Posted on

Report: Malware Targets Israeli Fintech Firms Working in Crypto, Forex Trading

According to a cybersecurity company, Israeli fintech companies are being targeted by malware.

Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19.

Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system.

The updates applied to the malware aim to evade detection and hinder its analysis. After explaining the obfuscation techniques employed by the malware, the researchers explain that the payload itself does not vary significantly compared to the original in terms of modus operandi or capabilities.

The software collects victim data, updates its settings, acts as a reverse proxy, executes commands, and uninstalls itself. It then recovers passwords, downloads and executes files, logs keypresses, captures screenshots, updates itself and cleans cookies from browsers. Unit 42 notes that it witnessed attacks employing this malware targeting fintech firms that engaged in forex and crypto trading, primarily based in Israel.

The report further claims that the threat research team discovered a possible correlation between Cardinal RAT and a JavaScript-based malware dubbed EVILNUM, which is used in attacks against similar organizations. When looking at files submitted by the same customer in a similar timeframe to the Cardinal RAT samples, Unit 42 reportedly also identified EVILNUM instances.

The post further notes that also this malware seems to only be used in attacks against fintech organizations. When researching the data, the company claims to have found another case where an organization submitted both EVILNUM and Cardinal RAT on the same day, which is particularly noteworthy since both those malware families are rare.

EVILNUM is reportedly capable of setting up to become persistent on the system, running arbitrary commands, downloading additional files and taking screenshots.

As Cointelegraph recently reported, a Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims.

Also, a report noted last week that cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift.

Posted on

North Korea Has Accumulated $670 Million in Crypto, Leaked UN’s Report Says

The unilateral embargo promoted by the United States against North Korea has forced the nation to look for funding sources in order to survive, and cryptocurrencies provide a powerful tool to achieve this purpose since they are not controlled by rival governments of financial organizations

A leaked draft of a report by the UNs’s Security Council, obtained by Nikkei Asian Review, claims that a panel of cybersecurity experts informed the council that according to their research, Pyongyang has accumulated about $670 million in crypto and traditional fiat currency.

Cyberattacks: The Best Way For North Korea To Get Its Hands on Crypto

Nikkei reports that the prevailing method of getting funds is through cyber thefts. Blockchain technologies allow North Korean hackers to cover their tracks and perform illegal actions.

The paper says that “North Korea waged cyber attacks on overseas financial institutions from 2015 to 2018.” Nikkei elaborates on how experts are convinced that there is a group of remarkably successful hackers operating within the isolated country, which already sees cyber attacks as a matter of strategic interest:

“The government has stolen money through cyberattacks, creating a pool of illicit funds that has grown since 2016, the panel said. The attacks are believed to be conducted by a specialized corps within the North Korean military and are now an important part of North Korean government policy.”

The accusations against North Korea are not something unusual in the cyber security industry; however they have increased over the recent years. In 2017, a report by the Department of Homeland Security had already alerted about the “HIDDEN COBRA” group which would be in charge of orchestrating cyber attacks through diverse methods varying from sending corrupt files to more elaborate schemes.

Lack Of Control By Financial Powers Make Cryptocurrencies Attractive for Non-Aligned Countries

According to the report, the Korean government may be interested in cryptocurrencies because – despite the transparency of the blockchain – they provide a greater pool of opportunities to circumvent sanctions.

“(Cryptocurrencies) provide the Democratic People’s Republic of Korea with more ways to get around sanctions, given that they are harder to trace, can be laundered many times and are independent from government regulation.”

Several countries such as Russia, Iran, Venezuela, Marshall Islands, Bahamas, and other nations are already contemplating the adoption of cryptocurrencies as an alternative to protect their economic development without the need to align themselves with the strategic interests of powers such as the United States.

The official report will be published next week.

The post North Korea Has Accumulated $670 Million in Crypto, Leaked UN’s Report Says appeared first on Ethereum World News.

Posted on

Report Shows Cryptojacking Is Prime Example of Shift Towards Discreet Cyberattacks

A recent report shows that cryptojacking is a prime example of cybercriminals’ shift to “low and slow” attack approaches.

Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14.

Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019.

The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, cryptojacking might be a better approach.

He added that “it [cryptojacking] is low and slow and guarantees a profit,” while ransomware does not. ComputerWorld also quotes Heinemeyer as stating that the barriers to entry to creating cryptojacking malware are low.

Heinemeyer also said that other methods, such as stealing credit card credentials, are cumbersome since criminals need to establish money laundering networks in order to avoid law enforcement. Lastly, he also noted:

“We’ve seen so many different variants of how these pieces of malware are spreading or being loaded.”

Per the report, he cited a company based out of the United Kingdom that saw over 400 devices very quickly infected by a cryptojacking malware after an initial infection via a phishing email. Also, according to Heinemeyer, one system admin installed a mining device underneath the floorboards of the data center where he worked at a major European bank in a creative cryptojacking move.

The article also suggests that such attacks mine the Monero (XMR) blockchain, since unlike Bitcoin, it is more suitable for mining on non-specialized, even consumer-grade, hardware. However, Cointelegraph recently wrote that a Monero upgrade has made the coin more resistant to ASIC mining.

As Cointelegraph has reported, of about 400 servers running virtualization software Docker that were found to be vulnerable to outside exploitation, most were seemingly running Monero mining software.

Also, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero coin mining code in February.

Posted on

Cryptojacking Overtakes Ransomware as Top Malware in Some Countries

Malware that uses infected hardware for mining crypto without authorization has become the top cyber threat in certain countries.

Cryptojacking, the unauthorized use of another’s hardware to mine cryptocurrency, has become the biggest cyber threat in many parts of the world, Bloomberg reported Dec. 14.

According to research from cyber security research firm Kaspersky Lab, cryptojacking overtook ransomware as the biggest cybersecurity threat particularly in the Middle East, Turkey, and Africa. In Afghanistan and Ethiopia over one out of four detected malware are cryptocurrency miners, according to Kaspersky’s data.

As cited by the Bloomberg, Kaspersky’s research “shows crypto mining attacks have risen almost fourfold in the region, from 3.5 million in 2017 to 13 million this year.” The cybersecurity firm reportedly also claimed that cryptojacking incidents are “likely to continue given the increased use of digital currencies.”

A report released by Kaspersky in November declares that the reason for the rise of cryptojacking malware compared to ransomware may “be due to the fact that people from developing markets are not so eager to pay a ransom.”

Not only PC but also smartphone users are targeted by unauthorized mining software — from the 2016-2017 period to the 2017-2018 period, these kinds of attacks reportedly increased by 9.5 percent.

Fabio Assolini, Kaspersky’s Senior Security Researcher, told Bloomberg that “the [Middle East, Turkey, Africa] region is becoming more appealing to cyber-criminals, with financial and malicious cryptomining attacks taking center stage.” Assolini also claimed that such attacks are becoming increasingly popular because they are “less noticeable” than ransomware.

Still, the increase in the popularity of this kind of malware has not been global. For instance, this year it registered a decrease of 15 percent in Zambia and 11 percent in Uzbekistan, according the cybersecurity firm. The report concludes

“Last year we asked what tips the scales for cybercriminals? Today, this is no longer a question. Miners will keep spreading across the globe, attracting more people.”

Cryptojacking is not the only way in which cybercriminals use cryptocurrency. As Cointelegraph reported in October, users of the popular video game Fortnite have been targeted by a malware that steals Bitcoin (BTC) wallet addresses.

Not only individuals resort to such actions in search of financial gains. According to a Chinese cybersecurity company, after targeting cryptocurrency exchanges, North Korean hackers have started to steal cryptocurrencies from individuals.

Posted on

North Korean Hackers Move Onto Attacking Individuals After Exchanges Boost Security

North Korean hackers have reportedly carried out over 30 attacks on cryptocurrency users, according to a cybersecurity company.

The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29.

Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks.

As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks a departure from its previous methods.” As Cointelegraph reported this October, North Korea allegedly backed two cryptocurrency scams this year: hacks funded by the country reportedly comprise of 65% of all cryptocurrency stolen to date.

Simon Choi, founder of cyber warfare research company IssueMakersLab, attributes the shift towards attacking individuals to cybersecurity enhancements by exchanges and financial institutions:

“Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.”

Choi also said that most targets have been wealthy South Koreans since “they believe that if they target CEOs of wealthy firms and heads of organisations” then “they can take advantage of billions of won in virtual currencies.”

According to Luke McNamara, an analyst at cybersecurity company FireEye, “it’s possible from previous intrusions they’ve been able to collect information” about “people using these [cryptocurrency] exchanges.”

McNamara explained that “when they understand and know the targets” then “they are able to craft lures specific to those organisations or entities.” He added that this makes them “effective at what they are doing.”

As Cointelegraph reported, Kaspersky Labs claims that North Korean hacker collective Lazarus Group used the “first” macOS malware to hack a crypto exchange. Experts have also argued that North Korea increasingly uses cryptocurrencies to avoid U.S. sanctions.

Posted on

Crypto Exchange Hacks in Review: Proactive Steps and Expert Advice

Has the cryptocurrency exchange which you typically trade on already been hacked? If not yet, this is highly possible. Centralized exchanges, which Vitalik Buterin wished would “burn in hell,” can manipulate users’ funds and face regular attacks, while decentralized ones seem to have not yet found a balanced compromise between security and usability. At the same time, the experience of traditional banks in ensuring cybersecurity is still not in demand within the crypto industry, which leads to users’ millions of dollars theft or data breach, like in an incident happened to Atlas Quantum account owners on Aug. 25.

The top five attacks on crypto exchanges are well known to traders and studied by cybersecurity specialists around the world. The list is headed by Mt. Gox, which has recently started accepting refunding claims of the traders affected by the hack.

Mt. Gox

Country: US
Founders: Jed McCaleb, Mark Karpeles
Funds stolen: 1.35 million BTC

Mt. Gox was first hacked in 2011, and then in 2014. The hackers compromised the account belonging to an auditor of the exchange. In the first case, 500,000 BTC — equivalent to $8.75 million — were stolen from the accounts and from the depository as a result of the exchange’s database being hacked. In the second case, attackers managed to withdraw much more — 850,000 BTC.

Civil investigators, unfamiliar with the subtleties of the cryptocurrency industry, were able to confirm the movement of only 200,000 BTC, which hackers transferred to their wallet by altering a nominal value of one Bitcoin to one cent. What happened to the rest of the assets is still unknown. The exchange terminated its operation in February 2014, resulting in three powerful blows to the Bitcoin exchange rate. Thus, in 2011, the cryptocurrency price fell from $32 to several cents; in 2014, from $720 to $550; and in 2018, Mt. Gox arbitration manager Nobuaki Kobayashi sold a total of 35,841 BTC in the falling market, accelerating its further fall. Recent activities of Mt. Gox administration infuriated the deceived users, who demanded to “just give the people their money in BTC!”

Protection advice

Protection advice

Some cryptocurrency exchanges strengthen their defences by working with trustworthy security auditors who have proven hack-proofing expertise and white hat skills. They prefer to work with one contractor in relation to audits, DDoS mitigation, scans and site updates.

This minimizes the risk of audit-related vulnerability and access to stored funds falling into the wrong hands. For higher protection, additional banking tools are used — such as segregated master wallets, cold storage, layers of withdrawal authorization, IP address verification and email confirmation, two factor authentication (2FA) login and a crypto debit card, which can all be used to verify payments and user logins to the exchange.

iBitt COO Chris Schwarzenbach shared with Cointelegraph that the highest level of cybersecurity is only possible with a centralized exchange service, which has the development resources, security team, hidden servers and responsive control necessary to run military-grade security for a crypto exchange.


Country: US
Founder: Roman Shtylman
Funds stolen: 24,000 BTC

BitFloor suffered from the second largest hack in crypto history back in September 2012. It all started when the exchange’s server crashed, either under the influence of a DDoS-attack or because of a power outage in the data center — as was claimed by its owner Roman Shtylman.

Four days after, the hackers used a backup copy of the key from the hot wallet of the exchange, where the funds of traders were stored, and withdrew 24,000 BTC. Shtilman made an unsuccessful attempt to compensate the victims by selling a stake in BitFloor’s property, but could not find an interested party. In 2013, the exchange closed, leaving the affected investors with nothing.

Protection advice

According to security experts, Bitfloor made two errors at once that led to such a severe financial loss. The first was storing the data in an unencrypted way — which Shtylman honestly confessed to — and the second one, which only aggravated the situation, was leaving large sums of money in an online-accessible hot wallet.

The simplest action to be done by any exchange in order to prevent the theft of coins is to keep the majority of its funds in “cold storage,” which ensures that private keys never touch any computer accessible from the internet. ThomasV, the lead developer of the Electrum client, provided seven key recommendations for cryptocurrency exchanges:

  • Don’t store more Bitcoin outside cold storage than you can afford to lose and remain solvent
  • Deposits should be sent to cold storage addresses directly
  • Transfer from cold storage to hot storage should be manual only
  • An attacker shouldn’t be able to disguise a theft as a series of withdrawals from customers
  • If a withdrawal request exceeds the amount available in the hot wallet, the customer should have to wait. Receiving coins 24 hours later is better than never
  • Clone your database to a place where an attacker cannot irreversibly modify or delete it from the server
  • Send digitally signed account statements to customers regularly, using a key that is not on the public server


Country: US
Founder: Tristan D’Agosta
Funds stolen: 97 BTC

Poloniex takes the 3rd place in the long list of victims. In May 2017, hackers discovered a critical vulnerability in the exchange’s software — all the withdrawal requests being simultaneously sent, were automatically processed regardless of the account balance. The owner of Poloniex, Tristan D’Agosta, did not name the exact amount of the stolen goods, but announced that the total users’ funds were reduced at the time of hack equivalent by 12.3 percent or 97 BTC.

To cover the losses Poloniex had to cut all users’ balances by this amount. These funds were temporarily frozen and then returned to users from personal funds, with an increase in the exchange’s fees going up 1.5 percent. Users found this decision acceptable, and Poloniex saved its reputation and continued to work — periodically undergoing minor attacks. Now the exchange belongs to the American payment system Circle.

Protection advice

Tristan D’Agosta publicly revealed in his BitcoinTalk post what crucial mistakes had been made by the administration:

“The major problem here was that withdrawals should have been queued at every step of the way. This could not have happened if withdrawal requests were processed sequentially instead of simultaneously. Additionally, auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.”

Agosta has also advised on precautionary measures to be done in order to prevent such irreversible damage and shared new changes in the exchange’s security system:

“Withdrawals and order creation have been switched to a queued method, where the first step is to add the task to a global execution queue that is processed sequentially. Each step of critical database operations is verified before proceeding, and such operations are in the process of being converted to transactions. I have hired additional developers to help with tightening up security at Poloniex, as well as created a bug bounty.”



Country: Slovenia
Founders: Merlak brothers
Funds stolen: 19,000 BTC

In 2015, Bitstamp lost 19,000 BTC, which were stolen by hackers from the exchange’s hot wallet. At that time, the losses were equivalent to $5 million. Surprisingly, a banal phishing attack was used by hackers — the exchange employees received personal emails and messages in Skype from seemingly friendly sources.

What’s maybe even more surprising is that the person responsible for security, Bitstamp system administrator Luka Kodrich, clicked the link and downloaded malware onto the working computer, after which the exchange was hacked. Bitstamp hurried to notify traders about what was happening, however, the attackers had already stolen the funds. Compensation did not followed, but the security regime was toughened that helped the exchange recover quickly. For the purpose of developing multi-signature protection Bitstamp has partnered with BitGo.

Now, carrying out transactions on Bitstamp requires using multisignature, and 98 percent of the cryptocurrency is stored in a cold wallet.



Country: British Virgin Islands
Founder: Rafael Nicole
Funds stolen: 120,000 BTC

Bitfinex became the victim of hackers in August 2016. Unknown people used a bug in the multisignature system, which was supported by BitGo’s partner company. The hackers deceived the BitGo algorithms in an unknown way, forcing them to approve transactions and withdrew about 120,000 BTC from the hot wallet, worth the equivalent of $72 million at the exchange rate at that time.

The Bitfinex founders confronted the users about the fact that financial losses would be distributed among all the users, 36.067 percent of whose coins would be frozen. These funds were later compensated by BFX tokens, which could be converted into U.S. dollars at the exchange rate, or into shares of iFinex Inc., which belongs to Bitfinex founder. This chosen — and seemingly proper — policy helped the exchange stay in the top until today.

Protection advice

Emin Gün Sirer, a famous computer scientist, specialist in hacking researches, and professor at Cornell University, suggested a solution that does not break Bitcoin’s all-too-critical irreversibility when dealing with strangers, but allows someone to take back his funds in the event of a hack:

“The special thing about vaults is that they come with two keys. One key is used to unlock the vault and move your funds to a regular wallet. The other one, called a recovery key, is used when you notice that your funds were hacked and moved out of the vault by a hacker. You can then use your recovery key to undo the hack — you have 24 hours to notice and launch the recovery and get back all the funds. Notice that you cannot fool a merchant with this trick and revert a real transaction. All you can do is take back your own money from someone who is trying to steal it. If I may say so myself, it’s a pretty ingenious scheme. It’s almost like someone ought to work on it.”

Chronicle of 2018

Despite all the hopes of the crypto community, the year has not brought anything new to the established practice of securing the exchange sites, and 2018 is being marked by numerous attacks made with the help of new sophisticated hacking tricks. According to the Wall Street Journal, since the beginning of the year, hackers have managed to steal more than $800 million and are not going to stop there.


Country: Japan
Founders: Koichiro Wada, Yusuke Otsuka
Funds stolen: 523 million NEM

Coincheck was attacked by hackers in the last days of January 2018. The target, as in most cases, was the hot wallet of the exchange, from which 523 million NEM tokens were stolen. Despite all the previous examples, the exchange continued to keep users’ funds and even their own funds in the hot wallet and did not use the multisignature for protection.

Will the hackers cash out the stolen goods? Hardly. The crypto community united after this theft and finally began to actively exchange information in order to prevent further movements of stolen funds. In particular, the ShapeShift instant exchange service has banned the exchange of NEM coins. This example was followed by other services, since 11 anonymous addresses, which the stolen tokens had been transferred to, have been tagged with a sign “coincheck_stolen_funds_do_not_accept_trades: owner_of_this_account_is_hacker,” so it isn’t difficult to track any transaction made by hackers. The investigation of the incident and the development of compensation options for users are continuing.

Protection advice

Coincheck’s example emphasized the importance of properly organized storage of users’ funds on the exchange. Security layers and warning triggers are a must for any exchange service, says Nick Moore, CEO at Investa, a U.K. crypto exchange which also operates debit cards and ATMs:

“We hold minimal coins in our hot wallets and operate a time delay on withdrawals with manual review process, so the ability to hack account and amount of coins held on exchange is low. The risk of loss is minimized through the manual procedures of moving coins to cold storage when we identify that any excess funds have accumulated and are not needed for immediate liquidity. Storing the funds on cold wallets ensure they cannot be hacked and keeping a minimal float in hot wallets helps to save the liquidity.

“I’m sure users don’t mind waiting a little longer for their withdrawals, when they realize that this is one of the best ways to fight the hackers.”


Country: Italy
Founder: Francesco Firano
Funds stolen: $170 million

On Feb. 13, BitGrail lost $170 million in Nano (XRB) as a result of hacking attacks. At the same time, the founders of the exchange started a public discussion with developers of Nano’s blockchain in order to define which side was responsible for the bug that led to the hack.

The developers of the cryptocurrency accused BitGrail of giving insufficient attention to ensuring security — in particular, in the absence of the authentication procedure for users. Later the exchange stopped working and turned over the investigation to the police.

The authorities of Florence confiscated all the cryptocurrency from the BitGrail deposit to secure the claim of the affected users, and the Nano Foundation promised to take part in the protection of their interests and compensation for losses.


Country: South Korea
Founder: Lee Nuss
Funds stolen: $40 million

Coinrail fell victim to a hacking attack on June 10, 2018 and lost a total of $40 million in 11 cryptocurrencies. Immediately after the attack, the representatives of the exchange were not ready to provide any intelligible information, so the details of the theft were revealed by the participants in the Pundi X project, whose tokens were also among the kidnapped.

A month later, on July 15, the exchange resumed trading and offered the victims two compensation schemes: a gradual refund through the purchase of stolen cryptocurrency and compensation with Coinrail RAIL tokens, which can then be converted into a cryptocurrency at the inner rate.

Protection advice

Rik Ferguson, an analyst at cybersecurity firm Trend Micro, believes the problem is in the weakness of the development team, insufficient cybersecurity education of the staff and poor investment in fraud analytics:

“By and large these exchanges are small businesses and they are most often in permanent startup mode, facilitating transactions. These organizations have small security teams, if they have one at all, little to no experience in securing a financial institution and generally a very large, attractive pile of money.”



Country: South Korea
Founder: Kim De Shi
Funds stolen: $30 million

Bithumb was hacked on June 19, just a few days after it updated its security systems. $30 million, which was 10 percent of the total trading volume, was stolen by the attackers. This is the second incident in the chronicle of Bithumb. The first occurred on June 29, 2017, when the personal data of 30,000 users — equivalent to three percent of all the users by that time — was compromised. Hackers tried to access users’ one-time passwords, but the exchange froze trades and made changes to the security system.

At the same time, Bithumb spends eight percent of profits on security, strictly follows the rule “5.5.7” when five percent of employees are IT specialists having the confirmed expertise, five percent possess the skills to ensure cybersecurity, and at least seven percent of the company’s profits are spent on its funds protection.

At the time of the hack, the exchange discovered a potential threat and was already withdrawing users’ funds to a cold wallet. Affected traders were promised to be compensated from the personal funds of Bithumb administration.

Protection advice

Charlie Lee in a tweet expressed hopes for the restoration of the exchange and gave users concise advice, warning against such situations:

“As I’ve said many times, be smart and only keep on exchange coins that you are actively trading. It’s best to withdraw right after trading.”


Country: Switzerland
Founder: Guy Benarzi
Funds stolen: $23 million

Bancor, a decentralized exchange created in opposition to centralized ones, to which Vitalik Buterin has recently addressed his angry “burn in hell” statement, was attacked by hackers on July 9, 2018. It is noteworthy that this happened a day after the exchange expressed in the official Twitter post the full agreement with Vitalik Buterin about centralized decisions and stated that decentralized exchanges are the future.

From the exchange’s hot wallet, hackers withdrew a total of $23.5 million. Almost half of the stolen funds was made up of their own BNT tokens ($10 million), Ethereum ($12.5 million) and Pundi X ($1 million). Its tokens were immediately frozen, which caused a flurry of criticism from the cryptocurrency community, because such actions directly contradict the principle of decentralization. Charlie Lee summed up the overall view in his Twitter, announcing that Bancor can manipulate users’ funds.

As for users’ tokens, Bancor immediately created a coalition with the instant exchange service Changelly, through which the hackers tried to withdraw funds. Transactions were frozen there as well.

How do banks deal with this?

Classic banks and banking services have been subject to various attacks since their emergence — that is, for several centuries. And over this time, they have been learning to resist such threats. The only difference is that 50 years ago, banks were attacked by criminals such as Bonnie and Clyde, and now they are attacked by hackers and internet scammers.

Classic banks follow the “5.5.7” formula and have international information security standards — for example, CobiT, which is considered entry level and is then supplemented by numerous internal regulations and scenarios for responding to intervention attempts.

Director of special projects at Group-IB Ruslan Yusufov is sure that the response to incidents must include both systems and an early warning and response plan that will allow all employees to act in accordance with regulations in the event of an incident. Everything is like that in the banking sector. A similar scheme was used by the Bancor exchange, which instantly froze its own tokens, calculated the services through which the withdrawal was planned, and entered into a coalition with them to freeze the stolen assets.

Criticism on the part of the crypto community in this case is less important than efforts to preserve the investors’ funds.

According to statistics, hackers, when attacking crypto exchanges, use tools that have been repeatedly tested on fiat banks. A study of 400 successful hacking attacks on the blockchain systems showed that popular banking services like TrickBot trojan, Vawtrak, Qadars, Triba, and Marcher were slightly modified for crypto exchanges and brought success to hackers in this way as well.

Nevertheless, the security systems of classical banks successfully resist hackers, and the established practice of tracking transactions allows customers to return the stolen funds. Why not borrow this experience? Unfortunately, in ICO teams — including those who create cryptocurrency exchanges — there is not a single IT specialist with the experience in the field of information security of banks.

Is it possible to return the money?

As practice shows, after powerful hacking attacks, crypto exchanges most often use three ways to compensate the affected users:

1. Rollback to a previous state or freeze transactions (Bitstamp, Ethereum and Bancor did this, but this contradicts the principle of blockchain’s irreversibility).

2. Compensation at the expense of other users (this way was chosen by Poloniex).

3. Return the funds of the exchange from its own profit or by issuing exchange tokens (Bitfinex and Coinrail).

Thus, stable, large exchanges that are interested in continuing its operation will offer newer and newer ways of compensating for lost funds. And this is good news for the cryptocurrency industry. Obviously, the practice when the exchange owners tried to hide information from the community about the details of the theft and disappear themselves is being slowly abandoned.

Will cryptocurrency exchanges cope with the problem of hacking attacks sometime soon? Absolutely not. There are two main approaches to hacking exchanges. The first is to gain access to accounts and closed-functionality through the hacking of the founders’ accounts and then to use malicious programs from the arsenal of bank attacks. The second is an attack on the infrastructure of the exchange itself, through the hacking of a web application linking the client to his money on the exchange servers or an attack on so-called hot wallets.

Consequently, the protection of digital assets can be achieved by the joint efforts of users and crypto banks serving the turnover of cryptocurrencies. Bancor’s head of public relations, Nate Hindman, made a statement after the hack:

“These mechanisms include a real-time blacklist that tracks offending addresses and stolen assets, as well as an emergency fund that compensates projects when thefts occur. There is plenty more to do here and we look forward to working with our peers across the industry to make everyone [is] stronger and smarter as we move forward together. Collaboration is not just a concept, it’s a practice — and we are grateful for the support and assistance.”

At the same time, Hindman believes that it is impossible to completely eliminate the possibility of hacking attacks, since attackers develop their own strategies along with the crypto industry, but these attacks can be resisted if market participants unite for joint actions and exchange of information.

As for ordinary users, the tips for preserving digital assets from hackers’ are well known:

  • Do not keep funds in hot wallets.
  • Choose well-known exchanges that disclose security policies.
  • Use the functionality provided by the exchange to the maximum, including 2FA.
  • Distribute funds between several wallets and exchanges.

Probably cryptocurrency exchanges are so often hacked because it is easy to do — and punishment for this is not regulated yet. More exchanges are attacked, more people are left without money, and someone gets away with it. But this year, things may change, since all this has started to seriously concern regulators in state and even world scale.

Along with the G20, an entire consortia of summits are being held, devoted to the issue of regulating the activity of crypto exchanges. For example, one of the Futurama Blockchain Innovators Summit concept authors Joshua Hong reported to Cointelegraph:

“There are many unreported hacking incidents of major exchanges. So, from the perspective of regular user, we do not know how severe the level of hacking [is] for most exchanges. For example, Bithumb was recently hacked, but its trading volume or commission revenue didn’t seem to get affected at all. On the other hand, other exchanges had to shut down their operation after a single blow of hacking.“

The exchanges leaders positively react to such initiative. One of them, investment strategist at Bithumb Alex Lee expressed his personal interest to take part in such discussions:

“[The] best answers to the problems in our industry can be found through proactive sharing of each other’s stories in highly personable ways. So, no matter what the issues are, be it crypto exchanges getting hacked or regulators feeling the pressure from disgruntled token investors who lost money, the solution can be found through community interactions and honest, open conversations.”

Posted on

US Federal Trade Commission Issues Warning on Bitcoin Blackmail Scam ‘Targeting Men’

The Division of Consumer and Business Education of the U.S. Federal Trade Commission (FTC) published an article August 21 titled “How to avoid a Bitcoin blackmail scam.”

The FTC’s letter focuses on consumer protection, in what it calls a “new scam targeting men,” warning about blackmailing scams demanding payments in Bitcoin (BTC). The brief letter states:

“Here’s how it works. Scammers have been sending letters to men, demanding payments using [B]itcoin in exchange for keeping quiet about alleged affairs. The letter also explains how to use [B]itcoin to make the payment.”

Among the “classic signs” of blackmailing, the FTC lists “threats, intimidation and high-pressure tactics” and advises consumers to “report it immediately to your local police, and the FBI.”

Cybersecurity firm Kaspersky Labs recently published a report according to which cybercriminals stole over $2.3 million via crypto scams during the second quarter of 2018.

Earlier this month the UK police published a report stating that crypto-related scams have led to $2.55 million in investor losses this summer alone

Posted on

China: Three Hackers Arrested for Allegedly Stealing $87 Million in Crypto

Chinese police have arrested three “highly experienced” hackers suspected of stealing up to 600 million yuan (around $87.3 million) in crypto, local news outlet Xinhua reported August 18.

The alarm was reportedly first raised by an individual identified by the surname Zhang, who is said to have first filed his complaint March 30 with local police in the northwestern city of Xi’an.

The victim claimed that his computer had been hacked, resulting in the theft of Bitcoin (BTC), Ethereum (ETH) and other crypto holdings worth up to 100 million yuan ($14.5 million).

Initial investigations by a dedicated police task force indicated that the suspects had used a remote attack to transfer funds from Zhang’s computer without leaving a trace, in what is reportedly considered to be a “rare case.”

The authorities are said to have received assistance from several local internet service providers, allowing them to identify the first suspect, an individual known as Zhou, within three months. After two further months, all three accomplices have now been arrested across disparate regions of China – Huan and Changchun provinces, and Beijing.

The three suspects have been charged with coordinating a wider series of remote attacks against enterprises and individuals worth a total of 600 million yuan (around $87.3 million). Investigations continue, as Xinhua further reports.

As Cointelegraph has previously reported, earlier this summer Chinese police arrested a total of 20 suspects in a major cryptojacking case that allegedly infected over one million computers and generated 15 million yuan (about $2.2 million) in illicit profits over the course of two years.

Posted on

Report: Over $2 Million Lost to Crypto Scams in Second Quarter of 2018

A recent report from Russia-based antivirus and cybersecurity firm Kaspersky Labs states that in the second quarter of 2018, cybercriminals stole over $2.3 million dollars via crypto scams.

The report, entitled “Spam and phishing in Q2 2018,” notes so-called “crypto giveaways” as a pervasive example of phishing, wherein cybercriminals dupe individuals into giving up sensitive information as part of a too-good-to-be-true promotion giving away popular cryptocurrencies.

In these crypto phishing scams, unsuspecting individuals are fooled into voluntarily giving up important information on convincing but malicious copies of popular crypto wallets and markets.

Kasperksy states that cybercrooks also pose as new Initial Coin Offering (ICO) projects to collect money from potential investors that try to buy up tokens in supposed early access events. The report also notes that Kaspersky’s anti-phishing system prevented 58,000 user attempts to connect to phishing websites in Q2 2018.

In addition to outlining various types of scams, the quarterly report states that Ethereum (ETH) is currently the most popular cryptocurrency for phishers. According to the firm, ETH’s popularity among cybercriminals increases as more funds are attracted to ICOs on the Ethereum platform.

Earlier this month, new research shed light on the ubiquitous fake crypto giveaways on Twitter. In the course of its research, cybersecurity firm Duo Security surveyed a swathe of 88 million Twitter accounts, using machine learning techniques to train a bot classifier.

Using the most recent 200 tweets from each account, the classifier found a network of 15,000 bots that spread fake competitions and impersonate well known figures in the crypto industry. Duo data scientist Olabode Anise said that, “The bots’ attempts to thwart detection demonstrate the importance of analyzing an account holistically, including the metadata around the content.”

Posted on

The PGA Falls Victim To Bitcoin Ransomware Attack

While cryptocurrency prices have taken a tumble, with valuations falling by upwards of 70%, ransomware still seems to be a medium of attack for cryptocurrency-focused hackers. As per an article from Golfweek, the Professional Golfers Association, a group of the best golfers from around the globe, has fallen under a cyberattack.

The report from the golf news source pointed out how “shadowy bandits” locked PGA officials out of essential files, with this attack coming prior to two upcoming PGA Championships in the U.S. and France.

The news of this ransomware attack first originated on Tuesday morning, when PGA staff members were unable to access their files to work on. When opening a file, the staff would be prompted with the following message, which clearly led some to believe that something was afoot:

 “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm… We exclusively have decryption software for your situation. No decryption software is available in the public.”

As is the common theme with ransomware attacks, hackers also noted that any attempt to break the algorithm could result in the files being deleted permanently, writing:

“This may lead to the impossibility of recovery of certain files.”

Upon further investigation, the files that were under lock and key was revealed to be creative materials for the upcoming championships. More specifically, the promotional logos and banners that would be used for digital and physical publications for advertisements. It was also noted that the locked media includes development work on future PGA logos, which are near-irreplaceable and are the brainchildren of PGA staff.

The message also included a Bitcoin wallet address, but the hackers did not specify an amount that the PGA staff should pay to gain control over their files. While the work locked up is of importance, a person familiar with the matter expects the PGA to push aside this issue, and will not be willing to pay any sort of ransom.

The promotional materials may be important to the PGA, but maybe not important enough to warrant a hefty sum, as the U.S.-based association has yet to discover cases of ransomware that will substantially impact the success of the upcoming tournament circuit.

Cryptojacking And Ransomware, Two Primary Methods of Crypto CyberAttack

Cryptojacking and ransomware have become growing issues as cryptocurrencies have exploded in value. While ransomware, the method of attack aforementioned, still remains a hot topic within the hacker community, cryptojacking has quickly surpassed ransomware to become the biggest cyber problem.

For those who are unaware, cryptojacking is a specific type of cybercrime that sees malicious hackers take control of a victim’s piece of technology, forcing the device to mine cryptocurrencies for the hacker’s personal gain. Cryptojacking malware, although generating only a few cents per device affected, can easily sweep across thousands, if not millions of computers, netting the hackers a nice reward.

Many hackers have begun to allocate their resources to cryptojacking instead of ransomware, as it is often unintrusive and goes under the radar of many consumers. As cybersecurity expert Troy Mursch put it:

Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity.

Photo by Fancycrave on Unsplash