Cryptopia, the cryptocurrency exchange hit by a major hack in mid-January, has restarted trading of 40 pairs deemed secure.
New Zealand-based crypto exchange Cryptopia has reopened trading on 40 trade pairs following a mid-January hack.
In the tweet, the company announces that it has “resumed trading on 40 trade pairs that we have quantified as secure. We will continue to expand this list as we clear more coins.” The update follows the exchange’s recent announcement of the plans to reopen trading on its platform by the end of March, following a $16 million hack in mid-January.
In January, Cryptopia suspended services after detecting a major hack that reportedly “resulted in significant losses.” The platform had initially informed the public it was undergoing unscheduled maintenance, issuing several updates before officially disclosing the breach.
After the initial reports of the hack, further evidence reportedly surfaced that hackers were siphoning crypto out of the exchange as late as two weeks later.
As previously reported, Cryptopia’s co-founder Rob (Hex) Dawson said that the company re-launched its website in read-only form on March 5, however the platform showed the balances as they were at Jan. 14, 2019, the date of the hack. The exchange explained that the website could be used to reset passwords and two-factor authentication credentials, which is also a top priority issue in terms of client support at the current stage.
Hex also specified that users who had lost their cryptocurrencies would start to see a section dubbed “Withdraws on your account for those coins.” He explained that transaction IDs (TXIDs) for the withdraw orders will not exist on the network, but include details on how the coin had been impacted during the event.
Today’s tweet faced a mixed reaction from the community, with some users welcoming the company back and others accusing Cryptopia of trading manipulation:
“Cryptopia manipulate trading at some extent. they open trading with wallet offline and no announcement.”
Another user said:
“what are you talking about? you took my BTC i saw withdraw history : INTERNAL WITHDRAW: on March 18 2019….. i want my BTC back!!!!!!!”
According to a cybersecurity company, Israeli fintech companies are being targeted by malware.
Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19.
Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system.
The updates applied to the malware aim to evade detection and hinder its analysis. After explaining the obfuscation techniques employed by the malware, the researchers explain that the payload itself does not vary significantly compared to the original in terms of modus operandi or capabilities.
The software collects victim data, updates its settings, acts as a reverse proxy, executes commands, and uninstalls itself. It then recovers passwords, downloads and executes files, logs keypresses, captures screenshots, updates itself and cleans cookies from browsers. Unit 42 notes that it witnessed attacks employing this malware targeting fintech firms that engaged in forex and crypto trading, primarily based in Israel.
The post further notes that also this malware seems to only be used in attacks against fintech organizations. When researching the data, the company claims to have found another case where an organization submitted both EVILNUM and Cardinal RAT on the same day, which is particularly noteworthy since both those malware families are rare.
EVILNUM is reportedly capable of setting up to become persistent on the system, running arbitrary commands, downloading additional files and taking screenshots.
The hacked New Zealand exchange launched the Cryptopia Loss Marker, which will be used in the rebate process for hacked accounts.
In the post, Cryptopia’s co-founder Rob (Hex) Dawson stated that the company is entirely committed to reopening the exchange. Hex provided Cryptopia customers with data about the ongoing rebate process, as well as general recommendations for interacting with their accounts.
Cryptopia relaunched its website in read-only form on March 5, with the platform showing the balances as they were at Jan. 14, 2019, the date of the $16 million hack. The exchange explained that the website can be used to reset passwords and two-factor authentication credentials, which is also a top priority issue in terms of client support at the current stage, Hex wrote.
In the new announcement, Cryptopia provided details about the rebate process for customers who lost funds as a result of the hack, adding that the exchange is working to ensure that the process is compliant with local laws.
Hex specified that users who lost their cryptocurrencies will start to see a section dubbed “Withdraws on your account for those coins.” He explained that transaction IDs (TXIDs) for the withdraw orders will not exist on the network; however, they will include details on how the coin was impacted in the event.
For each withdraw order, users will also see a subsequent deposit of a Cryptopia Loss Marker (CLM) — a TXID that will stand for the lost coins — which will also not be represented on the network, the post says. Hex noted that CLM is not a coin, but represents the amount lost of each coin for each user in New Zealand dollars (NZD) at the time of the event, adding that it cannot be traded to date.
In the announcement, Cryptopia’s founder also said that users are now able to cancel their standing orders through the website, while the API is still disabled. The exchange strongly warned its users to refrain from depositing funds into old Cryptopia addresses.
In the aftermath of the Cryptopia hack, the exchange had noted that they would not resume trading until they were sure that user balances were secure.
An 18-year-old Japanese youth has been sent to prosecutors in the country’s first ever trial involving cryptocurrency cyber-theft.
An 18-year-old cryptocurrency hacker was reportedly referred to prosecutors in the Japanese city of Utsunomiya for the theft of 15 million yen worth of cryptocurrency.
The cybercriminal allegedly hacked Monappy, a digital wallet which can be installed on a smartphone, and stole 15 million yen ($134,196) of cryptocurrency between Aug. 14 and Sept. 1 of last year. The hack reportedly affected more than 7,700 users.
The hacker reportedly used the Tor software that enables users to anonymize web traffic. However, the police identified the hacker by analyzing the communication records stored on the website’s server. According to Japan Today, the hacker admitted to the allegations.
The attacker submitted multiple cryptocurrency transfer requests to his own account, which overwhelmed the system and allowed him to direct more funds to his account. After that, he transferred the coins to another cryptocurrency operator, received dividends and spent the money.
As Cointelegraph Japan previously reported, there was no impact on the cold wallet, which held 54.2 percent of Monappy’s total balances, and no user information, such as email addresses and passwords, was stolen. The company subsequently announced compensation for the lost funds.
The alleged hacker’s identity is reportedly being kept anonymous due to his status as a minor. In Japan, a minor is a person under 20 years of age.
In 2018, over 7,000 cases of suspected money laundering tied to crypto were reported to Japanese police. More than 7,000 suspect transactions reportedly betrayed various red flags — such as being linked to user accounts held under different names and birth dates, but with an identical ID photo.
On a global scale, exchange hacks have been the most lucrative modus operandi for cyber criminals in 2018, having generated close to $1 billion in revenue. Following an initial hack, the cybercriminals often move stolen funds to a plethora of wallets and exchanges in order to cover their tracks.
Hong Kong-based Bitcoin and Ethereum exchange Gatecoin has been granted a winding-up order on March 13.
The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors.
The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets.
According to the team’s statement at the time, hackers stole 250 Bitcoin (BTC) and 185,000 Ethereum (ETH), which represented 15 percent of Gatecoin’s total crypto assets. At press time, such an amount of BTC and ETH is worth around $25.5 million, according to data from CoinMarketCap.
In the recent announcement, Gatecoin wrote that the firm started working with a Payment Service Provider (PSP) following issues with its banking partners in September 2018. In the post, Gatecoin appeared to blame the PSP for the liquidation process, claiming that it failed to process most of the transfers in a timely manner, which “almost paralyzed our operation for many months and caused substantial loss.”
Gatecoin further elaborated:
“Even after we managed to mitigate our loss by replacing that PSP with more reliable alternatives to process our clients’ transfers in September 2018, the situation did not improve because that PSP retained a large part of our funds.”
The company explained it tried to recover the funds by initiating legal action against the PSP, but was advised that it was unlikely to recover the funds fully, which caused financial difficulties that made Gatecoin no longer able to support its operations.
Back in 2015, Gatecoin had launched segregated client bank accounts, enabling two accounts within the same bank under Gatecoin’s name: one account was for collecting fees and operation expenses, while the other was used for storing client deposits, as well as processing withdrawals.
Founded in 2013, Gatecoin reportedly became the first crypto trading platform to list the Ethereum token in August 2015.
Another recently hacked crypto exchange, Cryptopia, has since partly relaunched its website, also announcing that it will be using customers’ balances held from the date of the hack as a basis for further calculating rebates.
Hundreds of vulnerable servers on software Docker were seemingly running Monero mining software.
About 400 servers running virtualization software Docker were found to be vulnerable to outside exploitation. Most of them were seemingly running Monero (XMR) mining software, cybersecurity company Imperva reports on March 4.
A misconfiguration of the vulnerable Docker hosts permits public access to the Docker API, which should only be locally accessible. This misconfiguration, combined with a newly discovered vulnerability, allows attackers to obtain administrator rights on the server and install software of their choice.
Since a hacker could install any software this way, the vulnerability doesn’t only permit cryptojacking, but also the installation of any other malware or use of the hosts to carry out any kind of attacks. Researchers at Imperva claim to have found 3,822 misconfigured hosts (with the API exposed), of which about 400 were actually accessible. The report notes:
“We found that most of the  exposed Docker remote API IPs are running a cryptocurrency miner for a currency called Monero.”
Lastly, the data on the server is also accessible to the hacker, including the database and some unencrypted credentials, including passwords, Imperva notes.
As Cointelegraph reported in mid-February, United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero mining code.
While cryptojaking is seemingly widely used as a way to earn money among cybercriminals, legitimate cryptocurrency mining service Coinhive, which specifically mines Monero, has shut down at the end of February, as the project has reportedly become economically inviable.
Hacked crypto exchange Cryptopia relaunched its website on Feb. 5, resuming user balances to the state held on Jan. 14.
Following last week’s announcement of a March 4 launch date, Cryptopia has slightly delayed the relaunch by providing the live website on Tuesday, March 5, one day later.
In the latest series of tweets, Cryptopia confirmed it will be using customers’ balances held from Jan. 14 as a basis for further calculating rebates.
The exchange reported that they are finalizing a rebate process for affected users, planning to release more details soon. For now, Cryptopia recommended that customers reset their passwords and two-factor authentication credentials.
Following a $16 million hack in mid-January, Cryptopia had still remained in maintenance mode after the New Zealand Police reported that the exchange was ready to resume operations on Feb. 13. Responding to the news, Cryptoptia explained that it was not able to resume trading until the exchange can fully identify their losses and ensure that the balance is completely secure.
After the initial reports of the hack in the middle of January, further evidence surfaced that hackers were siphoning crypto out of the exchange as late as two weeks later.
In other exchange vulnerability news, on March 3, Ryo (RYO), a crypto project derived from Monero (XMR), published a post alleging that a bug in Monero wallet software could enable fake deposits to crypto exchanges. The described vulnerability, which is set to be patched in an upcoming release, could potentially allow hackers to fake a deposit of arbitrary amount of XMR to an exchange.
A bug in the Monero wallet software that could enable fake deposits to exchanges has been recently brought to the public’s attention.
A bug in the Monero (XMR) wallet software that could enable fake deposits to exchanges has been recently brought to public attention through a Medium post, published by the official Ryo (RYO) account on March 3.
According to the post, an email reportedly sent to the Monero-announce mailing list warns exchanges and service operators using the coin that the Monero Vulnerability Response team received a disclosure concerning a vulnerability. The vulnerability consists of the mishandling of outputs in coinbase transactions (the first transactions in a block, always made by miners).
This mishandling could potentially allow an attacker to fake the deposit of an arbitrary amount of XMR to an exchange. Still, the email also contained parameters for the wallet, which are effectively a workaround preventing the vulnerability from being exploitable. The official Monero profile also tweeted the same workaround on March 3.
About ten hours later, the Monero account tweeted that the fix for the vulnerability has been written and was awaiting review. From the GitHub page dedicated to the patch, it appears that the code has been already merged with the main branch, which means that the fix is ready and only needs the new release to be published.
Ryo, a cryptocurrency derived from Monero, reports in its Medium post that its team fixed this vulnerability seven months ago. The post justifies the lack of a responsible disclosure towards the Monero team earlier by noting Monero’s “long history of toxic behaviour towards security researchers.”
Furthermore, the post also claims that when discussing the exploit in the Ryo public channel, the author of the post accidentally also disclosed a different issue, concluding:
“Monero might want to get that one patched too.”
As Cointelegraph reported earlier today, the Ledger developers team have posted a warning on Monero’s subreddit on March 4 advising users not to use the Nano S Monero app after another apparent bug reportedly lead to a user losing 1,680 XMR (equivalent to about $80.000).