Tag Archive for: Crypto

More than $80m in crypto stolen in Orbit Chain hack

/in


The blockchain platform is working with numerous agencies including the Korean National Police Agency to support its investigation.

South Korea’s Orbit Chain, a platform designed to function as a multi-asset blockchain hub, has confirmed it suffered a major breach on the last day of 2023.

The company confirmed there was an “unidentified access to Orbit Bridge”, its decentralised cross-chain protocol, which resulted in more than $80m worth of cryptocurrency being stolen.

In a series of posts on X, Orbit Chain revealed details of the hack, saying the hacker used cryptocurrency mixer Tornado Cash to fund an initial Ethereum wallet before attacking Orbit Chain’s Ethereum vault. Tornado Cash hit headlines last year when its co-founders were charged with money laundering.

The stolen funds were then sent to numerous Ethereum wallets. Blockchain analytics platform Arkham Intelligence showed Orbit Chain’s Bridge balance plummet from $115m to $31m between 31 December and 1 January.

In a post on X yesterday (2 January), Orbit Chain said the stolen assets “remain unmoved” at the time of posting and the team is constantly monitoring the stolen assets.

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach. Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies,” the company said in a post.

“We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.”

Crypto chaos

The crypto sector has come under increased scrutiny over the past couple of years, with many dubbing it an unregulated ‘wild west’.

2023 in particular saw a number of high-profile crypto hacks take place. In March, UK-based crypto platform Euler Finance lost an estimated $197m from hackers exploiting vulnerable code. However, the hackers later returned the funds.

Meanwhile, Ethereum-based crypto exchange Curve was targeted in a major hack in July 2023 and a few…

Source…

Beware: North Korean Hackers Allegedly Have New Modus Operandi To Steal Your Crypto

/in


KEY POINTS

  • Rogue actors allegedly backed by North Korea have stolen data from nearly 1,500 victims between March and October
  • The majority of the victims are from the private sector and 57 from incumbent or retired government officials
  • When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware

The South Korean National Police Agency has warned people against North Korean malicious actors and hackers, who have been impersonating government agency officials and journalists to steal cryptocurrencies.

Rogue actors allegedly backed by the hermit country have stolen data from nearly 1,500 victims between March and October, the majority of whom were from the private sector and 57 from incumbent or retired government officials, the local media reported quoting the South Korean National Police Agency.

Malicious actors pretended to be officials from South Korea’s National Pension Service, National Health Insurance, National Tax Service and National Police Agency to send phishing emails to recipients.

When the scam email was opened or the phishing link was clicked on, the victim’s computer would be infected with malware, following which the hackers would harvest data, including personal information.

Hackers also stole user IDs and profiles of 19 victims to access their cryptocurrency trading accounts, according to the police authorities, although they did not disclose the amount of crypto assets stolen by cybercriminals.

North Korea’s hacking efforts have grown in scale and scope in 2023, according to authorities who revealed that “last year, they stripped virtual assets by distributing ransomware. That coerced victims to pay money and valuables to regain their property. ” However, this year, malicious actors have become more aggressive in phishing, which has resulted in the authorities shutting down 42 phishing websites.

It was reported earlier this month that North Korean hackers linked to the notorious cybercriminal group Lazarus Group, purportedly operating on behalf of North Korea, were impersonating blockchain engineers on Discord using social engineering techniques.

Victims reportedly download a malicious ZIP file, convinced they were…

Source…

Why Ransomware Is Important Discussion When Embracing Crypto

/in


Crypto ownership should come with cybersecurity awareness and the adoption of best practices in fending off the threats of possible direct crypto theft as well as extortion and ransom demands.

Despite all the skepticism, cryptocurrency adoption has steadily risen over the years. The number of people who are expected to use crypto as a payment method or for other purposes is expected to surpass 300 million in 2024, significantly higher than the current number of users. It appears all the doubts and mockery have not stopped cryptocurrencies from gaining new adopters.

This may give crypto fans a boost, but it is not meant to hide the unflattering details that skeptics assail, especially when it comes to the risks and threats. Downplaying the dangers is counterproductive and unhelpful towards meaningful crypto adoption. The growing number of ransomware attacks, in particular, is an important point to discuss substantively.

Aside from preparing for the possibility of crypto theft and price crashes, crypto users should also watch out for cases of ransomware attacks. The link between the two may be obscure but they are worth exploring, especially for those who are new to the world of cryptocurrency.

Preferred Ransom

Digital currency that affords some degree of anonymity has been the preferred currency of cyber criminals. Several high-profile attacks involve bitcoin or other cryptocurrency demands for the ransom. In a 2021 attack, for example, major meat supplier JBS reportedly paid a ransom in Bitcoin worth $11 million. The Colonial Pipeline attack in 2022 forced the American oil pipeline system company to shell out $5 million. Most ransomware attacks have resulted in ransom payments.

A survey among companies that have been affected by ransomware attacks reveals that an overwhelming majority of them decide to pay the ransom just to recover their hostage files and restore normal operations as soon as possible. For many, it costs them less to pay the ransom than to go through the lengthy process of cracking the ransomware decryption code to recover files and go after the perpetrators. This is unfortunate and discrepant with industry and government policy on ransom payment.

One…

Source…

Xenomorph malware now targets banks and crypto apps in Canada, other regions

/in


Security researchers at cybersecurity company ThreatFabric discovered a new campaign leveraging the ‘Xenomorph’ malware on Android.

The campaign targets people in the U.S., Canada, Spain and other regions, and Xenomorph uses overlays that look like various financial institutions to steal peoples’ banking credentials. It also targets cryptocurrency wallets.

Bleeping Computer reported on ThreatFabric’s findings, offering a brief overview of Xenomorph’s history since it appeared in 2022. The malware has gone through a few revisions, and the newest campaign using it tries to get it onto devices by tricking people into downloading a fake Chrome update. A pop-up warns people that they’re using an outdated version of Google Chrome and encourages them to update the browser. However, if people tap the pop-up’s update button, it installs the Xenomorph malware instead.

The main takeaway for Android users should be to avoid installing Chrome updates — or anything for that matter — from a website pop-up. For the vast majority of Android users, updates from Chrome and other apps will come via the Play Store and only the Play Store.

Once installed, ThreatFabric says Xenomorph uses ‘overlays’ to steal information. The malware comes loaded with roughly 100 overlays targeting different sets of banks and crypto apps depending on the targeted region.

Moreover, the recent versions of Xenomorph include new features to enhance it. That includes a  ‘mimic’ feature that gives the malware the ability to act as another application. Mimic includes a built-in activity called ‘IDLEActivity,’ which can act as a WebView to show legitimate web content. These capabilities replace the need for the malware to hide icons from the app launcher after installation, behaviour that can be flagged as suspicious by security tools.

Xenomorph also has a ‘ClickOnPoint’ feature that allows the malware’s operators to simulate taps on specific parts of the screen. That allows operators to move past confirmation screens or perform other simple actions without triggering security warnings.

The last new feature researchers found was an ‘antisleep’ tool to prevent a device from…

Source…