cyberattack
5,251 vistas
23 están debatiendo
Hot
Lo último
The United Nations (UN) highlighted that North Korea funds 50% of its foreign exchange through cyberattacks, through an investigation into an attack on a crypto company that caused losses of $3 billion.
#cyberattack #northkorea #Exploiter
#cyberattack #northkorea #Exploiter
According to TRM, in 2023, cryptocurrency hacks decreased by over 50%, with cybercriminals stealing around $1.7bn compared to nearly $4bn in 2022.
⚫The number of attacks remained stable, but the value of stolen assets dropped
⚫Infrastructure attacks accounted for nearly 60% of the total stolen amount, averaging almost $30m per incident
⚫The decline is attributed to enhanced industry security, increased law enforcement actions, and improved industry coordination.
#bitcoin #Cryptocurrrency #cyberattack
⚫The number of attacks remained stable, but the value of stolen assets dropped
⚫Infrastructure attacks accounted for nearly 60% of the total stolen amount, averaging almost $30m per incident
⚫The decline is attributed to enhanced industry security, increased law enforcement actions, and improved industry coordination.
#bitcoin #Cryptocurrrency #cyberattack
The #cyberattack against #Cencora , where the hackers received $75 million in extortion payments, was notable for being executed through #Bitcoin ($BTC ) transactions across three installments in March 2024. The payment breakdown is as follows:
1. March 7, 2024 (296.5 #BTC )
- Transaction hash: `e3e203db2752edeb5bb716a77ed30f977bee70b06cefecd69d1c38921ad5d1b2`
- Time: 10:04 pm UTC
2. March 8, 2024 (408 BTC)
- Transaction hash: `db4a0742aa2fe67c20f02642bb776fb4140cf32beca43b7552435f5eddb58d92`
- Time: 7:45 pm UTC
3. March 8, 2024 (387 BTC)
- Transaction hash: `bf408baa4d6598a42a6852012fe412514ff7bb70ca8a94deb9865c9b46f19ddf`
- Time: 9:39 pm UTC
All three transactions were funded from the same source, and the funds flowed into addresses with known exposure to illicit activity, indicating the payments were likely part of a ransomware settlement. To trace these payments on-chain, one would need to analyze blockchain data for the given transaction hashes and look for any connections to wallets flagged for illegal activities.
It appears the attackers had sophisticated methods for moving funds across the blockchain, possibly utilizing coin-mixing services or #darknet wallets to obscure the transaction trail. Reknown crypto investigator @ZachXBT shared the details after a Bloomberg article about the hack as posted.
1. March 7, 2024 (296.5 #BTC )
- Transaction hash: `e3e203db2752edeb5bb716a77ed30f977bee70b06cefecd69d1c38921ad5d1b2`
- Time: 10:04 pm UTC
2. March 8, 2024 (408 BTC)
- Transaction hash: `db4a0742aa2fe67c20f02642bb776fb4140cf32beca43b7552435f5eddb58d92`
- Time: 7:45 pm UTC
3. March 8, 2024 (387 BTC)
- Transaction hash: `bf408baa4d6598a42a6852012fe412514ff7bb70ca8a94deb9865c9b46f19ddf`
- Time: 9:39 pm UTC
All three transactions were funded from the same source, and the funds flowed into addresses with known exposure to illicit activity, indicating the payments were likely part of a ransomware settlement. To trace these payments on-chain, one would need to analyze blockchain data for the given transaction hashes and look for any connections to wallets flagged for illegal activities.
It appears the attackers had sophisticated methods for moving funds across the blockchain, possibly utilizing coin-mixing services or #darknet wallets to obscure the transaction trail. Reknown crypto investigator @ZachXBT shared the details after a Bloomberg article about the hack as posted.
Trezor Discovers Email Provider Breach Resulting in Malicious Emails
Trezor, a hardware #wallet provider, recently acknowledged that a security breach involving their third-party email service resulted in a series of fraudulent emails being sent to their customers over the last 12 hours.
On January 24, #Trezor issued a statement revealing that they had identified an unauthorized email, which falsely claimed to be from the company, disseminated by a third-party email service they use.
The deceptive email, sent from "noreply@trezor.io," falsely instructed users to update their "network" or face the risk of losing their funds.
The email contained a link leading to a website that asked users to input their seed phrase.
Trezor has reported no instances of users losing funds due to this phishing scam, and there are no indications that any Trezor users have been duped by this fraudulent scheme.
Trezor Says it Has Deactivated the Malicious Link
Trezor has informed its customers that they have effectively neutralized the harmful link and assured them that their funds are secure as long as they haven't entered their recovery seed.
"We rapidly disabled the malicious link in the email, significantly reducing the threat's potential impact!"
However, Trezor has advised customers who did input their recovery seed to move their funds to a new wallet immediately.
According to Trezor's ongoing inquiry, an unauthorized party accessed their email address database, primarily used for newsletters, and then sent the fraudulent emails using a third-party email service.
Recently, on January 23, MailerLite, an email marketing software company, reported a security breach. This incident led to a spate of phishing emails exploiting the branded domains of various companies, including Cointelegraph, WalletConnect, and Token Terminal.
It remains uncertain whether Trezor uses the same email domain provider as those affected.
Digital asset attorney Joe Carlasare recounted his experience of receiving the phishing email in a post, labeling it as a “sophisticated scam.”
Exploring the Link Between Support Portal Breach and Recent Hack
There is speculation that the recent #cyberattack might be connected to a prior security breach involving Trezor's support portal, where the personal information of approximately 66,000 users was exposed on January 17.
Despite this breach, the company has stressed that no recovery seed phrases were compromised as a result of the incident. At that time, Trezor, the hardware wallet provider, took immediate action to limit unauthorized access and has been actively reaching out to affected users.
It's important to highlight that this is not the first instance where Trezor has encountered attempts to compromise user assets. Despite its reputable standing in the cryptocurrency hardware wallet industry, Trezor has faced various security challenges in recent years.
In February of the previous year, Trezor issued a warning to users about a phishing attack designed to deceive investors into disclosing their recovery phrase on a counterfeit Trezor website.
Additionally, in May, the cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as a genuine Trezor product. This deceptive device used a substituted microcontroller to gain access to a user's private keys, enabling fraudsters to steal funds.
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
On January 24, #Trezor issued a statement revealing that they had identified an unauthorized email, which falsely claimed to be from the company, disseminated by a third-party email service they use.
The deceptive email, sent from "noreply@trezor.io," falsely instructed users to update their "network" or face the risk of losing their funds.
The email contained a link leading to a website that asked users to input their seed phrase.
Trezor has reported no instances of users losing funds due to this phishing scam, and there are no indications that any Trezor users have been duped by this fraudulent scheme.
Trezor Says it Has Deactivated the Malicious Link
Trezor has informed its customers that they have effectively neutralized the harmful link and assured them that their funds are secure as long as they haven't entered their recovery seed.
"We rapidly disabled the malicious link in the email, significantly reducing the threat's potential impact!"
However, Trezor has advised customers who did input their recovery seed to move their funds to a new wallet immediately.
According to Trezor's ongoing inquiry, an unauthorized party accessed their email address database, primarily used for newsletters, and then sent the fraudulent emails using a third-party email service.
Recently, on January 23, MailerLite, an email marketing software company, reported a security breach. This incident led to a spate of phishing emails exploiting the branded domains of various companies, including Cointelegraph, WalletConnect, and Token Terminal.
It remains uncertain whether Trezor uses the same email domain provider as those affected.
Digital asset attorney Joe Carlasare recounted his experience of receiving the phishing email in a post, labeling it as a “sophisticated scam.”
Exploring the Link Between Support Portal Breach and Recent Hack
There is speculation that the recent #cyberattack might be connected to a prior security breach involving Trezor's support portal, where the personal information of approximately 66,000 users was exposed on January 17.
Despite this breach, the company has stressed that no recovery seed phrases were compromised as a result of the incident. At that time, Trezor, the hardware wallet provider, took immediate action to limit unauthorized access and has been actively reaching out to affected users.
It's important to highlight that this is not the first instance where Trezor has encountered attempts to compromise user assets. Despite its reputable standing in the cryptocurrency hardware wallet industry, Trezor has faced various security challenges in recent years.
In February of the previous year, Trezor issued a warning to users about a phishing attack designed to deceive investors into disclosing their recovery phrase on a counterfeit Trezor website.
Additionally, in May, the cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as a genuine Trezor product. This deceptive device used a substituted microcontroller to gain access to a user's private keys, enabling fraudsters to steal funds.
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🔻🔻$BTC ________🔥 for BTC updates ⏫️⏫️⏫️
United Nations report: North Korea obtains 50% of its foreign exchange income through cyber attacks and loses approximately US$30 billion
BTC - SELL
Reason: Increased likelihood of North Korea's cyberattack activities targeting digital wallets impacts investor confidence in Bitcoin.
Signal strength: HIGH
Signal time: 2024-03-23 20:55:02 GMT
#northkorea #cyberattack #Forex #BTCUSDT #SignalAlert
Always DYOR. It’s not a financial advice, but our POV on the most likely asset move amid the event. What’s yours?
United Nations report: North Korea obtains 50% of its foreign exchange income through cyber attacks and loses approximately US$30 billion
BTC - SELL
Reason: Increased likelihood of North Korea's cyberattack activities targeting digital wallets impacts investor confidence in Bitcoin.
Signal strength: HIGH
Signal time: 2024-03-23 20:55:02 GMT
#northkorea #cyberattack #Forex #BTCUSDT #SignalAlert
Always DYOR. It’s not a financial advice, but our POV on the most likely asset move amid the event. What’s yours?
#WazirX is accusing wallet provider for the cyberattack.
A separate forensic analysis revealed no compromise of WazirX's IT systems, the beleaguered cryptocurrency exchange claimed on Monday, nearly a month after it completed a preliminary investigation into a security breach that resulted in a $230 million loss. WazirX blamed the cyberattack on its wallet service provider Custody.
WazirX said that Mandiant Solutions, a cybersecurity company and a division of Google, was in charge of the inquiry.
"A comprehensive analysis will soon be available, but the results generally suggest that Liminal was the source of the problem that gave rise to the cyberattack. According to a press release from WazirX, "the wallet that was attacked was managed using Liminal's digital asset custody and wallet infrastructure."
Once the cyberattack was discovered, Liminal Custody made it clear that its systems were safe.
Given that WazirX was the custodian of five of the six keys, Liminal stated in a statement that "if one were to go by the information WazirX has shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture."
The business went on to say that auditors had been assigned to look into the matter.
The founder and CEO of WazirX, Nischal Shetty, stated in a post on X (formerly Twitter) that the company had not yet "heard credible answers from Liminal."
#cyberattack #CryptoNewss #PowellAtJacksonHole #CryptoMarketMoves
A separate forensic analysis revealed no compromise of WazirX's IT systems, the beleaguered cryptocurrency exchange claimed on Monday, nearly a month after it completed a preliminary investigation into a security breach that resulted in a $230 million loss. WazirX blamed the cyberattack on its wallet service provider Custody.
WazirX said that Mandiant Solutions, a cybersecurity company and a division of Google, was in charge of the inquiry.
"A comprehensive analysis will soon be available, but the results generally suggest that Liminal was the source of the problem that gave rise to the cyberattack. According to a press release from WazirX, "the wallet that was attacked was managed using Liminal's digital asset custody and wallet infrastructure."
Once the cyberattack was discovered, Liminal Custody made it clear that its systems were safe.
Given that WazirX was the custodian of five of the six keys, Liminal stated in a statement that "if one were to go by the information WazirX has shared, this actually raises serious questions on the security of their network infrastructure, operational custody controls and overall security posture."
The business went on to say that auditors had been assigned to look into the matter.
The founder and CEO of WazirX, Nischal Shetty, stated in a post on X (formerly Twitter) that the company had not yet "heard credible answers from Liminal."
#cyberattack #CryptoNewss #PowellAtJacksonHole #CryptoMarketMoves
Crypto-Crazed Hackers Target Paris!
Grand Palais & 40+ French landmarks hit in Olympic-sized cyberattack.
Ransom demands in crypto.
#Paris2024 #OlympicGames #cyberattack #HackerAlert
Grand Palais & 40+ French landmarks hit in Olympic-sized cyberattack.
Ransom demands in crypto.
#Paris2024 #OlympicGames #cyberattack #HackerAlert
#bleepingcomputer
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews
The #cybersecurity and Infrastructure Security Agency (#CISA ) has issued a new warning regarding cyber threat actors targeting critical infrastructure by exploiting internet-exposed operational technology (OT) and industrial control systems (ICS). The attacks, which affect sectors like water and wastewater systems, use relatively unsophisticated methods, such as brute force attacks and default credentials, to gain access to these systems.OT devices, essential in managing industrial processes like water treatment, have been a key focus for cybercriminals, including pro-Russian hacktivists, since 2022. These devices are often left vulnerable due to weak configurations and insufficient security measures. Recent incidents, such as a #cyberattack on the water treatment facility in Arkansas City, Kansas, underscore the severity of the threat.To defend against such attacks, CISA recommends that OT/ICS operators implement measures such as changing default passwords, using multifactor authentication, and securing human-machine interfaces behind firewalls. Additionally, the U.S. Environmental Protection Agency (EPA) has released guidance to help water and wastewater system operators improve their cybersecurity posture.The rise in attacks on critical infrastructure highlights the growing need for stronger cybersecurity practices, especially as both state-backed and independent hacking groups increasingly target vulnerable systems.
#hackernews
🛡️ Is your Account Password strong enough to withstand cyber attacks?
#TrendingTopic #BTC #security #cyberattack
#password
#TrendingTopic #BTC #security #cyberattack
#password
🚨CYBERATTACK HITS WAZIRX👑
JULY 18📆
India's largest cryptocurrency exchange WazirX, has suffered a major
security breach resulting in the theft of over $230💰 millions in digital
assets.
JULY19📅
WazirX files a police complaint and reports the incident to the FIU.🚓
AUG 03📅
WazirX concludes a poll, with users overwhelmingly voting against the
loss- sharing proposal.🖲
AUG 26📅
WazirX is resuming only 66% of their INR balances in phases, also
halted trading.
AUG 27📅
WazirX announced that its crypto operating entity , ZETTAI , filed on Aug
27 an application with the high court of Singapore for a moratorium
under section 64 of the insolvency, restructuring and dissolution act
2018.
SEPT 4📆
According to the crypto tracker Lookonchain, the stolen assets from
WazirX have been converted to Ethereum(ETH). Cryptooutlet Coin Desk
also reported that a crypto currency “Mixer” known as Tornadocash was
used to carry out currency transport.😨
WazirX is facing a backlash from social media users, scammers on X
are targeting the helpless customers while those critical of Shetty have
claimed that they are being blogged and ignored.Others who support the
CEO are urging aggrieved customers to consent to the moratorium,
scaring them away from taking legal action of their own.🫢
Inorder to help distraught users understand the legal situation,Nischal
Shetty announced that WazirX was emailing them a 52 pages long
affidavit.🗒
This incident highlights💡 the ongoing challenges faced by the crypto
currency industry in combating cybercrimes and ensuring the security of
digital assets.
Now the Question is "Will WazirX👑, the big Indian crypto platform,
retrieve its users' trust?”🤔
#WazirX #CryptoCurrency #cyberattack
Please like 👍and follow😊
JULY 18📆
India's largest cryptocurrency exchange WazirX, has suffered a major
security breach resulting in the theft of over $230💰 millions in digital
assets.
JULY19📅
WazirX files a police complaint and reports the incident to the FIU.🚓
AUG 03📅
WazirX concludes a poll, with users overwhelmingly voting against the
loss- sharing proposal.🖲
AUG 26📅
WazirX is resuming only 66% of their INR balances in phases, also
halted trading.
AUG 27📅
WazirX announced that its crypto operating entity , ZETTAI , filed on Aug
27 an application with the high court of Singapore for a moratorium
under section 64 of the insolvency, restructuring and dissolution act
2018.
SEPT 4📆
According to the crypto tracker Lookonchain, the stolen assets from
WazirX have been converted to Ethereum(ETH). Cryptooutlet Coin Desk
also reported that a crypto currency “Mixer” known as Tornadocash was
used to carry out currency transport.😨
WazirX is facing a backlash from social media users, scammers on X
are targeting the helpless customers while those critical of Shetty have
claimed that they are being blogged and ignored.Others who support the
CEO are urging aggrieved customers to consent to the moratorium,
scaring them away from taking legal action of their own.🫢
Inorder to help distraught users understand the legal situation,Nischal
Shetty announced that WazirX was emailing them a 52 pages long
affidavit.🗒
This incident highlights💡 the ongoing challenges faced by the crypto
currency industry in combating cybercrimes and ensuring the security of
digital assets.
Now the Question is "Will WazirX👑, the big Indian crypto platform,
retrieve its users' trust?”🤔
#WazirX #CryptoCurrency #cyberattack
Please like 👍and follow😊
🚨Update: Cyberattack!! New York Stock Exchange glitch causes Warren Buffett’s Berkshire Hathaway stock to plummet 99%, other stocks affected too!
#cyberattack #NYSE
#StartInvestingInCrypto #ETHETFsApproved
#write2earn🌐💹
#cyberattack #NYSE
#StartInvestingInCrypto #ETHETFsApproved
#write2earn🌐💹
Part 1: The Growing Threat of Cyberattacks in the Crypto World
In September 2024, the crypto industry faced massive security challenges, with hackers exploiting vulnerabilities in centralized platforms and protocols. According to PeckShield, losses from hacks and breaches surpassed $120 million, a significant figure that highlights the persistent risks in the space. The three largest incidents alone caused damage of over $90 million:
• The BingX platform suffered the biggest attack, losing $44 million.
• Penpie, a DeFi protocol, was hit with a loss of $27.3 million.
• Indodax, an Indonesian exchange, reported a breach amounting to $21 million.
The majority of these attacks targeted centralized exchanges (CEX), highlighting how these platforms remain vulnerable despite advancements in security. This raises concerns among both investors and developers about the security measures employed by major exchanges. As more assets flow into CEXs, they become increasingly attractive targets for hackers.
For investors, it’s crucial to understand that not all exchanges provide the same level of protection. Choosing a secure platform can help mitigate risks. To avoid becoming a victim of the next major attack, due diligence on security features—such as two-factor authentication (2FA), cold storage, and compliance with regulatory standards—is essential.
#BingX #Penpie #Indodax #HackerAlert #cyberattack
In September 2024, the crypto industry faced massive security challenges, with hackers exploiting vulnerabilities in centralized platforms and protocols. According to PeckShield, losses from hacks and breaches surpassed $120 million, a significant figure that highlights the persistent risks in the space. The three largest incidents alone caused damage of over $90 million:
• The BingX platform suffered the biggest attack, losing $44 million.
• Penpie, a DeFi protocol, was hit with a loss of $27.3 million.
• Indodax, an Indonesian exchange, reported a breach amounting to $21 million.
The majority of these attacks targeted centralized exchanges (CEX), highlighting how these platforms remain vulnerable despite advancements in security. This raises concerns among both investors and developers about the security measures employed by major exchanges. As more assets flow into CEXs, they become increasingly attractive targets for hackers.
For investors, it’s crucial to understand that not all exchanges provide the same level of protection. Choosing a secure platform can help mitigate risks. To avoid becoming a victim of the next major attack, due diligence on security features—such as two-factor authentication (2FA), cold storage, and compliance with regulatory standards—is essential.
#BingX #Penpie #Indodax #HackerAlert #cyberattack