Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Elliptic. Show all posts

Bitcoin Heist Hits Japanese Exchange DMM Bitcoin

 



In a security breach, Japanese cryptocurrency exchange DMM Bitcoin announced the theft of approximately 4,502.9 Bitcoin, valued at around 48.2 billion yen (approximately $304 million). The incident marks one of the largest cryptocurrency heists in recent history.

The breach was detected on May 31, 2024, at approximately 1:26 p.m. when DMM Bitcoin identified an unauthorised leak of Bitcoin from its wallets. The exchange immediately took steps to mitigate the leak and implement additional security measures to prevent further unauthorised access. The company is still investigating the full extent of the damage.

DMM Bitcoin has reassured its customers that their Bitcoin deposits will be fully guaranteed despite the breach. However, the exchange has implemented several temporary restrictions on its services to enhance security. These measures include the suspension of new account openings, the processing of cryptocurrency withdrawals, and the placing of new buy orders for spot trading. Only sell orders will be accepted for spot trading, and new open positions for leveraged trading are also suspended, with only settlement orders being processed.


Impact on Customers

The company has informed customers that existing limit orders for both spot and leveraged trading will remain unaffected. However, withdrawals of Japanese yen may experience delays. DMM Bitcoin has apologised for the inconvenience caused and assured customers that their assets are secure.


Response and Analysis

Cryptocurrency security firm Elliptic has reported that this heist ranks as the eighth-largest crypto theft of all time. It is the most significant since the $477 million hack suffered by FTX in November 2022. Elliptic has also confirmed the identification of the wallets involved in the DMM Bitcoin attack.


Ongoing Investigation

DMM Bitcoin continues to work on understanding the details of the attack and has not yet provided specific information about how the breach occurred. The company remains focused on ensuring the security of its platform and protecting customer assets.

The broader cryptocurrency community will be closely monitoring the developments of this case and the measures taken by DMM Bitcoin to prevent future incidents.


Researchers: 'Black Basta' Group Rakes in Over $100 Million

 

A cyber extortion group believed to be an offshoot of the infamous Russian Conti hacker organization has reportedly amassed over $100 million since its emergence last year, according to a report published on Wednesday by digital currency tracking service Elliptic and Corvus Insurance.

The group, known as "Black Basta," has allegedly extorted at least $107 million in bitcoin, with a significant portion of the laundered ransom payments flowing to the sanctioned Russian cryptocurrency exchange Garantex, as revealed in the joint report. Attempts to contact Black Basta through its dark web site were unsuccessful. Garantex, which faced U.S. Treasury sanctions in April of the previous year, expressed support for global initiatives combatting cybercrime and urged information-sharing regarding the hackers' finances, pledging to block suspicious funds.

Elliptic co-founder Tom Robinson characterized Black Basta's substantial earnings as making it "one of the most profitable ransomware strains of all time." The researchers arrived at this figure by identifying known ransom payments linked to the group, tracing the laundering of digital currency, and discovering additional payments.

Robert McArdle, a cybercrime expert from security firm TrendMicro not involved in the report, deemed the reported Black Basta figure "certainly in a believable range for their operations."

The Elliptic-Corvus report also presented evidence linking Black Basta to the now-defunct Russian group "Canti." Conti, formerly a prominent ransomware gang, gained notoriety for coercing victims through data encryption, ransom demands, and threats to publish stolen information. 

The report suggests that individuals from Conti, following the dismantling of its leak site after Russia's invasion of Ukraine and the subsequent posting of U.S. bounties on its leadership, may have reorganized and rebranded, with Black Basta potentially being a manifestation of this restructuring.

"Conti was perhaps the most successful ransomware gang we've seen," remarked Robinson. The recent findings indicate that some individuals responsible for Conti's success might be replicating it with the Black Basta ransomware, he added.

Elliptic Claims: FTX Hacks Could Have Possible Connection to Russia


In November 2022, the disorderly collapse of the cryptocurrency exchange FTX resulted in a staggering $477 million hack. The previously inactive stolen funds became active just days before Sam Bankman-Fried, the founder and CEO of FTX, went on trial. Elliptic analysts have investigated the event in-depth, following the intricate blockchain trail left by the hackers and finding evidence of Russia's involvement. 

Elliptic’s Insight for the Hack 

According to a report by Elliptic – one of the largest providers of blockchain analytics and crypto compliance solutions – the hackers cleverly masked their activity by moving the stolen assets through a series of intricate transactions. They used private wallets and decentralized exchanges to make it more difficult to trace them. Elliptic was able to track the money, though, and discovered that the hackers distributed a sizable percentage of it to several locations after converting a considerable amount into ether. Potential connections to Russian actors are also revealed by Elliptic's on-chain analysis.

A Possible FTX Hack-Russia Connection 

According to Elliptic, Russia is potentially behind the FTC hack. Apparently, the hacker’s procedures and the subsequent travel of the stolen funds resemble tactics frequently linked to Russian cybercriminals.

The research firm claimed that the laundering tactics used post-theft are strikingly similar to those typically used by Russian hackers. The method they moved money, the private wallets they preferred, and their affinity for decentralized exchanges are all reminiscent of strategies Russian hackers have employed in the past.

The speed and efficiency with which the stolen fund’s laundering is carried out suggested that the campaign was well-planned by an experienced group of hackers. The suspects so far have included everyone from rogue FTX personnel carrying out an inside job to the North Korean hacking collective Lazarus, which has been linked to a number of crypto protocol flaws. While the suspects could be several in number, Russian threat actors check most of the boxes for the ones behind the hack.

Elliptic stated "A Russia-linked actor seems a stronger possibility. Of the stolen assets that can be traced through ChipMixer, significant amounts are combined with funds from Russia-linked criminal groups, including ransomware gangs and darknet markets, before being sent to exchanges.”

Elliptic’s analysis not only emphasize the significance of advanced blockchain analytics in confronting such challenges but also highlights the geopolitical implications present in cybercrime cases. With the swift developments in the digital currency realm, acquiring an insight into the origins and motivations behind these attacks has become important for both security measures and international diplomatic relations.  

Darkside Ransomware Gang Received Nearly $5 Million as the Extortion Amount from the Victims of Colonial Pipeline Attack

 

Security experts at London-based blockchain analytics firm Elliptic discovered the bitcoin wallet used by the ransomware group responsible for the Colonial Pipeline attack and the extortion amount received from victims. 

According to a report from blockchain analytics firm Elliptic, the ransomware gang Darkside received a ransom payment of 75 Bitcoin, or roughly $5 million, made by Colonial Pipeline on May 8 following the cyberattack on its operations.

The cyberattack on Colonial Pipeline led to widespread fuel shortages in the U.S. and has been described as the worst cyberattack on critical U.S. infrastructure to date. 

Security researchers first spotted the ransomware gang’s operation in August 2020 and nearly after 9 months in May 2021, the FBI confirmed the role of the Darkside ransomware gang in engineering the attack on Colonial Pipeline.

In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, emerging from 47 distinct wallets. According to DarkTracer, 99 organizations have been attacked with the DarkSide malware – indicating that almost half of DarkSide victims paid a ransom and that the average payment was $1.9 million. DarkSide says it targets only big companies and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector, and non-profits. 

The firm also discovered a ransomware bitcoin payment made by Brenntag, a large chemical distribution company in Germany, totaling roughly $ 4.4 million. The group's wallet has been active since March 4, 2021, and has received 57 payments from 21 different wallets, according to Elliptic.

DarkSide and other ransomware groups have engineered the ransomware-as-a-service model, where the designers of the malware can effectively outsource the actual hacking and infecting of a target and then split whatever ransom comes in. The practice has democratized ransomware use, allowing less experienced cybercriminals to get in on the scam without any technical knowledge. 

"In this operating model, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target computer system and negotiating the ransom payment with the victim organization. This new business model has revolutionized ransomware, opening it up to those who do not have the technical capability to create malware, but are willing and able to infiltrate a target organization," Elliptic told.