Posted on

Hacked Crypto Startup Cryptopia To Open Its Doors Again, First Through “Read Only” Site

Cryptopia To Launch “Read Only” Site

The day has finally arrived. At long, long last, Cryptopia, an altcoin-centric exchange has revealed that it will be reopening its doors. Or in some capacity (not full), at least. The New Zealand-headquartered exchange, hacked approximately six weeks ago for reported millions in an array of crypto assets, took to Twitter to give information on this subject matter just recently.

According to the recent update from the firm, who has presumably got clearance from Christchurch authorities and other officials to restart its platform, a “read-only” version of the site will go live sometime today. This site, which will have trading, deposits, and withdrawals disabled, will show balances dated to January 14th, 2019, days before the hack.

Cryptopia intends this version of its site to allow users to reset passwords and their two-factor authentication credentials/details. Interestingly, the company didn’t divulge when it would totally reopen its services, but it did note that 24% of all wallets under its custody have been transitioned to new secure servers.

How Much Crypto Was Lost, And What’s Next?

That’s the question that remains on the minds of all Cryptopia users, now creditors to the exchange. Well, as reported by Ethereum World News previously, the company divulged that a “worst case 9.4%” of its holdings were stolen in the hack, meaning that a majority of the cold wallets were left untouched in this imbroglio. But interestingly, the exact dollar value of the crypto funds was not divulged. However, blockchain analytics group Elementus picked up where the hacked platform was slacking.

Per previous reports, Elementus, a New York-headquartered boutique, compiled an in-depth report on the matter that outlined the severity of the attack. The firm’s researchers concluded that over $16 million U.S. dollars worth of Ethereum and ERC20 tokens were stolen by the attackers. $3.57 million of the sum was in ETH, $2.446 million in Dentacoin, $1.948 million in Oyster Pearl, and the list goes on. Other prominent tokens, including TrueUSD, OmiseGO, Sirin Labs, ZRX, and Augur’s REP, were also snatched.

Just days after Elementus released its report, the New Zealand-headquartered exchange was hit again. According to a follow-up from Max Galka, the chief executive of the research boutique, 17,000 Cryptopia wallets saw 1,675 Ether leave their care.

As to what’s next for unfortunate victims to this debacle, Cryptopia claims that it is currently finalizing a “rebate process for affected users,” adding that details will follow. Will those affected by this fracas get reimbursed?

Photo by Mahesh Ranaweera on Unsplash

The post Hacked Crypto Startup Cryptopia To Open Its Doors Again, First Through “Read Only” Site appeared first on Ethereum World News.

Posted on

Coinomi Used to Send Your Wallet Passphrase to Google for Spell Check, User Reveals

A vulnerability in the code of Coinomi’s desktop wallet sent the users’ passphrases to google for a spell check, potentially affecting all of those who decide to restore their wallets.

Warith Al Maawali, a wallet user who allegedly lost his life savings after restoring his wallet with an approximate 60 – 70 k in cryptocurrencies, disclosed the information.

User Finds that Coinomi Sends Your Wallet Passphrase to Google for Spell Check

Warith tried several times to communicate with Coinomi’s team, yet could not reach a satisfactory solution, so he decided to write a post and raise awareness through social networks.

In a Reddit post, Warith explains that after using the passphrase of his Exodus wallet, he noticed a strange series of transactions, losing almost 90% of his funds. The first thing he verified was that the Coinomi Wallet was not signed, something that led him to think that it could contain some backdoor.

Later he contacted Coinomi, and they proceeded to fix this error, signing the app. However, he was able to verify that the software was exactly the same.
Then, he ran a program to monitor https, and https traffic and the results were surprising:

“I started monitoring the traffic by running Fiddler in the background and then started Coinomi wallet. The first thing I noticed is that Coinomi application starts downloading dictionary wordlist from the following web address:

Then I clicked on restore wallet and pasted a random passphrase and suddenly the screen screamed SURPRISE MOTHER******** (boom puzzle solved!)
The WHOLE passphrase in plain-text is sent to a domain name owned by Google! It was sending it as a spelling check function! Here is sample of the screenshot of the HTTP request:

To see the whole “experiment” click the video below:

Coinomi Responds

After this, Coinomi issued an official statement. The team quickly patched the desktop app, confirming that it did not affect mobile wallets. They also explained that while Warith’s findings are accurate, it is improbable that a hack could have occurred.

The team explains that it looks more like a “bribe” since the communication goes directly from the wallet to the google server, without going through Coinomi. Likewise, Google automatically rejects the connection.

They explain that it is false that they have refused to solve the problem. According to Coinomi, they responded to Warith asking for more information; however, the user declined to collaborate:

During these days, Warith Al Maawali repeatedly refused to disclose his findings and kept threatened to take this public if we didn’t pay right away the ransom of 17 BTC which would make up for the “hacked” funds (stolen by Google, according to Warith Al Maawali) that are possibly still controlled by him and couldn’t have been hacked because of Coinomi for a series of reasons:

  • Coinomi Team never had access to these seed phrases or funds
  • No one else except from Google could read the contents of the encrypted packets that contained the seed phrases
  •  Google rejected these requests initiated by jxBrowser/Chromium as they were badly formed (didn’t contain a valid Google API key) and never actually processed them

To sum things up: was there an issue with our Desktop wallets? Yes, there was, and it was fixed hours only after it was disclosed to us. Could this issue have resulted in loss of funds?

  • Practically, no, it couldn’t have.

Warith has stated that he is considering taking “legal actions against the company behind Coinomi if they don’t act and take the responsibility”, but he has not provided any further information or comment on Coinomi’s statements.

The use of hot wallets, while safe, also carries significant risks that must be taken into account when storing large amounts of funds in crypto.
If users are going to store large sums of money, the best option is a cold wallet or hardware wallet that eliminates any possibility of interception.

The post Coinomi Used to Send Your Wallet Passphrase to Google for Spell Check, User Reveals appeared first on Ethereum World News.

Posted on

Bitcoin Electrum Wallet Attacked: Hacker Steals 200 BTC

Nearly $1M In Bitcoin (BTC) Stolen

An anonymous hacker (or consortium of hackers) have purportedly stolen nearly $1 million worth of Bitcoin (BTC), reports technology media outlet ZDNet. Per the report, the Electrum Wallet, a popular open-source project founded in mid-June 2011, was breached in a “clever attack.”

The attack, which has since been confirmed by the team behind the venture, purportedly consisted of a false message appearing on users’ official Electrum-based applications, which beckoned consumers to visit a site.

If the link stipulated was clicked, it would lead victims to a seeming Electrum-branded GitHub repository, which contained a malicious version of Electrum that would steal consumers’ Bitcoin holdings.

This specific attack purportedly began on December 21st but was recently ended (maybe only temporarily) by GitHub admins, who purged the malicious download files. But how exactly did the attack work?

Well, as explained by ZDNet, the hacker purportedly added dozens of “malicious servers” to the Electrum network, so when a user intends to make a transaction, the hacker-backed server replies with an error message that asks users to visit the false GitHub. When downloaded, the app would request for users to input a 2FA code, which was routed to the attacker, subsequently allowing BTC to be snatched.

Electrum admins have purportedly since disallowed the message from being mostly legible, so this medium of attack is likely breathing its last breaths. Yet, the fact of the matter is that in the end, the hackers netted 200+ BTC, approximately valued at ~$740,000 at the time of writing. Other reports indicate that the attack garnered 250+ BTC for hackers, but these numbers haven’t been confirmed.

Not The First Attack On Electrum

Interestingly, this isn’t the first time that the popular wallet solution has been attacked by bad actors. Earlier this year, in early-May, the Bleeping Computer reported that the Electrum team had seen an unnamed individual/group create a copycat of their flagship product, naming it “Electrum Pro.”

The app, which closely resembled its bonafide counterpart, was exposed as a vector of attack that malicious individuals can exploit, stealing Bitcoin private keys in the process.

In a post-mortem of the attack (of sorts), which went on for upwards of two months, it was explained that there were a number of glaring red flags. Electrum Pro purportedly used Electrum’s brand and logo without permission, while also purchasing the rights for the domain, which was near-identical to the legitimate group’s .org domain name.

Following analysis, it was also revealed that in Pro’s code, specifically lines 223-248 of, a system was integrated that allowed attackers to upload users’ keys for nefarious purposes. While the Electrum Pro attack has since been dismantled, the two aforementioned cases show how hackers are still poised to attack the cryptosphere, even amid a bear market.

Title Image Courtesy of Luca Bravo on Unsplash

The post Bitcoin Electrum Wallet Attacked: Hacker Steals 200 BTC appeared first on Ethereum World News.

Posted on

Hackers From North Korea Targeting Bitcoin, Crypto Investors

North Korea Still In Love With Bitcoin, Crypto

Due to the decentralized, borderless, and censorship-resistant nature of Bitcoin and related technologies, North Korea, the world’s most well-known hermit state, has taken a liking to this decade-old innovation. But some would argue that North Korea has taken its crypto penchant a bit too far, with a multitude of reports indicating that the nation is leveraging cryptocurrencies for dubious financial gain.

As reported by Ethereum World News in mid-October, Lazarus, a supposed North Korea-based hacker consortium, was found to be responsible for five cryptocurrency exchange hacks, including the now-infamous $500 million breach of CoinCheck. A report from cybersecurity firm Group-IB, who first divulged this information, indicated that Lazarus’ constituents used social engineering, phishing, and malware to forcefully visit pertinent databases and access points.

Now, per the South China Morning Post, Lazarus has set its targets on retail crypto consumers, like you or me, who often aren’t the target of such bigwig hacker collectives.

Simon Choi of IssueMakersLabs, a so-called “cyber warfare research group,” recently told the SCMP that while Bitcoin hackers from North Korea used to target exchanges and their employees, a shift towards ‘common Joes’ in the cryptocurrency economy.

Backing this claim, Kwon Seok-chul, CEO of South Korea-based cybersecurity organization Cuvepia, noted that his firm has detected a minimum of 30 times that North Korean hackers have attacked cryptocurrency holders since April 2018.

Kwon, accentuating that the victims were just “simple wallet users,” went on to note that Cuvepia’s systems likely just detected the tip of the iceberg, adding that the “true number may be well over 100.” Explaining the reasoning behind the shift from lucrative exchange hacks, a seeming Robinhood-inspired form of attack, to individual wallet breaches, Choi noted that the former group has begun to bolster their security efforts.

Binance, for example, recently moved a majority of the Ethereum-based tokens it has custody over, more than $1.2 billion worth, to a new, arguably more secure wallet, as reported by Ethereum World News previously. The cybersecurity researcher explained:

The exchanges have become used to the attacks and boosted their security somewhat. Direct attacks on exchanges have become harder, so hackers are thinking about alternatively going after individual users with weak security.

Interestingly, Choi went on to add that the North Korean hackers are likely targeting South Korean CEOs, many of which may have billions of won in digital assets, such as Bitcoin.

Although the aforementioned statements make it sounds like Lazarus has given up on attacking exchanges entirely, Luke McNamara of FireEye recently claimed that Lazarus’ inaugural claims to fame could have aided in its efforts to target individual cryptocurrency users. He noted:

It’s possible from previous intrusions they’ve been able to collect information related to the email addresses, usernames of the people using these exchanges.

Regardless of the details, the SCMP’s most recent report on the matter underlines the state’s goal to reportedly bypass sanctions through the trading, garnering, and use of cryptocurrencies.

And in spite of purported hackers, other reports indicate that North Korea is still hell-bent on launching its second international crypto- and blockchain-centric conference.

Title Image Courtesy of Markus Spiske on Unsplash

The post Hackers From North Korea Targeting Bitcoin, Crypto Investors appeared first on Ethereum World News.

Posted on

Mt.Gox Opens Claiming Process, Victims To Receive $1 Billion In BTC

Mt.Gox Trustee Commences Claiming Process

You may not remember it, but in 2014, Mt.Gox was hacked for over 850,000 BTC in a now-infamous event. While the hack occurred in the crypto industry’s earliest stages, it still shook the community to its core, nonetheless. And with a recent announcement, it has become clear that the near-five-year Mt.Gox debacle has continued, with the Japan-based exchange recently revealing that it would be opening its civil rehabilitation claiming process for its creditors.Image result for mt.gox

As per an official Mt.Gox document, victims of the hack can finally make claims for their lost crypto funds. Along with the aforementioned document, Nobuaki Kobayashi, the infamous Mt.Gox trustee, released an online claiming tool, along with an offline method via post. However, this process may not be cut and dried, as the trustee outlined a series legal documents (and requirements) that creditors will have to fill out.

Prospective claimants will reportedly have until October 22nd to submit a filing, or else they will have to wave goodbye to their lost funds. Kobayashi elaborated, writing:

The deadline for filing proofs of claims is October 22, 2018 (Japan time) (must arrive by this date). If proof of claim is not filed by the deadline, then disenfranchisement (i.e., loss of the right to claim) might apply, so please be careful.

It is important to note that this process only applies to individual traders, with the online civil rehabilitation process for corporations or legal entities to come at an unspecified date. Kobayashi still has access to approximately 170,000 Bitcoin (BTC) and Bitcoin Cash (BCH), or the equivalent of over $1 billion, which will evidently be distributed to its rightful owners.

Following the October 22nd deadline, the civil rehabilitation requests will be submitted to Japanese courts, by February 14, 2019, at the latest. And pending judicial approval, the rest of Mt.Gox’s liquid assets, like the aforementioned BTC and BCH, will be distributed among the claimants.

Will A Mt.Gox BTC Selloff Occur?

In late-June 2018, documents revealed that the Mt.Gox case would be transitioning from bankruptcy proceedings to civil rehabilitation. Although this may seem mundane in and of itself, many investors breathed a sigh of relief, as this meant that trustee Nobuaki Kobayashi would stop the sale of BTC on spot market exchanges.

For those who are unaware, Kobayashi rose to infamy earlier this year, as many blamed him for single-handily wiping out the market by selling tens of thousands of BTC (upwards of 30,000 BTC) for fiat, evidently driving down prices.

But even as civil rehabilitation proceedings began, it has become apparent that this will only temporarily stave off a fiat selloff, as it is likely many creditors will want out once they receive the claimed funds in Q1 of 2019. Nonetheless, some are hopeful that this delay, albeit ‘only’ 8-9 months, will stave off any risk of the further propagation of 2018’s bearish price movements.

Photo by Andre Francois on Unsplash


Posted on

Cutting-Edge “PowerGhost” CryptoJacking Software Eyes The Corporate World

Crypto mining, or cryptojacking as it is better known by community insiders, has become a growing problem in this industry, with the presence of crypto-malware following 2017’s bull-run. According to ZDNet, researchers have recently uncovered a new form of cryptojacking software that is targeting corporate networks.

But first, a smidge of a background information about cryptojacking/crypto mining.

What Is Crypto Mining?

For those who are unaware, cryptojacking is a specific type of cybercrime that sees malicious hackers take control of a victim’s piece of technology, forcing the device to mine cryptocurrencies for the hacker’s personal gain.

Cryptojacking malware, although generating only a few cents per device affected, can easily sweep across thousands, if not millions of computers, netting the hackers with a nice reward. The medium of attack is usually an infected website, file, or media source that will install a malicious script onto the victim’s internet-connected device.

“PowerGhost” Malware Attacks Computers Worldwide

Researchers from Kaspersky Lab, a Russian cybersecurity firm, recently uncovered a cryptojacking software that was quickly dubbed “PowerGhost.” PowerGhost is a fileless malware that aims to secretly embed itself on a system and will propagate itself across a system of other PCs.

Kaspersky detected this software on a variety of corporate networks across the world, with affected firms in Brazil, Columbia, Turkey, and India getting hit the hardest. However, corporations were not only attacked in these four countries, with detections of PowerGhost also appearing in European and North American companies.

What makes a fileless variety of malware so damaging is that it can be extremely hard to detect by anti-malware programs, disguising itself in a system’s native processes and files. Once implemented successfully in the background of a computer’s processes, it will begin to mine a PC-mineable cryptocurrency like Ethereum, ZCash or Monero.

Infections of PowerGhost usually start with the utilization of computer exploits or “remote administration tools,” which will allow hackers to hide the malware not directly on the hard drive of the device.

Detection rates from Kaspersky products indicate that the malicious actors behind PowerGhost are targeting corporate networks, aiming to make higher returns in a shorter amount of time. Malware on a single corporate computer can quickly be replicated across a system of computers through a firm’s internal network.

Speaking on the PowerGhost software, David Emm, a principal security researcher at Kaspersky, wrote:

PowerGhost raises new concerns about crypto-mining software. The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore – threat actors are now turning their attention to enterprises too. Crypto-currency mining is set to become a huge threat to the business community.

Malwarebytes: CryptoJacking Cases Are “Plateauing”

As reported by Ethereum World News last week, MalwareBytes, one of the Kaspersky’s primary competitors, recently released a report highlighting cybercrime in Q2 Of 2018. According to the aforementioned Malwarebytes report, cryptojacking is still a hot topic within cybersecurity circles, but detections of this method of cybercrime are starting to trend downwards.

While detection rates of cryptojacking are on the way down, researchers at ZDNet made it clear that corporate-centric crypto mining cases may become a large problem moving into the future, as non-detectable malware can pose a large problem for firms.

Title Image Courtesy of TheDigitalArtist/Pixabay


Posted on

MalwareBytes Report Says CryptoJacking Cases Are “Plateauing”

Malwarebytes, a premier cyber security firm, recently released a report highlighting the “cybercrime tactics” of this past quarter. The report mentioned that the presence of cryptominers (cryptojacking) has become quite apparent, as it “dominates the threat landscape.”

Before we delve into the data, first, a bit of information about cryptojacking.

What Is CryptoJacking?

For those who are unaware, cryptojacking is a specific type of cybercrime that sees malicious hackers take control of a victim’s piece of technology, forcing the device to mine cryptocurrencies for the hacker’s personal gain. Cryptojacking malware, although generating only a few cents per device affected, can easily sweep across thousands, if not millions of computers, netting the hackers a nice reward.

The method of attack is usually through an infected website, file or piece of media that will install a script into the background of the victim’s device. Although some might not notice that their computer power gets siphoned off by an attacker, others may begin to notice higher electric bills, and a slow-down to the device they are using.

Cryptojacking Detections See Large Decrease In Q2 2018

According to the aforementioned Malwarebytes report, cryptojacking is still a hot topic within cybersecurity circles but detections of this method of cybercrime are starting to trend downwards. The report noted:

Cryptomining detections are slowly declining; however, as one of the top two detections for both businesses and consumers, they still dominate the threat landscape… The trend in detections closely mirrors the ebb and flow of cryptocurrency market prices, including Bitcoin, Ethereum, and Monero.

CryptoJacking Profits Are Down Due To Declining Cryptocurrency Prices

The report cited one primary reason why a decrease in cases has occurred, the reason being that cryptocurrency prices have begun to decrease, resulting in a subsequent profit drop-off for miners. The document posted by the cybersecurity firm stated:

Ultimately, many criminals aren’t getting the return on investment (ROI) from cryptomining they were expecting. The cryptojacking craze will likely stabilize as it follows market trends in cryptocurrency.

The collective value of all cryptocurrencies has declined by over 65% since the start of 2018, but network hashrates continued to rise, resulting in a substantial drop in profits. In fact, some farms have begun to shut-off their machines in anticipation of losing large sums of money with their mining operation.

It has become apparent that the money just isn’t there for a majority of cryptojacking operators, resulting in a move from this cybercrime to another.

Android Cases On The Rise, While Desktop/Laptop Cases Decline

Despite seeing an overall decline in cryptojacking detections, especially on desktop and laptop devices, Malwarebytes pointed out that detections of Android cryptominers were up 244% in comparison to 2018’s first quarter.

It is likely that the anti-malware/anti-virus capabilities on Android devices are often lacking, resulting in attackers utilizing this flaw in security.

The report noted:

In fact, in May, the number of Android miner detections dropped by 16 percent from the previous month. However, despite these inconsistencies, Q2 still managed to come in with 244 percent more miner detections than Q1. The Android landscape is likely where we’ll see an overall increase in the use of miners.

Malwarebytes closed off the cryptomining segment expecting for the cryptojacking “hum” to slow as we move into Q3 of 2018, writing:

Until changes in the cryptocurrency market cause a spike or swift downturn, expect to see cryptomining hum along at its current slower pace into Q3.


Posted on

Cybersecurity Firm Kaspersky Calls Out Cryptocurrency Scams And Thefts

Russia-based cybersecurity firm Kaspersky recently released a report highlighting 2017’s cryptocurrency “social engineering schemes,” which saw criminals net millions in cryptocurrency value.

According to estimates given by Kaspersky’s research team, the cybercriminals managed to gain over 21,000 Ethereum, or approximately $10 million at the time of press, from the “social engineering” schemes seen in 2017. 

So what did these schemes entail?

The cybersecurity firm noted that ICO and cryptocurrency giveaway scams were common, with cybercriminals “drawing inspiration” from legitimate business operations. The report noted:

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future.

For ICO-related scams, the criminals would create fraudulent websites and emails/messages that emulate well-known projects. This method resembles the classic internet ‘phishing’ scam, which involves scammers trying to obtain funds or sensitive information by disguising as a trusted party.

Kaspersky gave the example of a Switcheo ICO scam, allowing for criminals to steal over $25,000 by promoting a misleading cryptocurrency address on Twitter, rerouting the funds from the official ICO wallet to the criminal’s wallet.

Another prominent scam involved the OmiseGo project, which is one of the most popular projects on the Ethereum network. In a similar method to the Switcheo scam, criminals created “hundreds of fake websites,” enticing users to send their hard-earned cryptocurrencies to the ‘legitimate’ address. The Russian firm noted that OmiseGo scams drew in over $1.1 million worth of cryptocurrency, by far one of the most damaging cases of “social engineering.”

Elon “Not Giving Away ETH” Musk

Another popular method enlisted by scammers was with ‘cryptocurrency giveaways,’ with bad actors creating social media accounts that pretend to be celebrities, entrepreneurs or even cryptocurrency personalities. The most notable cases of these scams include Twitter ‘giving away Ethereum’ scams, with scammers requesting for users to send Ethereum to an address, in exchange for a substantially larger payout.

Obviously, nothing ever comes of these requests, as the unfortunate few who send their funds to the addresses never get anything in return. The cybersecurity firm acknowledged cases where criminals would even mimic the Twitter accounts of Elon Musk and the founder of Telegram, Pavel Durov.

Musk, one of the world’s most prominent businessmen, acknowledged the “scambots” made in his likeness, jokingly issuing a Tweet calling these accounts out.

Nadezhda Demidova, the lead web content analyst at Kaspersky gave a statement regarding the scams, saying:

These new fraud schemes are based on simple social engineering methods, but stand out from common phishing attacks because they help criminals make millions of dollars. The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.”

However, Kaspersky noted that its wide array of products have been working well to stave off scams, and have blocked over 100,000 attempts to scam its users using “fake exchanges and other sources” in the first half of 2018. Kaspersky closed the report by reaffirming that users should be wary while dealing with questionable cryptocurrency exchanges, offers, and wallets.


Posted on

Donald Trump Sets His Eyes On Crypto

The President of the United States, Donald Trump, has ordered the creation of a new task force to investigate crimes related to the use of cryptocurrencies, especially “cyber fraud and digital currency fraud.”

The details appear in an executive order from the U.S. President and his administration seeking to tackle this problem with higher efficiency and severity.

Read Also: U.N. Chief Of Cybercrime To Crypto-Hackers: “We Will Track You Down, And We Will Bring You To Justice”

According to information provided by Bloomberg, the White House is now more concerned than ever about the growing number of frauds that have been committed through the use of cryptocurrencies and ICO funding.

This wave of “cybercrime” has led them to take the issue more seriously, including this type of actions in the same spectrum of traditional crimes. With this approach, a more thorough investigation of these cases is expected.

Also, in addition to research, one of the positive results expected is the reduction of bureaucracy and conflicting competences. Through the creation of a task force by executive order, the various bodies involved should establish a coordinated policy rather than act independently of each other.

First, the executive order calls for the creation of this new Task Force by The Justice Department (DOJ), the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC) and the Consumer Financial Protection Bureau (CFPB).

SEC Logo Hanging on its Headquarters

The two most active agencies within crypto verse (SEC and CTFC) now have the possibility of establishing more robust and more effective policies by including agencies that have a level of research that goes beyond the purely administrative.

The commission will initiate investigations into various frauds involving cryptocurrency. Some scams (especially some exit scams and Ponzi schemes) will be in Mr. Trump’s sights:

“Fraud committed by companies and their employees has a devastating impact on American citizens in the financial markets, the healthcare sector, and elsewhere,” Deputy Attorney General Rod Rosenstein said at a press briefing in Washington.

Thanks to this new commission, the controversial president of the United States has the possibility of exercising a higher level of influence on the actions taken by the state agencies regarding cryptocurrencies

A Hidden Purpose Behind a “Good Cause”

Bloomberg also points out that Mr. Trump’s move has a political component and is not a simple, selfless action by the president:

“The creation of the task force comes as the Trump administration is moving to overhaul the CFPB, an agency formed after the financial crisis to better protect people from predatory mortgage lending and abusive credit card contracts. The CFPB has become one of the most politically divisive agencies in Washington, hailed as a regulatory crown jewel of consumer protection by Democrats while maligned by Republicans as a bastion of government overreach.”


Posted on

One Million Computers Fall Victim To Chinese Cryptojacking Scheme

China – Legal Daily, a Chinese media news source, recently reported that twenty Chinese suspects have been arrested for apparent ties to an immense cryptojacking campaign. Nine of the suspects are currently under the watchful eye of local authorities, while eleven are on bail.

The news source reported that over one million computers were infected with mining ‘bugs’ in this twenty-person operation.

These computers had reportedly mined over 15 million yuan ($2.25 Million U.S.) worth of cryptocurrencies over the course of this “two-year” illegal operation. According to Legal Daily, the $2.25 million in cryptocurrencies included Decred, Siacoin, and Digibyte, which are all computer minable through easy-to-use software.

An investigation into this group was triggered by a January cybersecurity report from Tencent’s security arm, noting that a ‘Trojan horse’ virus had been found in a video game cheat software. 

Upon further inspection the Tencent security team noticed that the virus had a mining function built-in, allowing for the attacker to take control of an affected machine’s computational power.

The report further noted that the implanted mining software would only operate when CPU utilization of an affected computer is less than 50%, ensuring users don’t notice any substantial performance degradation.

After a police investigation, authorities concluded that the scheme had ties to Dalian Shengping Network Technology, who may have been responsible for developing the cryptojacking software.

In a related swindle, Yang Moubao, who worked at the aforementioned firm, reportedly cloned a Baidu-owned premier video streaming platform and sold fraudulent subscriptions at internet cafes, gaining over 200,000 yuan ($30,000 U.S).

Yang confessed that he was also responsible for distributing free downloadable plug-ins that he distributed online to take control of other computers

This information was exposed after he was arrested at his home on March the 8th.

In all, Yang and his accomplices at Dailan Shengping Network Technology are rumored to have advertised free downloads for up to 3.89 million individual computers but only used one million for mining cryptocurrencies.

It is unclear what awaits the twenty suspects, but authorities made it clear that they have the situation under control.

Growing Cryptojacking Issue 

Cryptojacking, the act of stealing computer resources to mine cryptocurrencies, has become an increasingly apparent problem in the cryptocurrency community.

According to a report from cybersecurity firm McAfee, 2018 Q1 saw cryptojacking cases skyrocket, rising by over 629% alone in just 3 months.

In March, Troy Mursch identified nearly 50,000 websites that had been injected with cryptojacking software. Many of these websites had backdoors that could be utilized to falsely inject scripts into the site, making website visitors susceptible to background mining processes.

However, this has not been only limited to desktops and laptops, as mobile devices have experienced cryptojacking cases as well. Both Google and Apple have had to remove infected applications from their respective app stores after suspicious applications racked up thousands of dollars worth of cryptocurrencies.

Jerome Segura, a security researcher with Malwarebytes gave a comment comparing two prominent cryptocurrency issues, stating:

Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity.

He later added that cryptojacking is going to continue to be the preferred activity that cybercriminals will want to enlist, as long of the price of cryptocurrencies stays high.

Title Image Courtesy of Christoph Scholz