Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cryptocurrency. Show all posts
data security
Bounty CERT-In Crypto Funds cryptocurrency cryptocurrency theft Customer Information Cyber Attacks data security

WazirX Responds to Major Cyberattack with Trading Halt and Bounty Program

 

In the wake of a significant cyberattack, WazirX, one of India’s foremost cryptocurrency exchanges, has taken drastic measures to mitigate the damage. The exchange announced a halt in trading and introduced a bounty program aimed at recovering stolen assets. This attack has severely impacted their ability to maintain 1:1 collateral with assets, necessitating immediate action. 

In a series of posts on X, WazirX detailed their response to the breach. They have filed a police complaint and reported the incident to the Financial Intelligence Unit (FIU) and CERT-In. Co-founder Nischal Shetty emphasized the urgency of the situation, stating that the exchange is reaching out to over 500 other exchanges to block the identified addresses associated with the stolen funds. This broad collaboration is essential as the stolen assets move through various platforms. 

To further their recovery efforts, WazirX is launching a bounty program to incentivize individuals and entities to help freeze or recover the stolen assets. This initiative is part of a broader strategy to trace the stolen funds and enhance the security measures of the exchange. The team is also consulting with several expert groups specializing in cryptocurrency transaction tracking to provide continuous monitoring and support during the recovery process. The exchange expressed gratitude for the support from the broader Web3 ecosystem, underscoring the need for a collective effort to resolve the issue and maintain the integrity of the Web3 community. 

Shetty mentioned that the team is conducting a thorough analysis to understand the extent of the damage caused by the attack. This analysis is crucial for developing an effective recovery plan and ensuring that all possible measures are taken to protect customer funds. In addition to their internal efforts, WazirX is working closely with forensic experts and law enforcement agencies to identify and apprehend the perpetrators. This collaboration aims to ensure that those responsible are brought to justice and that as many stolen assets as possible are recovered. 

The cyberattack has resulted in a substantial loss of approximately $235 million, making it one of the largest hacks of a centralized exchange in recent history. Crypto investigator ZachXBT revealed that the main attacker’s wallet still holds over $104 million in funds, which have yet to be offloaded. 

This highlights the ongoing challenges and complexities of securing digital assets in the ever-evolving cryptocurrency landscape. WazirX’s proactive measures and the support from the broader community will be crucial in navigating this crisis and reinforcing the security frameworks essential for the future of cryptocurrency exchanges.
Read more »
Sensitive data
cryptocurrency Data Breach LukaLocker ransomware Ransomware Sensitive data

Ransomware Group Uses Harassment Tactics to Secure Payments


 

A newly identified ransomware group named Volcano Demon is using aggressive tactics to compel victims to pay ransoms. Halycon, an anti-ransomware firm, recently reported that this group has targeted several organisations in the past weeks with a new encryption tool called LukaLocker.

Attack Strategy

Volcano Demon’s attack method is both simple and effective. Initially, the hackers infiltrate the target’s network, mapping it out and stealing as many sensitive files as they can. Following this, they deploy LukaLocker to encrypt files and entire systems. The victims are then instructed to pay a ransom in cryptocurrency to receive the decryption key and prevent the stolen data from being leaked.

Technical Details of LukaLocker

LukaLocker works by adding a .nba extension to encrypted files and is capable of operating on both Windows and Linux systems. The encryptor is proficient at hiding its tracks by erasing logs before exploitation, making it difficult for cybersecurity experts to perform a full forensic analysis. Furthermore, LukaLocker can disable processes linked to most major antivirus and anti-malware solutions, making recovery efforts even more challenging.

Unlike typical ransomware groups that maintain dedicated data leak sites, Volcano Demon employs a more direct and intimidating approach. They contact the leadership of the victimised companies via phone calls from unidentified numbers to negotiate ransom payments. These calls are often threatening in nature, adding psychological pressure to the already stressful situation of a ransomware attack.

Impact on Businesses

The harassment tactic used by Volcano Demon increases the urgency and stress for affected businesses. The inability to conduct thorough forensic investigations due to LukaLocker’s log-clearing capabilities leaves victims vulnerable and with limited recovery options.

Businesses must enhance their cybersecurity measures to reduce the risk of such attacks. Implementing comprehensive logging and monitoring solutions, maintaining regular backups, and educating employees about common infiltration methods like phishing are critical steps. Additionally, organisations should ensure their antivirus and anti-malware solutions are robust and regularly updated to counteract disabling mechanisms like those employed by LukaLocker.

Volcano Demon’s innovative approach to ransomware, characterised by harassing phone calls and sophisticated encryption methods, underscores the developing nature of cyber threats. As cybercriminals develop new strategies to exploit vulnerabilities, it is essential for businesses to remain vigilant and proactive in their cybersecurity efforts to protect sensitive data and ensure operational continuity.




Read more »
ZKP
Blockchain Security cryptocurrency Data Privacy Stock Exchange Technology Transactions ZKP

Zero-Knowledge Proofs: How They Improve Blockchain Privacy?



Zero-knowledge proofs (ZKPs) are emerging as a vital component in blockchain technology, offering a way to maintain transactional privacy and integrity. These cryptographic methods enable verification without revealing the actual data, paving the way for more secure and private blockchain environments.

At its core, a zero-knowledge proof allows one party (the prover) to prove to another party (the verifier) that they know certain information without disclosing the information itself. This is particularly valuable in the blockchain realm, where transparency is key but privacy is also crucial. For example, smart contracts often contain sensitive financial or personal data that must be protected from unauthorised access.

How ZKPs Operate

A ZKP involves the prover performing actions that confirm they know the hidden data. If an unauthorised party attempts to guess these actions, the verifier's procedures will expose the falsity of their claim. ZKPs can be interactive, requiring repeated verifications, or non-interactive, where a single proof suffices for multiple verifiers.

The concept of ZKPs was introduced in a 1985 MIT paper by Shafi Goldwasser and Silvio Micali, which demonstrated the feasibility of proving statements about data without revealing the data itself. Key characteristics of ZKPs include:

  • Completeness: If the prover's statement is true, the verifier will be convinced.
  • Soundness: If the prover's statement is false, the verifier will detect the deception. 
  • Zero-Knowledge: The proof does not reveal any additional information beyond the validity of the statement.

Types of Zero-Knowledge Proofs

Zero-knowledge proofs come in various forms, each offering unique benefits in terms of proof times, verification times, and proof sizes:

  • PLONK: An acronym for "Permutations over Lagrange-bases for Oecumenical Non-interactive arguments of Knowledge," PLONK is known for its versatility. It supports various applications and allows a large number of participants, making it one of the most widely used and trusted ZKP setups.cyber 
  • ZK-SNARKs: Short for "Succinct Non-interactive Argument of Knowledge," ZK-SNARKs are popular due to their efficiency. These proofs are quick to generate and verify, requiring fewer computational resources. They use elliptic curves for cryptographic proofs, making them suitable for systems with limited processing power.

  • ZK-STARKs: "Scalable Transparent ARgument of Knowledge" proofs are designed for scalability and speed. They require minimal interaction between the prover and verifier, which speeds up the verification process. ZK-STARKs are also transparent, meaning they do not require a trusted setup, enhancing their security.
  • Bulletproofs: These are short, non-interactive zero-knowledge proofs that do not require a trusted setup, making them ideal for applications needing high privacy, such as confidential cryptocurrency transactions. Bulletproofs are efficient and compact, providing strong privacy guarantees without significant overhead.

Advantages for Blockchain Privacy

ZKPs are instrumental in preserving privacy on public blockchains, which are typically transparent by design. They enable the execution of smart contracts—self-executing programs that perform agreed-upon actions—without revealing sensitive data. This is particularly important for institutions like banks, which need to protect personal data while complying with regulatory requirements.

For instance, financial institutions can use ZKPs to interact with public blockchain networks, keeping their data private while benefiting from the broader user base. The London Stock Exchange is exploring ZKPs to enhance security and handle large volumes of financial data efficiently.

Practical Applications

Zero-knowledge proofs have a wide array of applications across various sectors, enhancing privacy and security:

1. Private Transactions: Cryptocurrencies like Zcash utilise ZKPs to keep transaction details confidential. By employing ZKPs, Zcash ensures that the sender, receiver, and transaction amount remain private, providing users with enhanced security and anonymity.

2. Decentralised Identity and Authentication: ZKPs can secure identity management systems, allowing users to verify their identity without revealing personal details. This is crucial for protecting sensitive information in digital interactions and can be applied in various fields, from online banking to voting systems.

3. Verifiable Computations: Decentralised oracle networks can leverage ZKPs to access and verify off-chain data without exposing it. For example, a smart contract can obtain weather data from an external source and prove its authenticity using ZKPs, ensuring the data's integrity without compromising privacy.

4. Supply Chain Management: ZKPs can enhance transparency and security in supply chains by verifying the authenticity and origin of products without disclosing sensitive business information. This can prevent fraud and ensure the integrity of goods as they move through the supply chain.

5. Healthcare: In the healthcare sector, ZKPs can protect patient data while allowing healthcare providers to verify medical records and credentials. This ensures that sensitive medical information is kept confidential while enabling secure data sharing between authorised parties.

Challenges and Future Prospects

Despite their promise, ZKPs face challenges, particularly regarding the hardware needed for efficient proof generation. Advanced GPUs are required for parallel processing to speed up the process. Technologies like PLONK are addressing these issues with improved algorithms, but further developments are needed to simplify and broaden ZKP adoption.

Businesses are increasingly integrating blockchain technologies, including ZKPs, to enhance security and efficiency. With ongoing investment in cryptocurrency infrastructure, ZKPs are expected to play a crucial role in creating a decentralized, privacy-focused internet.

Zero-knowledge proofs are revolutionising blockchain privacy, enabling secure and confidential transactions. While challenges remain, the rapid development and significant investment in this technology suggest a bright future for ZKPs, making them a cornerstone of modern blockchain applications.


Read more »
Software
Apple Apple MacOS cryptocurrency malware Software

New MacOS Malware Steals Browser Data and Cryptocurrency

 



While malware attacks on Windows and Android systems are more frequent, macOS is not immune to such dangers. Cybersecurity experts at Moonlock Lab have identified a new type of macOS malware that adeptly avoids detection and poses a serious threat to user data and cryptocurrency.


How the Malware Spreads

The infection starts when users visit websites that offer pirated software. On these sites, they might download a file called CleanMyMacCrack.dmg, thinking it’s a cracked version of the CleanMyMac utility. However, launching this DMG file triggers a Mach-O executable, which then downloads an AppleScript. This script is specifically designed to steal sensitive information from the infected Mac.


Malware Capabilities

Once the malware infiltrates a macOS system, it can carry out a range of malicious activities:

  • It captures and stores the Mac user's username.
  •  The malware sets up temporary directories to store stolen information temporarily.
  •  It retrieves browsing history, cookies, saved passwords, and other data from different web browsers.
  •  The malware identifies and accesses directories containing cryptocurrency wallets.
  •  It copies data from the macOS keychain, Apple Notes, and Safari cookies.
  •  It gathers general user information, system specifications, and metadata.
  •  All the collected data is eventually exfiltrated to the attackers.


Link to a Known Hacker

Moonlock Lab has traced this macOS malware back to a notorious Russian-speaking hacker known as Rodrigo4. This individual has been seen on the XSS underground forum, where he is actively seeking collaborators to help spread his malware through search engine optimization (SEO) manipulation and online advertisements.

Rodrigo4's method involves manipulating search engine results and placing ads to lure unsuspecting users into downloading the malicious software. By making the malware appear as a popular utility, he increases the chances of users downloading and installing it, unknowingly compromising their systems.


How to Protect Yourself

To prevent this malware from infecting your Mac, Moonlock Lab recommends several precautions:

1. Only download software from reputable and trusted sources.

2. Regularly update your operating system and all installed applications.

3. Use reliable security software to detect and block malware.

The crucial point is users should be cautious about downloading software from unverified websites and avoid using pirated software, as these are common vectors for malware distribution. Staying informed about the latest cybersecurity threats and adopting good digital hygiene practices can also drastically reduce the risk of infection.




Read more »
Security Breach
Bitcoin cryptocurrency Cyber Security Elliptic Security Breach

Bitcoin Heist Hits Japanese Exchange DMM Bitcoin

 



In a security breach, Japanese cryptocurrency exchange DMM Bitcoin announced the theft of approximately 4,502.9 Bitcoin, valued at around 48.2 billion yen (approximately $304 million). The incident marks one of the largest cryptocurrency heists in recent history.

The breach was detected on May 31, 2024, at approximately 1:26 p.m. when DMM Bitcoin identified an unauthorised leak of Bitcoin from its wallets. The exchange immediately took steps to mitigate the leak and implement additional security measures to prevent further unauthorised access. The company is still investigating the full extent of the damage.

DMM Bitcoin has reassured its customers that their Bitcoin deposits will be fully guaranteed despite the breach. However, the exchange has implemented several temporary restrictions on its services to enhance security. These measures include the suspension of new account openings, the processing of cryptocurrency withdrawals, and the placing of new buy orders for spot trading. Only sell orders will be accepted for spot trading, and new open positions for leveraged trading are also suspended, with only settlement orders being processed.


Impact on Customers

The company has informed customers that existing limit orders for both spot and leveraged trading will remain unaffected. However, withdrawals of Japanese yen may experience delays. DMM Bitcoin has apologised for the inconvenience caused and assured customers that their assets are secure.


Response and Analysis

Cryptocurrency security firm Elliptic has reported that this heist ranks as the eighth-largest crypto theft of all time. It is the most significant since the $477 million hack suffered by FTX in November 2022. Elliptic has also confirmed the identification of the wallets involved in the DMM Bitcoin attack.


Ongoing Investigation

DMM Bitcoin continues to work on understanding the details of the attack and has not yet provided specific information about how the breach occurred. The company remains focused on ensuring the security of its platform and protecting customer assets.

The broader cryptocurrency community will be closely monitoring the developments of this case and the measures taken by DMM Bitcoin to prevent future incidents.


Read more »
rewards
cryptocurrency Cyber Attacks FBI Hackers LockBit LockBit ransomware group ransomware attacks rewards

LockBit Ransomware Group Challenges FBI: Opens Contest to Find Dmitry Yuryevich

 

LockBitSupp, the alleged administrator of the notorious LockBit ransomware group, has responded publicly to recent efforts by the Federal Bureau of Investigation (FBI) and international law enforcement to identify and apprehend him. 

Following the restoration of previously seized domains, law enforcement authorities identified Dmitry Yuryevich Khoroshev as the mastermind behind LockBit operations in a recent announcement. This revelation was accompanied by official sanctions from the U.S., U.K., and Australia, along with 26 criminal charges that collectively carry a maximum sentence of 185 years imprisonment. 

Furthermore, the U.S. Justice Department has offered a substantial $10 million reward for information leading to Khoroshev's capture. Despite these developments, LockBitSupp has vehemently denied the allegations, framing the situation as a peculiar contest on the group's remaining leak site. LockBitSupp has initiated a contest on their leak site, encouraging individuals to attempt contact with Dmitry Yuryevich Khoroshev. They assert that the FBI has misidentified the individual and that Khoroshev is not associated with LockBitSupp. 

The ransomware admin suggests that the alleged identification mistake may have arisen from cryptocurrency mixing with their own funds, attracting the attention of law enforcement. The contest invites participants to reach out to Khoroshev and report back on his well-being, with a reward of $1000 offered for evidence such as videos, photos, or screenshots confirming contact. Submissions are to be made through the encrypted messaging platform Tox, using a specific Tox ID provided by LockBitSupp.  

Additionally, LockBitSupp has shared multiple links to LockBit-associated file-sharing services on the dark web, presumably for individuals to archive details and submit as contest entries. They have also listed extensive personal details alleged to belong to Dmitry Khoroshev, including email addresses, a Bitcoin wallet address, passport, and tax identification numbers. Amidst the contest announcement, LockBitSupp expressed concern for the individual mistakenly identified as them, urging Khoroshev, if alive and aware, to make contact. 

This unusual move by LockBitSupp challenges the assertions made by law enforcement agencies and highlights the complex dynamics of the cyber underworld, where hackers openly taunt their pursuers. LockBitSupp emphasized that the contest will remain active as long as the announcement is visible on the blog. They hinted at the possibility of future contests with larger rewards, urging followers to stay updated for further developments. 

The announcement was uploaded and last updated on May 9, 2024, UTC, leaving the public and cybersecurity community anticipating further developments. Recent indictments have identified Khoroshev as the mastermind behind LockBit operations since September 2019. The LockBit group is alleged to have extorted over $500 million from victims in 120 countries, with Khoroshev reportedly receiving around $100 million from his involvement in the activities.
Read more »
Hacking
CoinDesk Crypto ISAC cryptocurrency Cyber Security Hacking

Crypto’s New Cybersecurity Initiative Led by Justine Bone

 



The cryptocurrency sector is on the brink of a paradigm shift in cybersecurity as it gears up to launch Crypto ISAC (Information Sharing and Analysis Center), under the adept leadership of cybersecurity expert Justine Bone. Bone, acclaimed for her crucial role in instigating recalls of vulnerable medical devices, brings over two decades of expertise to the forefront, promising a formidable defence against cyber threats within the existing institution of digital assets.  

Set to make its debut at CoinDesk's prestigious Consensus 2024 event in Austin, Texas, Crypto ISAC is backed by a consortium of founding members, including major exchanges, stablecoin issuers, and custody firms. This collaborative effort marks an essential moment in the industry's journey towards fortifying security measures in light of persistent hacking incidents and unlawful activities.

The inception of Crypto ISAC stems from a collective acknowledgment within the cybersecurity community of the urgent need for a centralised platform to facilitate seamless information sharing and in-depth analysis. Bone, in an exclusive interview with CoinDesk, stressed upon the turning role of ISACs as trusted intermediaries in establishing collaboration and rapid responses to emerging security threats.

Drawing inspiration from the community-driven principles of neighbourhood watch programs, ISACs serve as vital means bridging the gap between public and private sector entities. By aligning itself with established sectors such as healthcare and finance, Crypto ISAC aims to elevate the credibility of the crypto industry while shoring up defences in order to combat cyber threats. 

With a diverse membership comprising crypto-native companies, investors, and cybersecurity solution providers, Crypto ISAC endeavours to engineer a robust ecosystem for active threat mitigation. They are leveraging a rigorously vetted information-sharing protocol, the platform ensures the timely dissemination of threat intelligence to empower members to preemptively address evolving cyber threats.

Bone's illustrious career trajectory, spanning notable roles at Dow Jones and Bloomberg, accentuates her leadership prowess in steering Crypto ISAC towards effective cybersecurity governance. The organisation's pursuit of FedRAMP readiness further underscores its commitment to delivering top-tier services.

As the launch date for Consensus approaches, members eagerly anticipate gaining access to a comprehensive collection of information on potential threats. With a focus on working together, being transparent, and staying strong, Crypto ISAC promises to bring a new level of security and trust to the cryptocurrency world.


Read more »
VPN
Bitcoin BTC Chivo Wallet Code Leak cryptocurrency Cyberattacks CyberCrime Cybersecurity El Salvador Privacy Security Breach Technical Breach VPN

Cryptocurrency Chaos: El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk

 


There was a security breach with El Salvador's state Bitcoin wallet, Chivo, after hackers from the group CiberInteligenciaSV leaked a part of its source code to a hacking forum. In the earlier leak of personal data belonging to nearly all of El Salvador's adults, the code from Chivo Wallet ATMs as well as VPN credentials had been exposed. According to the wallet administration, there has been no compromise with the security of the wallet's data. 

Chivo Wallet had several challenges since it was revealed that it would be the official Bitcoin storage tool after its launch, so this event has become another blight on the Chivo Wallet. President Nayib Bukele set Bitcoin (BTC) as legal tender in El Salvador in 2021 to make digital payments more convenient. However, security breaches and technical issues have made the adoption of Bitcoin (BTC) difficult. 

The Chivo Wallet has been criticized by consumers for its slow operation, app crashes, vulnerabilities to exploitation, and lack of official backing, despite its official backing. The Chivo Wallet company has responded to allegations that it was linked to a data breach in which over 5 million Salvadorans' personal information was allegedly exposed. 

In addition to full names, unique identifiers, dates of birth, addresses, phone numbers, emails, and photographs, all of this data was leaked. The data had been rumoured to be related to the KYC processes that the Salvadoran government required its citizens to complete before they could be offered incentives, such as $30 in Bitcoin at the wallet’s launch, by the Salvadoran government. 

On April 6, the hacker group CiberInteligenciaSV compromised 5.1 million Salvadoran data. Recently, the same hackers leaked the source code for Chivo Wallet and the VPN credentials for the ATM network. The Chuvo Bitcoin wallet, backed by the government, has caused controversy among peer-to-peer money enthusiasts and crypto punks alike for its custodial status. 

In a press release published on X (formerly Twitter) on April 24, the company commented on the matter, describing it as “fake news.” Furthermore, a group of individuals from the Salvadoran community who downloaded the wallet have released over 144 GB of data containing their personal information. Even though it was available for purchase on various channels since August, it was only leaked for download on April 5. 

This data includes a user's full name, unique identifier, date of birth, address, and a high-definition picture of their face, as well as their full name, unique identifier, and date of birth. Also included in this week's leaked information was the file Codigo.rar, which contained information on El Salvador's Chivo ATM network, including the code and VPN credentials for the network.

Government officials have yet to come out with a formal statement regarding either of the hacks that took place this month. As a result of the leak of the code and VPN details of the source, the Chivo wallet system is at risk of being compromised, making hackers able to gain access to users' accounts or control them unauthorizedly. 

The particularity of the data exposed previously affects almost the entire adult population of El Salvador, which makes them fear identity theft and fraud as a result of the exposure of personal data previously exposed. In light of these breaches, security experts advise users to be vigilant and to monitor their accounts for any suspicious behaviour if they see anything strange. 

El Salvador is a country where incompetence is prevalent and there is a good chance that this will have a significant impact on the financial ecosystem as well, as trust in the government's digital solutions might wane as a result. In the beginning, the Chivo software was plagued with numerous software bugs and technical glitches as users reported numerous problems with the software. 

Despite the President's promise to give them $30 for downloading the Chivo wallet, some people were not able to withdraw money from Chivo because some had trouble getting it. The Salvadoran government announced last year that over 100 ATMs across the country will be equipped with lightning network technology in Q4 2024. 

Over 100 ATMs across the country will be equipped with this technology. In theory, this technology could allow Salvadorians to withdraw and deposit Bitcoins in an easier and faster manner with a lower fee. It was reported in October by a Salvadoran newspaper that only about 2% of the Salvadoran population was making remittance payments through the wallet, which had been its main selling point for a long time. 

It has yet to be decided whether or not the Salvadoran government will declare a policy on this issue or formally address the issue. The state of El Salvador has become the first in the world to adopt Bitcoin as a legal tender in 2021, promoting the Chivo wallet as one of the official mediums used to engage with Bitcoin by its citizens. 

The fact that these security issues exist in addition to the absence of communication from the authorities leaves the Salvadorans with an uncomfortable sense of uncertainty as to whether or not their personal information is safe and if this digital wallet offered by the state is reliable.
Read more »
Threat Researchers
Cheat cryptocurrency Cyberattacks CyberCrime Cyberthreats GitHub Info-stealing JIT malware McAfee Passwords Threat Researchers

Information Stealer Malware Preys on Gamers via Deceptive Cheat Code Baits

 


There is a new info-stealing malware that appears as a cheat on a game called Cheat Lab, and it promises downloaders that if they convince their friends to download it too, they will receive a free copy. It is possible to harvest sensitive information from infected computers by using Redline malware, including passwords, cookies, autofill information, and cryptocurrency wallet information, which is one of the most powerful information-stealing malware programs. 

As a result of the malware's popularity among cybercriminals and its widespread distribution channels, it has become widespread. According to McAfee threat researchers, the new malware leverages Lua bytecode to evade detection. This makes it possible to inject malicious code into legitimate processes for stealth, while also benefiting from Just-In-Time compilations (JIT). 

Using a command and control server associated with the malware, the researchers link this variant to Redline, which has been linked to the malware for a long time. The tests BleepingComputer conducted revealed that the malware does not exhibit the typical behaviour associated with Redline, such as stealing browser information, saving passwords, and stealing cookies. 

Through a URL linked to Microsoft's 'vcpkg' GitHub repository, the malicious Redline payloads resemble demonstrations of cheating tools named "Cheat Lab" and "Cheater Pro". When the malware is executed, it unpacks two files, compiler.exe and lua51.dll, once the MSI installer is installed.  The malicious Lua bytecode is also dropped in a file called 'readme.txt'. 

The campaign uses an interesting lure to spread the malware even further by telling victims that if they convince their friends to install the cheating program, they will receive a free, fully licensed copy of the cheating program. As an added layer of legitimacy, the malware payload is distributed in the form of an uncompiled bytecode rather than an executable to avoid detection. 

To make sure that the malware is not detected, it comes in the form of an activation key included. Upon installation of the compiler.exe program, Lua bytecode is compiled and executed by it, and it also creates scheduled tasks that execute during system startup when the program is installed. The same executable also sets up persistence by creating scheduled tasks. 

McAfee reports that a fallback mechanism is used by the malware to persist the three files, copying them to a long random path under the program directory that the malware is active on the infected system, it will communicate with a C2 server and send screenshots and system information to the server, then wait for commands to be executed by the server on the host system. 

Even though it is unknown exactly how information thieves first infect computers, they are typically spread through malvertising, YouTube video descriptions, P2P downloads, and deceptive software download sites that can lead to infection. The Redline virus is a highly dangerous one, which is why users are urged not to use unsigned executables or download files from unreliable websites. 

As a result of this atta seemingly trustworthy programs, such as those found on Microsoft's GitHub, are at risk of infection by the Even though BleepingComputer contacted Microsoft about the executables that were distributed via its GitHub URLs, the company had not respond to the publication date.
Read more »
North Korea Hackers
Crypto Hacking cryptocurrency cryptocurrency theft Cyber Security Finance North Korea Hackers

The Week of Crypto Platform Breaches: Prisma Finance Incident Highlights

 

The past week witnessed a series of bewildering events in the realm of cryptocurrency, marked by breaches on two prominent platforms that left the crypto community grappling with perplexing motives and unexpected outcomes. 

The first incident unfolded on Tuesday evening when the Munchables blockchain-based game fell victim to an attack, resulting in the theft of approximately $62 million worth of cryptocurrency. Initial speculation pointed towards North Korea-linked hackers, given the country's history of targeting cryptocurrency platforms for financial gain. However, the situation took an unexpected turn when the alleged perpetrator voluntarily returned the stolen funds without any ransom demands. 

In a surprising twist, Munchables shared that the individual behind the attack had relinquished access to the private keys containing the stolen funds, expressing gratitude for their cooperation. Despite this resolution, questions lingered about the circumstances surrounding the incident, including the attacker's identity and motives, prompting calls for enhanced security measures within the crypto community. Shortly thereafter, another breach occurred on Thursday evening, this time affecting Prisma Finance, a popular decentralized finance (DeFi) platform, which suffered a loss of approximately $11.6 million. 

However, the aftermath of this breach was marked by cryptic messages from the hacker, who claimed the attack was a "white hat" endeavour aimed at highlighting vulnerabilities in the platform's smart contracts. The hacker, whose identity remained undisclosed, reached out to Prisma Finance seeking to return the stolen funds and engaging in a discourse about smart contract auditing and developer responsibilities. 

Despite the hacker's apparent altruistic intentions, the incident underscored the importance of rigorous security measures and comprehensive audits in the DeFi space. Prisma Finance later released a post-mortem report detailing the flash loan attack that led to the breach, shedding light on the exploitation of vulnerabilities in the platform. The report emphasized ongoing efforts to investigate the incident and ensure the safety of users' funds, highlighting the collaborative nature of the crypto community in addressing security breaches. 

These breaches come against the backdrop of heightened scrutiny of cyberattacks on cryptocurrency platforms, with a recent United Nations report identifying North Korean hackers as key perpetrators. The report highlighted a staggering $3 billion in illicit gains attributed to North Korean cyberattacks over a six-year period, underscoring the persistent threat posed by state-sponsored hackers in the crypto space. 

As the investigation into these breaches continues, the crypto community remains vigilant, emphasizing the importance of robust security measures and proactive collaboration to safeguard against future threats. While the motives behind these breaches may remain shrouded in mystery, the incidents serve as a stark reminder of the ever-present risks associated with digital assets and the imperative of maintaining heightened security protocols in the evolving landscape of cryptocurrency.
Read more »
ransomware attacks
cryptocurrency cryptocurrency scam Cyber Crime FBI Identity Fraud ransomware attacks

FBI Reports Surge in Cryptocurrency Scams, Highlighting Growing Threat of Confidence Scams

 

The FBI has recently brought attention to a concerning trend in cybercrime: the rise of cryptocurrency scams, particularly through romance and confidence schemes, which have outpaced ransomware attacks in terms of financial losses. According to the FBI's data, individuals fell victim to cryptocurrency scams amounting to a staggering $4.57 billion in 2023, marking a significant 38% increase compared to the previous year's losses of $3.31 billion. 

These scams typically unfold over a period of several weeks, with fraudsters assuming false identities, often posing as attractive individuals, to establish relationships with their targets. As the relationship progresses, the scammers introduce the idea of joint cryptocurrency investments, recommending fake platforms or apps under their control. Victims are manipulated into making substantial investments, with the scammers fabricating gains to maintain the illusion of profitability. 

When victims attempt to withdraw their funds, the fraudsters employ various tactics, including impersonating customer support representatives and demanding additional fees, resulting in further financial losses for the victims. In contrast, ransomware attacks, a prevalent form of cyber extortion, generated comparatively minor losses of $59.6 million. 

However, the FBI acknowledges that this figure may not fully reflect the true extent of ransomware-related losses, as it fails to account for indirect costs such as business downtime. Moreover, the reported losses only encompass ransomware incidents reported to the Internet Crime Complaint Center (IC3), suggesting that the actual financial impact of ransomware attacks could be significantly higher. The discrepancy in reported losses between cryptocurrency scams and ransomware attacks underscores the evolving landscape of cyber threats and the shifting tactics employed by cybercriminals. 

While ransomware attacks continue to pose a significant threat to businesses and organizations, the surge in cryptocurrency scams highlights the effectiveness of social engineering techniques in deceiving individuals and extracting substantial sums of money. To combat these threats effectively, individuals and businesses must remain vigilant and exercise caution when engaging in online interactions. It is essential to verify the authenticity of investment opportunities and platforms, especially those related to cryptocurrencies, and to refrain from disclosing sensitive information or transferring funds without proper verification. 

Additionally, organizations should implement robust cybersecurity measures, including regular employee training and the deployment of advanced threat detection technologies, to mitigate the risk of falling victim to cyber scams and attacks. As cybercriminals continue to exploit vulnerabilities and devise increasingly sophisticated schemes, collaboration between law enforcement agencies, cybersecurity professionals, and the public is crucial in combating cybercrime and safeguarding against financial losses and data breaches. By raising awareness of emerging threats and adopting proactive security measures, individuals and organizations can better protect themselves against the pervasive threat of cybercrime in today's digital landscape.
Read more »
Technology
Bitcoin cryptocurrency CyberCrime Digital Money Finance Sector Technology

Is Bitcoin Changing? Big Shifts and What It Means for Us

 


On the financial front, traditional powerhouses like Grayscale, BlackRock, and Fidelity are diving into Bitcoin, earning them the moniker 'Bitcoin whales.' These heavyweights are injecting billions into the digital currency, holding a sizable chunk of the finite 21 million bitcoins available.

Out of the 19 million bitcoins currently in circulation, an estimated 3.5 million are lost, either due to forgotten digital wallet details or lingering criminal proceeds. Concerns arise over the 2.3 million bitcoins held by cryptocurrency exchanges, acting as crypto-banks, sparking debates about reliance on centralised systems.

Adding to the mystery are 'unknown whales,' individuals or entities owning over 10,000 bitcoins, accounting for roughly 8% of the total. The remaining 7% of bitcoins are yet to be mined, with the last one expected in 2140. Meanwhile, Satoshi Nakamoto, Bitcoin's enigmatic creator, sits on an estimated 1.1 million bitcoins, securing a spot among the world's wealthiest.

Regulated investment firms, given the green light by US financial authorities, are now in the game. Grayscale, BlackRock, and Fidelity collectively hold about 4.5% of all bitcoins, signalling a significant shift.

Law enforcement's involvement introduces another layer, with nearly 200,000 bitcoins awaiting auction from cyber-crime seizures. MicroStrategy and Tether emerge as noteworthy Bitcoin holders, with MicroStrategy leading as the single largest organisation owner, holding around 193,000 Bitcoins. Tether, recognized for its stablecoin, claims an estimated 67,000 bitcoins.

Publicly listed Bitcoin miners, including Marathon and Hut8, contribute significantly, holding around 40,000 bitcoins collectively. Well-known investors like the Winklevoss Twins, Tim Draper, and companies like Tesla and Block add further diversity to the landscape.

Approximately 10.5 million bitcoins are believed to be held by the general public, constituting roughly 50% of the existing supply. However, the actual number of individual Bitcoin owners remains a mystery.

Interestingly, the recent surge in Bitcoin's value is credited not to individual retail investors but to Bitcoin whales, including major banks. Analysts suggest that these influential entities are steering both the price and demand, reshaping the once peer-to-peer digital cash dynamics.

As big financial players gather more and more bitcoins, it's making us rethink what Bitcoin was supposed to be. Originally, it was all about being decentralised and not controlled by big institutions. Now, with these financial giants holding a lot of bitcoins, we're wondering where Bitcoin is headed and if it's staying true to its roots. The world of cryptocurrency is changing, and it's not just affecting digital money – it's making waves in a much bigger way.


Read more »
Twitter
bankruptcy cryptocurrency Cyber Security Earn Program Gemini Twitter

Winklevoss Crypto Firm Gemini to Return $1.1B to Customers in Failed "Earn" Scheme

‘Earn’ product fiasco

Gemini to return money

As part of a settlement with regulators on Wednesday, the cryptocurrency company Gemini, owned by the Winklevoss twins, agreed to repay at least $1.1 billion to consumers of its failed "Earn" loan scheme and pay a $37 million fine for "significant" compliance violations.

The New York State Department of Financial Services claims that Gemini, which the twins started following their well-known argument with Mark Zuckerberg over who developed Facebook, neglected to "fully vet or sufficiently monitor" Genesis, Gemini Earn's now-bankrupt lending partner.

What is the Earn Program?

The Earn program, which promised users up to 8% income on their cryptocurrency deposits, was canceled in November 2022 when Genesis was unable to pay withdrawals due to the fall of infamous scammer Sam Bankman-Fried's FTX enterprise.

Since then, almost 30,000 residents of New York and over 200,000 other Earn users have lost access to their money.

Gemini "engaged in unsafe and unsound practices that ultimately threatened the financial health of the company," according to the state regulator.

NYSDFS Superintendent Adrienne Harris claimed in a statement that "Gemini failed to conduct due diligence on an unregulated third party, later accused of massive fraud, harming Earn customers who were suddenly unable to access their assets after Genesis Global Capital experienced a financial meltdown." 

Customers win lawsuit

Customers of Earn, who are entitled to the assets they committed to Gemini, have won with today's settlement.

“Collecting hundreds of millions of dollars in fees from Gemini customers that otherwise could have gone to Gemini, substantially weakening Gemini’s financial condition,” was the unregulated affiliate that dubbed Gemini Liquidity during the crisis.

Although it did not provide any details, the regulator added that it "further identified various management and compliance deficiencies."

Gemini also consented to pay $40 million to Genesis' bankruptcy proceedings as part of the settlement, for the benefit of Earn customers.

"If the company does not fulfill its obligation to return at least $1.1 billion to Earn customers after the resolution of the [Genesis] bankruptcy," the NYSDFS stated that it "has the right to bring further action against Gemini."

Gemini announced that the settlement would "result in all Earn users receiving 100% of their digital assets back in kind" during the following 12 months in a long statement that was posted on X.

The business further stated that final documentation is required for the settlement and that it may take up to two months for the bankruptcy court to approve it.

The New York Department of Financial Services (DFS) was credited by Gemini with helping to reach a settlement that gives Earn users a coin-for-coin recovery.

More about the lawsuit

Attorney General Letitia James of New York filed a lawsuit against Genesis and Gemini in October, accusing them of defrauding Earn consumers out of their money and labeling them as "bad actors."

James tripled the purported scope of the lawsuit earlier this month. The complaint was submitted a few weeks after The Post revealed that, on August 9, 2022, well in advance of Genesis's bankruptcy, Gemini had surreptitiously taken $282 million in cryptocurrency from the company.

Subsequently, the twins stated that the change was made to the advantage of the patrons.

The brothers' actions, however, infuriated Earn customers, with one disgruntled investor telling The Post that "there's no good way that Gemini can spin this."

In a different lawsuit, the SEC is suing Gemini and Genesis because the Earn program was an unregistered security.

The collapse of Earn was a significant blow to the Winklevoss twins' hopes of becoming a dominant force in the industry.

Gemini had built its brand on the idea that it was a reliable player in the wild, mostly uncontrolled cryptocurrency market.

Read more »
Phishing Attacks
Android Apple cryptocurrency Cyberattacks CyberCrime Cybersecurity Data Breach Threat FCC iOS Phishing Attacks

Sophisticated Phishing Tactics Unveiled in Targeted FCC Cybersecurity Breach

 


Several phishing campaigns targeting employees of cryptocurrency platforms such as Binance and Coinbase and the Federal Communications Commission (FCC) have been discovered, including one dubbed CryptoChameleon, which targets cryptocurrency platforms and employees. Based on an analysis from Lookout, the victims of this attack primarily use Apple iOS and Google Android devices with SSO solutions, such as Okta, Outlook, and Google, with their Apple and Google accounts with single sign-on. 

Several days ago, Lookout, a company focused on cloud security, announced that it had discovered an "advanced phishing kit" that targeted cryptocurrency exchanges, revealing techniques similar to what was expected. The phishing kit, which has been dubbed CryptoChameleon, can also be used to cheat the Federal Communications Commission (FCC) by using mobile devices. 

Most of the intended targets are crypto traders, single sign-on (SSO) services in the U.S., Binance staff, and Coinbase employees, with a small minority being Bitcoin traders and SSO service users. The kit seeks to trick victims into sharing sensitive information, including usernames, passwords, password reset URLs, and photo IDs, by sending carbon copies of SSO pages, phishing emails, SMS messages, and call-in scams via email, SMS, and voice mail, mainly aimed at US users.  

A suspicious new domain registration for the domain fcc-oktacom led researchers to discover a suspicious phishing kit. Cryptocurrency platforms and SSO services, including Coinbase, are most commonly targeted by this phishing kit, which is capable of impersonating a variety of company brands, with Coinbase being the most frequently targeted service.

Other websites were using the kit, and the majority of these websites used a subdomain of official-servercom as their C2 instead of their main domain. A recent blog post by Lookout states that the attack has been successful in phishing over a hundred people, many of whom remain active today. It is noteworthy that the C2 server URL, the client-side logic, and the style sheets were included in the kit. 

Most cybercriminals host their sites on RetnNet hosting. To prevent automated analysis tools from identifying the site, victims must first complete a captcha, known as hCaptcha, which provides the site with credibility. It appears CryptoChameleon is replicating the fashions used by Scattered Spider, specifically through its impersonation of Okta and the use of domain names previously assumed to be associated with the organization by Lookout. 

It is important to remember that the phishing kit has significantly different capabilities and C2 infrastructure than the phishing kit, even though the URL and spoofed pages look similar to what Scattered Spider might create. It is common for threat actors to copy one another's tactics and procedures when the tactic or procedure has been so publicized that it has become widely accepted. 

Furthermore, it remains unclear if this is the work of a single threat actor or a tool that is being used by many different groups at the same time. This is what has made the threat actors so successful in stealing high-quality data, according to Lookout, as high-quality phishing URLs, login pages that perfectly match the look and feel of legitimate websites, a sense of urgency, and consistent communication via SMS and voice calls have enabled them to steal data so efficiently. 

As soon as the attackers get access to the victim, they use their credentials to log in, and based on information that has been provided by the MFA service, they direct them to the appropriate page.  In addition to employees of the Federal Communications Commission (FCC), this phishing kit targets cryptocurrency users of Binance, Coinbase, and various other platforms that provide cryptocurrency services like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. 

There have been over 100 successful phishing attacks on victims so far. As a result, automated analysis tools are not able to flag the sites because the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus preventing them from being flagged. 

By mimicking a company's customer service team with the pretence that it is protecting a person's account after a purported hack, these pages can be distributed via unsolicited phone calls and text messages. As a result, the victim's phone number and the choice of six- or seven-digit code can be customized on the phishing page. 

Cryptocurrency platforms and Single Sign-On services are the most frequently targeted services by phishing kits that impersonate various company brands, with Coinbase being the most commonly targeted.  

Further, victims are also lured through phone calls, emails, and text messages, when phishing emails are disguised as legitimate messages from cryptocurrency platforms or the Federal Communications Commission (FCC) with malicious links, while SMS messages are disguised as legitimate notifications from cryptocurrency platforms or the FCC. 

Lookout customers have been protected against these phishing sites since the beginning of January 2024 due to the similarity of infrastructure and the similarity of previous attacks.
Read more »
user data security
cryptocurrency Dark Web Data Breach Identity Theft Information Security user data security

Binance Data Breach Sparks Concerns: Dark Web Sale Rumors Surface

 

In a surprising development, cryptocurrency giant Binance finds itself facing the looming threat of a potential data breach, as claims circulate on the dark web suggesting the sale of sensitive user information. This occurrence has sent shockwaves throughout the cryptocurrency community, prompting apprehension about the security of one of the world's leading digital currency exchanges. 

Renowned for its extensive selection of digital assets and user-friendly interface, Binance has not been impervious to the escalating menace of cyberattacks targeting the cryptocurrency sector. Reports indicate that an individual or a group of hackers is asserting possession of a significant amount of user data from Binance, purportedly offering it for sale on the dark web. 

The alleged data breach has cast a spotlight on Binance's security infrastructure, compelling the company to initiate a comprehensive investigation to verify the authenticity of the claims. Users anxiously await official statements from the exchange detailing the extent of the breach, identifying potential vulnerabilities, and outlining measures taken to mitigate the repercussions. 

Should the dark web sale prove to be true, it could expose sensitive information, including user account credentials, email addresses, and other personally identifiable details. This not only raises concerns about individual privacy but also the potential exploitation of this data for illicit activities, such as phishing attempts and identity theft. 

Despite Binance's proactive approach to security, incorporating measures such as two-factor authentication and cold wallet storage, the dynamic nature of cyber threats poses an ongoing challenge for even the most robust security protocols. 

Users are strongly advised to exercise vigilance and adopt precautionary measures, including password updates, enabling two-factor authentication, and regular monitoring of their accounts for any signs of suspicious activity. Binance has reassured users that it is treating the situation seriously and is diligently working to validate the extent of the alleged data breach. 

This potential breach at Binance also prompts broader inquiries into the overall security stance of cryptocurrency exchanges. As the digital asset landscape continues to expand, the imperative to secure user data and assets becomes increasingly paramount. Regulatory bodies and industry stakeholders are expected to scrutinize such incidents, emphasizing the necessity for stringent cybersecurity measures across the cryptocurrency ecosystem. 

In summary, the potential data breach at Binance and the accompanying dark web sale claims underscore the persistent challenges confronting cryptocurrency exchanges in safeguarding user information. This incident serves as a poignant reminder for users to prioritize security best practices, while exchanges must continually reassess and fortify their cybersecurity measures to counter evolving cyber threats. The cryptocurrency community awaits further updates from Binance regarding the investigation and any actions taken to address this disconcerting situation.
Read more »
Mexican banks
AllaKore RAT BlackBerry Research and Intelligence Team C2 Server Crypto Platform cryptocurrency Financial Fraud IMSS malware Mexican banks

AllaKore RAT: Malware Target Mexican Banks and Crypto Platforms


Mexican financial institutions are suffering attacks by a new spear-phishing campaign, spreading a modified version of an open-source remote access trojan named ‘AllaKore RAT’.

The activity was attributed by the BlackBerry Research and Intelligence Team to an unidentified financially motivated threat actor operating in Latin America. The campaign has been active since 2021, at least.

"Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company said in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud."

The attacks are specifically intended to target big businesses with annual sales of more than $100 million. Retail, agriculture, the public sector, manufacturing, transportation, commercial services, capital goods, and banking are among the industries targeted.

The attack begins with a ZIP file that is either distributed through phishing emails or a drive-by compromise. This file contains an MSI installer file that launches a.NET downloader, which verifies the victim's geolocation in Mexico and retrieves the modified AllaKore RAT, a Delphi-based RAT that was first discovered in 2015.

"AllaKore RAT, although somewhat basic, has the potent capability to keylog, screen capture, upload/download files, and even take remote control of the victim's machine," BlackBerry said.

An additional feature added to the malware comprises support for commands from the threat actors regarding banking frauds, targeting banks and crypto trading platforms, launching a reverse shell, extracting clipboard content, and fetching and executing additional payloads.

The campaign's use of Mexico Starlink IPs and the insertion of Spanish-language instructions to the modified RAT payload provide the threat actor with ties to Latin America. Moreover, the lures used are only effective for businesses big enough to submit reports directly to the Department of the Mexican Social Security Institute (IMSS).

"This threat actor has been persistently targeting Mexican entities for the purposes of financial gain[…]This activity has continued for over two years, and shows no signs of stopping," the company stated.

This research comes with a report by IOActive, revealing it has discovered three vulnerabilities (CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177) in the Lamassu Douro bitcoin ATMs that might provide physical access to an attacker the ability to take complete control of the machines and steal user data.  

Read more »
Cybersecurity
Bitcoin cryptocurrency Cyber Attacks CyberCrime Cyberhackers Cybersecurity

Crypto Enthusiasts Embrace New Frontier: Investing in Bitcoin ETFs Explained

 


This was the first time the Securities and Exchange Commission approved an exchange-traded fund that contained bitcoin, but the Commission stressed that its decision does not mean it endorses or approves Bitcoin, but that it remains deeply sceptical about cryptocurrencies. 

Despite a deadline for just one application, the SEC stated that it had given the green light to 11 exchange-traded funds for Bitcoin. The agency said that this would provide a level playing field and competitiveness for all. 

As part of its approval process, the government has approved spot Bitcoin exchange-traded funds (ETFs), which can be bought by pension funds and ordinary investors. In the wake of the announcement by the head of the Securities and Exchange Commission, cryptocurrency fans reacted with glee - and memes about becoming rich. 

However, the warning was tempered by an explanation of the risks associated with the asset. A previous attempt for approval by the US financial watchdog had been repeatedly rebuffed due to concerns about potential fraud and manipulation, as well as the lack of any transparency. ETFs are an excellent way to invest in something or a group of things, like gold or junk bonds, without actually owning those items themselves.

The ETFs trade much like stocks, which allows them to be purchased and sold throughout the day, as opposed to traditional mutual funds. Since Bitcoin was launched, anyone who wanted one had to purchase it. That means either that one would have to learn about cold wallets or that one would have to open an account on a crypto-trading platform like Coinbase or Binance, which is not an easy task to learn about. 

Many new investors who are not inclined to go through all the extra steps to invest in Bitcoin could benefit from a spot Bitcoin ETF. In anticipation of the SEC approval, Bitcoin prices have soared, with the price trading at $45,280 on Wednesday, up from around $27,000 at the beginning of the month. 

A crypto exchange called FTX filed for bankruptcy in November 2022, resulting in a price drop of $16,000 in November 2022. A major concern of investors who are considering buying an ETF in this area is the volatility of bitcoin's price. 

Even though Bitcoin has not caught on as a replacement for fiat currency in November 2021, it soared to nearly $68,000 in November. The bitcoin price dropped below $20,000 one year after investors retreated from riskier assets and several company scandals eroded confidence in the crypto market.

Although regulators and law enforcement are cracking down on some bad actors in the crypto industry, such as Sam Bankman-Fried of FTX, the industry still feels like it is a Wild West. During this week's hack on the SEC's X account, in which a fake tweet claimed ETFs were approved, prices skyrocketed and raised questions about the SEC's ability to protect itself from scammers manipulating the market and whether they would be able to stop them. 

ETFs linked to Bitcoin can change in price rapidly and without warning or explanation, so investors will have to weigh that up before purchasing a digital coin ETF. But ETFs are generally sold as high-risk, high-reward products anyway. In addition, there is also the possibility of cybercrime which has taken place in the past few years. 

Almost every crypto company has been wiped out of the cash market overnight as a result of huge and costly attacks on bitcoins and other cryptocurrencies. When Blackrock, for instance, becomes a major Bitcoin holder, their cyber-security will be tested in ways they are not accustomed to due to the complexity of the blockchain. 

In addition to the negative environmental impact, there is also a cost associated with it. It is no secret that the Bitcoin blockchain relies on thousands of powerful computers all around the world to process transactions and create coins. It is expected that the use of renewable energy will increase going forward, but it remains to be seen how investment companies will process the potential costs associated with Bitcoin against buyers concerned about compliance with environmental, social, and corporate governance (ESG) regulations.
Read more »
TechCrunch
Crypto Hack cryptocurrency Cyber Security DeFi Hackers TechCrunch

Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023


For another year, crypto-stealing cases made headlines. However, as per crypto security firms, this was the first time since 2020, that the trend has been declining. 

Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company that manages the REKT database. 

The site ranks the worst-ever crypto hacks, ranging from the Ronin network breach in 2022—the largest event in history—where hackers took over $600 million in cryptocurrency—to this year's hack against Mixin Network, which brought in almost $200 million for the criminals.

DeFi, in its report, wrote, “This amount, though dispersed across various incidents, underscores the persistent vulnerabilities and challenges within the DeFi ecosystem[…]2023 stood as a testament to both the ongoing vulnerabilities and the strides made in addressing them, even as interest in the space was relatively muted by the ongoing bear market in the first half of the year.”

In an estimate, published by blockchain intelligence firm TRM, the total amount of cryptocurrency that hackers have stolen this year was also made public earlier in December. As of mid-December, the business reported that the total amounted to around $1.7 billion.

Among the other crypto thefts conducted this year, one of the worst ones was a hack against Euler Fianance, where threat actors stole $200 million. Other notable hacks include those against Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), and Atomic Wallet ($100 million), among hundreds of other targets.

Last year, blockchain monitoring firm Chainalysis reported that cybercriminals purloined a record-breaking $3.8 billion in cryptocurrency. Of those, the Lazarus Group, a group of North Korean government hackers who are among the most active in the cryptocurrency space, took $1.7 billion in an attempt to finance the regime's authorized nuclear weapons program.

In 2021, Chainalysis reported hacks that compromised crypto worth $3.3 billion.

It is rather not possible to predict what the figures will be in 2024, but given the failures witnessed in cyber security by several crypto and web3 initiatives, as well as the significant financial potential of both sectors—discussed at TechCrunch Disrupt earlier this year—we should anticipate that hackers will continue to target this expanding market.  

Read more »
Trojan
Bandook Malware cryptocurrency Cyber Attacks CyberCrime Cybersecurity RAT Trojan

Unveiling 'Bandook': A Threat that Adapts and Persists

 


The Bandook malware family, which was thought to be extinct, is back and may be part of a larger operation intended to sell offensive hacking tools to governments and cybercriminal groups to attack them. Several recent research papers have been released by Check Point Research, which indicate that Bandook is regaining popularity across a wide range of targeted sectors and locations despite being a 13-year-old bank, Trojan. 

It has been observed that dozens of variants of the malware have been used in attacks in the United States, Singapore, Cyprus, Chile, Italy, Turkey, Switzerland, Indonesia and Germany over the past year in attacks against organizations. Government, finance, energy, food, healthcare, education, IT, and legal are some of the sectors targeted by the software. 

In 2007, Bandook malware was discovered as a remote access trojan (RAT) that has been active for several years. It has been reported that Bandook malware has evolved into a new variant that injects its payload into msinfo32.exe to distribute the malware and allow remote attackers to take control of the system if it is infected. As a result, this remote access trojan poses a significant threat to users privacy, as it is capable of performing various tasks allowing cybercriminals to gather various types of personal data. 

Therefore, my recommendation would be to avoid installing it if people are gaming their system and its usage can lead to several problems. Originally developed as a commercial RAT written in both Delphi and C++, Bandook RAT eventually evolved into several variants over the years, and this malware became available for download from the internet. Formerly a commercial RAT, Bandook was originally developed by a Lebanese named Prince Ali as a commercial RAT. 

It is common for remote access trojans to be used to remotely manage infected computers, without the consent of the users. In addition to keylogging, audio capture (microphone) and video capture (webcam), screenshot capture and uploading to a remote server, and running various command shell programs, this malware is capable of performing a variety of malicious activities. 

Cybercriminals could take advantage of this situation to gain access to personal accounts (for example, social networks, emails, banks, etc.). To gain as much revenue as possible, these people will use hijacked accounts for various purposes such as online purchases, money transfers, asking the victim's friends to lend them money, etc. Consequently, they are likely to make misuse of hijacked accounts. 

Moreover, thieves can use hijacked accounts to spread malware, sending malicious files and links to all contacts in the account. They can also utilize Bandook to launch several Windows shell commands, which could result in a significant loss of savings and debt. A Trojan horse is often used to spread infections, such as ransomware and crypto miners since they can modify system settings as well as download (inject) additional malware. 

Trojan horses are also often used to spread viruses and malware. There is a risk that this infection will result in significant financial loss, serious privacy issues (such as identity theft), as well as additional infections of the computer system. The last time Bandook was spotted was in 2015 as part of the "Operation Manul" campaign, while the last time it was spotted was in 2017-2018 as part of the "Dark Caracal" campaign. 

During the last few years, the malware had all but disappeared from the threat landscape, but it appears it has begun to resurface again. An infected computer will receive a malware chain consisting of three stages. The first stage is to download two files into the local user folder using a lure document, which contains malicious VBA macro code encoded with an encryption algorithm. 

First, there is a PowerShell script file that gets dropped into the user's folder, and the second file is a JPG file which contains a base64 encoded PowerShell script that is saved in the JPG file. Its second stage will be the decoding and executing of the base64 encoded PowerShell scripts stored in the JPG file, which will render a zip file containing four files from cloud services, then download the zip file containing the files in the zip file. 

Among the four files, three of them are PNG files with hidden RC4 functions encapsulated in the RGB values of the pixels that belong to the RGB file. As a result of the existence of these files, an executable that acts as a Bandook loader will be constructed. 

After the creation of the Internet Explorer process, the bandook loader will inject the malicious payload into the process and then proceed to the final stage of the process. It is the payload that makes contact with the command and control server, and it waits for the server to give additional commands.
Read more »
Vulnerabilities
Crypto Currency cryptocurrency Cyberattacks Cybersecurity Data Breach database Gokumarket Vulnerabilities

Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed

 


Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a million customers and admin users of the company that are stored in MongoDB in the form of large chunks of document-oriented information. 

Several users of GokuMarket, the centralized crypto exchange owned by ByteX and operated by its staff, have had their records revealed thanks to an open instance, according to a Cybernews investigation. 

With offices in Canada, the European Economic Area, and India, ByteX is a licensed and regulated CeDeFi platform that offers its services in those countries. It is ByteX's goal to bridge the best of both worlds by providing a KYC-verified platform with a compliant DeFi architecture, thus enabling a smooth transition from traditional to crypto credit infrastructure by reinventing it with transparency. 

The Gokumarket cryptocurrency exchange, one of the world's leading crypto exchanges, recently suffered a massive data breach, resulting in the disclosure of sensitive information belonging to over a million users. This is quite a significant and alarming development. 

In light of this breach, significant concerns are raised regarding the security infrastructure of the platform and the potential implications of the breach on the affected users. As a result of GokuMarket's decision, which had around a million users, denying users the option to withdraw their funds in mid-2022, which was a disastrous year for the crypto markets at the time, the company almost went bankrupt. 

GokuMarket faced the harsh reality of insolvency and financial bankruptcy as a result of the crypto market crash that occurred in early 2018. To assist users in safeguarding and protecting their interests, ByteX provided alternative solutions that were in comparison to what ByteX had originally offered. 

There has been considerable turbulence in the market in the aftermath of the recent collapse of several giants, which has also affected the stability of GokuMarket. In acquiring the platform's custodial users, we are making a conscious decision to safeguard and protect both its assets and its users from further challenges. 

It has been discovered that GokuMarket has a database that has been exposed on the web for a considerable period, which is why it was only detected in October 2023 and secured the next day after researchers sent a responsible disclosure note. However, the database could have been accessed by anyone for a considerable amount of time. 

An extensive user base, encompassing an estimated one million people, has been able to access a substantial repository of sensitive data, previously kept in a secure environment. In addition to IP addresses and geographical locations, the information compiled includes information about the users' dates of birth, their first and last names, as well as their mobile phone numbers. 

The encrypted passwords, the crypto wallet addresses, as well as their cryptocurrency wallet addresses, are all compiled in this study. Concern over the security and privacy of the affected individuals is significant in light of this breach of data. 

A persistent attacker could easily use this information to develop a spear-phishing campaign, which would likely involve draining the user's crypto funds, as the researchers believe that there is more than enough information to do so. There was also a revelation that the database, which had full-admin access, held 35 accounts that contained all sorts of sensitive information, including private Telegram channel IDs, secret exchange tokens, passwords and other highly sensitive information. 

A far more dangerous can of worms arises when attackers exploit admin access details to scam users of other platforms, with the ability to steal en-masse and transfer money to their accounts that would otherwise not be there. This is all possible through credential stuffing attacks, which can take advantage of individual user data to target exposed users. 

Using official Telegram channels for malicious purposes, attackers can manipulate the market if a leak of this nature arises. Although the official GokuMarket Telegram channel has not been active since September 2022, scammers are still attempting to impersonate brands within the crypto community to gain their attention.
Read more »
Subscribe to: Posts (Atom)