Tag Archive for: Crypto

Mailchimp hack potentially leading to crypto wallet thefts

/in




AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Email marketing firm Mailchimp confirms that hackers used one of its own internal tools to access accounts of customers working in finance and cryptocurrency — and a follow-up attack could lead to crypto wallet draining.

In total, some 319 Mailchimp accounts were reportedly viewed, and data from 102 of them was downloaded. Among the affected users was the Trezor cryptocurrency app, which has since tweeted advice for its customers.

Trezor goes into further detail in a blog post which says the hacker or hackers gained access through targeting Mailchimp employees with a social engineering attack.

In the case of Trezor, its Mailchimp account was then used to contact users of the cryptocurrency wallet service. Calling the attack “exceptional in its sophistication,” Trezor says the fake email directed users to download what was a “very realistic” clone of the Trezor Suite wallet app.

Users who downloaded this fake update and then entered their cryptocurrency seed information into the app, could lose funds.

According to Bleeping Computer, Mailchimp’s Chief Information Security officer Siobhan Smyth says the company has warned the affected users.

“On March 26, our Security team became aware of a malicious actor accessing one of our internal tools used by customer-facing teams for customer support and account administration,” Smyth told the publication. “The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised.”

“We acted swiftly to address the situation,” continued Smyth, “by terminating access for the compromised employee accounts and took steps to…

Source…

Inside the $625 Million Axie Hack and What It Means for Crypto Gaming

/in


Videogames based on blockchain networks appear to be a prime target for thieves, raising more concerns about the security of cryptocurrencies held on these decentralized gaming networks.

Thieves targeting Axie Infinity, a popular blockchain-based videogame, made off with 173,600 ether tokens and $25.5 million in USDC, a type of stablecoin that is pegged to the dollar. The theft occurred on March 23, according to developers of Axie, but was announced publicly on March 29. At recent prices for ether, the heist was worth about $615 million, down slightly from the $625 million value when the theft was disclosed.

Axie is a “play-to-earn” game in which users create and collect virtual pets. The creatures are nonfungible tokens, or NFTs, that are traded in the game, using various cryptos as currency. The hack occurred on a blockchain “bridge” network called Ronin, which is used for transferring cryptos between the Ethereum network and Axie. Sky Mavis, the Vietnam-based game studio behind Axie, manages Ronin.

The Ronin hack is disconcerting, partly because of the size of the theft, but also because of how it transpired. Ronin is managed by just nine computer “nodes” that validate transactions in the network. Typically, it takes a majority of nodes to form a consensus on the validity of a transaction, enabling it to be recorded on the blockchain. In this case, the hackers gaining control of just five nodes did the trick.

Axie said it “recruited an all star cast of partners” to secure the Ronin network, according to its foundational white paper. But the attackers still managed to hack the nodes and forge fake withdrawals, Axie said in a post on the attack.

In response, Axie said it has increased the threshold for validating transactions to eight nodes from five, according to the Ronin’s Newsletter site. “While the investigations are ongoing, at this point we are certain that this was an external breach,” the site said on Wednesday. “All evidence points to this attack being socially engineered, rather than a technical flaw.”

Axie also said it is working with the blockchain data firms Chainalysis and




Source…

Hackers steal $600 million in one of the biggest ever crypto attacks

/in


Hackers stole cryptocurrency worth $600 million from a blockchain network used by players of the popular online game Axie Infinity in one of the biggest crypto heists.

Ronin Network, which faced the security breach on March 23, said computer nodes operated by Axie Infinity maker Sky Mavis and Axie DAO were compromised resulting in 173,600 ethereum and 25.5 million USD Coin being removed by unidentified hackers.

The attacker used hacked private keys in order to forge fake withdrawals, Ronin Network wrote in its newsletter post. The digital ledger discovered the attack on March 29 after a user failed to withdraw 5,000 ether.

Most of the hacked funds are still in the hacker’s wallet, Ronin Network said, adding that it is working with law enforcement officials, forensic cryptographers, and its investors to make sure all funds are recovered or reimbursed.

The heist was valued at about $615 million at current prices, making it one of largest thefts ever in the crypto world.

“We moved swiftly to address the incident once it became known and we are actively taking steps to guard against future attacks,” Ronin said, adding that it has halted the Ronin bridge that allows for transfers in and out of the network.

“Ronin is not immune to exploitation and this attack has reinforced the importance of prioritising security, remaining vigilant, and mitigating all threats,” the digital ledger said. “We know trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated security measures and processes to prevent future attacks.”

Highlighting how the attack happened, Ronin said, “Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.”

In order to prevent further short-term damage, Ronin said it would increase the “validator threshold” needed to approve transactions from five to eight, out of a total of nine validators.

“We are in touch with security teams at major exchanges and will be reaching out to all in the coming…

Source…

Deputy Minister Bornyakov on resisting with tech, crypto and hacking

/in




Ukraine has made crypto, social media and a cyber army the pillars of its resistance against Russia.

© Canva
Ukraine has made crypto, social media and a cyber army the pillars of its resistance against Russia.

Quick fundraising in cryptocurrencies, an army of volunteer hackers, and a strong voice on social media have all helped Ukraine put up an unexpectedly strong front against Russia’s invasion over the past three weeks.

The digital war has become a key pillar of Ukraine’s resistance, and the experience the country is accumulating in the sector could be key to its post-war reconstruction, Alex Bornyakov, the Ukrainian Deputy Minister of Digital Transformation, told Euronews Next.

In particular, Ukraine is hoping to eventually become a leader in the use of cryptocurrencies, which proved a lifeline in the early days of the war, when donations in digital coins came pouring in from around the world.

“It exceeded all of our expectations,” Bornyakov said in a video interview.

The state-run Crypto Fund of Ukraine – which accepts donations in digital currencies such as Bitcoin and Ethereum – has raised $55 million (around €50 million) so far. In terms of overall crypto donations to the country, this figure is more likely in the region of $100 million (€90 million), according to the latest estimates.

The Ukrainian government has already spent $34 million (€30 million) of that to buy bullet-proof vests, night vision goggles, helmets, medicine and food supplies for fighters on the front lines, Bornyakov said, speaking on Zoom via a Starlink internet terminal from an undisclosed location in Ukraine.

“Now we’re considering to help our government buy armoured vehicles, to get people back and forth because there’s a high probability of getting hit and we need armoured vehicles,” he said.

Using crypto instead of traditional financial institutions has made money transfers much faster and more nimble, he said, noting that in a war, time is crucial.

“You can imagine a bank transfer – if you send money and then you wait for two or three days,” he said. “In crypto, you just send the money and in five 10 minutes, the transaction is done”.

Crypto haven

Even before the war, Ukraine ranked fourth in the world in terms of cryptocurrency…

Source…