Tag Archive for: Exchange

Amazon Security Engineer Arrested and Accused of Hacking Crypto Exchange

/in


Looks like trouble is brewing for a top-notch cybersecurity whiz at Amazon. Shakeeb Ahmed, a former security engineer, finds himself in hot water as federal prosecutors allege that he skillfully used his hacking expertise for malicious purposes. The accusation? Mr. Ahmed allegedly orchestrated a scheme to pilfer a staggering $9 million in assets from a cryptocurrency exchange last summer and then tried to conceal his ill-gotten gains through a web of online trickery.

Authorities apprehended the 34-year-old tech aficionado in Manhattan on Tuesday, charging him with wire fraud and money laundering. Although officials refrained from disclosing the name of Ahmed’s former employer, they did describe him as a “former security engineer” for an undisclosed “international technology company.” According to the allegations, Ahmed exploited a vulnerability in the smart contract of an unnamed Solana-based crypto exchange, enabling him to generate a massive $9 million in fraudulent fees. These fees were meant to be rightfully disbursed to platform customers who contributed substantial liquidity. However, Ahmed supposedly manipulated the software by injecting false price data, essentially conjuring money out of thin air. Additionally, he stands accused of attempting to squeeze more funds out of the exchange using “flash loan” attacks—a type of crypto exploit.

Initially, the company where Ahmed previously worked remained shrouded in mystery, as officials declined to reveal any details. However, cybersecurity blogger Jackie Singh shed some light on the matter on Tuesday evening. Singh claimed that Ahmed had been an employee at Amazon, citing various online profiles seemingly connected to the security expert.

Curious to learn more, Gizmodo reached out to Amazon for clarification regarding Ahmed’s employment. A spokesperson confirmed that Ahmed was no longer working for the company, although they couldn’t provide further insights into his role at the tech giant.

According to a LinkedIn profile matching Ahmed’s description, he held the position of “Senior Security Engineer” at Amazon and had been with the company since November 2020. The profile…

Source…

New York prosecutor charges hacker over $9M exploit of Solana-based exchange

/in


A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.

On June 11, the United States Attorney for the Southern District of New York Damian Williams announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).

In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”

Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.

The attack involved exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans.

These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”

While Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.

The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.

Similarly, William’s statement also noted that Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement.

“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money,” he said.

Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022.

Cointelegraph…

Source…

Internal Report Suggests Security Lapses at Hacked Crypto Exchange Bitfinex

/in


Bitfinex told OCCRP the analysis was “incomplete” and “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment. Ledger Lab did not respond to a request for comment.

The hacker covered their tracks with a data destruction tool, used to permanently delete logs and other digital artifacts that might have identified the initial entry point into Bitfinex systems, meaning it’s not clear how they got into the exchange’s systems, only the security weaknesses that they took advantage of once inside. The transfer of the more than 119,000 bitcoins from over 2,000 users’ accounts to wallets under the thief’s control took just over three hours. The cryptocurrency sat there for months until, starting in January 2017,  someone started sending small amounts zig-zagging through other accounts. The money was eventually cashed out or used to make small online purchases.

Investigators managed to follow the money and, six years after the hack, arrested the couple on charges of laundering the stolen bitcoins. Burner phones, fake passports, and USB sticks containing the electronic security keys to the wallet holding $3.9 billion worth of bitcoin were found under the couple’s bed in their New York apartment. Both have pleaded not guilty, and are awaiting trial.

It is unclear whether the lessons from the Bitfinex hack have led to changes in the company’s procedures. The company told OCCRP that the report was “incorrect” and that there was “evidence of negligence…on the part of other counterparties that led to the hack.” Bitgo declined to comment.

Karen A. Greenaway, a former FBI agent and cryptocurrency specialist, says she thought Bitfinex’s security lapses were due to its desire to “put through more transactions more quickly” and thereby raise profits. “The fact that [Bitfinex] have not provided a [public] report accepting responsibility and remedying the security failures that led to the hack says more than any admission or denial on their part ever would,” the agent said.

Security experts say that the crypto industry is in general less vulnerable to the kind of relatively…

Source…

Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity

/in


Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity

Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned.

The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds. Rather than relying on TCP-based technologies such as FTP to move files, Aspera uses IBM’s proprietary FASP—short for Fast, Adaptive, and Secure Protocol—to better utilize available network bandwidth. The product also provides fine-grained management that makes it easy for users to send files to a list of recipients in distribution lists or shared inboxes or workgroups, giving transfers a workflow that’s similar to email.

In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10.

On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.

“Rapid7 is aware of at least one recent incident where a customer was compromised via CVE-2022-47986,” company researchers wrote. “In light of active exploitation and the fact that Aspera Faspex is typically installed on the network perimeter, we strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur.”

According to other researchers, the vulnerability is being exploited to install ransomware. Sentinel One researchers, for instance, said recently that a ransomware group known as IceFire was exploiting CVE-2022-47986 to install a newly minted Linux version of its file-encrypting malware. Previously, the…

Source…