Search This Blog

Showing posts with label Cryptocurrency exchange. Show all posts

US Forex Scam Lasted for Ten Years

Two US men, Patrick Gallagher, 44, of Middleborough, Massachusetts, and Michael Dion, 49, of Orlando, Florida, both pled guilty to one charge of conspiracy to commit financial crimes in a foreign exchange operation that spanned a decade. 

Forex: Is it a con?

The world's currencies are traded on the Forex market, a credible platform.  It would be tricky to trade the currencies required to pay for imports, sell exports, travel, or conduct cross-border business without the Forex market. However, because there is no centralized or regulated exchange and massive leverage positions (which theoretically have the potential to earn traders a lot of money), are available, con artists use the scenario and rookie traders' desire to join the market. 

Since the forex market is a 'zero-sum' market, in order for one trader to profit, another dealer must lose money. As a result, the forex market does not by itself increase market value. 

About the Scam  

According to the Department of Justice, hackers established a fake organization called Global Forex Management and lured investors by assuring them large profits based on falsified trading performances from the past.

Hackers alleged that IB Capital, the business of a conspirator, would use an online trading platform to trade the victims' money. Rather, Gallagher and Dion were stealing the money from the victim investors while collaborating with other criminals in the Netherlands.

Gallagher and Dion carried out their scheme in May 2012 by deliberately setting up negative trades for the investors, effectively stealing $30 million from their victims.

After fabricating the enormous trading loss, Gallagher and Dion used shell businesses they had built up all across the world to transfer the stolen funds.

How can we detect a forex scam?

Learning how to correctly trade on the Forex market is the single most crucial thing a person can do to avoid getting conned. Finding reliable Forex brokers, on the other hand, is a challenge in this situation. Before trading with real money, practice making long-term profits on demo accounts. Be aware that it can take years to thoroughly learn the Forex trade, just like it does with any professional ability. Avoid any claim that suggests 'you can generate money quickly.'

Furthermore, don't accept the assertions made at face value; instead, take the time to conduct your own investigation. The legitimacy of the business that makes the claims or offers the course or expertise is something else a person might wish to investigate. 

Malicious Actors Target CoinSpot Cryptoexchange to Steal User Information


Cyber security researchers at the Cofense Phishing Defense Center (PDC) have unearthed a new phishing campaign targeting CoinSpot cryptocurrency exchange users via a new technique revolving around withdrawal confirmations with the ultimate goal of stealing two-factor authentication (2FA) codes. 

The attackers are sending emails from a Yahoo email address, mimicking authentic emails from CoinSpot that ask the users to confirm or cancel a withdrawal transaction. The malicious texts also include details such as the transaction amount and a Bitcoin wallet address to add authenticity to the phishing campaign. 

By clicking on any of the buttons embedded in the email, the victim is directed to a phishing landing page. The page clones the CoinSpot login page and uses a spoofed domain name to gain the target's attention. 

"The style appears authentic, and there is even a Bitcoin address included to add to legitimacy. The user is prompted to either confirm or cancel the withdrawal, but both links have the same SendGrid hyperlink," reads the Cofense report. 

Additionally, the attackers use a digital certificate that adds a lock symbol to the URL address bar to make the victim believe they've reached CoinSpot's authentic and secure login form. The malicious landing page prompts the victims to enter their account credentials, and if they fall into the trap, they receive a two-factor authentication page, which is the last shield against account takeover attempts.

Upon inputting a 2FA code, the victims are redirected to the official CoinSpot website in a final push to mitigate the chances of suspicion. The hackers can then use the account credentials and the stolen 2FA codes to gain control of the victim's account.

How to safeguard crypto-investments? 

According to security experts, the excitement around cryptocurrency investment has led to an influx of inexperienced and potentially gullible users, allowing attackers to target a particular field. 

“The threat actor observed here been meticulous in obtaining access to lucrative crypto accounts. By playing on the recipient’s fears with carefully crafted steps, it could be easy for targets to perceive this as legitimate,” Cofense researchers explained. 

Cryptocurrency exchanges recommend users to review basic elements such as the sender’s address calmly, and look for anything suspicious while receiving emails. Even if everything looks genuine, don’t click the built-in messaging buttons. Instead, open a new tab on your browser, visit the official website manually, log into your account, and check for any alerts or messages that need your attention.

As Crypto Exchange Attacks Surge Users Must Protect Their Crypto Wallets

As cryptocurrency goes from being an academic concept to becoming a type of transaction that has the potential to significantly reduce cyber fraud, cryptocurrency crimes have seen a likewise rise with cybercriminals targeting cryptocurrency exchanges and crypto-wallets. 

Despite the global pandemic wreaking havoc on economies, cryptocurrency has continued to grow, leading to a rise in the number of crypto exchanges worldwide. Subsequently, several top crypto companies in the Bay area were seen investing in Indian exchanges as well. 

While cryptocurrencies are particularly secure, crypto exchanges are susceptible to a number of vulnerabilities as they remain largely unregulated. It has resulted in exchanges being hacked every year in large numbers. The sudden surge in the popularity of cryptocurrency has meant investments by many amateur investors who didn't take time to fully understand how the crypto scene works. The lack of knowledge has been rampantly exploited by threat actors who saw it as a chance to scam and exploit crypto space. 

Throughout 2020, attacks linked to Blockchain alone accounted for nearly a third of all time attacks targeted at blockchain. Reportedly, the total monetary losses in a total of 122 attacks were almost $3.78 billion. Ethereum (ETH) DApps were the most often targeted – costing users nearly $436.36 million in 2020 alone. There were 47 successful attacks aimed at decentralized applications based on the Ethereum smart contract. 

New-Zealand-based, Cryptopia exchange was breached in 2019 as hackers managed to siphon $11 million worth of funds from the exchange. Following the security breach, the exchange went dark citing an announcement that read: “We are experiencing an unscheduled maintenance, we are working to resume the services as soon as possible. We will keep you updated.” 

Altsbit, an Italian crypto exchange, lost $70,000 in a hack within a few months of being around. The exchange announced that it will refund the affected users and will terminate its services in May 2020. “We will refund whatever we are holding on cold storage to users and then the platform will close down, ” the company stated in an email to Cointelegraph. Though it remained unclear how the hackers pulled off the attack, reports stated that the cybercrime group 'Lulzsec' was behind the hack. 

UPbit, a popular South Korean cryptocurrency exchange lost approximately $45 million (342,000 ETH) in a 2019 crypto theft. It went on to become the seventh-largest crypto exchange hack of the year. 

Liquid Global, a Japanese crypto exchange reported suffering a massive hacking incident, which resulted in the loss of digital assets worth $97 million. It included Bitcoin, Ethereum, XRP, and stablecoins. Liquid claimed that the attacker targeted a Multi-Party Computation wallet (an advanced cryptographic technique). 

In order to stay ahead of the crypto hackers, a few ways to secure your cryptocurrency are: ensuring the security of the Internet, using a cold wallet, changing passwords at regular periods, maintaining multiple wallets, staying wary of phishing attacks, and securing your personal device.

Cinobi Banking Malware Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign


Researchers at Trend Micro discovered a new social engineering-based malvertising campaign targeting Japanese users with a malicious application disguised as a free porn game, a reward points application, or a video streaming app. 

The malicious application uses a sideloading methodology to show the victim arbitrary web pages and ultimately deploy the Cinobi banking trojan. Researchers say that the malvertising campaign shares much in common with the Cinobi banking trojan they identified last year, but consider it to be a rebranded version of it. The campaign’s configuration remained the same, except that it targets a list of cryptocurrency exchange websites in Japan.

Last year, researchers at Trend Micro unearthed a new banking trojan which was dubbed as Cinobi Banking Trojan. The banking malware was a part of a campaign called “Operation Overtrap”. The campaign was operated by a malicious group known as “Water Kappa”. The malicious group has deployed the trojan in two ways: either via spam or making use of the Bottle exploit kit that contained CVE-2020-1380 and CVE-2021-26411 (2 Internet Explorer exploits). Interestingly, only Internet Explorer users were targeted through these malvertising attacks. 

Throughout 2020 and the first half of 2021, researchers noticed limited activity from the malicious group, with traffic decreasing during the middle of June — possibly suggesting that the group was turning to new tools and techniques. Earlier this month, researchers discovered the banking malware targeting users in Japan by abusing sideloading bugs. Researchers at TrendMicro believe that the same attackers that engaged in the “Operation Overtrap” campaign are behind this new one.

The malvertising campaign targets users by sending malvertisements with five different themes. These malvertisements trick victims into installing the same archive with the malware files. After the victim clicks the download button (“”), the site downloads the ZIP archive for the main executable file.

Researchers noted that the malicious website can be accessed only via Japanese IP addresses and that malicious threat actors behind the malvertising campaign are trying to steal cryptocurrency as  Cryptocurrency accounts’ credentials are now what hackers want to obtain by deploying the banking trojan called Cinobi. 

Threat actors have designed few more versions of banking malware with slight differences. The most important is the configuration file responsible for the form-grabbing functionality. The banking trojan has been spotted targeting users of 11 Japanese financial institutions, including banks and cryptocurrency trading companies. To avoid getting infected, researchers advised users to be extra cautious of suspicious advertisements and install only legitimate applications from trusted sources.

3 Unique Procedures to Counter Money Laundering in India


The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges deployed their own KYC regulations and anti-money laundering protocols for users.

Nishal Shetty, CEO of India’s largest cryptocurrency exchange WazirX said we follow all the necessary protocols such as asking users for ID and address proof like Aadhar and PAN Card. Our platform also emphasizes that money must come from the concerned customers' bank account and not from the third party bank account.

Cryptocurrency exchanges use various procedures to conduct KYC, one such method is penny drop. Penny drop method helps in verifying the user’s personal information and bank details, for example, a token of 10 rupees is transferred to the user’s account to confirm bank account details. This method confirms the account holder’s name as registered with the bank, to the transferor.

Neeraj Khandelwal, co-founder of CoinDCX stated that “for corporate clients who are given higher trading limits, more documents like articles of association, board resolutions authorizing crypto investment, etc. are needed”.

Chainlink is one of the most familiar software among cryptocurrency exchanges which helps in identifying rogue addresses. Khandelwal further stated “we use a globally renowned crypto AML tool to check for blacklisted crypto addresses. If a legitimate user has got crypto from such an address, maybe through peer-to-peer and he or she wants to transact on our exchange, we ask for additional KYC such as source of funds and profession”.

Bitcoins and other cryptos are not held in bank or demat accounts contrary to other financial assets such as stocks, bonds, and FDs. The cold wallet is the method that can be used for holding on to the bitcoins and other cryptos, it is the hardware device or even paper that is not linked to the internet. Therefore, cold wallets cannot be easily seized by law enforcement authorities.