cryptocurrency

now browsing by tag

 
 

#Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange

In a statement published hours ago, Israeli-based cryptocurrency exchange Bancor fessed up to a security incident following which a hacker made off with roughly $13.5 million worth of cryptocurrency.

The hack took place yesterday, July 9, at 00:00 UTC, according to Bancor, after an unknown intruder(s) gained access to one of the company’s wallets.

This was a big deal because Bancor doesn’t run as a classic exchange platform, but uses a complex mechanism based on smart contracts running on the Ethereum platform to move funds at a quicker pace than classic exchange platforms.

The compromised wallet also granted the attacker access to updating the smart contracts responsible for converting user funds.

Bancor says the hacker used this access to withdraw 24,984 Ether (ETH) coins (~$12.5 million) from Bancor smart contracts and sent the Ether to his own private wallet.

Similarly, he also withdrew 229,356,645 Pundi X (NPXS) coins, worth another $1 million.

Security feature prevents theft of another $10 million

The hacker also withdrew 3,200,000 Bancor tokens (BNT) (worth around $10 million), which Bancor had issued last year as part of its ICO that raised over $150 million, but Bancor says a security feature in Bancor tokens allowed it to freeze the funds and prevent the hacker from cashing it out at other exchanges.

“It is not possible to freeze the ETH and any other stolen tokens,” Bancor says. “However, we are working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for their thief to liquidate them.”

Bancor said the hacker didn’t compromise any user wallets. The theft appears to have affected only Bancor’s reserves, which the company held to facilitate the cryptocurrency exchange process.

Bancor did not reveal how the hack took place but promised more updates in the following days via its website and its Twitter account. Bancor’s platform is currently down and undergoing maintenance work.

Last year, a security researcher criticized the Bancor platform for using smart contracts that contained several security flaws.

Below is Bancor’s initial statement regarding yesterday’s security breach.

Source: https://www.bleepingcomputer.com/news/security/hacker-steals-135-million-from-bancor-cryptocurrency-exchange/

advertisement:

The post #Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How to #Know If Your #Slow #Computer Is #Secretly #Mining #Cryptocurrency

Mining cryptocurrency used to require thousands of dollars worth of equipment to see any kind of meaningful return, but not anymore. Newer digital currencies like Monero, ByteCoin, and AEON have given would-be miners the ability to mine tokens right from their laptops. This might benefit small-time miners that want to get involved in the sector, but for every good thing online there are always people that figure out a way to use it for bad.

Hackers have begun using these tools to infect computers and websites to secretly mine cryptocurrencies. This emerging type of malware attack has been dubbed as “cryptojacking”, and it could cause your computer to overheat and crash. Luckily, spotting these hidden miners isn’t all that difficult.

Cryptojacking essentially hijacks your computer’s CPU power to mine. This means when you’re browsing the web, the malware is running in the background completely unbeknownst to you. There are a few types of this malware, and some run only when you visit a certain website and others can be maliciously installed on your computer. The best way to prevent this is by using antivirus software and adblockers.

If you’ve already been hit with this kind of malware, you’ll notice either your computer acting sluggish, getting warmer than usual, or its fan constantly spinning. If you aren’t running any kind of demanding software, like video games or video editing programs, this should be the first hint that your computer is working overtime.

If you’ve noticed your laptop acting up, it’s time to go check on what’s going on under the hood. Mac users can view a detailed breakdown of everything their computer is running by searching “Activity Monitor” and using the magnifying glass icon at the top-right of the screen. Windows users can simply hold down the Ctrl-Alt-Del keys to bring up “Task Manager.”

Both of these menus will display a graph of how much of your computer’s processing power is being used. Any massive spikes should be red flags. You’ll also see an ordered list of the programs using the most processing power at the moment. Before ending any of these programs be sure to research what they are, as you could be ending a crucial part of your operating system.

Both Tesla and the Los Angeles Times have had their sites infected by cryptojacking software. Companies with popular websites are the most at risk, as hackers can embed code onto their servers and use the CPU power of everyone who visits the site. But making it a habit to check on how your computer is running will ensure your device isn’t getting used to make someone else a crypto fortune.

advertisement:

The post How to #Know If Your #Slow #Computer Is #Secretly #Mining #Cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners

The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.

The new campaign uses the legitimate, open-source XMRig cryptominer in conjunction with exploiting the old vulnerability CVE-2013-2618, which is found in Cacti’s Network Weathermap plug-in, according to a Trend Micro Cyber Safety Solutions Team report. The vulnerability is a cross-site scripting vulnerability in editor.php in Network Weathermap before 0.97b and allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

This active campaign is hitting targets primarily in active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.

“As to why they’re exploiting an old security flaw: Network Weathermap only has two publicly reported vulnerabilities so far, both from June 2014. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool” the team wrote.

Trend Micro was able to trace the activity back to two usernames associated with two Monero wallets where $74,677 has been deposited as of March 21.

Read More….

advertisement:

The post Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cryptocurrency will drive #AI adoption but #companies should not lose #sight of #present #dangers

Source: National Cyber Security – Produced By Gregory Evans

Bitcoin and other cryptocurrencies have become a routine part of today’s cyber attack landscape.

The press is awash with cryptocurrency. Reports on the all-time highs, the billionaires who jumped on the bandwagon early, and the news that the likes of Goldman’s are setting up trading desks to exploit the wave are rife.

Read More….

The post Cryptocurrency will drive #AI adoption but #companies should not lose #sight of #present #dangers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

North Korea has been accused of hacking server networks to install mining scripts for the Monero cryptocurrency. A new Monero mining hacker group has been seizing control of servers over the past year. It’s now been linked back to North Korea.

Bloomberg reports the hacking team called Andariel came to the attention of authorities after it successfully hijacked a South Korean company’s servers last summer. The group then used the extra computing power to mine Monero coins, a cryptocurrency that’s rapidly growing and is especially popular in Asian countries.

Monero is privacy-oriented and easier to conceal than more mainstream alternatives such as Bitcoin and Ethereum. These qualities make it attractive to hacking groups looking to either steal or surreptitiously mine large quantities of cryptocash. Andariel obtained control of the target server without its real owners noticing.

It’s unknown whether Andariel has compromised other organisations. However, South Korean hacking analysis expert Kwak Kyoung-ju told Bloomberg that the unit is sophisticated and looking to broaden its targets. Kyoung-ju said Andariel is “going after anything that generates cash these days,” searching for cryptocurrencies or information which could be used to create money.

Andariel has now been tracked back to North Korea as the country finds itself accused of growing numbers of cyberattacks. After being hit with stricter sanctions and trade bans from the United Nations, the country is looking to alternative forms of income as the pressure on its economy increases. Hijacking foreign servers to mine lucrative digital cash could be one way to survive under the tougher sanctions.

In the past year, North Korea has been blamed by U.S. investigators for the WannaCry ransomware attack. The campaign affected thousands of Windows computers around the world last year and forced several major organisations to suspend their operations. Hackers exploited a vulnerability in unpatched versions of Windows to install the ransomware, forcing PC users to pay in Bitcoin before unlocking the machine.

As Computing notes, North Korea has also been implicated in a string of attempted attacks against the SWIFT international payments network used by major banks. The country is thought to have been involved in an attempt to steal over $950 million from Bangladesh’s central bank back in 2016. The operation was only aborted because the attackers got one word wrong.

The post North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers

Source: National Cyber Security – Produced By Gregory Evans

TCL Communication Technology Holding Ltd., the operator of the BlackBerry Mobile site, is the latest victim of cryptocurrency-loving hackers in the latest of a rash of cryptomining hijacking cases.

The website for BlackBerry Mobile was discovered by a Reddit user last week to be serving up code to visitors from Coinhive, the notorious Monero mining script service. The same person who discovered the code did note that it was only the global TCL- owned Blackberrymobile.com site that was affected, not country-specific sites or those owned by BlackBerry Ltd.

Coinhive itself chimed in on Reddit, saying that one of its users had hacked the Blackberry Mobile website using a vulnerability in the Magento webshop software. “We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”

TCL is far from the first company to be targeted by cryptomining code, and it won’t be the last. The first outbreaks of cryptomining-related hacking occurred in September, when The Pirate Bay and then Showtime were exposed as using the method. As cryptocurrencies boomed, so instances of hackers and site owners trying to cash in on Monero mining. A RiskIQ report Sept. 26 found that more than 1,000 sites were now hijacking the computing power of site visitors to mine for cryptocurrencies.

By October, leading content delivery network Cloudflare Inc. was the first major provider to crack down on the method, banning all sites from its network that have cryptocurrency mining code installed.

The method spread to apps later the same month, when the first reports emerged of Coinhive scripts appearing in Android apps, and the new attack vector has seemingly continued to grow. Only this weekend, a security researcher discovered 291 apps across third-party Android stores that included the miming code, although they appear to be the same app and code with 291 different names.

Commenting on the Android outbreak, HackRead noted that though the biggest victims of cryptocurrency miners were previously website owners and unsuspecting visitors, now Android users are also at risk. The advice, as always, is to practice safe internet: Do not download unknown apps from Android stores, make sure they have up-to-date antivirus software installed and keep an eye on their processor usage because cryptocurrency miners trigger high usage.

The post BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #steal $64 #million from #cryptocurrency firm #NiceHash

A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies.

NiceHash matches people looking to sell processing time on computers in exchange for bitcoin.

There have been at least three dozen heists on exchanges that buy and sell digital currencies since 2011, including one that led to the 2014 collapse of Mt. Gox, once the world’s largest bitcoin market.

More than 980,000 bitcoins have been stolen from exchanges, which would be worth more than $15 billion at current exchange rates. Few have been recovered, leaving some investors without any compensation.

The hacks have not kept demand for digital currencies from soaring. Bitcoin’s value has climbed more than 15-fold so far this year, closing at a record $16,000 on the Luxembourg-based Bitstamp exchange on Thursday, ahead of this weekend’s launch of bitcoin futures by CBOE.

Security experts said they expect the cyber-crime spree to pick up as the rising valuations attract interest from cyber criminals looking for victims that lack experience defending against hacks.

“These exchanges are not in my opinion secure,” said Gartner security analyst Avivah Litan. “You don’t know what their security is like behind the scenes.”

NiceHash executive Andrej P. Škraba told Reuters that his firm was the victim of “a highly professional” heist that yielded about 4,700 bitcoin, worth around $64 million.

Sophisticated criminal groups are increasingly targeting the cryptocurrency industry, focusing on exchanges and other types of firms in the sector, said Noam Jolles, a senior intelligence specialist with Israeli cyber-security company Diskin Advanced Technologies.

“The most sophisticated groups are going into this area,” she said.

NiceHash, which advised users to change online passwords after it halted operations on Wednesday, has provided few other details about the attack on its payment system.

“We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service,” it said on its website.

It was unclear whether customers faced any losses from the hack.

Slovenian police said they were looking into the hack, but declined to elaborate.

View full post on National Cyber Security Ventures

Hackers are #increasingly focusing on #cryptocurrency exchanges and #ICOs

Source: National Cyber Security – Produced By Gregory Evans

Hackers are #increasingly focusing on #cryptocurrency exchanges and #ICOs

As the cryptocurrency market and the related trend of ICOs continue to be dynamic and profitable, it was only a matter of time before the space became a target for hackers.

While the distributed ledger technology that underpins cryptocurrencies is often touted as tamper-proof, the wider system that has built up around it has a number of key vulnerabilities.

The new Group-IB Hi-Tech Crime Trends report highlights the main ways that hackers have been targeting the space over the last two years.

The problem is not an insignificant one, with a number of high-profile hacks and thefts occurring. But, there is also a constant threat to both smaller companies and investors. According to Chainanalysis, thieves have got their hands on around 10% of all the money invested in ICOs using Ethereum this year.

The report notes that:

“The number of threats to cryptocurrency and blockchain projects tracked by Group-IB’s Threat Intelligence system has risen along with the Bitcoin exchange rate.”

So, what are the main areas of vulnerability?

SOURCE CODE VULNERABILITIES

Source code vulnerabilities have led to the two of the largest and most high-profile attacks in recent history.

In June 2016, an error in the code of The DAO facilitated an attack that caused the loss of over $60 million USD. The vulnerability was called ‘recursive invocation’ which essentially allowed unlimited numbers of withdrawals of DAO funds and transfers to a subsidiary.

The community eventually managed to take control of the situation and all DAO tokens were frozen, which managed to somewhat mitigate the damage of the attack.

July 2017 a vulnerability in smart contract multisig Parity Wallet code allowed a hacker to withdraw ETH 153,000. This time, developers detected the attack early and were able to halt it and return the stolen funds.

TARGETED ATTACKS

Secret keys are an important source of weakness within the ecosystem, but not really for technological reason. The importance comes from the key’s central role of confirming transactions (therefore making them one of the most valuable asset for a crypto service), and that fact that their loss or theft essentially means the forfeiting of control of the account in question.

The methodology here is often very similar to that used to gain control of a critical system inside a bank and involves gaining access to the company’s local network.

Some examples of this kind of attack:

August 2016 – cryptocurrency exchange Bitfinex was compromised and lost 120,000 bitcoins. The accounts were protected by multisig tech where two of the three keys were held by the exchange. The theft indicates that hackers gained control of Bitfinex’s corporate infrastructure.

June 2017 – the Bithumb exchange has hacked. The computer of a single employee was compromised, which led to access information of over 30,000 users being leaked.

July 2017 – CoinDash had its ICO hacked where the site address was substituted for another Ethereum wallet, meaning investors were paying ETH directly to the hackers.

DOMAIN HIJACKING

The report provides two examples of high-level domain hacking attacks from the last two years:

October 2016 – the DNS data of web-wallets Blockchain.info was changed and CloudFlare was substituted by another hosting-provider which meant that people visiting the website were rerouted to different servers where they became vulnerable to a range of attacks.

June 2017 – criminals gained control of the Classic Ether wallet where the website settings were altered so that users were redirected to servers that then copied private keys and used them to steal funds.

ICO PHISHING

Phishing attacks on ICOs have increased as the practice has gained popularity. Here, new projects launching an ICO are targeted with phishing pages that ask people to hand over their private keys. Hackers then use the keys to withdraw user funds.

Source:

The post Hackers are #increasingly focusing on #cryptocurrency exchanges and #ICOs appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CodeFork hacking team spreading ‘fileless’ malware to mine Monero cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

A group of hackers dubbed ‘CodeFork’ by security researchers has recently launched a new campaign, reportedly spreading fileless malware and a strain of cryptocurrency miner that is able to exploit victims’ computers and produce Monero, a form of digital money. According to experts from Radware, a cybersecurity firm, the group…

The post CodeFork hacking team spreading ‘fileless’ malware to mine Monero cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers can now mine cryptocurrency on your PC, warns Kaspersky

Source: National Cyber Security – Produced By Gregory Evans

Russian cybersecurity firm Kaspersky Lab has discovered malware which hides inside a computer, mines cryptocurrency and sends it to hackers. The virus is spread through social engineering and adware. Kaspersky Lab has discovered two groups of hackers working in Russia, which have control of 5,000 and 4,000 computers. When installed…

The post Hackers can now mine cryptocurrency on your PC, warns Kaspersky appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures