The Democratic People's Republic of Korea, or North Korea officially known as the DPRK, has been subject to numerous sanctions by the UN since its first nuclear test in 2006, owing to its development of nuclear and ballistic missile technology.

The goal of these sanctions behind bans on North Korea’s financial services, minerals, metals and artillery is to limit Korea’s access to these sources and funds it will need to execute their nuclear activities. 

The FBI only recently alerted cryptocurrency firms that hackers with ties to North Korea intend to "cash out" $40 million in cryptocurrency.

In January, the federal agency also noted that it continues to “identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and Weapons of Mass Destruction programs.”

In regards to the issue, intelligence analyst at blockchain analytics firm TRM Labs Nick Carlsen said, “They are under pretty serious economic stress with international sanctions. They need every dollar they can. And this is just obviously a much more efficient way for North Korea to make money.”

“Even if that dollar stolen in crypto doesn’t directly go towards the purchase of some component for the nuclear program, it frees up another dollar to support the regime and its programs,” he added.  

Friend.Tech Hit by Cyber Attack

 


Protecting sensitive information is now a top priority for both individuals and businesses in the digital age when data is king. The recent data breach at Friend.tech, regrettably, has once more highlighted how vulnerable our globally networked world is. Numerous users' security and privacy were put at risk, and the intrusion shocked the computer community.

Credible sources have reported that a large participant in the computer industry was the target of a significant cyberattack that resulted in a significant data breach. Along with exposing the victims' personal information, the breach earned the hackers an illegitimate reward.

Unauthorized access to customer data occurred as a result of a breach at Friend.tech, a company renowned for its creative solutions. Usernames, email addresses, and hashed passwords were among the information that was compromised. While the breach itself is troubling, what's perhaps more frightening is the possible misuse of this sensitive data, placing consumers at risk of identity theft, phishing attempts, and other cybercrimes.

The fallout from the incident showed how urgently organizations need to improve their cybersecurity procedures. In an interview with Outlook India, the CEO of Friend.tech underscored the seriousness of the situation, saying that businesses have little time to strengthen their defenses as assaults get more sophisticated. This alert serves as a reminder that cybersecurity is a continuous undertaking that necessitates continued monitoring and response to emerging threats.

The incident's impact was not confined to Friend.tech alone; the entire tech industry felt its reverberations. The breach's ripple effect reached even crypto exchange giant Binance, as reported in their official feed. This demonstrated how interconnected our digital ecosystem is, and any vulnerability in one part can potentially disrupt the entire chain.

Businesses must aggressively address cybersecurity concerns to safeguard the data of their users and their own integrity in an environment where trust is essential. It is now more important than ever to have thorough security policies, regular vulnerability assessments, and quick incident response strategies.

The data breach at Friend.tech serves as a sobering reminder that risks might still exist in the digital sphere. Individuals must put personal cybersecurity first by creating strong, one-of-a-kind passwords, activating two-factor authentication, and being watchful for phishing scams. Businesses must use this tragedy as a chance to review and strengthen their cybersecurity systems.

Crypto Platform 3Commas Attacked

 

Cryptocurrency trading platform 3Commas reported that they suffered a data breach in which API data were stolen. Following the incident, an FBI investigation has been called in. 

However, the investigation comes after weeks of criticism from users of the Estonia-based crypto trading platform. As per the statement released by the platform, an unknown hacker posted 3Commas’ API database to Pastebin, on 28 December. 

Also, users reported that its CEO repeatedly ignored the warning signs that the platform had been targeted. 

The cyber threat security team of the company has confirmed the attack’s authenticity after analyzing it, saying “at this point, 3Commas can, unfortunately, confirm that some of 3Commas’ users’ API data (API keys, secrets and passphrases) have been disclosed by a third party.”

Further, it added that “Currently and to the best of our knowledge only API data have been disclosed as part of this incident. As a likely consequence, the hacker(s) may use or may have used the API data to connect your exchange accounts to his/their account and/or initiate unauthorized trades”. 

The threat actor has managed to leak a set of 10,000 API keys, which was just 10% of the 100,000-big database, as per the report. These keys are used by 3Commas bots to automatically interact with crypto exchange platforms, make trades and generate profit, without user interaction. 

The company sent notice to its users via email and a blog post, in which it assures its users that their data and funds will be protected as the company has taken precautionary measures already. The attack has also been reported to the relevant law enforcement agencies, including the FBI. 

However, the damage has already been done. The malicious actor has been abusing stolen API keys since November, he also managed to steal some $6 million worth of cryptocurrencies so far as per the report. 

Furthermore, the company added, “Only a small number of technical employees had access to the infrastructure, and we have taken steps since November 19 to remove their access. Since then, we have implemented new security measures, and we will not stop there; we are launching a full investigation in which law enforcement will be involved”.

Cryptocurrency Network Ronin Suffers Breach, Hackers Steal Millions

Ronin, a cryptocurrency network revealed a breach where threat actors swept $540 million worth of Ethereum and USDC stablecoin. The attack is one of the biggest in the history of cryptocurrency cyberattacks, particularly retrieved funds from a service called Ronin Bridge. Pulled-off attacks on "blockchain bridges" have become normal in the last two years, the Ronnie incident is a testimony to thinking hard about the problem. Blockchain bridges (network bridges) are apps that allow users to transfer digital assets from one blockchain to another. 

Cryptocurrencies can't usually interoperate, for instance, one can't do a transaction on a bitcoin platform via doge coins, hence, these "bridges" have become an important process, in the cryptocurrency world. Bridge services use 'cryptocurrency' to convert a bitcoin into another. For instance, if one goes to a bridge and uses a different cryptocurrency, like bitcoin (BTC), the bridge splits out wrapped Bitcoins (WBTC). In simple terms, it's similar to a gift card or a check that shows stored value in an open alternative format. 

Bridges require a vault of cryptocurrency coins to underwrite the total wrapped coins, and that trove is the primary target for threat actors. "Bridges will continue to grow because people will always want the opportunity to join new ecosystems. Over time, we'll professionalize, develop best practices, and there will be more people capable of building and analyzing bridge code. Bridges are new enough that there are very few experts," says James Prestwich. 

Besides the Ronin heist, hackers stole around $80 Million worth of cryptocurrency from the Qubit bridge in January, around $320 Million from the Wormhole bridge in February, and $4.2 Million a few days later from Meterio Bridge. Another thing that one should note is that Poly network had around $615 Million worth of cryptocurrency stolen in August last year, but the attackers returned the fund a few days after. "Ronin was created by the Vietnamese company Sky Mavis, which develops the popular NFT-based video game Axie Infinity. In the case of this bridge hack, it seems attackers used social engineering to trick their way into accessing the private encryption keys used to verify transactions on the network," reports the Wired.