Tag Archive for: cryptocurrency

Protecting cryptocurrency assets in wake of the Solana Wallet hack

/in


The incident has brought up numerous concerns regarding the security provided by both the Solana network and “hot” wallets, which are fairly popular with the typical crypto investor, with cryptocurrency assets worth more than $8 million taken from about 8,000 people.

Cause of Solana attack unknown

While Solana’s Twitter account was quick to point out that the attack was not caused by a software compromise on the network, it also stated that its team of engineers was assiduously working with security researchers and ecosystem teams to determine the cause of this wallet attack.

According to preliminary investigations, hardware wallets used by Slope were safe from this issue because they only affected the Slope wallet on the Solana ecosystem.

According to Solana, impacted wallet addresses had their private key information sent to an application monitoring service at some point when they were generated, imported, or used in Slope mobile wallet programs.

Solana has already urged investors affected by the attack to abandon the affected wallets as they could still be compromised even after revoking wallet approvals. While the exact modus operandi employed is still unknown, crypto industry leaders have highlighted that the suspect transactions were properly signed, further indicating that it could be a supply chain attack with a specific focus on Slope ‘hot’ wallet users.

Applications, and devices can be hacked

Applications (software) and devices can be hacked. Since private keys are stored in application and device wallets, hackers can access them and steal your cryptocurrency and that sums up the Solana hack.

And if your wallet has been compromised, it’s paramount that you transfer any existing funds from your compromised wallet to another wallet.

Hackers will wipe your account of funds immediately, but if you’re lucky and they have not done this yet, it’s time for investors to take immediate action.

Source…

Keep Your Crypto Safe! (Security tips for beginners)

/in



Elon Musk deep fakes promote new cryptocurrency scam

/in


Elon Musk

Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.

This fake BitVex cryptocurrency trading platform claims to be owned by Elon Musk, who created the site to allow everyone to earn up to 30% returns on their crypto deposits.

This scam campaign started earlier this month with threat actors creating or hacking existing YouTube accounts to host deep fake videos of Elon Musk, Cathie Wood, Brad Garlinghouse, Michael Saylor, and Charles Hoskinson.

These videos are legitimate interviews modified with deep fake technology to use the person’s voice in a script provided by the threat actors.

An example of one of the scam videos can be seen below, where Elon promotes the new scam site and says he invested $50 million into the platform.

However, if you look carefully, you will see that the deep fake synchronizes the person’s talking to the threat actor’s script, which is so silly as to be comical.

How do we know this is a scam?

While it is obvious that the interviews have been altered to simulate Elon Musk’s voice to promote the BitVex trading platform, numerous other clues show that this is a scam.

Many YouTube channels promoting this trading platform have been hacked to suddenly show YouTube videos or YouTube Shorts that promote the BitVex trading site.

For example, a YouTube channel that displayed gaming videos in Arabic suddenly began showing a series of YouTube Shorts that promoted the BitVex scam. In addition, BleepingComputer has found dozens of other YouTube channels hijacked similarly to promote this scam.

YouTube Shorts promoting BitVex on hacked YouTube channels
YouTube Shorts promoting BitVex on hacked YouTube channels
Source: BleepingComputer

Once you visit the BitVex trading site itself, it becomes more apparent that this is a scam.

For example, the site claims that Elon Musk is the CEO of the trading platform and contains endorsements from Ark Invest’s Cathie Wood and Binance CEO Changpeng Zhao.

Site claiming that Elon Musk is the CEO
Site claiming that Elon Musk is the CEO
Source: BleepingComputer

To use the BitVex platform, users must register an account at bitvex[.]org or bitvex[.]net to access the investment platform.

Once you log in, the…

Source…

Axie Infinity hack highlights DPRK cryptocurrency heists

/in


Despite how enormous it was, the Axie Infinity heist marked only the latest chapter in the story of North Korean financial cybercrime.

Sky Mavis, the developer of popular nonfungible token (NFT) video game Axie Infinity, lost hundreds of millions of dollars in assets when they were stolen by hackers on March 23. The attack occurred via a breach of the Ronin bridge that exists as part of the Ronin Network sidechain (also developed by Sky Mavis).

The breach occurred when attackers gained control of a series of validator nodes attached to Axie Infinity to conduct fake withdrawals. Hackers stole 173,600 Ethereum and 25.5 million USD Coin, worth approximately $620 million at the time (and about $375 million as of this writing).

Three weeks after the initial attack and two weeks after it was disclosed, the FBI formally attributed the attack to the Lazarus Group and APT38, nation-state threat groups tied to the North Korean government.

The Axie Infinity heist is not the first cryptocurrency heist for the Democratic People’s Republic of Korea (DPRK). Blockchain analytics firm Chainalysis reported that last year that the country stole nearly $400 million in at least seven attacks against cryptocurrency platforms. The North Korean government also has a lengthy history with financially motivated cybercrime.

But the Axie Infinity hack represents an enormous theft on behalf of Kim Jong Un’s regime, and acts as the latest in a long line of big-game heists against cryptocurrency platforms.

The reason for these attacks, based on conversations with experts on both cryptocurrency and North Korea, appears to be a combination of opportunity and a highly adaptive offensive cyberoperation.

Sky Mavis
Axie Infinity artwork showcasing its virtual pet characters.

An unconventional nation-state threat

North Korea is a small, insular nation with an estimated population of 25 million people. Despite its size, the country’s enormous military and cybersecurity investments have made it one of the United States’ “big four” nation-state adversaries along with Russia, Iran and China.

CrowdStrike senior vice president of intelligence Adam Meyers told SearchSecurity last year that overwhelmingly, the goal of…

Source…