Posted on

North Korean Hackers Move Onto Attacking Individuals After Exchanges Boost Security

North Korean hackers have reportedly carried out over 30 attacks on cryptocurrency users, according to a cybersecurity company.

The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29.

Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks.

As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from its previous methods.” As Cointelegraph reported this October, North Korea allegedly backed two cryptocurrency scams this year: hacks funded by the country reportedly comprise of 65% of all cryptocurrency stolen to date.

Simon Choi, founder of cyber warfare research company IssueMakersLab, attributes the shift towards attacking individuals to cybersecurity enhancements by exchanges and financial institutions:

“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”

Choi also said that most targets have been wealthy South Koreans since “they believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”

According to Luke McNamara, an analyst at cybersecurity company FireEye, “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges.”

McNamara explained that “when they understand and know the targets” then “they are able to craft lures specific to those organisations or entities.” He added that this makes them “effective at what they are doing.”

As Cointelegraph reported, Kaspersky Labs claims that North Korean hacker collective Lazarus Group used the “first” macOS malware to hack a crypto exchange. Experts have also argued that North Korea increasingly uses cryptocurrencies to avoid U.S. sanctions.

Posted on

Crypto Exchange Hacks in Review: Proactive Steps and Expert Advice

Has the cryptocurrency exchange which you typically trade on already been hacked? If not yet, this is highly possible. Centralized exchanges, which Vitalik Buterin wished would “burn in hell,” can manipulate users’ funds and face regular attacks, while decentralized ones seem to have not yet found a balanced compromise between security and usability. At the same time, the experience of traditional banks in ensuring cybersecurity is still not in demand within the crypto industry, which leads to users’ millions of dollars theft or data breach, like in an incident happened to Atlas Quantum account owners on Aug. 25.

The top five attacks on crypto exchanges are well known to traders and studied by cybersecurity specialists around the world. The list is headed by Mt. Gox, which has recently started accepting refunding claims of the traders affected by the hack.

Mt. Gox

Country: US
Founders: Jed McCaleb, Mark Karpeles
Funds stolen: 1.35 million BTC

Mt. Gox was first hacked in 2011, and then in 2014. The hackers compromised the account belonging to an auditor of the exchange. In the first case, 500,000 BTC — equivalent to $8.75 million — were stolen from the accounts and from the depository as a result of the exchange’s database being hacked. In the second case, attackers managed to withdraw much more — 850,000 BTC.

Civil investigators, unfamiliar with the subtleties of the cryptocurrency industry, were able to confirm the movement of only 200,000 BTC, which hackers transferred to their wallet by altering a nominal value of one Bitcoin to one cent. What happened to the rest of the assets is still unknown. The exchange terminated its operation in February 2014, resulting in three powerful blows to the Bitcoin exchange rate. Thus, in 2011, the cryptocurrency price fell from $32 to several cents; in 2014, from $720 to $550; and in 2018, Mt. Gox arbitration manager Nobuaki Kobayashi sold a total of 35,841 BTC in the falling market, accelerating its further fall. Recent activities of Mt. Gox administration infuriated the deceived users, who demanded to “just give the people their money in BTC!”

Protection advice

Protection advice

Some cryptocurrency exchanges strengthen their defences by working with trustworthy security auditors who have proven hack-proofing expertise and white hat skills. They prefer to work with one contractor in relation to audits, DDoS mitigation, scans and site updates.

This minimizes the risk of audit-related vulnerability and access to stored funds falling into the wrong hands. For higher protection, additional banking tools are used — such as segregated master wallets, cold storage, layers of withdrawal authorization, IP address verification and email confirmation, two factor authentication (2FA) login and a crypto debit card, which can all be used to verify payments and user logins to the exchange.

iBitt COO Chris Schwarzenbach shared with Cointelegraph that the highest level of cybersecurity is only possible with a centralized exchange service, which has the development resources, security team, hidden servers and responsive control necessary to run military-grade security for a crypto exchange.


Country: US
Founder: Roman Shtylman
Funds stolen: 24,000 BTC

BitFloor suffered from the second largest hack in crypto history back in September 2012. It all started when the exchange’s server crashed, either under the influence of a DDoS-attack or because of a power outage in the data center — as was claimed by its owner Roman Shtylman.

Four days after, the hackers used a backup copy of the key from the hot wallet of the exchange, where the funds of traders were stored, and withdrew 24,000 BTC. Shtilman made an unsuccessful attempt to compensate the victims by selling a stake in BitFloor’s property, but could not find an interested party. In 2013, the exchange closed, leaving the affected investors with nothing.

Protection advice

According to security experts, Bitfloor made two errors at once that led to such a severe financial loss. The first was storing the data in an unencrypted way — which Shtylman honestly confessed to — and the second one, which only aggravated the situation, was leaving large sums of money in an online-accessible hot wallet.

The simplest action to be done by any exchange in order to prevent the theft of coins is to keep the majority of its funds in “cold storage,” which ensures that private keys never touch any computer accessible from the internet. ThomasV, the lead developer of the Electrum client, provided seven key recommendations for cryptocurrency exchanges:

  • Don’t store more Bitcoin outside cold storage than you can afford to lose and remain solvent
  • Deposits should be sent to cold storage addresses directly
  • Transfer from cold storage to hot storage should be manual only
  • An attacker shouldn’t be able to disguise a theft as a series of withdrawals from customers
  • If a withdrawal request exceeds the amount available in the hot wallet, the customer should have to wait. Receiving coins 24 hours later is better than never
  • Clone your database to a place where an attacker cannot irreversibly modify or delete it from the server
  • Send digitally signed account statements to customers regularly, using a key that is not on the public server


Country: US
Founder: Tristan D’Agosta
Funds stolen: 97 BTC

Poloniex takes the 3rd place in the long list of victims. In May 2017, hackers discovered a critical vulnerability in the exchange’s software — all the withdrawal requests being simultaneously sent, were automatically processed regardless of the account balance. The owner of Poloniex, Tristan D’Agosta, did not name the exact amount of the stolen goods, but announced that the total users’ funds were reduced at the time of hack equivalent by 12.3 percent or 97 BTC.

To cover the losses Poloniex had to cut all users’ balances by this amount. These funds were temporarily frozen and then returned to users from personal funds, with an increase in the exchange’s fees going up 1.5 percent. Users found this decision acceptable, and Poloniex saved its reputation and continued to work — periodically undergoing minor attacks. Now the exchange belongs to the American payment system Circle.

Protection advice

Tristan D’Agosta publicly revealed in his BitcoinTalk post what crucial mistakes had been made by the administration:

“The major problem here was that withdrawals should have been queued at every step of the way. This could not have happened if withdrawal requests were processed sequentially instead of simultaneously. Additionally, auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.”

Agosta has also advised on precautionary measures to be done in order to prevent such irreversible damage and shared new changes in the exchange’s security system:

“Withdrawals and order creation have been switched to a queued method, where the first step is to add the task to a global execution queue that is processed sequentially. Each step of critical database operations is verified before proceeding, and such operations are in the process of being converted to transactions. I have hired additional developers to help with tightening up security at Poloniex, as well as created a bug bounty.”



Country: Slovenia
Founders: Merlak brothers
Funds stolen: 19,000 BTC

In 2015, Bitstamp lost 19,000 BTC, which were stolen by hackers from the exchange’s hot wallet. At that time, the losses were equivalent to $5 million. Surprisingly, a banal phishing attack was used by hackers — the exchange employees received personal emails and messages in Skype from seemingly friendly sources.

What’s maybe even more surprising is that the person responsible for security, Bitstamp system administrator Luka Kodrich, clicked the link and downloaded malware onto the working computer, after which the exchange was hacked. Bitstamp hurried to notify traders about what was happening, however, the attackers had already stolen the funds. Compensation did not followed, but the security regime was toughened that helped the exchange recover quickly. For the purpose of developing multi-signature protection Bitstamp has partnered with BitGo.

Now, carrying out transactions on Bitstamp requires using multisignature, and 98 percent of the cryptocurrency is stored in a cold wallet.



Country: British Virgin Islands
Founder: Rafael Nicole
Funds stolen: 120,000 BTC

Bitfinex became the victim of hackers in August 2016. Unknown people used a bug in the multisignature system, which was supported by BitGo’s partner company. The hackers deceived the BitGo algorithms in an unknown way, forcing them to approve transactions and withdrew about 120,000 BTC from the hot wallet, worth the equivalent of $72 million at the exchange rate at that time.

The Bitfinex founders confronted the users about the fact that financial losses would be distributed among all the users, 36.067 percent of whose coins would be frozen. These funds were later compensated by BFX tokens, which could be converted into U.S. dollars at the exchange rate, or into shares of iFinex Inc., which belongs to Bitfinex founder. This chosen — and seemingly proper — policy helped the exchange stay in the top until today.

Protection advice

Emin Gün Sirer, a famous computer scientist, specialist in hacking researches, and professor at Cornell University, suggested a solution that does not break Bitcoin’s all-too-critical irreversibility when dealing with strangers, but allows someone to take back his funds in the event of a hack:

“The special thing about vaults is that they come with two keys. One key is used to unlock the vault and move your funds to a regular wallet. The other one, called a recovery key, is used when you notice that your funds were hacked and moved out of the vault by a hacker. You can then use your recovery key to undo the hack — you have 24 hours to notice and launch the recovery and get back all the funds. Notice that you cannot fool a merchant with this trick and revert a real transaction. All you can do is take back your own money from someone who is trying to steal it. If I may say so myself, it’s a pretty ingenious scheme. It’s almost like someone ought to work on it.”

Chronicle of 2018

Despite all the hopes of the crypto community, the year has not brought anything new to the established practice of securing the exchange sites, and 2018 is being marked by numerous attacks made with the help of new sophisticated hacking tricks. According to the Wall Street Journal, since the beginning of the year, hackers have managed to steal more than $800 million and are not going to stop there.


Country: Japan
Founders: Koichiro Wada, Yusuke Otsuka
Funds stolen: 523 million NEM

Coincheck was attacked by hackers in the last days of January 2018. The target, as in most cases, was the hot wallet of the exchange, from which 523 million NEM tokens were stolen. Despite all the previous examples, the exchange continued to keep users’ funds and even their own funds in the hot wallet and did not use the multisignature for protection.

Will the hackers cash out the stolen goods? Hardly. The crypto community united after this theft and finally began to actively exchange information in order to prevent further movements of stolen funds. In particular, the ShapeShift instant exchange service has banned the exchange of NEM coins. This example was followed by other services, since 11 anonymous addresses, which the stolen tokens had been transferred to, have been tagged with a sign “coincheck_stolen_funds_do_not_accept_trades: owner_of_this_account_is_hacker,” so it isn’t difficult to track any transaction made by hackers. The investigation of the incident and the development of compensation options for users are continuing.

Protection advice

Coincheck’s example emphasized the importance of properly organized storage of users’ funds on the exchange. Security layers and warning triggers are a must for any exchange service, says Nick Moore, CEO at Investa, a U.K. crypto exchange which also operates debit cards and ATMs:

“We hold minimal coins in our hot wallets and operate a time delay on withdrawals with manual review process, so the ability to hack account and amount of coins held on exchange is low. The risk of loss is minimized through the manual procedures of moving coins to cold storage when we identify that any excess funds have accumulated and are not needed for immediate liquidity. Storing the funds on cold wallets ensure they cannot be hacked and keeping a minimal float in hot wallets helps to save the liquidity.

“I’m sure users don’t mind waiting a little longer for their withdrawals, when they realize that this is one of the best ways to fight the hackers.”


Country: Italy
Founder: Francesco Firano
Funds stolen: $170 million

On Feb. 13, BitGrail lost $170 million in Nano (XRB) as a result of hacking attacks. At the same time, the founders of the exchange started a public discussion with developers of Nano’s blockchain in order to define which side was responsible for the bug that led to the hack.

The developers of the cryptocurrency accused BitGrail of giving insufficient attention to ensuring security — in particular, in the absence of the authentication procedure for users. Later the exchange stopped working and turned over the investigation to the police.

The authorities of Florence confiscated all the cryptocurrency from the BitGrail deposit to secure the claim of the affected users, and the Nano Foundation promised to take part in the protection of their interests and compensation for losses.


Country: South Korea
Founder: Lee Nuss
Funds stolen: $40 million

Coinrail fell victim to a hacking attack on June 10, 2018 and lost a total of $40 million in 11 cryptocurrencies. Immediately after the attack, the representatives of the exchange were not ready to provide any intelligible information, so the details of the theft were revealed by the participants in the Pundi X project, whose tokens were also among the kidnapped.

A month later, on July 15, the exchange resumed trading and offered the victims two compensation schemes: a gradual refund through the purchase of stolen cryptocurrency and compensation with Coinrail RAIL tokens, which can then be converted into a cryptocurrency at the inner rate.

Protection advice

Rik Ferguson, an analyst at cybersecurity firm Trend Micro, believes the problem is in the weakness of the development team, insufficient cybersecurity education of the staff and poor investment in fraud analytics:

“By and large these exchanges are small businesses and they are most often in permanent startup mode, facilitating transactions. These organizations have small security teams, if they have one at all, little to no experience in securing a financial institution and generally a very large, attractive pile of money.”



Country: South Korea
Founder: Kim De Shi
Funds stolen: $30 million

Bithumb was hacked on June 19, just a few days after it updated its security systems. $30 million, which was 10 percent of the total trading volume, was stolen by the attackers. This is the second incident in the chronicle of Bithumb. The first occurred on June 29, 2017, when the personal data of 30,000 users — equivalent to three percent of all the users by that time — was compromised. Hackers tried to access users’ one-time passwords, but the exchange froze trades and made changes to the security system.

At the same time, Bithumb spends eight percent of profits on security, strictly follows the rule “5.5.7” when five percent of employees are IT specialists having the confirmed expertise, five percent possess the skills to ensure cybersecurity, and at least seven percent of the company’s profits are spent on its funds protection.

At the time of the hack, the exchange discovered a potential threat and was already withdrawing users’ funds to a cold wallet. Affected traders were promised to be compensated from the personal funds of Bithumb administration.

Protection advice

Charlie Lee in a tweet expressed hopes for the restoration of the exchange and gave users concise advice, warning against such situations:

“As I’ve said many times, be smart and only keep on exchange coins that you are actively trading. It’s best to withdraw right after trading.”


Country: Switzerland
Founder: Guy Benarzi
Funds stolen: $23 million

Bancor, a decentralized exchange created in opposition to centralized ones, to which Vitalik Buterin has recently addressed his angry “burn in hell” statement, was attacked by hackers on July 9, 2018. It is noteworthy that this happened a day after the exchange expressed in the official Twitter post the full agreement with Vitalik Buterin about centralized decisions and stated that decentralized exchanges are the future.

From the exchange’s hot wallet, hackers withdrew a total of $23.5 million. Almost half of the stolen funds was made up of their own BNT tokens ($10 million), Ethereum ($12.5 million) and Pundi X ($1 million). Its tokens were immediately frozen, which caused a flurry of criticism from the cryptocurrency community, because such actions directly contradict the principle of decentralization. Charlie Lee summed up the overall view in his Twitter, announcing that Bancor can manipulate users’ funds.

As for users’ tokens, Bancor immediately created a coalition with the instant exchange service Changelly, through which the hackers tried to withdraw funds. Transactions were frozen there as well.

How do banks deal with this?

Classic banks and banking services have been subject to various attacks since their emergence — that is, for several centuries. And over this time, they have been learning to resist such threats. The only difference is that 50 years ago, banks were attacked by criminals such as Bonnie and Clyde, and now they are attacked by hackers and internet scammers.

Classic banks follow the “5.5.7” formula and have international information security standards — for example, CobiT, which is considered entry level and is then supplemented by numerous internal regulations and scenarios for responding to intervention attempts.

Director of special projects at Group-IB Ruslan Yusufov is sure that the response to incidents must include both systems and an early warning and response plan that will allow all employees to act in accordance with regulations in the event of an incident. Everything is like that in the banking sector. A similar scheme was used by the Bancor exchange, which instantly froze its own tokens, calculated the services through which the withdrawal was planned, and entered into a coalition with them to freeze the stolen assets.

Criticism on the part of the crypto community in this case is less important than efforts to preserve the investors’ funds.

According to statistics, hackers, when attacking crypto exchanges, use tools that have been repeatedly tested on fiat banks. A study of 400 successful hacking attacks on the blockchain systems showed that popular banking services like TrickBot trojan, Vawtrak, Qadars, Triba, and Marcher were slightly modified for crypto exchanges and brought success to hackers in this way as well.

Nevertheless, the security systems of classical banks successfully resist hackers, and the established practice of tracking transactions allows customers to return the stolen funds. Why not borrow this experience? Unfortunately, in ICO teams — including those who create cryptocurrency exchanges — there is not a single IT specialist with the experience in the field of information security of banks.

Is it possible to return the money?

As practice shows, after powerful hacking attacks, crypto exchanges most often use three ways to compensate the affected users:

1. Rollback to a previous state or freeze transactions (Bitstamp, Ethereum and Bancor did this, but this contradicts the principle of blockchain’s irreversibility).

2. Compensation at the expense of other users (this way was chosen by Poloniex).

3. Return the funds of the exchange from its own profit or by issuing exchange tokens (Bitfinex and Coinrail).

Thus, stable, large exchanges that are interested in continuing its operation will offer newer and newer ways of compensating for lost funds. And this is good news for the cryptocurrency industry. Obviously, the practice when the exchange owners tried to hide information from the community about the details of the theft and disappear themselves is being slowly abandoned.

Will cryptocurrency exchanges cope with the problem of hacking attacks sometime soon? Absolutely not. There are two main approaches to hacking exchanges. The first is to gain access to accounts and closed-functionality through the hacking of the founders’ accounts and then to use malicious programs from the arsenal of bank attacks. The second is an attack on the infrastructure of the exchange itself, through the hacking of a web application linking the client to his money on the exchange servers or an attack on so-called hot wallets.

Consequently, the protection of digital assets can be achieved by the joint efforts of users and crypto banks serving the turnover of cryptocurrencies. Bancor’s head of public relations, Nate Hindman, made a statement after the hack:

“These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone [is] stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”

At the same time, Hindman believes that it is impossible to completely eliminate the possibility of hacking attacks, since attackers develop their own strategies along with the crypto industry, but these attacks can be resisted if market participants unite for joint actions and exchange of information.

As for ordinary users, the tips for preserving digital assets from hackers’ are well known:

  • Do not keep funds in hot wallets.
  • Choose well-known exchanges that disclose security policies.
  • Use the functionality provided by the exchange to the maximum, including 2FA.
  • Distribute funds between several wallets and exchanges.

Probably cryptocurrency exchanges are so often hacked because it is easy to do — and punishment for this is not regulated yet. More exchanges are attacked, more people are left without money, and someone gets away with it. But this year, things may change, since all this has started to seriously concern regulators in state and even world scale.

Along with the G20, an entire consortia of summits are being held, devoted to the issue of regulating the activity of crypto exchanges. For example, one of the Futurama Blockchain Innovators Summit concept authors Joshua Hong reported to Cointelegraph:

“There are many unreported hacking incidents of major exchanges. So, from the perspective of regular user, we do not know how severe the level of hacking [is] for most exchanges. For example, Bithumb was recently hacked, but its trading volume or commission revenue didn’t seem to get affected at all. On the other hand, other exchanges had to shut down their operation after a single blow of hacking.“

The exchanges leaders positively react to such initiative. One of them, investment strategist at Bithumb Alex Lee expressed his personal interest to take part in such discussions:

“[The] best answers to the problems in our industry can be found through proactive sharing of each other’s stories in highly personable ways. So, no matter what the issues are, be it crypto exchanges getting hacked or regulators feeling the pressure from disgruntled token investors who lost money, the solution can be found through community interactions and honest, open conversations.”

Posted on

US Federal Trade Commission Issues Warning on Bitcoin Blackmail Scam ‘Targeting Men’

The Division of Consumer and Business Education of the U.S. Federal Trade Commission (FTC) published an article August 21 titled “How to avoid a Bitcoin blackmail scam.”

The FTC’s letter focuses on consumer protection, in what it calls a “new scam targeting men,” warning about blackmailing scams demanding payments in Bitcoin (BTC). The brief letter states:

“Here’s how it works. Scammers have been sending letters to men, demanding payments using [B]itcoin in exchange for keeping quiet about alleged affairs. The letter also explains how to use [B]itcoin to make the payment.”

Among the “classic signs” of blackmailing, the FTC lists “threats, intimidation and high-pressure tactics” and advises consumers to “report it immediately to your local police, and the FBI.”

Cybersecurity firm Kaspersky Labs recently published a report according to which cybercriminals stole over $2.3 million via crypto scams during the second quarter of 2018.

Earlier this month the UK police published a report stating that crypto-related scams have led to $2.55 million in investor losses this summer alone

Posted on

China: Three Hackers Arrested for Allegedly Stealing $87 Million in Crypto

Chinese police have arrested three “highly experienced” hackers suspected of stealing up to 600 million yuan (around $87.3 million) in crypto, local news outlet Xinhua reported August 18.

The alarm was reportedly first raised by an individual identified by the surname Zhang, who is said to have first filed his complaint March 30 with local police in the northwestern city of Xi’an.

The victim claimed that his computer had been hacked, resulting in the theft of Bitcoin (BTC), Ethereum (ETH) and other crypto holdings worth up to 100 million yuan ($14.5 million).

Initial investigations by a dedicated police task force indicated that the suspects had used a remote attack to transfer funds from Zhang’s computer without leaving a trace, in what is reportedly considered to be a “rare case.”

The authorities are said to have received assistance from several local internet service providers, allowing them to identify the first suspect, an individual known as Zhou, within three months. After two further months, all three accomplices have now been arrested across disparate regions of China – Huan and Changchun provinces, and Beijing.

The three suspects have been charged with coordinating a wider series of remote attacks against enterprises and individuals worth a total of 600 million yuan (around $87.3 million). Investigations continue, as Xinhua further reports.

As Cointelegraph has previously reported, earlier this summer Chinese police arrested a total of 20 suspects in a major cryptojacking case that allegedly infected over one million computers and generated 15 million yuan (about $2.2 million) in illicit profits over the course of two years.

Posted on

Report: Over $2 Million Lost to Crypto Scams in Second Quarter of 2018

A recent report from Russia-based antivirus and cybersecurity firm Kaspersky Labs states that in the second quarter of 2018, cybercriminals stole over $2.3 million dollars via crypto scams.

The report, entitled “Spam and phishing in Q2 2018,” notes so-called “crypto giveaways” as a pervasive example of phishing, wherein cybercriminals dupe individuals into giving up sensitive information as part of a too-good-to-be-true promotion giving away popular cryptocurrencies.

In these crypto phishing scams, unsuspecting individuals are fooled into voluntarily giving up important information on convincing but malicious copies of popular crypto wallets and markets.

Kasperksy states that cybercrooks also pose as new Initial Coin Offering (ICO) projects to collect money from potential investors that try to buy up tokens in supposed early access events. The report also notes that Kaspersky’s anti-phishing system prevented 58,000 user attempts to connect to phishing websites in Q2 2018.

In addition to outlining various types of scams, the quarterly report states that Ethereum (ETH) is currently the most popular cryptocurrency for phishers. According to the firm, ETH’s popularity among cybercriminals increases as more funds are attracted to ICOs on the Ethereum platform.

Earlier this month, new research shed light on the ubiquitous fake crypto giveaways on Twitter. In the course of its research, cybersecurity firm Duo Security surveyed a swathe of 88 million Twitter accounts, using machine learning techniques to train a bot classifier.

Using the most recent 200 tweets from each account, the classifier found a network of 15,000 bots that spread fake competitions and impersonate well known figures in the crypto industry. Duo data scientist Olabode Anise said that, “The bots’ attempts to thwart detection demonstrate the importance of analyzing an account holistically, including the metadata around the content.”

Posted on

The PGA Falls Victim To Bitcoin Ransomware Attack

While cryptocurrency prices have taken a tumble, with valuations falling by upwards of 70%, ransomware still seems to be a medium of attack for cryptocurrency-focused hackers. As per an article from Golfweek, the Professional Golfers Association, a group of the best golfers from around the globe, has fallen under a cyberattack.

The report from the golf news source pointed out how “shadowy bandits” locked PGA officials out of essential files, with this attack coming prior to two upcoming PGA Championships in the U.S. and France.

The news of this ransomware attack first originated on Tuesday morning, when PGA staff members were unable to access their files to work on. When opening a file, the staff would be prompted with the following message, which clearly led some to believe that something was afoot:

 “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm… We exclusively have decryption software for your situation. No decryption software is available in the public.”

As is the common theme with ransomware attacks, hackers also noted that any attempt to break the algorithm could result in the files being deleted permanently, writing:

“This may lead to the impossibility of recovery of certain files.”

Upon further investigation, the files that were under lock and key was revealed to be creative materials for the upcoming championships. More specifically, the promotional logos and banners that would be used for digital and physical publications for advertisements. It was also noted that the locked media includes development work on future PGA logos, which are near-irreplaceable and are the brainchildren of PGA staff.

The message also included a Bitcoin wallet address, but the hackers did not specify an amount that the PGA staff should pay to gain control over their files. While the work locked up is of importance, a person familiar with the matter expects the PGA to push aside this issue, and will not be willing to pay any sort of ransom.

The promotional materials may be important to the PGA, but maybe not important enough to warrant a hefty sum, as the U.S.-based association has yet to discover cases of ransomware that will substantially impact the success of the upcoming tournament circuit.

Cryptojacking And Ransomware, Two Primary Methods of Crypto CyberAttack

Cryptojacking and ransomware have become growing issues as cryptocurrencies have exploded in value. While ransomware, the method of attack aforementioned, still remains a hot topic within the hacker community, cryptojacking has quickly surpassed ransomware to become the biggest cyber problem.

For those who are unaware, cryptojacking is a specific type of cybercrime that sees malicious hackers take control of a victim’s piece of technology, forcing the device to mine cryptocurrencies for the hacker’s personal gain. Cryptojacking malware, although generating only a few cents per device affected, can easily sweep across thousands, if not millions of computers, netting the hackers a nice reward.

Many hackers have begun to allocate their resources to cryptojacking instead of ransomware, as it is often unintrusive and goes under the radar of many consumers. As cybersecurity expert Troy Mursch put it:

Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity.

Photo by Fancycrave on Unsplash


Posted on

Six Tools Used by Hackers to Steal Cryptocurrency: How to Protect Wallets

In the early July, it was reported that Bleeping Computer detected suspicious activity targeted at defrauding 2.3 million Bitcoin wallets, which they found to be under threat of being hacked. The attackers used malware — known as “clipboard hijackers” — which operates in the clipboard and can potentially replace the copied wallet address with one of the attackers.

The threat of hacking attacks of this type has been predicted by Kaspersky Lab as early as November of last year, and they did not take long to become reality. For the time being, this is one of the most widespread types of attacks that is aimed at stealing users’ information or money, with the overall estimated share of attacks to individual accounts and wallets being about 20 percent of the total number of malware attacks. And there’s more. On July 12, Cointelegraph published Kaspersky Lab’s report, which stated that criminals were able to steal more than $9 million in Ethereum (ETH) through social engineering schemes over the past year.

 Carbon Black

Image source: Carbon Black

Briefly about the problem

The already mentioned Bleeping Computer portal, which works on improving computer literacy, writes about the importance of following at least some basic rules in order to ensure a sufficient level of protection:

“Most technical support problems lie not with the computer, but with the fact that the user does not know the ‘basic concepts’ that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, internet and applications.”

The same point of view is shared by many cryptocurrency experts. One of them, Ouriel Ohayon — an investor and entrepreneur — places the emphasis on the personal responsibility of users in a dedicated Hackernoon blog:

“Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed  —  without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures.”

According to Lex Sokolin — the fintech strategy director at Autonomous Research — every year, thousands of people become victims of cloned sites and ordinary phishing, voluntarily sending fraudsters $200 million in cryptocurrency, which is never returned.

What could that tell us? Hackers that are attacking crypto wallets use the main vulnerability in the system — human inattention and arrogance. Let’s see how they do it, and how one can protect their funds.

250 million potential victims

A study conducted by the American company Foley & Lardner showed that 71 percent of large cryptocurrency traders and investors attribute theft of cryptocurrency to the strongest risk that negatively affects the market. 31 percent of respondents rate the hackers’ activity threat to the global cryptocurrency industry as very high.

Foley & Lardner

Image source: Foley & Lardner

Experts from Hackernoon analyzed the data about hacking attacks for 2017, which can be conditionally divided into three large segments:

– Attacks on the blockchains, cryptocurrency exchanges and ICOs;

– Distribution of software for hidden mining;

– Attacks directed at users’ wallets.

Surprisingly, the article “Smart hacking tricks” that was published by Hackernoon didn’t appear to get wide popularity and warnings that seem to be obvious for an ordinary cryptocurrency user must be repeated again and again, as the number of cryptocurrency holders is expected to reach 200 million by 2024, according to RT.

According to research conducted by ING Bank NV and Ipsos — which did not consider East Asia in the study — about nine percent of Europeans and eight percent of U.S. residents own cryptocurrencies, with 25 percent of the population planning to buy digital assets in the near future. Thus, almost a quarter of a billion potential victims could soon fall into the field of hacking activity.

Apps on Google Play and the App Store

Tips e

– Don’t get carried away with installing mobile applications without much need;

-Add Two Factor Authorization-identification to all applications on the smartphone;

-Be sure to check the links to applications on the official site of the project.

Victims of hacking are most often smartphone owners with Android operating system, which does not use Two Factor Authentication (2FA) — this requires not only a password and username, but also something that user has on them, i.e., a piece of information only they could know or have on hand immediately, such as a physical token. The thing is that Google Android’s open operating system makes it more open to viruses, and therefore less safe than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application is launched, the user enters sensitive data to access their accounts and thereby gives hackers access to it.

One of the most famous targets of a hacking attacks of this type were traders of the American cryptocurrency exchange Poloniex, which downloaded mobile applications posted by hackers on Google Play, pretending to be a mobile gateway for the popular crypto exchange. The Poloniex team didn’t develop applications for Android, and its site doesn’t have links to any mobile apps. According to Lukas Stefanko, a malware analyst at ESET, 5,500 traders had been affected by the malware before the software was removed from Google Play.

Users of iOS devices, in turn, more often download App Store applications with hidden miners. Apple was even forced to tighten the rules for admission of applications to its store in order to somehow suspend the distribution of such software. But this is a completely different story, the damage from which is incomparable with the hacking of wallets, since the miner only slows down the computer operation.

Bots in Slack


-Report Slack-bots to block them;

-Ignore bots’ activity;

-Protect the Slack-channel, for example, with Metacert or Webroot security bots, Avira antivirus software or even built-in Google Safe Browsing.

Since mid-2017, Slack bots aimed at stealing cryptocurrencies have become the scourge of the fastest-growing corporate messenger. More often, hackers create a bot that notifies users about problems with their cryptos. The goal is to force a person to click the link and enter a private key. With the same speed with which such bots appear, they are blocked by users. Even though the community usually reacts quickly and the hacker has to retire, the latter manages to make some money.

Steemit @sassal

Image source: Steemit @sassal

The largest successful attack by hackers through Slack is considered to be the Enigma group hack. The attackers used Enigma’s name — which was hosting its presale round — to launch a Slack bot, and ended up defrauding a total of $500,000 in Ethereum from credulous users.

Add-ons for crypto trading


-Use a separate browser for operations with cryptocurrencies;

-Select an incognito mode;

-Do not download any crypto add-ons;

-Get a separate PC or smartphone just for crypto trading;

-Download an antivirus and install network protection.

Internet browsers offer extensions to customize the user interface for more comfortable work with exchanges and wallets. And the issue is not even that add-ons read everything that you are typing while using the internet, but that extensions are developed on JavaScript, which makes them extremely vulnerable to hacking attacks. The reason is that, in recent times — with the popularity of Web 2.0, Ajax and rich internet applications — JavaScript and its attendant vulnerabilities have become highly prevalent in organizations, especially Indian ones. In addition, many extensions could be used for hidden mining, due to the user’s computing resources.

Authentication by SMS


-Turn off call forwarding to make an attacker’s access to your data impossible;

-Give up 2FA via SMS when the password is sent in the text, and use a two-factor identification software solution.

Many users choose to use mobile authentication because they are used to doing it, and the smartphone is always on hand. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a password confirmation, transmitted practically worldwide by the Signaling System 7 (SS7) protocol. Specialists were able to hijack the text messages using their own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of Coinbase accounts, which shocked the users of the exchange. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself, Positive Technologies stated. This proved that any system can be accessed directly via SMS, even if 2FA is used.

[embedded content]

Public Wi-Fi


-Never perform crypto transactions through public Wi-Fi, even if you are using a VPN;

-Regularly update the firmware of your own router, as hardware manufacturers are constantly releasing updates aimed at protecting against key substitution.

Back in October last year, in the Wi-Fi Protected Access (WPA) protocol — which uses routers — an unrecoverable vulnerability was found. After carrying out an elementary KRACK attack (an attack with the reinstallation of the key) the user’s device reconnects to the same Wi-Fi network of hackers. All the information downloaded or sent through the network by a user is available to attackers, including the private keys from crypto wallets. This problem is especially urgent for public Wi-Fi networks at railway stations, airports, hotels and places where large groups of people visit.

Sites-clones and phishing


-Never interact with cryptocurrency-related sites without HTPPS protocol;

-When using Chrome, customize the extension —  for example, Cryptonite — which shows the addresses of submenus;

-When receiving messages from any cryptocurrency-related resources, copy the link to the browser address field and compare it to the address of the original site;

-If something seems suspicious, close the window and delete the letter from your inbox.

These good old hacking methods have been known since the “dotcom revolution,” but it seems that they are still working. In the first case, attackers create full copies of the original sites on domains that are off by just one letter. The goal of such a trick — including the substitution of the address in the browser address field — is to lure a user to the site-clone and force them to enter the account’s password or a secret key. In the second case, they send an email that — by design — identically copies the letters of the official project, but — in fact — aims to force you to click the link and enter your personal data. According to Chainalysis, scammers using this method have already stolen $225 million in cryptocurrency.

Cryptojacking, hidden mining and common sense

The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.

According to McAfee Labs, in the first quarter of 2018, 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called “cryptojacking” and it has fascinated hackers with its simplicity in such away that they massively took up its implementation, abandoning the traditional extortion programs.

The bad news is that the activity of hacking has not decrease in the least bit. Experts of the company Carbon Black — which works with cybersecurity — revealed that, as of July 2018, there are approximately 12,000 trading platforms on the dark web selling about 34,000 offers for hackers. The average price for malicious attack software sold on such a platform is about $224.

Carbon Black

Picture source: Carbon Black

But how does it get on our computers? Let’s return to the news with which we started. On June 27, users began leaving comments on Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though, in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole “suitcase” of unpleasant surprises.

Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.

After replacing the data, the user voluntarily transfers funds to the attacker’s wallet address. The only way to protect the funds against this is by double-checking the entered address when visiting the website, which is not very pleasant, but reliable and could become a useful habit.

After questioning of victims of All-Radio 4.27 Portable, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims those who consciously violated copyright and security rules.

Well-known expert on Mac malware Patrick Wardle often writes in his blog that many viruses addressed to ordinary users are infinitely stupid. It’s equally silly to become a victim of such hacking attacks. Therefore, in conclusion, we’d like to remind you of the advice from Bryan Wallace, a contributor to Hackernoon and Google Small Business Advisor:

“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”

Posted on

Mining Malware Now a Bigger Threat than Ransomware, Says Report

Illicit cryptocurrency mining, or “cryptojacking,” has become more popular among cybercriminals than ransomware, according to a report by Skybox Security.

In its mid-year update, the firm said that crypto miners now account for 32 percent of all cyberattacks, while ransomware only makes up 8 percent.

Cryptojacking utilizes code hidden on websites or devices to harnesses victims’ computing resources such as their central processing unit and bandwidth to mine cryptocurrencies.

The Skybox report reveals a notable shift in the preferences of cyberattackers when it comes to choosing the tools of their illegal trade.

In the second half of 2017, Skybox found that the situation was almost exactly reversed. While ransomware attacks – in which the data on an individual’s computer is encrypted by malware and only unlocked upon payment of a fee – made up 32 percent of all attacks, cryptojacking represented 7 percent of the total at the time.

While the reason for the swap in popularity may be partly down to the rise in price of cryptocurrencies at the end of last year, Skybox said the ransomware model was seeing diminishing returns as victims stopped paying up on reports that data was not being decrypted as promised. Increasing adoption of user protections, such as data backups and better protective tools, were also cited as a factor.

In the update, which was first reported by Computing, the company said:

“Cryptocurrency miners may be the new kid on the block, but they’re taking over. With high-profit opportunity and a low chance of being discovered or stopped, this malware tool provides a money-making safe haven for cybercriminals.”

Hacker image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

The Guangdong Provincial Public Security Bureau dismantled a criminal network this week operating websites dedicated to illegal gambling.

According to Xinhua News, the group was active on the Internet, with clients from all over the world generating revenues of over $10 billion.

The operation of the security agencies was named “Net Security No.9” and aims to combat cybercrime related operations in Chinese territory.

According to reports, the criminal network ran several websites and online casinos, accepting Bitcoin (BTC), Ethereum (ETH), and Litecon (LTC) as international payment methods.

Xinhua says the operation had some pretty surprising results:

“The network took off more than 20 involved gangs, arrested more than 540 suspects, smashed more than 70 gambling apps and websites, shut down more than 250 online social platform chat groups, and frozen more than 260 million yuan of funds involved in the seizure. A group of servers, computers, mobile phones, bank cards and other items involved.”

Security agencies started the investigations in May. After their research, they were able to see the high organizational level of the group and the massive amount of operations they were able to perform.

“The gambling platform has been in operation for more than eight months, and it has developed more than 8,000 agents at two levels and 330,000 members, involving many countries and regions. Since the platform recharge only accepts virtual currency, the general members will not operate. Therefore, many internal hedge groups of the winning and losing transactions are derived, and the agency funds flow exceeds 10 billion yuan.”

It is important to note that China prohibits the use of cryptos as a substitute for money, and this type of operation is therefore considered illegal. However, the country also has one of the most critical cryptomarkets in the world.

According to Coindance data, most of Bitcoin’s mining power is linked to Chinese companies, along with several significant cryptos such as Tron, Neo, Qtum, and Vechain.

Beyond the betting operations, the network’s M.O. Included a series of faultless operations including Ponzi schemes, Pump and Dump, and pure fraud:

“The dealer behind the game analyzes the gambler bet, manipulates the odds according to the betting ratio, allows a small number of people to win, most people “float,” and the dealer gets the difference and makes a profit. Some of the gambling personnel were deeply involved, resulting in bankruptcy and even illegal crimes such as theft and robbery.”

The FIFA World Cup always attracts a large number of enthusiasts and gamblers. According to Sportytrader, over £236 million is spent on each match on internet gambling. The bets are not just on the winner, but on practically any aspect of a match.


Posted on

China Dismantles Network Using Cryptocurrencies to Ilegally Bet on the World Cup Results

The Guangdong Provincial Public Security Bureau dismantled a criminal network this week operating websites dedicated to illegal gambling.

According to Xinhua News, the group was active on the Internet, with clients from all over the world generating revenues of over $10 billion.

The operation of the security agencies was named “Net Security No.9” and aims to combat cybercrime related operations in Chinese territory.

According to reports, the criminal network ran several websites and online casinos, accepting Bitcoin (BTC), Ethereum (ETH), and Litecon (LTC) as international payment methods.

Xinhua says the operation had some pretty surprising results:

“The network took off more than 20 involved gangs, arrested more than 540 suspects, smashed more than 70 gambling apps and websites, shut down more than 250 online social platform chat groups, and frozen more than 260 million yuan of funds involved in the seizure. A group of servers, computers, mobile phones, bank cards and other items involved.”

Security agencies started the investigations in May. After their research, they were able to see the high organizational level of the group and the massive amount of operations they were able to perform.

“The gambling platform has been in operation for more than eight months, and it has developed more than 8,000 agents at two levels and 330,000 members, involving many countries and regions. Since the platform recharge only accepts virtual currency, the general members will not operate. Therefore, many internal hedge groups of the winning and losing transactions are derived, and the agency funds flow exceeds 10 billion yuan.”

It is important to note that China prohibits the use of cryptos as a substitute for money, and this type of operation is therefore considered illegal. However, the country also has one of the most critical cryptomarkets in the world.

According to Coindance data, most of Bitcoin’s mining power is linked to Chinese companies, along with several significant cryptos such as Tron, Neo, Qtum, and Vechain.

Beyond the betting operations, the network’s M.O. Included a series of faultless operations including Ponzi schemes, Pump and Dump, and pure fraud:

“The dealer behind the game analyzes the gambler bet, manipulates the odds according to the betting ratio, allows a small number of people to win, most people “float,” and the dealer gets the difference and makes a profit. Some of the gambling personnel were deeply involved, resulting in bankruptcy and even illegal crimes such as theft and robbery.”

The FIFA World Cup always attracts a large number of enthusiasts and gamblers. According to Sportytrader, over £236 million is spent on each match on internet gambling. The bets are not just on the winner, but on practically any aspect of a match.