Crypto exchanges becoming too challenging for North Korean hackers

Cryptocurrency exchanges are getting better at protecting their assets. Security has improved greatly this year, making it more difficult for thieves to break in and steal crypto. Those efforts have resulted in the mindless cyber thugs out of North Korea to give up on attacking the exchanges, going after individuals, instead.

As reported by the South China Morning Post, the number of crypto attacks on individuals has risen substantially in the past several months. The news outlet talked to the CEO of South Korea-based Cuvepia, a cybersecurity firm, who indicated that the company had recently uncovered more than 30 attacks. He added that it’s possible that a number of attacks have not been caught, which could put the actual number of heists or attempted heists at more than 100.

The founder of cyber warfare research company IssueMakersLab, Simon Choi, adds that the transition to individual attacks is a direct response to heightened security on the exchanges. He adds, “Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”

Choi explains that the majority of the attacks have been conducted against wealthy South Korean citizens because “[the hackers] believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”

Another cybersecurity analyst, FireEye’s Luke McNamara, also pointed out that “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges. He states that “when [the hackers] understand and know the targets” then “they are able to craft lures specific to those organisations or entities.”

There have been indications that the hacks aren’t just being led by crooks simply looking for an easy payday. Reports started circulating a couple of weeks ago that the North Korean regime could be behind the attacks. As sanctions create a weaker government, North Korea government officials could be turning to thievery, crypto money laundering and initial coin offerings (ICOs) in order to attract funds to continue keeping the citizens under control and to line their own pockets.

The post Crypto exchanges becoming too challenging for North Korean hackers appeared first on Coingeek.

Read More

Zaif crypto exchange completes transfer to buyer Fisco

Japanese cryptocurrency exchange Zaif has completed the handover of its business to Fisco Cryptocurrency Exchange, just a matter of weeks after the company was hacked resulting in losses in excess of $60 million.

The development means those still waiting to get money from the failed exchange will now be entitled to do so from the new owners Fisco Cryptocurrency Exchange, following their high profile bailout of the firm, according to a CoinTelegraph Japan report.

The handover was arranged in a bid to save Zaif after the firm was unable to compensate clients affected by the hack. As a result, many have been left out of pocket with little hope of recovering any of their lost funds until now.

Compensation proceedings are expected to begin this November, as the buyers look to address the losses suffered by those trading through the exchange at the time of the hack.

The completion of the sale and transfer of the Zaif business from parent company Tech Bureau concludes an embarrassing episode for the exchange, which was financially crippled in the wake of the hack.

For the time being, both deposits and withdrawals from the Zaif exchange remain in lockdown, with investors unable to get their hands on their money.

Following the transfer, Tech Bureau said it plans to dissolve the company and move away from its interests in the cryptocurrency sector. It declared, “We will abolish the registration of our virtual currency exchange and plan to dissolve.”

The hack was blamed on inadequate security at Zaif, as well as a lack of effective regulatory structures in Japan at the time. At the time of the hack, Zaif was the 37th largest cryptocurrency exchange in the world by volume.

Following the hack of the Zaif exchange, and the high profile hack of exchange Coincheck which saw some $534 million lost to hackers, Japanese regulators have taken significant steps to tighten the compliance burden on new and existing market players.

Nevertheless, these cases show the risks faced by cryptocurrency exchanges who fail to take adequate security measures to deter crypto scammers and hackers.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Zaif crypto exchange completes transfer to buyer Fisco appeared first on Coingeek.

Read More

Silicon Valley exec loses $1 million in SIM card hack

SIM card scams are becoming a major issue. This past July, a Californian man barely out of his teens was arrested for his involvement in a theft ring that stole over $5 million through the scheme. The subject of SIM card frauds has been a hot issue with regulators over the past couple of weeks as more cases are being seen. Now, another victim of the scam has surfaced, revealing that he lost over $1 million to SIM card thieves.

Robert Ross is an angel investor out of San Francisco whose main focus is on initial coin offering (ICO) presales. According to an article in the New York Post, his cell phone was stolen, resulting in a swap of his SIM card that allowed a thief to steal $500,000 from two accounts he held on the Gemini and Coinbase exchanges. He had been saving the money so he could send his daughters to college.

In a SIM swap scam, a fraudster gains access to personal data of the holder of a particular phone number. The phone number can be found on a business card, social media or one of a number of other sources. Having the phone number and personal data in hand, the thief will then contact the service provider and report a “lost” phone, tracking the provider into assigning the victim’s phone number to a new phone and a new SIM. Then, using two-factor identification that is common today, the fraudster is able to gain access to a variety of accounts.

The thief in Ross’s case was eventually caught and identified as Nicholas Truglia, a 21-year-old con artist out of New York. He was found to have attempted to conduct a number of hacks of other executives, but those attempts were unsuccessful. Truglia now faces 21 different charges, including fraud, embezzlement, identity theft and attempted grand theft auto. However, the problem isn’t going to go away anytime soon.

According to Erin West, Santa Clara Superior Court deputy district attorney, “It’s a new way of doing an old crime. It’s a pervasive problem, and it involves millions of dollars […] You’re sitting in your home, your phone is in front of you, and you suddenly become aware there is no service because the bad guy has taken control of your phone number.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Silicon Valley exec loses $1 million in SIM card hack appeared first on Coingeek.

Read More

South Korea arrests five over crypto malware

The South Korean National Police Agency’s Cyber Bureau, in conjunction with local police, have arrested five cyber punks who were behind a hacking effort that targeted well over 6,000 computers. According to a joint statement by the law enforcement offices, the thieves had installed cryptocurrency mining malware on the computers through a mass email blast, which was ultimately received by 32,435 addresses. With a little luck, the group won’t see daylight for a considerable amount of time.

The group was led by Kim Amu-gae, a 24-year-old South Korean. From October to December of last year, the five criminals posed as employers and sent the malware as a response to a job applicant’s email.

The hackers were able to illicitly access over 30,000 email addresses of jobseekers by stealing data from large-scale conglomerates in the South Korean technology sector. They would then send emails to the individuals, posing as recruitment agents or potential employers.

Those emails contained malware wrapped inside documents or files sent to the applicants. Believing the email to be coming from a legitimate employer, the individuals were duped into opening the attachments, which installed the malware. 6,000 computers had the malware removed autonomously three to seven days following infection due to the presence of advanced anti-virus software.

According to the local police, “Because cyber security firms and anti-virus software operators responded quickly to the distribution of mining malware, the group of hackers were not able to generate a significant revenue from their operation. In most cases, anti-virus software detected the malware within three to seven days. If the malware was detected, the hackers sent new malware, but it was detected again by anti-virus software.”

The thieves spent a lot more resources than they were able to collect as their bounty, showing their “intellectual prowess.” They only absconded with around $1,000.

One of the investigators working on the case offered a word of warning to all computer users. He said, “Crypto jacking significantly reduces the performance of computers and if exposed to institutions, it could have a serious effect on the society. PC users must have secure anti-virus software in place and update browsers frequently. Also, if the performance of a computer suddenly drops, users will have to suspect the presence of mining malware.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post South Korea arrests five over crypto malware appeared first on Coingeek.

Read More

Hackers exploit StatCounter analytics, targeting crypto exchange Gate.io

Hackers strike again—this time with popular analytics script StatCounter, in an attack that researchers say was an attempt to target a specific cryptocurrency exchange.

Researchers at ESET documented how they uncovered the hack, and how it was structured around running functions on a specific page at Gate.io, a cryptocurrency exchange which handles over $1.6 million in BTC transactions daily.

Intriguingly, this means the attack would have compromised millions of StatCounter users as a way of attacking just one specific user, Gate.io, which was running the StatCounter analytics script.

In a blog post, ESET’s Matthieu Faou described how the BTC scammers compromised StatCounter as a way of compromising every website using its analytics package.

“On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors—a service very similar to Google Analytics,” Faou wrote. “To do so, webmasters usually add an external JavaScript tag incorporating a piece of code from StatCounter…into each webpage. Thus, by compromising the StatCounter platform, attackers can inject JavaScript code in all websites that use StatCounter.”

On the structure of the hack, Faou said it demonstrates “…how far attackers go to target one specific website, in particular a cryptocurrency exchange. To achieve this they compromised an analytics service’s website, used by more than two million other websites, including several government-related websites, to steal bitcoin from customers of just one cryptocurrency exchange website. “

“It also shows that even if your website is updated and well protected, it is still vulnerable to the weakest link, which in this case was an external resource. This is another reminder that external JavaScript code is under the control of a third party and can be modified at any time without notice,” he said.

StatCounter is used by over 2 million websites, and tracks traffic in the order of 10 billion visits per month—with an Alexa rank of 5000, showing the sheer scale of the security breach.

Due to a particular URL structure indicated in the malicious code, ESET researchers were able to pinpoint specifically one page on the Gate.io exchange website as the ultimate target of the attack. StatCounter has already removed the malicious script, according to the security experts, while Gate.io stopped using StatCounter analytics services to prevent further infections. As of November 6, the “incident is now resolved and both websites can be browsed safely.”

While in this case the BTC scammers were specific in their target, the wider security implications—especially for those still using BTC—are a further reminder of the inherent defects in this cryptocurrency.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Hackers exploit StatCounter analytics, targeting crypto exchange Gate.io appeared first on Coingeek.

Read More

Japanese cybersecurity experts track down Zaif exchange hackers

Cybersecurity experts in Japan claimed that they have found incriminating evidence against suspected hackers of Japanese cryptocurrency exchange, Zaif.

In an official statement released on Monday, Japan Digital Design Co. (JDD), a subsidiary of Mitsubishi UFJ Financial Group, announced that it has succeeded in identifying five transactions of the stolen funds from Zaif exchange. JDD has also shared the information with authorities in Japan.

Zaif exchange had its funds and those of its clients stolen by unknown suspects after their system was hacked in September. The hackers managed to steal JPY6.7 billion (about $60 million) of cryptocurrencies, including Bitcoin BCH, BTC and MonaCoin.

To track the missing cryptos, JDD said it held a hackathon with the help of TokyoWestern, a local cybersecurity team, and EL Plus, a security firm. JDD used an array of cloud-hosted MONA nodes to analyze transactions that involved the stolen currencies. Using this, along with other blockchain technologies, the team was able to determine several things such as the source IP address allowing them to trace the stolen currencies.

During their investigation, JDD discovered that one of the stolen currencies, MonaCoin, started being moved in late October, which made it easier for the team to track the hackers.

It is not yet clear as to the accuracy of the leaked information. Authorities are still doing their investigation to bring the involved parties to justice.

Following the hack, Zaif exchange was recently slapped with a business improvement order by the Financial Services Agency (FSA) in Japan. The regulatory agency stated that it regretted having allowed Zaif to continue operating. FSA claimed that they should have followed multiple warning given in the past about the exchange. In addition, FSA is seeking more information about the exchange and Tech Bureau, the operators of Zaif, including why there was a delay in reporting the hack.

Tech Bureau previously announced its intention to sell its entire stake in the exchange to Fisco Digital Asset Group to pay back customers who lost their funds. The terms of the deal are set to be completed on November 22.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Japanese cybersecurity experts track down Zaif exchange hackers appeared first on Coingeek.

Read More

The Coincheck crypto exchange has lost $5 million this quarter

This past January, the Japanese cryptocurrency exchange Coincheck was hacked, resulting in the loss of $520 million in cryptocurrency assets. Not long after, it was acquired by brokerage firm Monex Group, but it doesn’t seem that its financial troubles have dissipated. In a release (in pdf) of its financial performance for the third quarter, the company said that it has seen a significant decline in revenue.

Between July and September, Monex Group’s cryptocurrency business, which is entirely comprised of the Coincheck exchange, took in around $2.8 million. This is a 66% decline over what it reported for the previous quarter, which was approximately $8.4 million. Since acquiring the exchange, Monex has reported losses of around $7.5 million.

The decline, according to Monex, can be directly attributed to the hack. Despite a reduction in costs for the most recent quarter, there has been an increase in the loss to the company, jumping from $2.3 million in the second quarter to $5.25 million in the last. Monex explained, “Since the service suspension in January 2018, Coincheck only allowed existing customers to sell their cryptocurrency. This limited revenue stream resulted in segment loss of [$5.33 million]. Coincheck has improved in governance, internal control and internal audit, aiming for full service resumption.”

Monex purchased Coincheck for $33.5 million following the hack. The platform has seen around $4 million in trades during the last 24 hours, according to CoinMarketCap. The exchange has around 1.7 million users and is in the process of implementing increased security features and internal controls in order to become licensed by Japanese regulators.

It further indicated that Coincheck “has built sophisticated internal controls, including a high-standard security management system, which has recently become expected for registered cryptocurrency exchanges. Going forward, Coincheck will advance as a highly technology-driven company with a cutting-edge security control system and the know-how to secure profitability appropriate of its true value.”

While the loss from the hack was certainly tremendous, some good did come out of it. It paved the way for increased scrutiny of exchanges and more oversight to ensure the cryptocurrency industry in the country can flourish and mature as a viable entity. This goes a long way to ensure that crypto is seen as a legitimate currency that can rival fiat over the long term.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post The Coincheck crypto exchange has lost $5 million this quarter appeared first on Coingeek.

Read More

Alleged hack forces Canadian crypto exchange to go offline

The cryptocurrency community in Canada is lost for words after MapleChange, a small crypto exchange based in Alberta, went offline.

The crypto exchange took to Twitter over the weekend to announce that unknown hackers had withdrawn “all the funds” from the platform. MapleChange claimed a bug was the reason for the alleged hack, and said it has to close down even its social media accounts “because we have no more funds to pay anyone back.”

Several hours after going off the grid, the exchange announced on its Twitter account that it “simply turned off our accounts temporarily to think this solution through.” However, MapleChange said it’s unable to refund all of its users’ funds, but the exchange said it “will be opening wallets to whatever we have left so people can (hopefully) withdraw their funds.”

It is still unclear how many people have been affected by the “hack” and how much the exchange has lost. What’s evident, however, is that the incident has all the signs of an exit scam—especially given its decision to delete all of its social media accounts, albeit temporarily.

An in-depth look at MapleChange also revealed that unlike other professional operations, the platform was registered at GoDaddy by one Flavius P. No other information is available about the company, which bills itself on Twitter as “a high-quality, responsive and swift trading platform based in Canada.”

It’s also worth noting that the alleged hack appeared to have occurred at a time when MapleChange was having a lot of traffic. According to reports, MapleChange was doing quite well in the last couple of weeks. If indeed this was a scam, to say that the people involved have made away with a large sum of money is a huge understatement.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Alleged hack forces Canadian crypto exchange to go offline appeared first on Coingeek.

Read More

Call of Duty players steal $3 million in crypto

A group of gamers hatched a plan to target cryptocurrency wallets and are now looking for ways to hide from the long arm of the law. According to a report by the Chicago Sun-Times, the group had met playing the Call of Duty video game and developed a scheme to hack into the wallets of unsuspecting crypto holders. They were able to walk away with over $3 million in crypto, but law enforcement officers are now close behind and are closing in.

The news outlet was able to review unsealed court documents related to the hacks, which indicated that the band of thieves worked in tandem to gain access to users’ smartphones. They have yet to be charged with any crimes, but the ongoing investigation is going to make sure those involved are held accountable.

The hacks were uncovered by Augur, a decentralized platform where users can place wagers on a variety of world events. Augur discovered that its digital currency, the Reputation Token (REP), was being stolen and contacted the U.S. Federal Bureau of Investigation (FBI). The FBI launched an investigation that led to the revelation that around $805,000 in REP had been stolen, and which has already nabbed one member of the gang.

The thief, under interrogation by the agency, acknowledged his participation and confirmed that he met the co-conspirators while playing Call of Duty. However, he asserted that he was an unwilling participant. He said that he was forced into it after being swatted, a term that describes when someone calls law enforcement to falsely accuse someone of a crime.

The unidentified individual allegedly helped the group break into over 100 smartphones in order to steal the digital currency. He continued to claim his innocence, telling the FBI, “I have never once profited from anyone [by] crypto-hacking, ever.”

The bumbling criminals obviously weren’t very adept in the art of thievery. They discussed their actions through online chat sessions associated with the Call of Duty game, which have been recorded. That information, along with the ease with which IP addresses can be determined and located, will go a long way in ensuring that the gang is corralled in short order.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.hack

The post Call of Duty players steal $3 million in crypto appeared first on Coingeek.

Read More

Adult industry payment platform saves own ass after getting spanked

SpankChain, blockchain-based payment service solution for the adult industry, has disclosed the details of a hack that resulted in losses equivalent to $38,000.

As a result of a broken smart contract, a hacker was able to break into the SpankChain platform and siphon funds from some of its users, through deploying a reentrancy bug—the same bug that has previously been used to attack the DAO.

The scam saw losses of 165.38 ETH, as well as $4,000 worth of BOOTY on the platform immobilized, with the total balance divided between SpankChain and some of its users, with the organisation coming in for sharp criticism over the event.

Explaining the nuts and bolts of the attack, the firm posted an update on Medium: “In short, the attack capitalized on a ‘reentrancy’ bug, much like the one exploited in The DAO. The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”

According to SpankChain, “The malicious contract first called createChannel to set up the channel, then called LCOpenTimeout repeatedly via reentrancy. The LCOpenTimeout is there to allow users to quickly exit payment channels which have not yet been joined by the counter-party.”

On Thursday, SpankChain CEO Ameen Soleimani confirmed that “the stuck BOOTY has been recovered.”

The now-resolved SpankChain hack comes as only the latest example of a significant hacking event affecting a crypto platform, with scams and hacks rapidly increasing in number over the last few months.

SpankChain acknowledged that it could have commissioned a security audit on the smart contract, which may have identified the weakness before it was exploited. However, this would have cost around $50,000, more than the total of the losses incurred.

Either way, SpankChain committed to tightening security as it continues to expand, saying, “As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit.”

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

The post Adult industry payment platform saves own ass after getting spanked appeared first on Coingeek.

Read More
Top