Tag: reeling | SpinSafe

A $320 Million Crypto Hack Sends the DeFi World Reeling

February 6, 2022/in Internet Security

This week WIRED broke the news that a lone US hacker had spent the last two weeks intermittently taking down North Korea’s internet. Yes, the entire country’s. The hacker, who goes by the handle P4x, says that he launched the campaign as retaliation for the Hermit Kingdom’s hacks of Western security researchers last year. Frustrated by the lack of US response, he took it upon himself to send a message.

In another exclusive, we published internal messages from Trickbot, the notorious Russian cybercrime gang, that sheds new light on the group’s organizational structure. The exchanges, several of which took place amid a sustained ransomware assault against hundreds of US hospitals, also bring Trickbot’s ruthlessness, ambition, and sense of impunity into sharp focus.

Over in China, the Winter Olympics start this week, meaning you can indulge in your quadrennial biathlon obsession. Multiple countries have warned their athletes to bring burner phones to the games in light of the host country’s record of aggressive surveillance; participants have also been informed that speaking out against China’s human rights abuses against the Uyghur population could spark retaliation.

We also took a look at how concerned you should really be about the kernel-level anti-cheat systems that game developers have increasingly turned to. And in 2022, expect more cyberattacks to have real-world consequences, a troubling inevitability as criminal groups become ever more aggressive.

And there’s more! Each week, we round up all the security news WIRED didn’t cover in depth. Click on the headlines to read the full stories.

Decentralized finance systems promise to do away with the intermediaries that slow down or complicate transactions. A major hack of a major DeFi protocol this week, though, underscores that the future of money comes with its own set of risks. Attackers targeting Wormhole, which offers a bridge between the Solana and Ethereum blockchains for cross-chain transactions, made off with $320 million in various cryptocurrencies. It’s the second-biggest known DeFi theft of all time, after a hacker stole $610 million from Poly Network, only to return the bulk of it eventually. There’s no sign that…

Source…

Reeling from post-hack price slump, Easyfi reveals community compensation plan

May 7, 2021/in Computer Security

After a devastating hack, a cross-chain decentralized finance (DeFi) protocol has revealed today a temporary compensation plan for token holders and investors impacted by one of the largest exploits in DeFi history.

In a Tweet today, EasyFi announced their “Interim Compensation Plan,” a multi-stage process that includes immediate payments, IOU tokens, and incentive programs aimed at victims of the attack.

1/ #EasyFi is releasing a carefully thought out compensation plan for the protocol users on @0xPolygon.

We would also like to inform you that we have onboarded new strategic investors & strong backers to help expand the protocol operations & business. https://t.co/Gu7FtLcsnc

— @easyfi.network (@EasyfiNetwork) May 7, 2021

The hack, which took place 19 April, is considered to be among the largest in DeFi history, with $6 million in stablecoins and 2.98 million EZ tokens worth upwards of $120 million lost at the time of the attack. The hacker was in a complicated position, however, as after exploiting the protocol they owned upwards of 30% of the supply of EZ tokens and there was limited liquidity with which to unload them. The token “hardforked” to EZ 2.0 a week later, rendering the attacker’s remaining tokens effectively worthless.

In a Tweet from his personal account, EasyFi founder Ankitt Gaur confirmed that the hack was the result of a “targeted attack on the founder’s machine/metamask to access admin keys and execute the well-planned hack.” This attack vector bears similarities to a 2020 hack on the personal computer of Hugh Karp, the founder of Nexus Mutual, who lost $8 million.

An expert from hack and exploit publication Rekt noted that the theft may have been the result of lax security practices, in that a single individual was in possession of the keys to the treasury, as opposed to being secured in a wallet with precautions against this type of hack such as a multisignature scheme or timelocked transactions.

In their compensation plan blog post, EasyFi characterizes the attack as “well-planned” and “sophisticated.”

Regardless of the cause, the efforts to compensate victims is multifaceted. Per their post, 25% of lost funds will be distributed to…

Source…

Cities, county still reeling in wake of cyberattack

January 10, 2021/in Internet Security

TEXARKANA, Texas — As multiple agencies in both Texarkanas and Bowie County remain crippled by a ransomware attack discovered more than a month ago, frustration at a lack of information and progress grows among officials and personnel.

The attack on Texarkana Water Utilities, which handles information technology services for both the cities of Texarkana, Texas, and Texarkana, Arkansas, as well as Bowie County, Texas, was discovered Dec. 6. Agencies including the Bowie County Sheriff’s Office; Texarkana Texas Police Department; Texarkana Arkansas Police Department; Bowie County District Attorney’s Office; Bowie County District Clerk’s Office; Bowie County Clerk’s Office; Bowie County probation; Bowie County Justices of the Peace; and multiple other offices have been seriously impacted by the cyber attack.

“At this point I have no knowledge from the county judge’s office other than a short note about the ransomware,” Bowie County Justice of the Peace Nancy Talley said. “I’m in the dark like everyone else.”

Bowie County Judge Bobby Howell said a criminal investigation into the matter is ongoing and that the county has been advised to refrain from issuing public statements by a Pennsylvania law firm.

“Be patient. We will put some information out when the time is right,” Howell said.

Howell said the process of “rebuilding the network” is ongoing though he lamented one would need a “crystal ball” to know when digital processes and infrastructure would be restored and whether data has been irretrievably lost.

“It’s a complex organization,” Howell said.

Howell was reluctant in interviews this week to reveal the name of the law firm advising the county and has declined to provide the Gazette with a copy of the county’s relevant insurance policy. Shortly after 6 a.m. Thursday morning Howell texted contact information for the Mullen Coughlin firm of Devon, Pennsylvania, to Gazette staff. The firm’s website states it specializes in data privacy and incident response services.

A representative of Mullen Coughlin did not respond to a request for comment.

Bowie County Emergency Management Coordinator Lance Hall did not respond to calls from the Gazette this week other than a text message response…

Source…

Equifax, still reeling from data breach, names longtime financial industry executive as its CEO

March 28, 2018/in Internet Security

Equifax, still reeling from data breach, names longtime financial industry executive as its CEO Los Angeles Times

Equifax names Warburg Pincus exec as CEO in wake of data breach American Banker
Equifax names new CEO as fallout from data breach continues HousingWire
Equifax Names Mark Begor as Chief Executive Officer | Equifax Equifax Investor Relations

Full coverage

data breach – read more

Tag Archive for: reeling