Hackers take $196 million from crypto exchange Bitmart, security firm says

Hackers have taken $196 million from crypto trading platform Bitmart, a security firm said Saturday.

Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million.

Bitmart added in a statement that all withdrawals had been temporarily suspended until further notice and said a thorough security review was underway.

Peckshield was the first to notice the breach on Saturday, noting that one of Bitmart’s addresses showed a steady outflow of tens of millions of dollars to an address which Etherscan referred to as the “Bitmart Hacker.”

Peckshield estimated that Bitmart lost around $100 million in various cryptocurrencies on the ethereum blockchain and another $96 million from coins on the binance smart chain. The hackers made off with a mix of more than 20 tokens, including binance coin, safemoon, and shiba inu.

Bitmart says that the affected ethereum and binance smart chain “hot wallets” carried only a “small percentage” of the exchange’s assets. The statement went on to say that all other wallets were “secure and unharmed.”

People who choose to hold their own cryptocurrency can store it “hot,” “cold,” or some combination of the two. A hot wallet is connected to the internet and allows owners relatively easy access to their coins so that they can access and spend their crypto. The trade-off for convenience is potential exposure to bad actors.

CNBC reached out to multiple Bitmart employees to ask for more clarity on the hack, including whether customer funds had specifically been targeted in the breach, and if so, whether users would be reimbursed. CNBC has not yet heard back, but an email to the work address of Bitmart founder and CEO Sheldon Xia (as listed on Xia’s unverified Twitter account) bounced back with a message that read, “Recipient address rejected: Access denied.”

Bitmart, which offers a mix of spot transactions, leveraged futures trading, as well as lending and staking services, typically ranks as one of the top centralized crypto exchanges by volume,…


Apple sues ‘abusive’ iPhone spyware firm | Information Age

Apple is suing an “abusive” Israeli software firm whose spyware has been used by numerous totalitarian governments to spy on journalists, human rights activists, and other persons of interest.

The technology giant this month filed a lawsuit against Tel Aviv firm NSO Group and its parent company, Q Cyber Technologies, seeking damages and a permanent ban preventing the group from using any Apple software, services, or devices.

As part of its campaign against NSO, Apple will fund and provide technical support for anti-surveillance technology groups.

The NSO’s use of FORCEDENTRY – a now-fixed vulnerability that can bypass security controls in Apple’s iOS operating system – enabled it to install Pegasus spyware on targetted iPhones without the victim’s knowledge.

Once installed, Pegasus monitors iPhone activity and communications over iMessage, FaceTime, and third-party software like Facebook and WhatsApp.

It is putatively designed to support law-enforcement agencies and the company claims to “hold ourselves to the highest standards for ethical businesses”, but its historical sales to governments such as Bahrain, Panama, Dubai, and Saudi Arabia – which used it to surveil Washington Post journalist Jamal Khashoggi before he was murdered – have drawn widespread condemnation.

In July, a major multinational investigation, called the Pegasus Project, united 16 media outlets to investigate NSO Group and found a list of 50,000 journalists and politicians targetted by its clients.

More recently, Pegasus was found on the devices of six Palestinian human-rights activists.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” said Apple senior vice president of software engineering Craig Federighi in announcing the lawsuit, which also seeks damages for “flagrant violations of US federal and state law”.

“Private companies developing state-sponsored spyware have become even more dangerous,” Federighi said, lauding the efforts of security researchers at the University of Toronto’s Citizen Lab – who discovered that the ‘zero-click’ Pegasus malware can be…


CSA looking into Singapore cybersecurity firm blacklisted by US for trafficking hacking tools

COSEINC describes itself on its website as a “privately funded company dedicated to providing highly specialised information security services to our clients”. It was founded in 2004 and is based at the Citilink Warehouse Complex on 102F Pasir Panjang Road.

According to its website, the company’s services include research, consulting and education, in areas such as computer security, malware analysis and penetration testing. Accounting and Corporate Regulatory Authority records show that it is a live company.

COSEINC’s chief executive officer is Mr Thomas Lim, according to his LinkedIn page. His most recent post, about a month ago, said he could help anyone looking to hire “trained and certified” cybersecurity professionals.

Reuters reported on Nov 4 that Mr Lim is known for organising a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity.

An email published by WikiLeaks in 2015 suggested that Mr Lim had also previously offered to sell hacking tools to Italian spyware vendor HackingTeam, the report said.

COSEINC did not respond to CNA’s request for comments. The telephone number listed on the company’s website could not be reached.


COSEINC was one of four companies added to the trade blacklist by the US last week, with the other three being Russia’s Positive Technologies as well as Israel’s Candiru and NSO Group.

NSO Group and Candiru were added to the list based on evidence that they “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics and embassy workers”, said the US Department of Commerce on Nov 3.

NSO Group is the developer of Pegasus, a type of malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

Investigations have shown that some governments have used Pegasus to target rights activists, journalists and politicians around the world, with possible targets in Singapore. NSO Group has denied these reports.


Hackers have breached organizations in defense and other sensitive sectors, security firm says

Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers
Carolyn Kaster

FILE – In this Feb. 17, 2016, file photo an iPhone is seen in Washington. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.

(CNN) — Suspected foreign hackers have breached nine organizations in the defense, energy, health care, technology and education sectors — and at least one of those organizations is in the US, according to findings that security firm Palo Alto Networks shared exclusively with CNN.

With the help of the National Security Agency, cybersecurity researchers are exposing an ongoing effort by these unidentified hackers to steal key data from US defense contractors and other sensitive targets.

It’s the type of cyber espionage that security agencies in both the Biden and Trump administrations have aggressively sought to expose before it does too much damage. The goal in going public with the information is to warn other corporations that might be targeted and to burn the hackers’ tools in the process.

Officials from the NSA and the US Cybersecurity and Infrastructure Security Agency (CISA) are tracking the threat. A division of the NSA responsible for mitigating foreign cyber threats to the US defense industrial base contributed analysis to the Palo Alto Networks report.

In this case, the hackers have stolen passwords from some targeted organizations with a goal of maintaining long-term access to those networks, Ryan Olson, a senior Palo Alto Networks executive, told CNN. The intruders could then be well placed to intercept sensitive data sent over email or stored on computer systems until they are kicked out of the network.

Olson said that the nine confirmed victims are the “tip of the spear” of the apparent spying campaign, and that he expects more victims to emerge. It’s unclear who is responsible for the activity, but Palo Alto Networks said some of the attackers’ tactics and tools overlap with those used by a suspected Chinese hacking…