Cryptocurrency
May 12, 2025
New Attack Exploits X/Twitter Ad URL Feature to Deceive Users Full Text
Abstract
A newly uncovered scam campaign exploits X/Twitter’s ad URL preview feature to deceive users into visiting fraudulent cryptocurrency sites. By manipulating how metadata is fetched for preview cards, attackers display trusted domains.GBHackers
May 10, 2025
FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network Full Text
Abstract
A joint investigation has uncovered FreeDrain, a large-scale cryptocurrency phishing operation that exploits SEO manipulation, free-tier web services, and redirection techniques to deceive users of popular cryptocurrency wallets.Sentinel One
April 19, 2025
The Zoom attack you didn’t see coming Full Text
Abstract
A threat actor known as ELUSIVE COMET is exploiting Zoom’s remote control feature to deploy malware during fake podcast interviews. The attacker is targeting individuals in the cryptocurrency and DeFi sectors.HelpNet Security
April 7, 2025
PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks Full Text
Abstract
This campaign involves a two-pronged approach: compromising CRM and bulk email providers and deploying a novel “crypto seed phrase” phishing attack.The PoisonSeed campaign has targeted a range of significant platforms.Security Online
March 15, 2025
Mass-Scale Crypto Scam Exploits Fake Investments and Pyramid Schemes Full Text
Abstract
A large-scale crypto investment scam targeted victims via fraudulent websites and mobile apps, impersonating trusted brands and promising unrealistic returns. The scheme operates like a pyramid scam, primarily targeting users in East Africa and Asia.Palo Alto Networks
March 10, 2025
US seizes $23 million in crypto linked to LastPass breaches Full Text
Abstract
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack.Bleeping Computer
March 1, 2025
North Korea-Linked Threat Actor Uses RustDoor and Koi Stealer for macOS to Target the Cryptocurrency Sector Full Text
Abstract
In this campaign, Unit 42 researchers discovered a Rust-based macOS malware nicknamed RustDoor masquerading as a legitimate software update, as well as a previously undocumented macOS variant of a malware family known as Koi Stealer.Palo Alto Networks
February 26, 2025
GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets Full Text
Abstract
Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. qThe Hacker News
February 22, 2025
Hackers Drained $1.4 Billion of Cryptocurrency From Bybit Exchange Full Text
Abstract
The Dubai-based company said the incident occurred when the company was moving funds from a “cold” wallet — a wallet whose private keys are kept offline for security reasons — to an online “warm” wallet.The Record
January 13, 2025
New Web3 attack exploits transaction simulations to steal crypto Full Text
Abstract
The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions.Cyware
December 28, 2024
Fake Zoom Meeting Links Lead to Million-Dollar Cryptocurrency Heist Full Text
Abstract
The phishing links, designed to mimic legitimate Zoom meeting invitations, directed users to a fraudulent domain, “app[.]us4zoom[.]us”, which closely resembled the genuine Zoom interface.Cyware
December 24, 2024
North Korean Hackers Pulled Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin Full Text
Abstract
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.The Hacker News
December 10, 2024
Radiant Links $50 Million Crypto Heist to North Korean Hackers Full Text
Abstract
The attribution comes after investigating the incident, assisted by cybersecurity experts at Mandiant, who say the attack was conducted by North Korean state-affiliated hackers known as Citrine Sleet, aka "UNC4736 and "AppleJeus."Bleeping Computer
October 28, 2024
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining Full Text
Abstract
The TeamTNT cryptojacking group is preparing for a new large-scale campaign targeting cloud-native environments to mine cryptocurrencies and rent out breached servers to third parties.Cyware
September 23, 2024
More Than $44 Million in Cryptocurrency Stolen From Singaporean Platform Bingx Full Text
Abstract
Singaporean cryptocurrency platform BingX was hit by a cyberattack resulting in the theft of over $44 million. The attack was detected by two blockchain security firms, leading to a temporary suspension of withdrawals and emergency asset transfers.The Record
September 21, 2024
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs Full Text
Abstract
These exchanges allowed users to trade cryptocurrencies anonymously, creating a safe environment for cybercriminals to launder their proceeds without fear of prosecution.Bleeping Computer
September 17, 2024
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware Full Text
Abstract
North Korean hackers are using RustDoor malware to target cryptocurrency users on LinkedIn, posing as recruiters for legitimate decentralized finance (DeFi) companies like STON.fi.THe Hacker News
September 17, 2024
Rising Clipper Malware Attacks Target Cryptocurrency Users Full Text
Abstract
The malicious software called ClipBankers can monitor clipboard activity and replace cryptocurrency addresses with those controlled by attackers, diverting digital asset transfers to rogue wallets.The Hacker News
September 7, 2024
Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft Full Text
Abstract
The Penpie DeFi platform recently reported a $27 million cryptocurrency theft to the FBI and Singapore police. Hackers targeted the protocol, stealing ethereum and prompting Penpie to halt withdrawals and deposits.The Record
September 6, 2024
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition Full Text
Abstract
A new mobile malware called SpyAgent has been uncovered by McAfee's Mobile Research Team. This malware targets mnemonic keys used for cryptocurrency wallets by scanning for images containing them on your device.Macfee
August 15, 2024
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations Full Text
Abstract
The CryptoCore group's scam operation leverages deepfake technology, hijacked YouTube accounts, and professionally designed websites to trick users into sending cryptocurrencies to scammer wallets.Avast
July 19, 2024
Operation Spincaster Targets Crypto Pig-Butchering Scams Full Text
Abstract
Operation Spincaster, involving law enforcement and government agencies across six countries, as well as 17 cryptocurrency exchanges, has identified 7,000 leads and $162 million in losses.Bank Infosecurity
July 17, 2024
Tether Freezes $29 Million of Cryptocurrency Connected To Cambodian Marketplace Accused of Fueling Scams Full Text
Abstract
Tether has frozen $29 million of cryptocurrency linked to a Cambodian marketplace accused of supporting scams. Tether confirmed the freeze, citing concerns about fraudulent and criminal activities.The Record
July 16, 2024
DNS Hijacks Target Cryptocurrency Platforms Registered With Squarespace Full Text
Abstract
A coordinated wave of DNS hijacking attacks recently targeted decentralized finance (DeFi) cryptocurrency domains. Attackers used the Squarespace registrar to redirect visitors to phishing sites that aimed to steal cryptocurrency and NFTs.Cyware
July 10, 2024 – Phishing
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
May 7, 2024
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering Full Text
Abstract
The U.S. Department of Justice stated that BTC-e was a primary method for cybercriminals to transfer and launder illegal proceeds. Vinnik's actions led to a loss of at least $121 million through BTC-e.The Record
April 25, 2024
Feds Accuse Founders of Cryptocurrency Mixer of ‘Large-Scale Money Laundering’ Full Text
Abstract
The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday.The Record
April 18, 2024
Possible Chinese Hackers Use OpenMetadata for Cryptomining Full Text
Abstract
Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running as workloads on Kubernetes clusters to download cryptomining software, warns Microsoft.Bank Info Security
April 15, 2024
FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques Full Text
Abstract
This campaign’s strategic inclusion of a clipper module alongside FatalRAT hints at a targeted approach towards cryptocurrency users, amplifying data interception capabilities with the addition of a keylogger module.The Cyber Express
April 10, 2024
Research Unearths RUBYCARP’s Multi-Miner Assault on Crypto Full Text
Abstract
One of the key findings from the technical write-up, published by Sysdig today, is the group’s use of a script capable of simultaneously deploying multiple cryptocurrency miners.Infosecurity Magazine
March 25, 2024
UN Probing 58 Alleged Crypto Heists by North Korea Worth $3 Billion Full Text
Abstract
In a report released March 7, the U.N. experts said they tracked the activity of “cyberthreat actors subordinate to the Reconnaissance General Bureau (RGB), including Kimsuky, the Lazarus Group, Andariel and BlueNoroff,” between 2017 and 2023.The Record
March 13, 2024
Spanish High Court Upholds Temporary Worldcoin Ban Full Text
Abstract
The Spanish High Court upheld a three-month ban on Worldcoin, a digital identity and cryptocurrency platform, due to privacy concerns raised by the country's data regulator.Cyware
March 12, 2024
Report: Victims Lose $47 Million to Crypto Phishing Scams in February Full Text
Abstract
Impersonated accounts on X, formerly known as Twitter, have been responsible for a majority of crypto phishing attacks in the previous month. Per Scam Sniffer, victims lost almost $47 million to cybercriminals who stole from over 57,000 individuals.Cyware
February 22, 2024
Cryptocurrency Exchange FixedFloat Hacked to Siphon Off $26 Million in BTC, ETH Full Text
Abstract
FixedFloat, a non-KYC crypto exchange, was hacked for $26 million worth of Bitcoin and Ethereum due to vulnerabilities and insufficient security measures, leading to frozen transactions and missing funds.Cyware
February 21, 2024
Fake Tokens Exploit BRICS Investment Hype Full Text
Abstract
Security researchers have identified a rising trend of cryptocurrency counterfeiting targeting Fortune 100 companies, involving the creation of tokens impersonating major brands, government bodies, and national fiat currencies.Cyware
February 17, 2024
North Korean Hackers Now Launder Stolen Crypto via YoMix Tumbler Full Text
Abstract
YoMix saw a significant increase in funds in 2023, with about one-third of inflows originating from wallets associated with crypto hacks, demonstrating the adaptability of sophisticated threat actors.Cyware
February 10, 2024
Is Your Crypto Safe? XPhase Clipper Malware Steals Coins with a Click Full Text
Abstract
The malware is spread through deceptive websites impersonating legitimate cryptocurrency platforms, with a noticeable emphasis on targeting Indian cryptocurrency enthusiasts.Cyware
January 17, 2024
Crypto Trading Firm Closes Shop After $8 Million NY State Fine Over Security Issues Full Text
Abstract
Genesis Global Trading violated its BitLicense terms, with late and inadequate cybersecurity risk assessments, and appeared deficient in filing suspicious activity reports for potential money laundering.Cyware
January 16, 2024
Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims Full Text
Abstract
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme "leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers' infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions," Singapore-headquartered Group-IB said in a report shared with The Hacker News. Inferno Drainer, which was active from November 2022 to November 2023 , is estimated to have reaped over $87 million in illicit profits by scamming more than 137,000 victims. The malware is part of a broader set of similar offerings that are available to affiliates under the scam-as-a-service (or drainer-as-a-service) model in exchange for a 20% cut of their earnings. What's more, customers of Inferno Drainer could either upload the malware to their own phishing sites, or make use of the developer's service for creatinThe Hacker News
January 08, 2024
North Korea’s Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 Full Text
Abstract
Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week. "Hacks perpetrated by the DPRK were on average ten times as damaging as those not linked to North Korea." There are indications that additional breaches targeting the crypto sector towards the end of 2023 could push this figure higher to around $700 million. The targeting of cryptocurrency companies is not new for North Korean state-sponsored actors, who have stolen about $3 billion since 2017. These financially motivated attacks are seen as a crucial revenue-generation mechanism for the sanctions-hit nation, funding its weapons of mass destruction (WMD) and ballistic missile programThe Hacker News
December 13, 2023
Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing Full Text
Abstract
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an analysis. "The misuse of OAuth also enables threat actors to maintain access to applications even if they lose access to the initially compromised account." OAuth , short for Open Authorization, is an authorization and delegation framework (as opposed to authentication) that provides applications the ability to securely access information from other websites without handing over passwords. In the attacks detailed by Microsoft, threat actors have been observed launching phishing or password-spraying attacks against poorly secured accounts with permissions to create or modify OAuthThe Hacker News
November 27, 2023
KyberSwap Says $54.7 Million in Cryptocurrency Stolen During Attack Full Text
Abstract
The company is now trying to recover the funds but argued that the incident “stands out as one of the most sophisticated in the history of DeFi.” The company advised users to “promptly withdraw their funds.”Cyware
November 13, 2023
More Than $100 Million Stolen From Poloniex Crypto Platform Full Text
Abstract
The platform confirmed the theft and plans to reimburse affected users. Poloniex offered a 5% bounty to the hacker for the return of the funds and urged a response within 7 days.Cyware
November 08, 2023
Researchers Uncover Undetectable Crypto Mining Technique on Azure Automation Full Text
Abstract
Cybersecurity researchers have developed what's the first fully undetectable cloud-based cryptocurrency miner leveraging the Microsoft Azure Automation service without racking up any charges. Cybersecurity company SafeBreach said it discovered three different methods to run the miner, including one that can be executed on a victim's environment without attracting any attention. "While this research is significant because of its potential impact on cryptocurrency mining, we also believe it has serious implications for other areas, as the techniques could be used to achieve any task that requires code execution on Azure," security researcher Ariel Gamrian said in a report shared with The Hacker News. The study mainly set out to identify an "ultimate crypto miner" that offers unlimited access to computational resources, while simultaneously requiring little-to-no maintenance, is cost-free, and undetectable. That's where Azure Automation comes in.The Hacker News
October 30, 2023
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub Full Text
Abstract
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. "As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said in a technical report shared with The Hacker News. The operation, active since at least December 2020, is designed to mine Monero from as many as 474 unique Amazon EC2 instances between August 30 and October 6, 2023. A standout aspect of the attacks is the automated targeting of AWS IAM credentials within four minutes of their initial exposure on GitHub, indicating that threat actors are programmatically cloning and scanning the repositories to capture the exposed keys.The Hacker News
October 06, 2023
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency Full Text
Abstract
As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping typologies is also on the rise," blockchain analytics firm Elliptic said in a new report published this week. Cross-chain crime refers to the conversion of crypto assets from one token or blockchain to another, often in rapid succession, in an attempt to obfuscate their origin, making it a lucrative method for money laundering for crypto thefts and an alternative to Acc approaches like mixers. According to data gathered by Elliptic, the Lazarus Group's use of cross-chain bridges contributed to a majority of the 111% increase in the proportion of funds sent via such services.The Hacker News
September 25, 2023
Hong Kong-Based Cryptocurrency Firm Mixin Says Hackers Stole $200 Million in Assets Full Text
Abstract
The incident follows a recent trend of cryptocurrency hacks, with North Korean hackers being suspected in multiple attacks, highlighting the growing threat posed by cybercriminals targeting the industry.Cyware
September 22, 2023
Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package Full Text
Abstract
The Python package "Culturestreak" is a malicious software that hijacks system resources for unauthorized cryptocurrency mining. The package utilizes obfuscated code and random filenames to evade detection, making it a persistent threat.Cyware
September 18, 2023
Lazarus APT Stole Almost $240 Million in Crypto Assets Since June Full Text
Abstract
According to a report by Elliptic, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including Atomic Wallet ($100m), CoinsPaid ($37.3M), Alphapo ($60M), and Stake.com ($41M).Cyware
September 18, 2023
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services Full Text
Abstract
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed AMBERSQUID by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances," Sysdig security researcher Alessandro Brucato said in a report shared with The Hacker News. "Targeting multiple services also poses additional challenges, like incident response, since it requires finding and killing all miners in each exploited service." Sysdig said it discovered the campaign following an analysis of 1.7 million images on Docker Hub, attributing it with moderate confidence to Indonesian attackers based on the use of Indonesian language in scripts and useThe Hacker News
September 17, 2023
North Korea’s Lazarus Group Suspected in $31 Million CoinEx Heist Full Text
Abstract
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik , Elliptic , and ZachXBT , the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at CoinEx adds to a string of recent attacks targeting Atomic Wallet ($100 million), CoinsPaid ($37.3 million), Alphapo ($60 million), and Stake.com ($41 million). "Some of the funds stolen from CoinEx were sent to an address which was used by the Lazarus group to launder funds stolen from Stake.com, albeit on a different blockchain," Elliptic said. "Following this, the funds were bridged to Ethereum, using a bridge previously used by Lazarus, and then sent back to an address known to be controlled by the CoinEx hacker." The blockchain analytics firm said the lateThe Hacker News
September 13, 2023
CoinEx Exchange Loses $27 Million Worth of Crypto in Suspected Hack Full Text
Abstract
A CoinEx hot wallet transferred $27 million of various tokens to a wallet with no previous history in what the exchange’s team has referred to as “anomalous withdrawals."Cyware
September 09, 2023
Cybercriminals Weaponizing Legitimate Advanced Installer Tool in Crypto-Mining Attacks Full Text
Abstract
A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021. "The attacker uses Advanced Installer to package other legitimate software installers, such as Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts and uses Advanced Installer's Custom Actions feature to make the software installers execute the malicious scripts," Cisco Talos researcher Chetan Raghuprasad said in a technical report. The nature of the applications trojanized indicates that the victims likely span architecture, engineering, construction, manufacturing, and entertainment sectors. The software installers predominantly use the French language, a sign that French-speaking users are being singled out. This campaign is strategic in that these industries rely on computers with high Graphics Processing Unit (GPU) power for tThe Hacker News
September 1, 2023 – Breach
Data Breach Could Affect More Than 100,000 in Pima County Full Text
Abstract
More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.Cyware
August 24, 2023
Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Full Text
Abstract
Two DeFi platforms, Exactly and Harbor, fell victim to cyberattacks resulting in the theft of millions of dollars' worth of cryptocurrency. Exactly Protocol confirmed suffering a loss of around $7.3 million worth of ETH.Cyware
August 23, 2023
FBI identifies wallets holding cryptocurrency funds stolen by North Korea Full Text
Abstract
The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million. The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North...Security Affairs
August 09, 2023
Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining Full Text
Abstract
Exposed Kubernetes (K8s) clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors. Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors. In total, Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals were discovered, 60% of which were the target of an active crypto-mining campaign. The publicly-accessible clusters, per Aqua, are said to suffer from two different kinds of misconfigurations: allowing anonymous access with high privileges and running kubectl proxy with the flags "--address=`0.0.0.0` --accept-hosts `.*`" "Housing a wide array of sensitive and valuable assets, Kubernetes clusters can store customer data, financial records, intellectual property, aThe Hacker News
August 2, 2023
Millions Stolen From Crypto Platforms Through Exploited ‘Vyper’ Vulnerability Full Text
Abstract
Millions of dollars worth of cryptocurrency were stolen from several platforms over the weekend after hackers exploited a vulnerability in a programming language used widely in the cryptocurrency world.Cyware
July 28, 2023
CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency Full Text
Abstract
Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000...Security Affairs
July 12, 2023
Python-Based PyLoose Fileless Attack Targets Cloud Workloads for Cryptocurrency Mining Full Text
Abstract
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal. "The attack consists of Python code that loads an XMRig Miner directly into memory using memfd , a known Linux fileless technique," security researchers Avigayil Mechtinger, Oren Ofer, and Itamar Gilad said . "This is the first publicly documented Python-based fileless attack targeting cloud workloads in the wild." The cloud security firm said it found nearly 200 instances where the attack method was employed for cryptocurrency mining. No other details about the threat actor are currently known other than the fact that they possess sophisticated capabilities. In the infection chain documented by Wiz, initial access is achieved through the exploitation of a publicly accessible Jupyter Notebook service that allowed for the execution of system commands using Python modules. PyLoose , first detected onThe Hacker News
July 11, 2023
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign Full Text
Abstract
Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture," Sysdig security researcher Alessandro Brucato said in a new report shared with The Hacker News. SCARLETEEL was first exposed by the cybersecurity company in February 2023, detailing a sophisticated attack chain that culminated in the theft of proprietary data from AWS infrastructure and the deployment of cryptocurrency miners to profit off the compromised systems' resources illegally. A follow-up analysis by Cado Security uncovered potential links to a prolific cryptojacking group known as TeamTNT , although Sysdig told The Hacker News that it "could be someThe Hacker News
June 27, 2023
JOKERSPY used to target a cryptocurrency exchange in Japan Full Text
Abstract
An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency...Security Affairs
June 23, 2023
New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices Full Text
Abstract
Internet-facing Linux systems and Internet of Things (IoT) devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said . "The backdoor also installs a patched version of OpenSSH on affected devices, allowing threat actors to hijack SSH credentials, move laterally within the network, and conceal malicious SSH connections." To pull off the scheme, misconfigured Linux hosts are brute-forced to gain initial access, following which the threat actors move to disable shell history and fetch a trojanized version of OpenSSH from a remote server. The rogue OpenSSH package is configured to install and launch the backdoor, a shell script that allows the attackers to distribute additional payloads aThe Hacker News
June 22, 2023
Ukrainian Police Disrupt Cryptocurrency Scam Aimed at Canada Full Text
Abstract
Ukrainian and Canadian authorities conducted a joint operation to disrupt the two call centers and confiscate computer equipment, mobile phones, SIM cards, cars, and cash.Cyware
June 15, 2023
Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency Full Text
Abstract
Ransomware actors and cryptocurrency scammers have joined nation-state actors in abusing cloud mining services to launder digital assets, new findings reveal. "Cryptocurrency mining is a crucial part of our industry, but it also holds special appeal to bad actors, as it provides a means to acquire money with a totally clean on-chain original source," blockchain analytics firm Chainalysis said in a report shared with The Hacker News. Earlier this March, Google Mandiant disclosed North Korea-based APT43's use of the hash rental and cloud mining services to obscure the forensic trail and wash the stolen cryptocurrency "clean." Cloud mining services allow users to rent a computer system and use that computer's hash power to mine cryptocurrencies without having to manage the mining hardware themselves. But according to Chainalysis, it's not just nation-state hacking crews who are leveraging such services in the wild. In one example highlighted byThe Hacker News
June 13, 2023
DoubleFinger Loader Delivers GreetingGhoul Stealer to Target Crypto Wallets Full Text
Abstract
Cybercriminals have added a new malware loader called DoubleFinger to their arsenal for stealing cryptocurrency and business information. GreetingGhoul comprises two major components that work together to steal cryptocurrency credentials. To protect themselves, organizations must look at the ... Read MoreCyware
June 12, 2023
Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme Full Text
Abstract
A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers said in a report published last week, linking it to a Russian-speaking threat actor named "Impulse Team." "The scam works via an advanced fee fraud that involves tricking victims into believing that they've won a certain amount of cryptocurrency. However, to get their rewards, the victims would need to pay a small amount to open an account on their website." The compromise chain starts with a direct message propagated via Twitter to lure potential targets into visiting the decoy site. The account responsible for sending the messages has since been closed. The message urges recipients to sign up for an account on the website and apply a promo code specifThe Hacker News
June 6, 2023
Impulse Team Ran Years-Long Mostly-Undetected Cryptocurrency Scam Full Text
Abstract
The scam works via an advanced fee fraud, tricking victims into believing they've won cryptocurrency rewards but requiring them to pay a small activation fee to access their rewards.Cyware
May 24, 2023
Sharp Decline in Crypto Hacks in Q1 2023 Unlikely to Last Full Text
Abstract
Law enforcement and regulatory action over the past year in the US most likely dissuaded hackers from stealing cryptocurrency, making the amount stolen in the first quarter of the year the lowest compared to each of the four quarters in 2022.Cyware
May 22, 2023
Crypto phishing service Inferno Drainer defrauds thousands of victims Full Text
Abstract
A cryptocurrency phishing and scam service called 'Inferno Drainer' has reportedly stolen over $5.9 million worth of crypto from 4,888 victims.BleepingComputer
May 20, 2023
Minas — a multi-stage cryptocurrency miner infection Full Text
Abstract
In June 2022, Kaspersky researchers found a suspicious shellcode running in the memory of a system process. Based on their reconstruction of the infection chain, they determined that it originated from running an encoded PowerShell script as a task.Cyware
April 30, 2023
Crooks broke into AT&T email accounts to empty their cryptocurrency wallets Full Text
Abstract
Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s...Security Affairs
April 23, 2023
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC Full Text
Abstract
Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access...Security Affairs
April 21, 2023
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining Full Text
Abstract
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ) to create backdoors and run cryptocurrency miners. "The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack," cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack RBAC Buster , said it found 60 exposed K8s clusters that have been exploited by the threat actor behind this campaign. The attack chain commenced with the attacker gaining initial access via a misconfigured API server, followed by checking for evidence of competing miner malware on the compromised server and then using RBAC to set up persistence. "The attacker created a new ClusterRole with near admin-level privileges," the company said. "Next, the attacker created a 'ServiceAccount', 'kube-controller' in the 'kube-system' namespace. LastThe Hacker News
April 14, 2023
Bitrue Hot Wallet Exploit Results in $23M Cryptocurrency Theft Full Text
Abstract
The exchange said it will suspend all withdrawals temporarily to conduct additional security checks, and withdrawals are expected to resume on April 18, 2023. The exchange explained that they will compensate all identified users affected in full.Cyware
April 4, 2023
3CX Supply chain attack allowed targeting cryptocurrency companies Full Text
Abstract
Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular...Security Affairs
March 30, 2023
Tor Goes Wrong: Malware Steals $400k in Cryptocurrency Full Text
Abstract
Are you a crypto user addicted to Tor? Tor browser users across the world are under attack with trojanized versions of Tor browser installers, especially those in Russia and nearby regions. These infected browsers were being promoted as "security-strengthened" versions of the browser. Kaspersky war ... Read MoreCyware
March 29, 2023
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware Full Text
Abstract
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of global research and analysis team (GReAT) for APAC at Kaspersky, said . Another notable aspect of clipper malware is that its nefarious functions are not triggered unless the clipboard data meet specific criteria, making it more evasive. It's not immediately clear how the installers are distributed, but evidence points to the use of torrent downloads or some unknown third-party source since the Tor Project's website has been subjected to blockades in Russia in recent years. Regardless of the method used, the installer launches the legitimate executable, while also sThe Hacker News
March 21, 2023
Hackers Steal Over $1.6 Million in Crypto from General Bytes Bitcoin ATMs Using Zero-Day Flaw Full Text
Abstract
Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the weekend. "The attacker scanned the Digital Ocean cloud hosting IP address space and identified running CAS services on ports 7741, including the General Bytes Cloud service and other GB ATM operators running their servers on Digital Ocean," it further added. The company said that the server to which the malicious Java application was uploaded was by default configured to start applications present in the deployment folder ("/batm/app/admin/standalone/deployments/"). In doing so, the attack allowed the threat actor to access the database; read and decryThe Hacker News
March 17, 2023
Trojanized WhatsApp and Telegram Apps Go After Victims’ Cryptocurrency Wallets Full Text
Abstract
Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows. The malware can switch cryptocurrency wallet addresses sent in chat messages with attackers' wallet addresses.Cyware
March 16, 2023
Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration Full Text
Abstract
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the early phase of the attack chain involved the use of a cryptocurrency miner, which the cloud security firm suspected was deployed as a decoy to conceal the detection of data exfiltration. The artifact – uploaded to VirusTotal late last month – "bear[s] several syntactic and semantic similarities to prior TeamTNT payloads, and includes a wallet ID that has previously been attributed to them," a new analysis from Cado Security has revealed . TeamTNT , active since at least 2019, has been documented to repeatedly strike cloud and container environments to deploy cryptocurThe Hacker News
March 15, 2023
New Cryptojacking Operation Targeting Kubernetes Clusters for Dero Mining Full Text
Abstract
Cybersecurity researchers have discovered the first-ever illicit cryptocurrency mining campaign used to mint Dero since the start of February 2023. "The novel Dero cryptojacking operation concentrates on locating Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports accessible from the internet," CrowdStrike said in a new report shared with The Hacker News. The development marks a notable shift from Monero, which is a prevalent cryptocurrency used in such campaigns. It's suspected it may have to do with the fact that Dero "offers larger rewards and provides the same or better anonymizing features." The attacks, attributed to an unknown financially motivated actor, commence with scanning for Kubernetes clusters with authentication set as --anonymous-auth=true , which allows anonymous requests to the server, to drop initial payloads from three different U.S.-based IP addresses. This includes deployingThe Hacker News
March 15, 2023
CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign Full Text
Abstract
CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. CrowdStrike has discovered the first-ever Dero cryptojacking campaign aimed at Kubernetes infrastructure. Dero is a general-purpose,...Security Affairs
March 09, 2023
New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic Full Text
Abstract
The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt, obfuscate, and manipulate malware with the goal of evading detection by security programs. ScrubCrypt, which is advertised for sale by its author, comes with features to bypass Windows Defender protections as well as check for the presence of debugging and virtual machine environments. "ScrubCrypt is a crypter used to secure applications with a unique BAT packing method," security researcher Cara Lin said in a technical report. "The encrypted data at the top can be split into four parts using backslash '\.'" The crypter, in the final stage, decodes and loads theThe Hacker News
March 02, 2023
New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers Full Text
Abstract
Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. "Underpinning this campaign was the use of transfer[.]sh," Cado Security said in a report shared with The Hacker News. "It's possible that it's an attempt at evading detections based on other common code hosting domains (such as pastebin[.]com)." The cloud cybersecurity firm said the command line interactivity associated with transfer[.]sh has made it an ideal tool for hosting and delivering malicious payloads. The attack chain commences with targeting insecure Redis deployments, followed by registering a cron job that leads to arbitrary code execution when parsed by the scheduler. The job is designed to retrieve a payload hosted at transfer[.]sh. It's worth noting that similar attack mechanisms have been employed by other threat actors like TeamTNT andThe Hacker News
March 1, 2023
Parallax RAT used in attacks aimed at cryptocurrency entities Full Text
Abstract
Experts warn of a new wave of attacks against cryptocurrency entities, threat actors are using a RAT dubbed Parallax RAT for Infiltration. Researchers from cybersecurity firm Uptycs warns of attacks targeting cryptocurrency organizations with the Parallax...Security Affairs
February 24, 2023
Highly evasive cryptocurrency miner targets macOS Full Text
Abstract
Researchers warn of an evasive cryptojacking malware targeting macOS which spreads through pirated applications Jamf Threat Labs researchers reported that an evasive cryptojacking malware targeting macOS was spotted spreading under the guise of the Apple-developed...Security Affairs
February 23, 2023
Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware Full Text
Abstract
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed as Final Cut Pro, a video editing software from Apple, which contained an unauthorized modification. "This malware makes use of the Invisible Internet Project (i2p) [...] to download malicious components and send mined currency to the attacker's wallet," Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley said in a report shared with The Hacker News. An earlier iteration of the campaign was documented exactly a year ago by Trend Micro, which pointed out the malware's use of i2p to conceal network traffic and speculated that it may have been delivered as a DMG file for Adobe Photoshop CC 2019. The Apple device management company said the source of the cryptojacking apps can be traced to Pirate Bay, with the earliest uploads dating all theThe Hacker News
February 15, 2023
How Concerned Should You be about Your Hardware Wallet? Full Text
Abstract
Security company Unciphered successfully breached OneKey, the maker of hardware wallets for cryptocurrencies, in a matter of seconds, underlining security gaps in the emerging crypto world. Unciphered posted a video on YouTube demonstrating its ability to exploit a critical flaw that enabled it to ... Read MoreCyware
February 15, 2023
Binance, Huobi freeze some cryptocurrency stolen in $100 million Harmony hack Full Text
Abstract
The two crypto platforms were notified about the funds by blockchain research company Elliptic, which managed to trace it through sanctioned cryptocurrency mixer Tornado Cash.Cyware
February 8, 2023
Backdoor in Dingo Cryptocurrency Allows Creator to Steal (Nearly) Everything Full Text
Abstract
While the documents describing the Dingo Token claimed that the scheme charged 10% per transaction, Check Point researchers found 47 transactions where the total fee per transaction had been increased to 99%.Cyware
February 3, 2023
Crypto hacks stole record $3.8 billion in 2022, led by North Korea groups - report Full Text
Abstract
Last year was the worst on record for cryptocurrency heists, with hackers stealing as much as $3.8 billion, led by attackers linked to North Korea who netted more than ever before, a U.S.-based blockchain analytics firm said in a report on Wednesday.Cyware
January 4, 2023
New shc Linux Malware Used to Deploy Cryptominer Payload Full Text
Abstract
The experts believe attackers initially compromised targeted devices through a dictionary attack on poorly protected Linux SSH servers, then they installed multiple malware on the target system.Cyware
December 30, 2022
Hackers Drain Cryptocurrency Worth Millions From Crypto-Wallets Full Text
Abstract
Security issues surrounding crypto wallets and the entire blockchain ecosystem have become prevalent. Several crypto platforms including BTC[.]com, 3Commas, and Bitkeep have been added to the long list of crypto-related hacks. Users are recommended to practice caution, refrain from clicking on ... Read MoreCyware
December 28, 2022
Cryptocurrency Exchange BTC.com Suffers Massive Cyber Attack Full Text
Abstract
During the attack, BTC.com lost about $700,000 worth of crypto owned by its clients and $2.3 million in digital assets owned by the company. The company has recovered some of the stolen cryptocurrency despite not disclosing the amount.Cyware
December 27, 2022
BTC.com lost $3 million worth of cryptocurrency in cyberattack Full Text
Abstract
BTC.com, one of the world's largest cryptocurrency mining pools, announced it was the victim of a cyberattack that resulted in the theft of approximately $3 million worth of crypto assets belonging to both customers and the company.BleepingComputer
December 13, 2022
Chaos RAT Sharpens Up Cryptocurrency Mining Attack Campaign Full Text
Abstract
Trend Micro researchers spotted a cryptocurrency mining campaign against Linux machines using the open-source Chaos RAT to deploy Monero miner, among other functions. The main server is located in Russia and uses cloud-bulletproof hosting to hide its whereabouts. Experts suggest individuals an ... Read MoreCyware
December 12, 2022
Cryptomining campaign targets Linux systems with Go-based CHAOS Malware Full Text
Abstract
Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based...Security Affairs
December 06, 2022
Microsoft: Hackers target cryptocurrency firms over Telegram Full Text
Abstract
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers.BleepingComputer
December 03, 2022
Hackers use new, fake crypto app to breach networks, steal cryptocurrency Full Text
Abstract
The North Korean 'Lazarus' hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, "BloxHolder," to install the AppleJeus malware for initial access to networks and steal crypto assets.BleepingComputer
Dec 01, 2022
Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network Full Text
Abstract
An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot. Some of the major targets included gaming firms, technology companies, and luxury car manufacturers. Akamai researcher Larry W. Cashdollar, in a new update, explained how commands sent to the bot to understand its functionality in a controlled environment inadvertently neutralized the malware. "Interestingly, after one single improperly formatted command, the bot stopped sending commands," Cashdollar said . "It's not every day you come across a botnet tThe Hacker News
November 24, 2022
ViperSoftX Drops VenomSoftX Chrome Extension to Steal Cryptocurrency Full Text
Abstract
To steal crypto assets, VenomSoftX tries to tamper with API requests that sites use for several actions such as money withdrawal or sending security codes.Cyware Alerts - Hacker News
November 22, 2022
U.S. Authorities Seize Domains Used in ‘Pig butchering’ Cryptocurrency Scams Full Text
Abstract
The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said. Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending their crypto assets. The criminals encounter potential victims on dating apps, social media sites, and SMS messages. These individuals initiate fake relationships in an attempt to build trust, only to trick them into making a cryptocurrency investment on a bogus platform. "Once the money is sent to the fake investment app, the scammer vanishes, taking all the money with them, often resulting in significant losses for the victim," the DoJ said. The seven seized portals all mimicked the Singapore International Monetary Exchange (SIMEX), the agency pointed out. But once tThe Hacker News
November 15, 2022
Typhon Cryptominer-for-Hire Malware Resurfaces With New Capabilities Full Text
Abstract
The original version of Typhon Stealer was updated and released with the new name of “Typhon Reborn.” This new version has increased anti-analysis techniques and it was modified to improve the stealer and file grabber features.Palo Alto Networks
November 14, 2022
New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks Full Text
Abstract
A newly discovered evasive malware leverages the Secure Shell ( SSH ) cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service (DDoS) attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team (SIRT), the Golang-based malware has been found targeting a variety of companies ranging from gaming to luxury car brands to security firms. "The botnet infects systems via an SSH connection that uses weak login credentials," Akamai researcher Larry W. Cashdollar said . "The malware does not stay persistent on the infected system as a way of evading detection." The malware gets its name from an executable named "kmsd.exe" that's downloaded from a remote server following a successful compromise. It's also designed to support multiple architectures, such as Winx86, Arm64, mips64, and x86_64. KmsdBot comes with capabilities to perform scanning operatioThe Hacker News
November 12, 2022
$1 billion of FTX customer funds have vanished, Reuters reported Full Text
Abstract
Crypto exchange FTX appears to have been hacked, rumors state that attackers stole $600 million drained from the company's wallets. Crypto exchange FTX is recommending users to delete FTX apps and avoid using its website, a circumstance that refutes...Security Affairs
November 08, 2022
U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web Full Text
Abstract
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value of 174 Bitcoin, and gold- and silver-colored bars. It's also one of the largest cryptocurrency seizures to date, followed by the confiscation of $3.6 billion worth of bitcoin earlier this February tied to the 2016 breach of the Bitfinex crypto exchange. The Justice Department said it conducted the seizure on November 9, 2021, pursuant to a search warrant issued to James Zhong's house located in the U.S. state of Georgia. It also said the keys to the tokens were found in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn tThe Hacker News
November 4, 2022
36-nation ransomware summit agrees to act on cryptocurrency Full Text
Abstract
The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations.The Register
November 3, 2022
Deribit Crypto Derivatives Exchange Halts Withdrawals Amid $28 Million Hot Wallet Hack Full Text
Abstract
According to the information on Deribit’s Telegram chat, trading on Deribit is operating as usual. “Due to our hotwallet policy we were able to limit loss of user funds,” a Deribit support person noted.Coin Telegraph
November 03, 2022
New clipboard hijacker replaces crypto wallet addresses with lookalikes Full Text
Abstract
A new clipboard stealer called Laplas Clipper spotted in the wild is using cryptocurrency wallet addresses that look like the address of the victim's intended recipient.BleepingComputer
October 27, 2022
New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances Full Text
Abstract
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog , with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT , which are known to strike misconfigured Docker and Kubernetes instances. The intrusions, spotted in September 2022, get their name from a domain named "kiss.a-dog[.]top" that's used to trigger a shell script payload on the compromised container using a Base64-encoded Python command. "The URL used in the payload is obscured with backslashes to defeat automated decoding and regex matching to retrieve the malicious domain," CrowdStrike researcher Manoj Ahuje said in a technical analysis. The attack chain subsequently attempts to escape the container and move laterally into the breached network, whThe Hacker News
October 25, 2022
Massive cryptomining campaign abuses free-tier cloud dev resources Full Text
Abstract
An automated and large-scale 'freejacking' campaign abuses free GitHub, Heroku, and Buddy services to mine cryptocurrency at the provider's expense.BleepingComputer
October 18, 2022
Сryptocurrency and Ransomware — The Ultimate Friendship Full Text
Abstract
Both cryptocurrency and ransomware are nothing new in the digital world; both have been there for a very long time, which was enough for them to find common pieces for starting their relationship. Ransomware can be like a virtual car that works on all types of fuels, and crypto is the one that is currently most recommended. No one can argue that 2020 was the year of ransomware in the cyber world, but it wasn't due to the fact that cybercriminals chose ransomware just because they knew how to attack properly. It's because of the fact that crypto rose mostly this year, along with the new normal of the digital world. It gave them a new cause to stick to ransomware, thanks to the anonymous payments that can be made using a cryptocurrency. How does ransomware work? Ransomware is a malware type that encrypts the victim's files, whether it's a random user or an organization, leading to denying them access to those files on their personal devices. And the key to gainingThe Hacker News
October 17, 2022
Why Crypto Winter is No Excuse to Let Your Cyber Defenses Falter Full Text
Abstract
Don't let the ongoing " crypto winter " lull you into a false sense of cybersecurity. Even as cryptocurrencies lose value — and some crypto companies file for bankruptcy — cryptojacking still poses an urgent threat to enterprises across industries, from financial services to healthcare to industry 4.0 and beyond. Broadly speaking, cryptojacking is defined as the unauthorized and illegitimate use of an unwitting party's compute and/or server power by a malicious actor to mine cryptocurrencies. While everyone with an internet connection is technically vulnerable to cryptojacking, most attacks target enterprises with significant compute resources, especially those with an outsized number of third-party relationships. (More on that last part in a bit.) And if a malicious actor can breach your cybersecurity defenses for cryptojacking purposes, they can breach them for any number of nefarious reasons. Under normal conditions, mining for cryptocurrency is hugely expensive because dThe Hacker News
October 7, 2022
Hacker stole $566 million worth of Binance Coins from Binance Bridge Full Text
Abstract
Threat actors have stolen 2 million Binance Coins (BNB), worth $566 million, from the popular Binance Bridge. Hackers have reportedly stolen $566 million worth of Binance Coins (BNB) from the Binance Bridge. It seems that threat actors were able...Security Affairs
October 04, 2022
Hackers are breaching scam sites to hijack crypto transactions Full Text
Abstract
In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims.BleepingComputer
September 29, 2022
Crypto Trading Bot Earns $1 Million but Loses Everything to a Hacker an Hour Later Full Text
Abstract
According to the blockchain security firm PeckShield, the bug can be traced back to the bot's callback routine, and this was exploited by the hacker to approve an arbitrary address for spending.Coin Telegraph
September 28, 2022
Cryptominers hijack $53 worth of system resources to earn $1 Full Text
Abstract
Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices.BleepingComputer
September 23, 2022
npm packages used by crypto exchanges compromised Full Text
Abstract
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects, appear to have been compromised. Powered by the Ethereum blockchain, dydX is a decentralized exchange platform offering perpetual trading options for over 35 popular cryptocurrencies including Bitcoin (BTC) and Ether (ETH).BleepingComputer
September 21, 2022
Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Full Text
Abstract
Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message...Security Affairs
September 21, 2022
Crypto Trading Firm Wintermute Loses $160 Million in Hacking Incident Full Text
Abstract
In what's the latest crypto heist to target the decentralized finance (DeFi) space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute . The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet . The company said that its centralized finance (CeFi) and over-the-counter (OTC) operations have not been impacted by the security incident. It did not disclose when the hack took place. The digital asset market maker, which provides liquidity to more several exchanges and crypto platforms, warned of disruption to its services in the coming days, but stressed that it's "solvent with twice over that amount in equity left." "We are (still) open to treat[ing] this as a white hat, so if you are the attacker – get in touch," the company's founder and CEO, Evgeny Gaevoy, said in a tweet. DetaiThe Hacker News
September 20, 2022
Hackers steal $162 million from Wintermute crypto market maker Full Text
Abstract
Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today.BleepingComputer
September 20, 2022
Crypto Market Maker Wintermute Loses $160 Million in DeFi Hack Full Text
Abstract
Wintermute, a leading crypto market maker, has lost about $160 million in a hack, a top executive said Tuesday, becoming the latest firm in the industry to suffer a breach.Tech Crunch
September 18, 2022
TeamTNT hijacking servers to run Bitcoin encryption solvers Full Text
Abstract
Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe the notorious hacking group is back in action.BleepingComputer
September 16, 2022
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies Full Text
Abstract
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python scripts with capabilities to disable operating system (OS) security features such as Security-Enhanced Linux ( SELinux ), and others. The operators behind the Kinsing malware have a history of scanning for vulnerable servers to co-opt them into a botnet, including that of Redis , SaltStack , Log4Shell , Spring4Shell , and the Atlassian Confluence flaw ( CVE-2022-26134 ). The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts. The latest wave of attacks entails the actor weaponizing CVE-2020-14882 (CVSS score:The Hacker News
September 13, 2022
Police arrest man for laundering tens of millions in stolen crypto Full Text
Abstract
The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks.BleepingComputer
September 9, 2022
$30 Million worth of cryptocurrency stolen by Lazarus from Axie Infinity was recovered Full Text
Abstract
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover...Security Affairs
September 8, 2022
Rethinking Responsible Disclosure for Cryptocurrency Security Full Text
Abstract
Cryptocurrency security really is worse than other digital technologies, and there’s a good chance it always will be.Lawfare
August 29, 2022
Nitrokod Crypto Miner Infected Over 111,000 Users with Copies of Popular Software Full Text
Abstract
A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019. "The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News. "They can be found by a simple web search, downloaded from a link, and installation is a simple double-click." The list of countries with victims includes the U.K., the U.S., Sri Lanka, Greece, Israel, Germany, Turkey, Cyprus, Australia, Mongolia, and Poland. The campaign entails serving malware through free software hosted on popular sites such as Softpedia and Uptodown. But in an interesting tactic, the malware puts off its execution for weeks and separates its malicious activity from the downloaded fake software to avoid detection. The installation of the infected programThe Hacker News
August 26, 2022
Google Open Sources ‘Paranoid’ Crypto Testing Library Full Text
Abstract
Paranoid contains implementations and optimizations extracted from existing crypto-related literature, which “showed that the generation of these artifacts was flawed in some cases,” Google explains.Security Week
August 24, 2022
Crypto Miners Using Tox P2P Messenger as Command and Control Server Full Text
Abstract
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact (" 72client ") that functions as a bot and can run scripts on the compromised host using the Tox protocol. Tox is a serverless protocol for online communications that offers end-to-end encryption (E2EE) protections by making use of the Networking and Cryptography library ( NaCl , pronounced "salt") for encryption and authentication. "The binary found in the wild is a stripped but dynamic executable, making decompilation easier," researchers Siddharth Sharma and Nischay Hedge said . "The entire binary appears to be written in C, and has only statically linked the c-toxcore library." It's worth noting that c-toxcore is a reference implementation ofThe Hacker News
August 20, 2022
Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug Full Text
Abstract
Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers.BleepingComputer
August 15, 2022
Monero hard fork makes hackers’ favorite coin even more private Full Text
Abstract
Monero, the privacy-oriented decentralized cryptocurrency project, underwent a planned hard fork event on Saturday, introducing new features to boost its privacy and security.BleepingComputer
August 14, 2022
Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer Full Text
Abstract
Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. The 29-year-old individual is "suspected of involvement in concealing criminal financial flows and facilitating money laundering" through the service, the Dutch Fiscal Information and Investigation Service (FIOD) said in a statement. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife. "My husband didn't do anything illegal," she was quoted as saying. FIOD also alleged that "Tornado Cash has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams)." The agency, which initiated an investigation into Tornado Cash in June 2022, further hinted it may make more arrestsThe Hacker News
August 12, 2022
VileRAT Updated to Target More Cryptocurrency Exchanges Full Text
Abstract
According to the researchers from Securelist, DeathStalker has been updating the features of VileRAT through 2021, with the latest update observed in June 2022.Cyware Alerts - Hacker News
August 11, 2022
Hackers exploited crypto platform RenBridge to launder $540 mn Full Text
Abstract
More than half a billion dollars have been laundered in crypto assets originating from theft, fraud, ransomware and various other types of criminal activity since 2020, a new report has revealed.The Times Of India
August 08, 2022
deBridge Finance crypto platform targeted by Lazarus hackers Full Text
Abstract
Hackers suspected to be from the North Korean Lazarus group tried their luck at stealing cryptocurrency from deBridge Finance, a cross-chain protocol that enables the decentralized transfer of assets between various blockchains.BleepingComputer
August 07, 2022
North Korean hackers target crypto experts with fake Coinbase job offers Full Text
Abstract
A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry.BleepingComputer
July 26, 2022
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection Full Text
Abstract
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This uncovered a compromise of a theme file to inject malicious JavaScript code from a remote server -- hxxps://wm.bmwebm[.]org/auto.js -- that's loaded whenever the website's page is accessed. "Once decoded, the contents of auto.js immediately reveal the functionality of a cryptominer which starts mining when a visitor lands on the compromised site," Sucuri malware researcher Cesar Anjos said . What's more, the deobfuscated auto.js code makes use of WebAssembly to run low-level binary code directly on the browser. WebAssembly , which is supported by all major browsers, is a bThe Hacker News
July 26, 2022
TA4563 Uses Evilnum to Target Finance Industry Supporting Crypto Full Text
Abstract
TA4563 is once again targeting European financial and investment entities, especially those involved with cryptocurrency, foreign exchanges, and DeFi, with the Evilnum malware. As a method of testing the efficacy of the delivery methods, the updated version of Evilnum employs a diverse mix of ISO, ... Read MoreCyware Alerts - Hacker News
July 21, 2022
Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms Full Text
Abstract
The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software." Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks are said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the U.K. Active since 2018, Evilnum is tracked by the wider cybersecurity community using the names TA4563 and DeathStalker, with infectionThe Hacker News
July 19, 2022
Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users Full Text
Abstract
The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto...Security Affairs
July 19, 2022
WatchDog Adds Steganography in Cryptojacking Operations Full Text
Abstract
The XMRig miner was disguised as an image and hosted on compromised cloud storage (Alibaba Object Storage Service). This enabled the attackers to maintain low detection rates.Cyware Alerts - Hacker News
July 14, 2022
Crypto-mining Attacks Through Azure VMs and GitHub Actions Full Text
Abstract
Malicious actors are leveraging GitHub Actions (GHA) and Azure virtual machines (VMs) for cloud-based cryptocurrency mining. Over 1,000 repositories and 550 code samples were spotted abusing GitHub Actions to mine cryptocurrency. Due to this, the cost of electricity to the target organization incre ... Read MoreCyware Alerts - Hacker News
July 12, 2022
CuteBoi Cryptomining Campaign - 1,300 NPM Packages, 1,000 Automated User Accounts Full Text
Abstract
The packages contain almost identical source code, sourced from an existing package, named eazyminer. It is used to mine Monero by using unused resources on web servers.Cyware Alerts - Hacker News
July 12, 2022
Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM Full Text
Abstract
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat...Security Affairs
July 11, 2022
Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs Full Text
Abstract
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week. GitHub Actions ( GHAs ) is a continuous integration and continuous delivery (CI/CD) platform that allows users to automate the software build, test, and deployment pipeline. Developers can leverage the feature to create workflows that build and test every pull request to a code repository, or deploy merged pull requests to production. Both Linux and Windows runners are hosted on Standard_DS2_v2 virtual machines on Azure and come with two vCPUs and 7GB of memory. The Japanese comThe Hacker News
July 1, 2022
A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers Full Text
Abstract
Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group,...Security Affairs
June 27, 2022
Threat Actors Stole $100M in Crypto Assets From Harmony Full Text
Abstract
Harmony pointed out that the consensus layer of the Harmony blockchain remains secure. No steps have currently been taken by the hacker to anonymize ownership of these assets.Security Affairs
June 16, 2022
MetaMask, Phantom warn of flaw that could steal your crypto wallets Full Text
Abstract
MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it.BleepingComputer
June 15, 2022
Crypoto Wallet Apps Cloned to Steal Crypto Full Text
Abstract
Web3 users are being targeted under the SeaFlower operation that aims to infect users through imposter websites and SEO poisoning and black SEO techniques promoting fake crypto wallets. The attackers seem to be Chinese, according to hints such as the language of the comments in source code. To stay ... Read MoreCyware Alerts - Hacker News
June 13, 2022
Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users Full Text
Abstract
A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be uncovered," based on the macOS usernames, source code comments in the backdoor code, and its abuse of Alibaba's Content Delivery Network (CDN). "As of today, the main current objective of SeaFlower is to modify Web3 wallets with backdoor code that ultimately exfiltrates the seed phrase," Confiant's Taha Karim said in a technical deep-dive of the campaign. Targeted apps include Android and iOS versions of Coinbase Wallet, MetaMask, TokenPocket, and imToken. SeaFlower's modus operandi involves setting up cloned websites that act as a conduit to downloadThe Hacker News
June 13, 2022
Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto Full Text
Abstract
Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services.BleepingComputer
June 10, 2022
Hackers exploit recently patched Confluence bug for cryptomining Full Text
Abstract
A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers.BleepingComputer
June 5, 2022
Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club Full Text
Abstract
Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold...Security Affairs
June 4, 2022
Clipminer group rakes in $1.7 million in crypto hijacking Full Text
Abstract
The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions.The Register
June 04, 2022
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack Full Text
Abstract
Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam.BleepingComputer
June 03, 2022
WatchDog hacking group launches new Docker cryptojacking campaign Full Text
Abstract
The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.BleepingComputer
May 17, 2022
How cryptocurrencies enable attackers and defenders Full Text
Abstract
A rise in the popularity of cryptocurrency-based crime, doubled with a lack of regulation, has paved the way for cybercriminals to extort vast amounts of money from legitimate organizations.Tech Target
May 7, 2022
US Treasury sanctions cryptocurrency mixer Blender Full Text
Abstract
As a result, among other limitations, anyone in the United States or a US person can no longer do any business with Blender without special permission from the government.The Register
May 6, 2022
Crypto Scammers exploit talk on Cryptocurrency Full Text
Abstract
The modified live streams make the original video smaller and put a frame around it advertising malicious sites that it claims will double the amount of cryptocurrency you send them.McAfee
May 03, 2022
SEC ramps up fight on cryptocurrency fraud by doubling cyber unit Full Text
Abstract
The US Securities and Exchange Commission (SEC) announced today that it will almost double the Crypto Assets and Cyber Unit to ramp up the fight against cryptocurrency fraud to protect investors from "cyber-related threats."BleepingComputer
April 25, 2022
Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies Full Text
Abstract
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared with The Hacker News. "In other words, attackers could gain full control over the victim's wallets." Ever Surf is a cryptocurrency wallet for the Everscale (formerly FreeTON) blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens (NFTs). It's said to have an estimated 669,700 accounts across the world. By means of different attack vectors like malicious browser extensions or phishing links, the flaw makes it possible to obtain a wallet's encrThe Hacker News
April 22, 2022
Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud Full Text
Abstract
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign. "It runs an anonymous mining operation by the use of proxy pools, which hide the wallet addresses," CrowdStrike said in a new report. "It evades detection by targeting Alibaba Cloud's monitoring service and disabling it." Known to strike both Windows and Linux environments, LemonDuck is primarily engineered for abusing the system resources to mine Monero. But it's also capable of credential theft, lateral movement, and facilitating the deployment of additional payloads for follow-on activities. "It uses a wide range of spreading mechanisms — phishing emails, exploits, USB devices, brute force, among others — and it has shown that it can quickly take advantage of news, events, or the release of new exploits to run effective campaigns," Microsoft detailed in a technical write-up of the maThe Hacker News
April 18, 2022
US warns of Lazarus hackers using malicious cryptocurrency apps Full Text
Abstract
CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications.BleepingComputer
April 15, 2022
Cryptocurrency DeFi platforms are now more targeted than ever Full Text
Abstract
Hackers are increasingly targeting DeFi (Decentralized Finance) cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before.BleepingComputer
April 14, 2022
Rarible NFT Marketplace Flaw Could’ve Let Attackers Hijack Crypto Wallets Full Text
Abstract
Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token (NFT) marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. "By luring victims to click on a malicious NFT, an attacker can take full control of the victim's crypto wallet to steal funds," Check Point researchers Roman Zaikin, Dikla Barda, and Oded Vanunu said in a report shared with The Hacker News. Rarible, an NFT marketplace that enables users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users. "There is still a huge gap between, in terms of security, between Web2 and Web3 infrastructure," Vanunu, head of products vulnerabilities research at Check Point, said in a statement shared with The Hacker News. "Any small vulnerability can possibly allow cyber criminals to hijack crypto wallets behind the scenes. We are still in a stThe Hacker News
April 4, 2022
Mars Stealer’s Cryptomining Attack Campaign Targets OpenOffice Full Text
Abstract
Morphisec laid bare a new Mars Stealer campaign—abusing Google Ads ranking techniques—to lure Canadian users into downloading a malicious version of OpenOffice. A bug in the configuration instructions of the cracked version of Mars Stealer, which appears to be an honest mistake by the operators, gi ... Read MoreCyware Alerts - Hacker News
April 03, 2022
Fake Trezor data breach emails used to steal cryptocurrency wallets Full Text
Abstract
A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.BleepingComputer
March 31, 2022
A Blockchain Primer and a Bored Ape Headscratcher – Podcast Full Text
Abstract
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.Threatpost
March 31, 2022
DPRK hackers go after crypto assets using trojanized DeFi Wallet app Full Text
Abstract
Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors.BleepingComputer
March 29, 2022
$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack Full Text
Abstract
Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity 's Ronin network bridge. Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie...Security Affairs
March 25, 2022
Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users Full Text
Abstract
Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by impersonating Coinbase, imToken, MetaMask, Trust Wallet, Bitpie, TokenPocket, or OneKey," said Lukáš Štefanko, senior malware researcher at ESET in a report shared with The Hacker News. The wallet services are said to have been distributed through a network of over 40 counterfeit wallet websites that are promoted with the help of misleading articles posted on legitimate Chinese websites, as well as by means of recruiting intermediaries through Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps. ESET, which has been tracking the campaign since May 2021, attributed it to the work of a single criminal group. The trojanized crThe Hacker News
March 7, 2022
Coinbase blocked 25,000 crypto addresses linked to Russian individuals and entities Full Text
Abstract
Coinbase announced that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities. The popular cryptocurrency exchange Coinbase announced today that it's blocking access to more than 25,000 blockchain...Security Affairs
March 07, 2022
Coinbase blocks over 25,000 Russian-linked crypto addresses Full Text
Abstract
Coinbase, one of the most popular cryptocurrency exchange platforms, announced today that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities.BleepingComputer
February 21, 2022
Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network Full Text
Abstract
The malicious actor can have a coinminer masquerade itself as a legitimate app, trick susceptible users into running it on their systems, and just wait for the profits to roll in.Trend Micro
February 14, 2022
Asian Cloud Service Providers Face Threats from CoinStomp Cryptominer Full Text
Abstract
Researchers have uncovered a cryptojacking malware named CoinStomp that is targeting Asian cloud service providers. To prevent forensic actions against itself, the malware tries to tamper with Linux server cryptographic policies. The use of such techniques indicates that attackers a ... Read MoreCyware Alerts - Hacker News
February 8, 2022
US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack Full Text
Abstract
The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack. Law enforcement Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder...Security Affairs
February 07, 2022
Google Cloud hypervisor modified to detect cryptominers without agents Full Text
Abstract
Google has announced the public preview of a new Virtual Machine Threat Detection (VMTD) system that can detect cryptocurrency miners and other malware without the need for software agents.BleepingComputer
February 04, 2022
Wormhole restores stolen $326 million after major crypto bailout Full Text
Abstract
Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week's crypto hack, thanks to a major bailout.BleepingComputer
February 3, 2022
Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist Full Text
Abstract
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it’s-not-saying. Wormhole is trying to negotiate with the attacker.Threatpost
February 3, 2022
Hackers Abuse Vulnerability in Smart Contracts Cryptocurrency Platform Wormhole Full Text
Abstract
The attack took place earlier today and impacted Wormhole Portal, a web-based application—also known as a blockchain “bridge”—that allows users to convert one form of cryptocurrency into another.The Record
February 3, 2022
Wormhole cryptocurrency platform hacked, crooks stole $326 million, the second-biggest hack of a DeFi platform Full Text
Abstract
Threat actors have stolen $325 million in cryptocurrency leveraging a bug in the Wormhole communication bridge. Wormhole, one of the most popular bridges that links the Ethereum and Solana blockchains, lost about $325 million in an attack that took...Security Affairs
February 02, 2022
Wormhole cryptocurrency platform hacked to steal $326 million Full Text
Abstract
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency.BleepingComputer
February 02, 2022
Wormhole platform hacked to steal $326 million in crypto Full Text
Abstract
Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency.BleepingComputer
January 25, 2022
Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin Full Text
Abstract
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.Threatpost
January 21, 2022
Amazon fake crypto token investment scam steals Bitcoin from victims Full Text
Abstract
Cybersecurity researchers from Akamai Technologies outlined a new, fraudulent campaign that leverages Amazon's name to promote a fraudulent "Amazon to create its own digital token" scheme.ZDNet
January 20, 2022
New BHUNT Stealer targets cryptocurrency wallets Full Text
Abstract
Researchers spotted a new evasive cryptocurrency stealer named BHUNT that targets a list of wallets and implements multiple data-stealing capabilities. Bitdefender discovered a new evasive cryptocurrency stealer stealer dubbed BHUNT that is able...Security Affairs
January 20, 2022
Cheap malware is behind a rise in attacks on cryptocurrency wallets Full Text
Abstract
Cryptocurrency has long been a popular target for organized cybercriminals, whether stealing it outright from cryptocurrency exchanges, or demanding it as an extortion payment in ransomware attacks.ZDNet
January 18, 2022
A small number of Crypto.com users reported suspicious activity on their wallet Full Text
Abstract
Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) from their wallets. Several Crypto.com users reported suspicious transactions that stole thousands of dollars in Ethereum (ETH) despite their...Security Affairs
January 14, 2022
Be Warned of this Evolving Cryptomining Malware Full Text
Abstract
An ongoing cryptomining campaign, dubbed Autom, has come to light that boasts of new defense evasion tactics. In 2020, cybercriminals were evading defense by bypassing security features, but started using an obfuscating script in 2021. It has claimed over 125 victims so far.Cyware Alerts - Hacker News
January 14, 2022
BlueNoroff Threat Group Targets Cryptocurrency Startups Full Text
Abstract
BlueNoroff, an advanced persistent threat (APT) group that's part of the larger Lazarus Group associated with North Korea, is behind a series of attacks against small and medium-sized companies that have led to serious cryptocurrency losses.Dark Reading
January 6, 2022
North Korean Attackers’ Peculiar Interest in Cryptocurrency Full Text
Abstract
Experts claimed that state-backed North Korean hackers have stolen nearly $1.7 billion worth of cryptocurrency from various exchanges in the past five years. Federal prosecutors from the U.S. believe that the Government of North Korea regards cryptocurrency as a long-term investment. Crypto exchang ... Read MoreCyware Alerts - Hacker News
January 05, 2022
Crypto platform ARBIX flagged as a rugpull, transfers $10 million Full Text
Abstract
Arbix Finance, an audited and supposedly trustworthy yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency.BleepingComputer
January 2, 2022
Crypto security breaches cause $4.25 billion losses worth of cryptos in 2021 Full Text
Abstract
According to a report published by Invezz, the number of crypto security breaches increased by up 850% in the last decade. The cyberattacks against the cryptocurrency industry are a profitable business for threat actors, according to the experts,...Security Affairs
December 29, 2021
Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics Full Text
Abstract
An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years. That said, 125 attacks have been spotted in the wild in the third quarter of 2021 alone, signaling that the attacks have not slowed down. Initial attacks involved executing a malicious command upon running a vanilla image named "alpine:latest" that resulted in the download of a shell script named "autom.sh." "Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the official iThe Hacker News
December 28, 2021
Washington grapples with how to expand crypto oversight Full Text
Abstract
The cryptocurrency explosion has forced Washington to adapt federal financial rules to a quickly growing and changing industry.The Hill
December 26, 2021
‘Spider-Man: No Way Home’ used to spread a cryptominer Full Text
Abstract
Threat actors attempted to take advantage of the interest in the new ' Spider-Man: No Way Home' movie to spread a Monero Cryptominer. Threat actors are attempting to capitalize the interest in the release of Spider-Man: No Way Home movie and use it as bait...Security Affairs
December 13, 2021
Cryptocurrency Exchange AscendEX Discloses Hacking Incident Involving Illicit Transactions from Hot Wallets Full Text
Abstract
The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million.Yahoo! Finance
December 07, 2021
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices Full Text
Abstract
Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the total CPU usage," the Taiwanese company said in an alert. "This process mimics a kernel process but its [process identifier] is usually greater than 1000." QNAP said it's currently investigating the infections, but did not share more information on the initial access vector that's being used to compromise the NAS devices. Affected users can remove the malware by restarting the appliances. In the interim, the company is recommending that users update their QTS (and QuTS Hero) operating systems to the latest version, enforce strong passwords for administrThe Hacker News
December 7, 2021
Bitcoin Miner [oom_reaper] targets QNAP NAS devices Full Text
Abstract
Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Upon compromising the devices,...Security Affairs
December 7, 2021
QNAP warns of new crypto-miner targeting its NAS devices Full Text
Abstract
Taiwanese hardware vendor QNAP has released a new security advisory today warning users that a new strain of crypto-mining malware is targeting its network-attached storage (NAS) devices.The Record
December 07, 2021
Twitter bots pose as support staff to steal your cryptocurrency Full Text
Abstract
Scammers monitor every tweet containing requests for support on MetaMask, TrustWallet, and other popular crypto wallets, and respond to them with scam links in just seconds.BleepingComputer
December 06, 2021
Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets Full Text
Abstract
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed " CryptBot ," is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing screenshots from the infected systems. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico. KMSPico is an unofficial tool that's used to illicitly activate the full features of pirated copies of software such as Microsoft Windows and Office suite without actually owning a license key. "The user becomes infected by clicking one of the malicious links and downloading either KMSPico, Cryptbot, or another malware without KMSPico," Red Canary researcher Tony Lambert said in a report published last week. "The adversariesThe Hacker News
December 6, 2021
Crypto-Exchange BitMart to Pay Users for $200M Theft Full Text
Abstract
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it’s closer to $200 million.Threatpost
December 6, 2021
Malicious Version of KMSPico Windows Activator Used to Steal Users’ Cryptocurrency Wallets Full Text
Abstract
Red Canary noted that it’s not just individuals who use KMSPico to fraudulently activate Windows as it has also noticed various IT departments using the tool which makes it a big threat in such cases.Neowin
December 5, 2021
Tor2mine Cryptominer Evolves to Pose a Bigger Threat Full Text
Abstract
Tor2Mine, a cryptominer which has been under active development since 2019, uses a PowerShell script to disable anti-malware solutions, deploy the payload, and steal Windows credentials.Cyware Alerts - Hacker News
December 01, 2021
Hacker Jailed for Stealing Millions of Dollars in Cryptocurrencies by SIM Hijacking Full Text
Abstract
A sixth member associated with an international hacking group known as The Community has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was sentenced to 10 months in prison and ordered to pay an amount totaling $121,549.37 in restitution. SIM swapping , also called SIM hijacking, refers to an identity theft scheme wherein malicious parties persuade phone carriers into porting their victims' cell services to SIM cards under their control, often facilitated by bribing an employee of a mobile phone provider or by contacting the service provider's customer support by posing as the victim and requesting that the phone number be swapped to a SIM card operated by the group. The goal is to leverage the phone numbers as a gateway to hijack difThe Hacker News
November 26, 2021
Threat actors target crypto and NFT communities with Babadeda crypter Full Text
Abstract
Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT),...Security Affairs
November 23, 2021
Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast Full Text
Abstract
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.Threatpost
November 23, 2021
Babadeda Crypter Targets Cryptocurrency, NFT, and DeFi Communities Through Discord Full Text
Abstract
The crypter that this campaign uses, dubbed Babadeda (a Russian language placeholder used by the crypter which translates to “Grandma-Grandpa”), is able to bypass signature-based antivirus solutions.Morphisec
November 16, 2021
These are the cryptomixers hackers use to clean their ransoms Full Text
Abstract
Cryptomixers have always been at the epicenter of cybercrime activity, allowing hackers to "clean" cryptocurrency stolen from victims and making it hard for law enforcement to track them.BleepingComputer
November 15, 2021
Cybercriminals Target Alibaba Cloud for Cryptomining, Malware Full Text
Abstract
Malicious groups disable features in Alibaba Cloud ECS instances for Monero cryptojacking, according to Trend Micro researchers.Threatpost
November 15, 2021
Alibaba ECS instances actively hijacked by cryptomining malware Full Text
Abstract
Threat actors are hijacking Alibaba Elastic Computing Service (ECS) instances to install cryptominer malware and harness the available server resources for their own profit.BleepingComputer
November 9, 2021
Scammers on a Crypto Stealing Frenzy Full Text
Abstract
Cryptocurrency has recently gained huge popularity among netizens. However, this has also drawn cybercriminals to various crypto platforms and their users for malicious intents and purposes.Cyware Alerts - Hacker News
November 9, 2021
TeamTNT Abusing Exposed Docker Rest APIs for Launching Cryptomining Attacks Full Text
Abstract
The compromised Docker Hub registry accounts were being used to host malicious images and were an active part of botnets and malware campaigns that abused the Docker REST API.Trend Micro
November 6, 2021
Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform Full Text
Abstract
DeFi platforms are a privileged target for crooks, threat actors have stolen $55 million from bZx DeFi platform. Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance...Security Affairs
November 5, 2021
Google Ads for Faux Cryptowallets Net Scammers At Least $500K Full Text
Abstract
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.Threatpost
November 04, 2021
Crypto investors lose $500,000 to Google Ads pushing fake wallets Full Text
Abstract
Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency.BleepingComputer
November 03, 2021
Alleged Twitter hacker charged with theft of $784K in crypto via SIM swaps Full Text
Abstract
The US Department of Justice has indicted a suspected Twitter hacker known as 'PlugWalkJoe' for also stealing $784,000 worth of cryptocurrency using SIM swap attacks.BleepingComputer
November 1, 2021
Squid Game Cryptocurrency exit scam! Operators made $2.1 Million Full Text
Abstract
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million just after a week...Security Affairs
October 28, 2021
German investigators identify crypto millionaire behind REvil operations Full Text
Abstract
German authorities have identified a Russian man named Nikolay K. who is suspected to be a prominent member of the REvil ransomware gang. REvil ransomware gang is one of the most successful ransomware operations, the group and its affiliated hit hundreds...Security Affairs
October 21, 2021
Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices Full Text
Abstract
Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named okhsa , klow , and klown — were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the " User-Agent " HTTP header. But unbeknownst to the victims who imported them, the author hid cryptocurrency mining malware inside the libraries. The bad actor's NPM account has since been deactivated, and all the three libraries, each of which were downloaded 112, 4, and 65 times respectively, have been removed from the repository as of October 15, 2021. Attacks involving the three libraries worked by detecting the current operating system, before proceeThe Hacker News
October 21, 2021
Cryptomining Malware Found Hidden Inside Three Libraries on Official NPM Package Repository Full Text
Abstract
The names of the three npm packages were klow, klown, and okhsa. The packages were live only for a day, on October 15. The final payloads (cryptominers) could be run on Windows or Linux platforms.The Record
October 16, 2021
$5.2 billion in BTC transactions tied to top 10 ransomware variants: US Treasury Full Text
Abstract
FinCen said the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020.ZDNet
October 15, 2021
NFT Marketplace OpenSea Patches Flaw Potentially Leading to Cryptocurrency Theft Full Text
Abstract
OpenSea, the world’s largest NFT marketplace, has addressed a security vulnerability that could have allowed hackers to hijack user accounts and empty their crypto wallets with the help of maliciously crafted NFTs (non-fungible tokens).Security Week
October 15, 2021
US links $5.2 billion worth of Bitcoin transactions to ransomware Full Text
Abstract
The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.BleepingComputer
October 13, 2021
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances Full Text
Abstract
Cybercriminals exploited bugs in the world’s largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.Threatpost
October 11, 2021
Huawei Cloud targeted by updated cryptomining malware Full Text
Abstract
A new version of a 2020 crypto-mining malware that was previously targeting Docker containers has now been spotted focusing on new cloud service providers like the Huawei Cloud.BleepingComputer
October 08, 2021
Democrats urge federal agencies to address use of cryptocurrencies for ransomware payments Full Text
Abstract
A group of Democrats on Friday urged the Biden administration to do more to confront the growing use of cryptocurrency markets in ransomware attacks, which have become an increasing national security threat over the past year.The Hill
October 5, 2021
Oops! Compound DeFi Platform Gives Out $90M, Would Like it Back, Please Full Text
Abstract
The Compound cryptocurrency exchange accidentally botched a platform upgrade and distributed millions in free COMP tokens to users – then threatened to dox the recipients.Threatpost
October 2, 2021
Threat actors exploit a flaw in Coinbase 2FA to steal user funds Full Text
Abstract
Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system...Security Affairs
October 2, 2021
Coinbase says hackers stole cryptocurrency from at least 6,000 customers Full Text
Abstract
Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.Reuters
October 01, 2021
Crypto platform mistakenly gives $90M to users, asks for refund Full Text
Abstract
In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder.BleepingComputer
October 01, 2021
Hackers rob thousands of Coinbase customers using MFA flaw Full Text
Abstract
Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature.BleepingComputer
September 28, 2021
Ukraine takes down call centers behind cryptocurrency investor scams Full Text
Abstract
The Security Service of Ukraine (SBU) has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency and stock market investors worldwide.BleepingComputer
September 27, 2021
Senators aim to increase oversight of cryptocurrency mining with new bill Full Text
Abstract
Sens. Maggie Hassan (D-N.H.) and Joni ErnstJoni Kay ErnstOvernight Defense & National Security — Presented by AM General — Afghan evacuation still frustrates Bipartisan momentum builds for war on terror memorial GOP senators unveil bill designating Taliban as terrorist organization MORE (R-Iowa) introduced legislation Monday intended to increase oversight of cryptocurrency mining overseas.The Hill
September 27, 2021
Ethereum dev admits to helping North Korea evade crypto sanctions Full Text
Abstract
Cryptocurrency expert Virgil Griffith pled guilty today to assisting the Democratic People's Republic of Korea in evading U.S. sanctions by conspiring to violate the International Emergency Economic Powers Act (IEEPA) and Executive Order 13466.BleepingComputer
September 27, 2021
Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency Full Text
Abstract
A malicious Firefox add-on named "Safepal Wallet" lived on the Mozilla add-ons site for seven months and scammed users by emptying out their wallets. Safepal is a cryptocurrency wallet application capable of securely storing a variety of crypto assets, including Bitcoin, Ethereum, and Litecoin.BleepingComputer
September 22, 2021
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts Full Text
Abstract
The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.Threatpost
September 21, 2021
US sanctions cryptocurrency exchange used by ransomware gangs Full Text
Abstract
The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.BleepingComputer
September 21, 2021
Treasury sanctions cryptocurrency exchange for facilitating ransomware payments Full Text
Abstract
The Treasury Department on Tuesday announced a set of actions designed to crack down on ransomware attack payments following a major uptick in cases in recent months against U.S. companies.The Hill
September 21, 2021
Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage Full Text
Abstract
The cryptomining trojan z0Miner has been taking advantage of Atlassian’s Confluence remote code execution (RCE) vulnerability assigned as CVE-2021-26084, which was disclosed by Atlassian in August.Trend Micro
September 18, 2021
Treasury to issue new cryptocurrency sanctions after ransomware attacks Full Text
Abstract
The Biden administration is preparing to issue a series of actions, including sanctions, to make it more difficult for hackers to profit off of ransomware attacks through the use of digital currency.The Verge
September 17, 2021
U.S. to sanction crypto exchanges, wallets used by ransomware Full Text
Abstract
The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money.BleepingComputer
September 16, 2021
Financial Cybercrime: Following Cryptocurrency via Public Ledgers Full Text
Abstract
John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.Threatpost
September 16, 2021
Senator calls on agencies to take action to prevent criminal cryptocurrency use Full Text
Abstract
Sen. Maggie Hassan (D-N.H.) on Thursday raised concerns around the use of cryptocurrency for criminal means, pressing key federal agencies to take action.The Hill
September 13, 2021
County I.T. Supervisor Mined Bitcoin at the Office, Prosecutors Say Full Text
Abstract
A Long Island man was charged on Wednesday with using his position as an I.T. supervisor for Suffolk County to mine cryptocurrency from government offices, costing the county thousands of dollars in electricity.New York Times
September 9, 2021
Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’ Full Text
Abstract
John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.Threatpost
September 07, 2021
Jenkins project’s Confluence server hacked to mine Monero Full Text
Abstract
Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project.BleepingComputer
September 02, 2021
Atlassian Confluence flaw actively exploited to install cryptominers Full Text
Abstract
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.BleepingComputer
September 1, 2021
Cryptocurrency payments to scams outpace ransomware jackpots in Eastern Europe, Chainalysis finds Full Text
Abstract
Between December 2019 and August 2021, users sent over $1.5 billion worth of bitcoin to Finiko, a Russia-based Ponzi-scheme whose founders are under arrest or have fled Russia.Cyberscoop
August 31, 2021
Coinbase seeds panic among users with erroneous 2FA change alerts Full Text
Abstract
Coinbase, the world's second largest cryptocurrency exchange with approximately 68 million users from over 100 countries, has scared a significant amount of its users with erroneous 2FA warnings.BleepingComputer
August 31, 2021
Threat actors stole $29 million worth of crypto assets from Cream Finance Full Text
Abstract
Crooks have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi)...Security Affairs
August 24, 2021
Fake OpenSea support staff are stealing cryptowallets and NFTs Full Text
Abstract
OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs.BleepingComputer
August 19, 2021
Liquid cryptocurency exchange loses over $90 million following hack Full Text
Abstract
Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets.BleepingComputer
August 18, 2021
Docker Images Harnessed to Harvest Cryptocurrency Full Text
Abstract
A crypto mining scheme deployed five malicious Docker images on Docker Hub to hijack computing resources to mine cryptocurrency. These containers are not being managed by an attacker directly, although there's a script at the entry point that runs an automated attack. Organizations are recomme ... Read MoreCyware Alerts - Hacker News
August 12, 2021
Ukraine shuts down money laundering cryptocurrency exchanges Full Text
Abstract
The Security Service of Ukraine (SBU) took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021.BleepingComputer
August 11, 2021
Hacker behind biggest cryptocurrency heist ever returns stolen funds Full Text
Abstract
The threat actor who hacked Poly Network's cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.BleepingComputer
August 11, 2021
XMRig-based Cryptomining Worm with 15% Speed Boost Full Text
Abstract
A new variant of the Golang crypto-worm has been found dropping Monero-mining malware on targeted machines. The crypto-worm is based on XMRig and abuses known web server vulnerabilities. It has the ability to speed up the mining process by 15%.Cyware Alerts - Hacker News
August 11, 2021
Crypto Hack Earned Crooks $600 Million Full Text
Abstract
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.Threatpost
August 11, 2021
$600M in digital tokens lost in hack of cryptocurrency site Full Text
Abstract
A cryptocurrency platform has lost around $600 million in digital tokens in a hacking attack believed to be one the largest ever thefts in the cryptocurrency market.The Hill
August 10, 2021
Over $600 million reportedly stolen in cryptocurrency hack Full Text
Abstract
Over $611 million have reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.BleepingComputer
August 09, 2021
Senators reach bipartisan deal on cryptocurrency amendment Full Text
Abstract
Republican Sens. Pat Toomey (Pa.) and Cynthia LummisCynthia Marie LummisThe Senate should support innovation and pass the Lummis-Wyden-Toomey amendment The "compromise" crypto amendment is no compromise at all Hillicon Valley: Cryptocurrency clash complicate's infrastructure bill's path forward | FTC hits Facebook over 'inaccurate' explanation for banning researchers | Yelp to allow filtering for business requiring vaccination MORE (Wyo.) said an amendment to the infrastructure bill that would redefine who falls subject to cryptocurrency regulation requirements will be brought for a unanimous consent vote on Monday afternoon after a group of bipartisan senators and the Treasury Department came to an agreement.The Hill
August 9, 2021
Cinobi Banking Trojan Targets Japanese Cryptocurrency Exchange Users via Malvertising Campaign Full Text
Abstract
The malicious app abused sideloading flaws to load and start the Cinobi banking trojan. This is a new campaign from Water Kappa that is aimed at users of web browsers other than Internet Explorer.Trend Micro
August 6, 2021
Golang Cryptomining Worm Offers 15% Speed Boost Full Text
Abstract
The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.Threatpost
August 5, 2021
Cryptominer ELFs Using MSR to Boost Mining Process Full Text
Abstract
The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver. By UPTYCS THREAT RESEARCH Original research by Siddarth Sharma The Uptycs Threat Research...Security Affairs
August 4, 2021
Misconfigured Apache Hadoop YARN Exploited for Cryptomining Full Text
Abstract
A recent report has revealed that cybercriminals are taking advantage of misconfigured Apache Hadoop YARN. The report includes details about payload delivery, attack tactics, and basic security advice. Experts highlight that disabling the targeted system’s protection offered by cloud services has b ... Read MoreCyware Alerts - Hacker News
July 25, 2021
Crooks target Kubernetes installs via Argo Workflows to deploy miners Full Text
Abstract
Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying...Security Affairs
July 23, 2021
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows Full Text
Abstract
Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters.BleepingComputer
July 19, 2021
Researchers Warn of Linux Cryptojacking Attackers Operating from Romania Full Text
Abstract
A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed " Diicot brute ," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to facilitate the intrusions, Bitdefender researchers said in a report published last week. While the goal of the campaign is to deploy Monero mining malware by remotely compromising the devices via brute-force attacks, the researchers connected the gang to at least two DDoS botnets, including a Demonbot variant called chernobyl and a Perl IRC bot , with the XMRig mining payload hosted on a domain named mexalz[.]us since February 2021. The Romanian cybersecurity technology company said it began its investigation into the group's cyber activities in May 2021, leading to the suThe Hacker News
July 15, 2021
Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting Full Text
Abstract
Thousands of PlayStation 4 gaming consoles have been seized by Ukraine's Security Service after their discovery in an old warehouse, used to illicitly mine for cryptocurrency.ZDNet
July 14, 2021
Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine Full Text
Abstract
Ukrainian cops seize PlayStation 4 consoles, graphics cards, processors and more in cryptomining sting involving alleged electricity theft.Threatpost
July 14, 2021
Linux-Focused Cryptojacking Gang Tracked to Romania Full Text
Abstract
The gang is using a new brute-forcer – “Diicot brute” – to crack passwords on Linux-based machines with weak passwords.Threatpost
July 7, 2021
Cloud Cryptomining Swindle in Google Play Rakes in Cash Full Text
Abstract
At least 25 apps have lured in tens of thousands of victims with the promise of helping them cash in on the cryptomining craze.Threatpost
July 5, 2021
Bitcoin cyber attacks surge following rising demand and increasing price of bitcoin Full Text
Abstract
Phishing impersonations and business email compromise (BEC) attacks designed to steal victims’ bitcoin surged by 192% between October 2020 and May 2021, according to analysis by Barracuda Networks.Help Net Security
June 28, 2021
Six typosquatting packages in PyPI repository laced with crypto miner Full Text
Abstract
Researchers discovered six rogue packages in the official Python programming language’s PyPI repository containg cryptocurrency mining malware. Experts from security firm Sonatype have uncovered six typosquatting packages in the official Python...Security Affairs
June 27, 2021
Crackonosh Monero miner made $2M after infecting 222,000 Win systems Full Text
Abstract
Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that...Security Affairs
June 24, 2021
Malicious Cryptominers Target Software Repositories to Burn a Hole in Your Wallet Full Text
Abstract
Sonatype researchers have recently discovered malicious packages in PyPI, a software code repository, that turns developers’ workstations into cryptomining machines.Cyware Alerts - Hacker News
June 24, 2021
Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising Full Text
Abstract
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.Threatpost
June 22, 2021
Cryptominers Slither into Python Projects in Supply-Chain Campaign Full Text
Abstract
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.Threatpost
June 22, 2021
Malicious PyPI packages hijack dev devices to mine cryptocurrency Full Text
Abstract
This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.BleepingComputer
June 16, 2021
Criminals are mailing altered Ledger devices to steal cryptocurrency Full Text
Abstract
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.BleepingComputer
June 16, 2021
Cryptocurrency and Ransomware Attacks - What’s the Connection? Full Text
Abstract
Cryptocurrencies are an extortionist’s dream come true. It is very difficult to trace adversaries based on bitcoin addresses. Moreover, bitcoin has become essential on the dark web as it is easy to acquire and use.Cyware Alerts - Hacker News
June 12, 2021
Fresh Crypto Attacks Targeting Kubernetes Clusters Full Text
Abstract
Microsoft is warning against a new adversarial campaign that attempts to hijack Azure’s machine learning infrastructure to deploy cryptomining workloads. The recent attacks show how cybercriminals are increasingly targeting Kubernetes clusters and their surrounding ecosystem.Cyware Alerts - Hacker News
June 10, 2021
Microsoft: Big Cryptomining Attacks Hit Kubeflow Full Text
Abstract
Misconfigured dashboards are yet again at the heart of a widespread, ongoing cryptocurrency campaign squeezing Monero and Ethereum from Kubernetes clusters.Threatpost
June 10, 2021
Microsoft: ML infrastructure under atack from cryptomining gangs again Full Text
Abstract
Microsoft said it detected a new malicious campaign that is hijacking Azure infrastructure typically used for machine learning operations in order to deploy cryptocurrency mining workloads.The Record
June 9, 2021
How to Start Disrupting Cryptocurrencies: “Mining” Is Money Transmission Full Text
Abstract
Making cryptocurrency mining illegal won’t stop all mining, but it will seriously disrupt it.Lawfare
June 9, 2021
Crypto-mining campaign targets Kubeflow installs on a large scale Full Text
Abstract
Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that...Security Affairs
June 09, 2021
Microsoft warns of cryptomining attacks on Kubernetes clusters Full Text
Abstract
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning (ML) instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.BleepingComputer
June 07, 2021
Hands on with Norton antivirus Ethereum mining: The good and the bad Full Text
Abstract
Last week, NortonLifelock announced that the Norton 360 antivirus suite would soon be able to mine Ethereum cryptocurrency while the computer is idle. In this article, we go hands-on with the new 'Norton Crypto' feature to show what's good about it and what's bad.BleepingComputer
June 7, 2021
Russian cybercrime forums launch contests for cryptocurrency hacks Full Text
Abstract
Cybercriminals in Russian underground forums have been invited to take part in competitions for hacking cryptocurrency and NFT. Several Russian underground forums have launched competitions for hacking cryptocurrency schema and Non-fungible token...Security Affairs
June 4, 2021
Cryptoscammers target ICO investors in Discord Full Text
Abstract
Following the helicopter money and fake cryptocurrency exchange scams, the Discord scam saga continues, this time with cybercriminals targeting online ICO investor communities.Kaspersky Lab
June 4, 2021
NFTs Give Rise to New Crypto-Security Risks Full Text
Abstract
In a very short time, NFTs have gained huge popularity and have become one of the most promising utilizations of blockchain technology. However, they come with significant security risks.Cyware Alerts - Hacker News
June 02, 2021
Norton 360 antivirus now lets you mine Ethereum cryptocurrency Full Text
Abstract
NortonLifelock has added the ability to mine Ethereum cryptocurrency directly within its Norton 360 antivirus program as a way to "protect" users from malicious mining software.BleepingComputer
June 2, 2021
$280 million stolen per month from crypto transactions Full Text
Abstract
CyberNews researchers found that front-runners are abusing decentralized cryptocurrency exchanges by draining hundreds of millions in crypto from trader transactions on the Ethereum network. Unsuspecting traders can lose as much as $280 million to front-runners...Security Affairs
June 2, 2021
Cryptojacking - The Most Common Cloud Threat Full Text
Abstract
Misconfigured Docker daemon is a well-known security issue. Palo Alto Networks deployed a honeypot mimicking a misconfigured Docker daemon and found that three-fourth of attacks were cryptojacking attacks.Cyware Alerts - Hacker News
May 27, 2021
The Ransomware Problem Is a Bitcoin Problem Full Text
Abstract
The best way to deal with this new era of big-game ransomware will involve not just securing computer systems or prosecuting criminals, but disrupting the one payment channel capable of moving millions at a time outside of money laundering laws: Bitcoin and other cryptocurrencies.Lawfare
May 20, 2021
#RSAC: The Security Risks of Cryptocurrency Full Text
Abstract
While it's not likely that cryptocurrency will replace the US dollar as a reserve currency in the short term, RSA Conference session details cryptocurrency security risks and mitigationsInfosecurity Magazine