/ Kazakhstan is huge for crypto mining. Political upheaval could jeopardize that

The Central Asian nation plunged into chaos as violent protests sparked by rising fuel prices left dozens killed and hundreds injured. As part of the mayhem, internet and telecommunications cuts have been reported nationwide — and that's having an impact on local cryptocurrency mining operations, which are among the largest in the world. Kazakhstan emerged as a popular mining hub last year, after neighboring China cracked down on the activity — curbs Chinese authorities said were necessary to protect the country's efforts to reduce carbon emissions.

More on CNN2022-01-07

/ Fintech firm hit by Log4j hack refuses to pay $5 million ransom

One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish customer data should ONUS refuse to comply. After the company's refusal to pay the ransom, threat actors put up data of nearly 2 million ONUS customers for sale on forums.

More on Bleeping Computer2021-12-30

/ LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’

LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the attempted login was valid. When LastPass noticed an unexpected rise in the occurrence of blocked access emails it initially suspected that it could be the resulted of a “credential stuffing” attack. In a blog post yesterday (December 28), LastPass said early result of its investigation revealed no evidence that any of its users’ accounts had been hacked or otherwise compromised.

More on The Daily Swig2021-12-29

/ US returns $154 Million in bitcoins stolen by Sony employee

The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack. "According to the government's complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. ("Sony Life") in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts," the Justice Dept said today. "Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California."

More on Bleeping Computer2021-12-23

/ Bitcoin ATM CEO Pleads Guilty to FinCEN Violations

Brannen Mehaffey, the CEO of BASH Bitcoin ATMs, unknowingly conducted business with undercover federal agents through LocalBitcoins and other platforms. He also failed to register his LocalBitcoins transactions and network of 20 Bitcoin ATMs as a money transmitting business with the Department of the Treasury. Mehaffey, who operated out of Phoenix, Arizona, and Austin, Texas, pleaded guilty to one count of operating an unlicensed money transmitting business. As we reported in December 2020, the Department of Justice had originally charged Mehaffey with several crimes, including seven counts of money laundering and one count of structuring financial transactions. In a Criminal Information, the DOJ charged Mehaffey with one count of operating an Unlicensed Money Transmitting Business.

More on Darknetlive2021-12-11

/ Web3? I have my DAOts

The promise of a decentralized and trustless future is forever just that: a promise, and in the future. No one wants to sound like David Letterman. The terror of missing the next big thing - a sentiment so universal it has its own acronym: FOMO - is reason enough to think twice before dismissing the latest tech obsession. Which brings me to the phenomenon that’s taken over my Twitter feed recently: web3.

More on networked2021-12-10

/ Crypto-exchange BitMart reports $150 million theft following hack

Cryptocurrency trading platform BitMart has revealed that around $150 million worth of funds have been stolen by malicious hackers. Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. In a statement issued on the same day, BitMart said it was “temporarily suspending withdrawals until further notice” after detecting a “large-scale security breach” centered on two ‘hot’ wallets (meaning the wallets were connected to the internet).

More on The Daily Swig2021-12-06

/ SEC said to allow first bitcoin futures ETF to trade in US: report

The U.S. Securities and Exchange Commission is said to be allowing the first Bitcoin futures exchange-traded fund (ETF), per a Bloomberg report. The publication said in a report on Thursday night that the U.S. regulator "isn't likely to block the products from starting to trade next week," citing people familiar with the matter. The report came several hours after the SEC said in a tweet through its investor education account that "Before investing in a fund that holds Bitcoin futures contracts, make sure you carefully weigh the potential risks and benefits."

More on The Block2021-10-16

/ OpenSea NFT platform bugs let hackers steal crypto wallets ?

Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art. With a transaction volume of $3.4 billion, OpenSea is the world’s largest marketplace for buying, selling, and auctioning non-fungible tokens (NFTs) and other digital assets and collectibles. Details emerged today about an issue on the OpenSea platform that let hackers hijack user accounts and steal the associated cryptocurrency wallets. The attack method is as simple as creating an NFT with a malicious payload and waiting for a victim to take the bait and view it. Multiple users reported empty cryptocurrency wallets after receiving gifts on the OpenSea marketplace, a marketing tactic known as “airdropping” and used to promote new virtual assets.

More on Bleeping Computer2021-10-13

/ Understanding the Cryptocurrency-Ransomware Connection

Unfortunately for the law-abiding of the world, ransomware is an idea that caught on immediately and never lost steam. In fact, it’s grown to the point that it now contributes to a thriving cybercrime business, often targeting large sectors, including education, finance, healthcare, the legal sector, and manufacturing. According to Fortinet research, by the end of 2020, there were as many as 17,200 devices reporting ransomware each day. Ransomware was widespread long before cryptocurrency came along, but in recent years, both have skyrocketed in tandem. Because cryptocurrency is difficult to trace, cybercriminals have rapidly switched to it as their preferred method for ransom payments. In fact, DarkSide, the group behind the high-profile attack on Colonial Pipeline, purportedly raked in $90 million in Bitcoin ransom payments before shutting down in May.

More on SecurityWeek2021-10-12

/ Crypto platform mistakenly gives $90M to users, asks for refund

In a major blunder, cryptocurrency platform Compound accidentally paid out $90 million among its users. Shortly after the mistake, the platform's founder began asking users to return the money—or else they would be reported to IRS, and possibly doxxed, threatened the founder. Compound is an Ethereum-based money market protocol that enables users to earn interest or borrow assets against collateral. Lenders can provide assets to Compound's liquidity pool and start earning compounding interest, with interest rates dictated automatically by supply and demand. Yesterday, due to an erroneous upgrade process, the decentralized finance (DeFi) platform ended up spilling out Ethereum assets worth $90 million to its users.

More on Bleeping Computer2021-10-02

/ Hackers rob thousands of Coinbase customers using MFA flaw

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. Coinbase is the world's second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries. In a notification sent to affected customers this week, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.

More on Bleeping Computer2021-10-01