Tag Archive for: Thefts

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

/in


Apr 13, 2024NewsroomCryptocurrency / Regulatory Compliance

Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million.

Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July.

“At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks,” the U.S. Department of Justice (DoJ) noted at the time.

Cybersecurity

While the name of the company was not disclosed, he was residing in Manhattan, New York, and working for Amazon before he was apprehended.

Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange’s smart contracts to insert “fake pricing data to fraudulently generate millions of dollars’ worth of inflated fees,” which he was able to withdraw.

Subsequently, he initiated contact with the company and agreed to return most of the funds except for $1.5 million if the exchange agreed not to alert law enforcement about the flash loan attack.

It’s worth noting that CoinDesk reported in early July 2022 that an unknown attacker returned more than $8 million worth of cryptocurrency to a Solana-based crypto exchange called Crema Finance, while keeping $1.68 million as a “white hat” bounty.

Ahmed has also been accused of carrying out an attack on a second decentralized cryptocurrency exchange called Nirvana Finance, siphoning $3.6 million in the process, ultimately leading to its shutdown.

“Ahmed used an exploit he discovered in Nirvana’s smart contracts to allow him to purchase cryptocurrency from Nirvana at a lower price than the contract was designed to allow,” the DoJ said.

Cybersecurity

“He then immediately resold that cryptocurrency to Nirvana at a higher price. Nirvana offered Ahmed a ‘bug bounty’ of as much as $600,000 to return the stolen funds, but Ahmed instead demanded $1.4 million, did not reach…

Source…

Hyundai and Kia thefts keep rising despite security fix

/in


Nearly three months ago, Hyundai and Kia unveiled software that was designed to thwart an epidemic of thefts of their vehicles, caused by a security flaw that was exposed on TikTok and other social media sites.

So far, it hasn’t solved the problem. Across the country, thieves are still driving off with the vehicles at an alarming rate.

Data from seven U.S. cities gathered by The Associated Press shows that the number of Hyundai and Kia thefts is still growing despite the companies’ efforts to fix the glitch, which makes 8.3 million vehicles relatively easy targets for thieves.

From Minneapolis, Cleveland and St. Louis to New York, Seattle, Atlanta and Grand Rapids, Michigan, police have reported substantial year-over-year increases in Hyundai and Kia theft reports through April. An eighth city, Denver, which was hit early by the theft outbreak, reported a 23% decline from 2022 levels but still endured a high number of thefts.

So far this year, Minneapolis police have received 1,899 Kia and Hyundai theft reports, nearly 18 times the number for the same period in 2022.

“The scope of the problem is only expanding and is exponentially worse than it has been in the past,” Brian O’Hara, the police chief of Minneapolis, said in an email. “We have some weeks where nearly as many Kias and Hyundais are stolen in a week as had previously been stolen in a year.”

The most recent nationwide numbers on Hyundai and Kia thefts aren’t yet publicly available. The figures for early 2023, as calculated by the Insurance Institute for Highway Safety, will be released until later this year. (Hyundai and Kia are part of the same South Korean corporate family.)

Some U.S. cities have reported that 60% or more of their auto theft reports now involve Hyundais or Kias. Videos on TikTok and other sites that illustrate how to start and steal Kia and Hyundai models — using only a screwdriver and a USB cable — have allowed the thefts to spread across the nation since late 2021.

In New York, the Hyundai-Kia theft problem has grown so worrisome that the city held a news conference last last month to offer owners devices that can track their vehicles if they’re stolen. Police there reported 966 Hyundai and…

Source…

Bored Ape thefts on Instagram are crypto’s latest hack headaches

/in


The breach of official crypto accounts has happened on Discord too. Prior to its official launch, NFT marketplace Fractal had its Discord channel infiltrated and used to spread a link to a fake token launch that stole about US$150,000 from users.

What to do?

Crypto scams put more pressure on social media companies to boost security measures and hash out clearer policies on how they plan to better protect users.

When asked about these issues, Twitter, Discord and Telegram told Bloomberg that they all take action to mitigate fraud on their platforms and allow users to report suspicious activity. Meta Platforms, the parent company of Facebook and Instagram, declined to comment on crypto scams on these social media networks and the recent BAYC hack.

Although cutting out scams is difficult, it is not impossible, according to Mr Curt Dukes, an executive vice-president at the non-profit Centre for Internet Security. Requiring users to employ multi-factor authentication to protect their accounts and introducing a patch management system that helps identify and fix security flaws can help decrease vulnerability.

Companies can also provide better education to both employees and users on social engineering and make greater use of tools to verify that a user is human, such as adding a “Captcha” challenge requiring users to solve a puzzle or type in hard-to-read text in order to use the platform.

Mr Musk’s plan to open-source Twitter’s algorithms “definitely gives credibility to the platform”, according to Mr Dukes. Allowing anyone to view Twitter’s code would increase the chances of a security issue being spotted, he said.

As for cleaning out bots, there are machine-learning tools available that could be a big help for social media companies, but there are trade-offs involved, said Mr Adam Meyers, senior vice-president of intelligence at the cyber-security firm Crowdstrike. Algorithms can identify posting patterns indicative of a malicious bot account, Mr Meyers said in an interview. Doing so, though, could sharply cut overall user counts, which would not be ideal for a social media platform.

“If you’re too good at stopping bots, then that’s going to drive that number down,” Mr Meyers…

Source…

North Korean Hackers Execute Axie Infinity Crypto Thefts; More than $600 Million in Ethereum Stolen

/in


North Korean Hackers Targeting Researchers with Malware

The FBI has accused North Korean hackers of a theft of more than $600 million in cryptocurrency. The theft is described as a hacking attack on a computer network of a video game Axie Infinity, where players earned cryptocurrency Ethereum.

The FBI and the US Treasury indicated on 14 April, that the hackers are two cyber actors having ties with the North Korean Government and were involved with the stealing of more than $600 million in Ethereum. “Through our investigations we were able to confirm Lazarus Group and APT38, cyber actors associated with [North Korea], are responsible for the theft,” the FBI said in a statement.

us-charges-three-north-korean-hackers

On 29 March Sky Mavis, the creator of Axie Infinity, announced that the game was hacked on 23 March and approximately $600 million were stolen from a “bridge,” that authorized crypto being sent from one blockchain to another. The value presently stands to be around $625 million. This March hack of Blockchain Project Ronin, raised several questions about security and privacy issues and was one of the largest hacks that knocked the crypto world.

The only solution for Sky Mavis to prevent and protect themselves from such attacks was to come up with a more secured Ethereum blockchain, as the one they used was relatively slow and expensive and hence made it easier for the hackers to exploit the weakness and strike.

Picture for representation
The North Korea flag flutters next to concertina wire at the North Korean embassy.
Reuters

“The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust US and UN sanctions,” a Treasury Department spokesperson said, using the initials of North Korea’s official name.

As per a draft resolution reviewed by the Reuters news agency the United States is urging the UN Security Council to blacklist the Lazarus Group and further go ahead with the freezing of its assets.

According to a US military report of 2020, North Korea’s hacking programme has grown immensely from the mid-1990s to today being known as the Bureau Unit, a…

Source…