Posted on

Cryptopia Crypto Exchange Resumes Trading on 40 Crypto Pairs

New Zealand-based crypto exchange Cryptopia has reopened trading on 40 trade pairs following a mid-January hack.

New Zealand-based cryptocurrency exchange Cryptopia has resumed trading on 40 trade pairs, according to a tweet from the firm on March 18.

In the tweet, the company announces that it has “resumed trading on 40 trade pairs that we have quantified as secure. We will continue to expand this list as we clear more coins.” The update follows the exchange’s recent announcement of the plans to reopen trading on its platform by the end of March, following a $16 million hack in mid-January.

In January, Cryptopia suspended services after detecting a major hack that reportedly “resulted in significant losses.” The platform had initially informed the public it was undergoing unscheduled maintenance, issuing several updates before officially disclosing the breach.

After the initial reports of the hack, further evidence reportedly surfaced that hackers were siphoning crypto out of the exchange as late as two weeks later.

As previously reported, Cryptopia’s co-founder Rob (Hex) Dawson said that the company re-launched its website in read-only form on March 5, however the platform showed the balances as they were at Jan. 14, 2019, the date of the hack. The exchange explained that the website could be used to reset passwords and two-factor authentication credentials, which is also a top priority issue in terms of client support at the current stage.

Hex also specified that users who had lost their cryptocurrencies would start to see a section dubbed “Withdraws on your account for those coins.” He explained that transaction IDs (TXIDs) for the withdraw orders will not exist on the network, but include details on how the coin had been impacted during the event.

Today’s tweet faced a mixed reaction from the community, with some users welcoming the company back and others accusing Cryptopia of trading manipulation:

“Cryptopia manipulate trading at some extent. they open trading with wallet offline and no announcement.”

Another user said:

“what are you talking about? you took my BTC  i saw withdraw history : INTERNAL WITHDRAW: on March 18 2019….. i want my BTC back!!!!!!!”

Posted on

Report: Malware Targets Israeli Fintech Firms Working in Crypto, Forex Trading

According to a cybersecurity company, Israeli fintech companies are being targeted by malware.

Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19.

Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system.

The updates applied to the malware aim to evade detection and hinder its analysis. After explaining the obfuscation techniques employed by the malware, the researchers explain that the payload itself does not vary significantly compared to the original in terms of modus operandi or capabilities.

The software collects victim data, updates its settings, acts as a reverse proxy, executes commands, and uninstalls itself. It then recovers passwords, downloads and executes files, logs keypresses, captures screenshots, updates itself and cleans cookies from browsers. Unit 42 notes that it witnessed attacks employing this malware targeting fintech firms that engaged in forex and crypto trading, primarily based in Israel.

The report further claims that the threat research team discovered a possible correlation between Cardinal RAT and a JavaScript-based malware dubbed EVILNUM, which is used in attacks against similar organizations. When looking at files submitted by the same customer in a similar timeframe to the Cardinal RAT samples, Unit 42 reportedly also identified EVILNUM instances.

The post further notes that also this malware seems to only be used in attacks against fintech organizations. When researching the data, the company claims to have found another case where an organization submitted both EVILNUM and Cardinal RAT on the same day, which is particularly noteworthy since both those malware families are rare.

EVILNUM is reportedly capable of setting up to become persistent on the system, running arbitrary commands, downloading additional files and taking screenshots.

As Cointelegraph recently reported, a Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims.

Also, a report noted last week that cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift.

Posted on

New Zealand: Hacked Exchange Cryptopia Expects to Resume Trading by End of March 2019

The hacked New Zealand exchange launched the Cryptopia Loss Marker, which will be used in the rebate process for hacked accounts.

Cryptopia, the recently hacked New Zealand crypto exchange, has posted an update on March 17 concerning its plan to resume trading on its platform, which is expected by the end of March.

In the post, Cryptopia’s co-founder Rob (Hex) Dawson stated that the company is entirely committed to reopening the exchange. Hex provided Cryptopia customers with data about the ongoing rebate process, as well as general recommendations for interacting with their accounts.

Cryptopia relaunched its website in read-only form on March 5, with the platform showing the balances as they were at Jan. 14, 2019, the date of the $16 million hack. The exchange explained that the website can be used to reset passwords and two-factor authentication credentials, which is also a top priority issue in terms of client support at the current stage, Hex wrote.

In the new announcement, Cryptopia provided details about the rebate process for customers who lost funds as a result of the hack, adding that the exchange is working to ensure that the process is compliant with local laws.

Hex specified that users who lost their cryptocurrencies will start to see a section dubbed “Withdraws on your account for those coins.” He explained that transaction IDs (TXIDs) for the withdraw orders will not exist on the network; however, they will include details on how the coin was impacted in the event.

For each withdraw order, users will also see a subsequent deposit of a Cryptopia Loss Marker (CLM) — a TXID that will stand for the lost coins — which will also not be represented on the network, the post says. Hex noted that CLM is not a coin, but represents the amount lost of each coin for each user in New Zealand dollars (NZD) at the time of the event, adding that it cannot be traded to date.

In the announcement, Cryptopia’s founder also said that users are now able to cancel their standing orders through the website, while the API is still disabled. The exchange strongly warned its users to refrain from depositing funds into old Cryptopia addresses.

In the aftermath of the Cryptopia hack, the exchange had noted that they would not resume trading until they were sure that user balances were secure.

Posted on

Japan: Hacker Involved in 15 Mln Yen Crypto Theft Referred to Prosecutors

An 18-year-old cryptocurrency hacker was reportedly referred to prosecutors in the Japanese city of Utsunomiya for the theft of 15 million yen worth of cryptocurrency.

An 18-year-old hacker was referred to prosecutors in the Japanese city of Utsunomiya for stealing cryptocurrency, local news outlet Japan Today reported on March 14.

The cybercriminal allegedly hacked Monappy, a digital wallet which can be installed on a smartphone, and stole 15 million yen ($134,196) of cryptocurrency between Aug. 14 and Sept. 1 of last year. The hack reportedly affected more than 7,700 users.

The hacker reportedly used the Tor software that enables users to anonymize web traffic. However, the police identified the hacker by analyzing the communication records stored on the website’s server. According to Japan Today, the hacker admitted to the allegations.

The attacker submitted multiple cryptocurrency transfer requests to his own account, which overwhelmed the system and allowed him to direct more funds to his account. After that, he transferred the coins to another cryptocurrency operator, received dividends and spent the money.

As Cointelegraph Japan previously reported, there was no impact on the cold wallet, which held 54.2 percent of Monappy’s total balances, and no user information, such as email addresses and passwords, was stolen. The company subsequently announced compensation for the lost funds.

The alleged hacker’s identity is reportedly being kept anonymous due to his status as a minor. In Japan, a minor is a person under 20 years of age.

In 2018, over 7,000 cases of suspected money laundering tied to crypto were reported to Japanese police. More than 7,000 suspect transactions reportedly betrayed various red flags — such as being linked to user accounts held under different names and birth dates, but with an identical ID photo.

On a global scale, exchange hacks have been the most lucrative modus operandi for cyber criminals in 2018, having generated close to $1 billion in revenue. Following an initial hack, the cybercriminals often move stolen funds to a plethora of wallets and exchanges in order to cover their tracks.

Posted on

Previously Hacked Gatecoin Exchange Receives Liquidation Order Following Banking Problems

Hong Kong-based Bitcoin and Ethereum exchange Gatecoin has been granted a winding-up order on March 13.

Gatecoin, a crypto exchange that was hacked in May 2016, has announced on March 13 that it has received a winding up (compulsory liquidation) order from an unspecified court.

The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors.

The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets.

According to the team’s statement at the time, hackers stole 250 Bitcoin (BTC) and 185,000 Ethereum (ETH), which represented 15 percent of Gatecoin’s total crypto assets. At press time, such an amount of BTC and ETH is worth around $25.5 million, according to data from CoinMarketCap.

In the recent announcement, Gatecoin wrote that the firm started working with a Payment Service Provider (PSP) following issues with its banking partners in September 2018. In the post, Gatecoin appeared to blame the PSP for the liquidation process, claiming that it failed to process most of the transfers in a timely manner, which “almost paralyzed our operation for many months and caused substantial loss.”

Gatecoin further elaborated:

“Even after we managed to mitigate our loss by replacing that PSP with more reliable alternatives to process our clients’ transfers in September 2018, the situation did not improve because that PSP retained a large part of our funds.”

The company explained it tried to recover the funds by initiating legal action against the PSP, but was advised that it was unlikely to recover the funds fully, which caused financial difficulties that made Gatecoin no longer able to support its operations.

As Cointelegraph has reported, Gatecoin was also struggling banking issues in 2017, with some banks reportedly shutting down the accounts of the exchange without detailed explanation.

Back in 2015, Gatecoin had launched segregated client bank accounts, enabling two accounts within the same bank under Gatecoin’s name: one account was for collecting fees and operation expenses, while the other was used for storing client deposits, as well as processing withdrawals.

Founded in 2013, Gatecoin reportedly became the first crypto trading platform to list the Ethereum token in August 2015.

Another recently hacked crypto exchange, Cryptopia, has since partly relaunched its website, also announcing that it will be using customers’ balances held from the date of the hack as a basis for further calculating rebates.

Posted on

Majority of 400 Vulnerable Docker Servers Found to Be Mining Monero, Research Shows

Hundreds of vulnerable servers on software Docker were seemingly running Monero mining software.

About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4.

A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice.

Since a hacker could install any software this way, the vulnerability doesn’t only permit cryptojacking, but also the installation of any other malware or use of the hosts to carry out any kind of attacks. Researchers at Imperva claim to have found 3,822 misconfigured hosts (with the API exposed), of which about 400 were actually accessible. The report notes:

“We found that most of the [400] exposed Docker remote API IPs are running a cryptocurrency miner for a currency called Monero.”

Lastly, the data on the server is also accessible to the hacker, including the database and some unencrypted credentials, including passwords, Imperva notes.

As Cointelegraph reported in mid-February, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero mining code.

Also in February, Cointelegraph wrote that cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero.

While cryptojaking is seemingly widely used as a way to earn money among cybercriminals, legitimate cryptocurrency mining service Coinhive, which specifically mines Monero, has shut down at the end of February, as the project has reportedly become economically inviable.

Posted on

Cryptopia Website Goes Live After Slight Delay, User Balances Held from Pre-Hack State

Hacked crypto exchange Cryptopia relaunched its website on Feb. 5, resuming user balances to the state held on Jan. 14.

Recently hacked crypto exchange Cryptopia has relaunched its website in a read only format, along with resuming user balances to its pre-hacked state, the exchange tweeted on March 5.

Following last week’s announcement of a March 4 launch date, Cryptopia has slightly delayed the relaunch by providing the live website on Tuesday, March 5, one day later.

In the latest series of tweets, Cryptopia confirmed it will be using customers’ balances held from Jan. 14 as a basis for further calculating rebates.

The exchange reported that they are finalizing a rebate process for affected users, planning to release more details soon. For now, Cryptopia recommended that customers reset their passwords and two-factor authentication credentials.

Following a $16 million hack in mid-January, Cryptopia had still remained in maintenance mode after the New Zealand Police reported that the exchange was ready to resume operations on Feb. 13. Responding to the news, Cryptoptia explained that it was not able to resume trading until the exchange can fully identify their losses and ensure that the balance is completely secure.

After the initial reports of the hack in the middle of January, further evidence surfaced that hackers were siphoning crypto out of the exchange as late as two weeks later.

In other exchange vulnerability news, on March 3, Ryo (RYO), a crypto project derived from Monero (XMR), published a post alleging that a bug in Monero wallet software could enable fake deposits to crypto exchanges. The described vulnerability, which is set to be patched in an upcoming release, could potentially allow hackers to fake a deposit of arbitrary amount of XMR to an exchange.

Posted on

Monero: Wallet Bug Potentially Enables Exchange Hacks, Team Prepares Patch Release

A bug in the Monero wallet software that could enable fake deposits to exchanges has been recently brought to the public’s attention.

A bug in the Monero (XMR) wallet software that could enable fake deposits to exchanges has been recently brought to public attention through a Medium post, published by the official Ryo (RYO) account on March 3.

According to the post, an email reportedly sent to the Monero-announce mailing list warns exchanges and service operators using the coin that the Monero Vulnerability Response team received a disclosure concerning a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions (the first transactions in a block, always made by miners).

This mishandling could potentially allow an attacker to fake the deposit of an arbitrary amount of XMR to an exchange. Still, the email also contained parameters for the wallet, which are effectively a workaround preventing the vulnerability from being exploitable. The official Monero profile also tweeted the same workaround on March 3.

About ten hours later, the Monero account tweeted that the fix for the vulnerability has been written and was awaiting review. From the GitHub page dedicated to the patch, it appears that the code has been already merged with the main branch, which means that the fix is ready and only needs the new release to be published.

Ryo, a cryptocurrency derived from Monero, reports in its Medium post that its team fixed this vulnerability seven months ago. The post justifies the lack of a responsible disclosure towards the Monero team earlier by noting Monero’s “long history of toxic behaviour towards security researchers.”

Furthermore, the post also claims that when discussing the exploit in the Ryo public channel, the author of the post accidentally also disclosed a different issue, concluding:

“Monero might want to get that one patched too.”

As Cointelegraph reported earlier today, the Ledger developers team have posted a warning on Monero’s subreddit on March 4 advising users not to use the Nano S Monero app after another apparent bug reportedly lead to a user losing 1,680 XMR (equivalent to about $80.000).