On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions. Continue reading Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web?
On January 14, large crypto exchange Cryptopia was hacked, resulting in significant losses of investor funds. In an official statement released on Tuesday, the company said that the New Zealand police and the government’s High Tech Crimes Unit had initiated an investigation into the case. Continue reading Another Crypto Exchange Hacked, Could it Hurt Reputation of the Market?
First of all, I want to say that I am a crypto believer. I really think that cryptos has a bright future. I do not know how and when but it will certainly happen. However, in order to achieve the point of mass adoption, we need a safe environment. Everyone talks about regulation and volatility, it is important of course, but security is to me the key element. You cannot wake up every morning wondering whether your wallet has vanished or not. Continue reading Naga Wallet Hacked
Covert cryptocurrency mining is shaping up to be the new mainstay of cybercrime. Crooks hack servers, personal computers, and mobile devices and take advantage of the infected hosts’ CPU or GPU to generate virtual coins without victims’ awareness. Even botnets consisting of numerous zombie machines are now used to perpetrate illegal mining activity on a large scale rather than spew out spam or hit online services with DDoS attacks.
This malicious moneymaking vector got a boost with the emergence of in-browser mining scripts, such as Coinhive. The following incidents that took place recently illustrate how serious this issue is becoming and how booby-trapped website widgets play into threat actors’ hands.
A massive cryptojacking wave took root on February 11, 2018, exploiting a popular widget called BrowseAloud. The malefactors were able to inject a surreptitious Monero miner into more than 4,200 Internet resources, including high-profile ones like the UK, U.S., and Australian government websites. In the aftermath of this compromise, the malicious script harnessed the processing power of visitors’ machines to mine cryptocurrency behind the scenes.
For the record, BrowseAloud is a tool by Texthelp Ltd. designed to enhance website accessibility for broader audiences via speech, reading and translation features. By adding this widget to sites, webmasters make sure people with dyslexia, visual disorders and poor English skills can participate and use their services to the fullest. Furthermore, the software helps site owners comply with various legal obligations, so no wonder it is widely used across the world and has become hackers’ target.
White hat hackers have been instrumental in investigations regarding last month’s breach of the Coincheck exchange. The
community members have helped track down the $538m of NEM cryptocurrency that was stolen from the Tokyo-based exchange. The
ethical hackers have assisted authorities and encouraged others to join in providing aid. One prominent white hat known by
the Twitter handle JK17 managed to identify the accounts that the stolen money was sent to shortly after the breach. The
information was shared with the NEM foundation, and the accounts have been marked and are currently being monitored. The
funds have now been moved to over 400 accounts including some owned by innocent holders, in what appears to be an attempt to
confuse trackers. However, many more white hats have reportedly joined the hunt, making short work of the task. Shota Hamabe,
a 34-year-old programmer is one such individual. Shortly after the breach, he held an information session at Hackers Bar, a
restaurant and IT hub in Tokyo’s Roppongi district, to coordinate and discuss options. Whilst JK17, Hamabe and others have
been highly effective in locating and flagging the accounts where the stolen NEM has been moved to, efforts to identify the
owners of the accounts, (the hackers responsible), have been unsuccessful. It was reported that one NEM trader had been
questioned by Tokyo police regarding the incident, however, no further information has been provided regarding the
individual’s involvement. Officers are also analyzing access logs in Coincheck’s system in an attempt to identify the
culprits, but this may be a lengthy process. Meanwhile, it appears that nearly 9 billion yen ($83.6m) worth of NEM is
believed to have been exchanged for Bitcoin and other virtual currencies using the dark web and other anonymous services. It
remains to be seen whether the hackers will be brought to account.