Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Phishing Sca. Show all posts

Phishing Scare at Bitfinex: Employee Breach Exposes Users to Cyber Threats

 


A phishing attack was carried out on one of Bitfinex's customer service representatives earlier this week, which resulted in a minor security incident. It was determined that the attack was not a virus, but rather a phishing attack.  

The Bitfinex exchange has recently suffered from a "minor" security incident involving one of its customer support agents, who was hacked by someone attempting to hack his computer. As a result, several users were targeted in phishing attacks as a result of the attack. 

An October 30 to November 5 incident, according to a recent press release by the crypto exchange, occurred during the period from October 30 to November 5. The company, however, offered their customers a guarantee that there would be minimal impact and that no significant damages would occur as a result. 

A customer support agent who was given access to partial information of the customer, as a result of a phishing attack, was involved in the breach. However, this attack only underlines how often bad actors attempt to attack major crypto infrastructures such as exchanges, even though the threat has now been resolved. 

As part of a blog post released on the 4th of November, Bitfinex revealed that hackers perpetrated a phishing attack to acquire information about customer support agents. However, it seems the efforts of the bad guys were not fruitful. It was stated in the exchange that the targeted agent was restricted to supporting tools and helpdesk tickets due to a lack of senior permission.  

In other words, the hackers were unable to obtain some valuable data from Bitfinex customer support boards, which contained only partial, incomplete and stale information, which prevented them from being able to effectively contact Bitfinex for assistance. 

According to Bitfinex, no systems of the exchange were negatively affected, nor was any of the server, wallet, or database infrastructure of the exchange compromised, and all customer assets remain safe and intact as well and were not compromised or accessed by hackers at any time during this period. The exchange has however stated that it will make contact with the owners of the affected accounts to determine whether they will have any evidence of the attack.

Nonetheless, there were some accounts affected by the attack. Bitfinex claims these accounts were empty or inoperative. Bitfinex is a Hong Kong-based company founded in 2012 that offers trading services for dollars and bitcoins and was established in 2013, Jean-Louis van der Velde has been serving as the company's CEO since 2013. 

That incident happened despite Bitfinex regularly reviewing its security procedures and mandating all employees to attend cybersecurity training. Among all cryptocurrency exchanges, Bitcoin forex is ranked 17th in CoinGecko's "Trust Score" index. Since 2013, the exchange has seen over 800,000 visitors on its platform, putting it in 17th place on CoinGecko's "Trust Score" index out of all cryptocurrency exchanges. 

Under the leadership of its CEO Jean-Louis van der Velde since 2013, it has been ranked 17th among cryptocurrency exchanges with the highest trust score. This security incident comes as hackers and scams continue to plague the crypto industry as the platform recorded over 800,000 visits in the past month alone. 

The security incident at Bitfinex is yet another example of hacks and scams plaguing the crypto industry. A recent report released by Immunefi, which specializes in blockchain security, found 76 hacks were reported in the third quarter of 2023 against crypto and Web3 projects and organizations. This represents a dramatic increase over the previous quarter of 30 hacks. 

According to the latest figures, there have been approximately $332 million lost to various hacks, exploits, and scams throughout September, making September the highest-ever month for crypto-exploitations. Crypto exchanges, which hold so many assets at one time at each point in time, are not surprising targets for hackers as they mentioned earlier, because of how large their asset base is at any given moment.  It is reported that Dunmanu, the operator of Upbit, recorded about 160,000 hacking attempts against the South Korean exchange's infrastructure in H1 2023. 

This is twice the number of attacks the exchange experienced in H1 2022, which has meant that 160,000 hacking attacks were made on the exchange's infrastructure during the first half of 2023.  The two exchanges Upbit and Bitfinex were able to scale through these attacks untouched, while others have suffered significant losses as a result of these bad actors. 

A security exploit caused about $23 million of digital assets worth of digital assets to be lost by the Bitrue exchange in April, which has a daily trading volume of $1 billion.  In the following six months, CoinEx, based in Hong Kong, experienced the largest heist ever on a centralized cryptocurrency exchange in 2023, when hackers robbed the hot wallets of the exchange for approximately $55.5 million. It is only through these attacks that we can truly understand that the security systems in the crypto space need to be continuously improved.