The Layer 2 "Base" network on the Coinbase platform has been the target of a large-scale price manipulation attack. This attack focused on an unverified loan contract, leading to a loss of approximately $1 million.
CertiK Warned of the Attack
Early this morning, CertiK Alert monitoring system informed users on the X platform about the ongoing attack. According to the report, the attack targeted the Base chain and affected an unverified loan contract starting with the address 0x5c52.

According to CertiK’s post on X: "The exploiter manipulated the price of WETH and Sui and gained approximately $1 million in tokens through excessive borrowing." CertiK also noted that the oracle used to verify this loan contract, which was deployed only six days ago, has a liquidity of only around $400,000.

Repeated Contract Manipulation Incident
This attack marks the second similar incident in the last two days. On October 24, suspicious transactions were detected on the Polygon network, affecting an unverified NAS contract with the address 0x5d6084Bf..F36Ac7. In that case, the attacker obtained a large amount of NAS tokens, which were later exchanged for USDT.
Base Has Yet to Comment
The Base platform has not yet commented on the incident. However, on October 30, Base announced the launch of Fault Proofs, which aims to provide a more secure environment by removing trusted third parties. The new update will also allow users to monitor and challenge invalid withdrawals.

#hackers , #cyberattacks , #CoinbaseExchange. , #cybersecurity , #CryptoHack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The Health Sector #cybersecurity Coordination Center (HC3) in the United States has announced that at least one healthcare institution in the U.S. has been hit by the Trinity ransomware, a new threat targeting critical infrastructure.
The Threat of Trinity Ransomware and How It Works
A U.S. government agency issued a warning regarding the Trinity ransomware, which targets victims and extorts them for #CryptocurrencyPayments in exchange for not leaking sensitive data. This ransomware uses various attack methods, including phishing emails, malicious websites, and exploiting software vulnerabilities.
Once it infiltrates a system, the ransomware scans the victim's computer, collects sensitive information, and encrypts files using advanced encryption algorithms, rendering them unreadable. #hackers then leave a message in the computer informing the victim that their data has been encrypted and demanding a ransom in exchange for a decryption key.
Hackers’ Demands: 24-Hour Deadline for Payment
In the ransom note, victims are warned that they have only 24 hours to pay the ransom in cryptocurrency, or their data will be leaked or sold. HC3 noted that there are currently no available decryption tools for Trinity ransomware, leaving victims with few options for recovery.
"Victims have 24 hours to contact the cybercriminals, and if they fail to do so, the stolen data will be leaked or sold," HC3 reported. The ransomware primarily targets critical infrastructure, including healthcare providers.
Attacks on Healthcare Institutions
The Trinity ransomware has already affected seven organizations, with healthcare facilities being one of its primary targets. HC3 reported that at least one healthcare entity in the U.S. was recently impacted by this ransomware, raising concerns about cybersecurity in the healthcare sector.
Crypto Ransom Payments Reached $1 Billion in 2023
According to the Chainalysis 2024 #cryptocrime Report, ransomware attackers received approximately $1.1 billion in cryptocurrency payments in 2023. These ransoms were paid by high-profile institutions and critical infrastructure, with attacks ranging from small criminal groups to large syndicates.
The report also revealed that 538 new ransomware variants were created in 2023, with major corporations like BBC and British Airways being among the primary targets of these attacks.
#cyberattacks

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

#wazirX #CryptoNewss #CryptoDawar #cyberattacks #CyberSafety

BENGALURU: Crypto exchange WazirX, in a virtual conference on Monday stressed that tracking and recovering stolen crypto assets is a top priority for the exchange.
WazirX, which is pursuing a restructuring of crypto balances which will take at least six months, filed a moratorium application in Singapore Court and as part of the restructuring, aims to engage with a white knight to provide capital and pursue partnerships and collaborations.
The cyberattack on July 18 resulted in a large volume of ERC-20 tokens being stolen. About Rs 2,000 crore worth of user funds were lost.
Last month, Google subsidiary Mandiant Solutions provided a clean chit to the crypto exchange, but digital assets security firm Liminal Custody questioned the scope and methodology of the audit.
When asked about it, Nischal Shetty, WaxirX Founder and CEO told TNIE. "It's just three laptops that we used for accessing the liminal website. Our infrastructure was not impacted or involved in this process. We gave the entire laptop image and data to the forensic team, we have even provided this to the right authorities."
He added that there is nothing beyond the laptop image that exists with us since nothing else on our end was used for accessing the Liminal website except these three laptops.
George Gwee, director of restructuring at Kroll and Jason Kardachi, MD of Kroll, also addressed the conference. Kroll is the financial advisor and according to them, customers will receive returns of 55 per cent to 57 per cent of the funds. This means, 43 per cent of the money would not be able to recover.
However, Shetty added that they are in the negotiation and the ideation stage. The exchange also has an ownership dispute with Binance. While Zanmai India operates WazirX, Zettai is Singapore-incorporated, and it has applied for a moratorium.
The exchange also explained that restructuring is not insolvency, liquidation or bankruptcy. It is a plan to distribute assets to users in a pro-rata, equitable way, and in crypto (not fiat); and it allows users who need liquidity urgently to withdraw crypto more quickly and not exit the restructuring.
Since Zanmai was not affected by the cyberattack, the platform reopened INR withdrawals up to a limit of 66 per cent. The remaining INR are frozen due to ongoing disputes, and investigations by various Indian Law Enforcement Agencies and will be made available for withdrawal as and when they are unfrozen, the crypto exchange informed.

Stolen cryptocurrency funds are reportedly funding more than half of North Korea's nuclear and missile programs.
Study Reveals Massive Crypto Crime
A recent study by Microsoft revealed that North Korean hackers have stolen over $3 billion in cryptocurrency since 2017. In 2023 alone, the amount stolen in crypto ranges between $600 million and $1 billion.
The 2024 Microsoft Digital Defense Report highlights the complexity of global cyber threats, driven by the rising number of crypto-targeted attacks.
Cryptocurrencies Financing North Korea’s Weapons Programs
According to the report, the stolen crypto funds are allegedly used to finance more than half of North Korea's nuclear and missile programs. Anne Neuberger, the White House National Security Advisor, noted that North Korea is increasingly relying on these tactics.
North Korea uses cryptocurrencies to evade international sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.
Major North Korean Hacking Groups
Since 2023, Microsoft has identified three key North Korean hacking groups: Jade Sleet, Sapphire Sleet, and Citrine Sleet. These groups have been particularly active in targeting organizations dealing with cryptocurrencies.
Additionally, a new North Korean threat actor, Moonstone Sleet, developed its own ransomware called FakePenny. This ransomware was deployed in defense and aerospace organizations after extracting sensitive data from compromised networks.
Microsoft analysts noted that the emergence of these threat groups signals an increasing reliance on cybercrime to bolster North Korea's financial resources.
Other Threats: Iranian and Russian Hacking Groups
In addition to North Korean hackers, the Microsoft report identified Iranian threat actors who are increasingly using cyber operations for financial gain.
The report points out that this marks a shift from previous behavior, where ransomware attacks that appeared financially motivated were actually destructive.
Iran has heavily focused on Israel, especially after the outbreak of the war between Israel and Hamas. Iranian actors are also targeting the United States and Gulf countries, including the United Arab Emirates and Bahrain.
Meanwhile, Russian hacking groups have been integrating more commodity malware into their operations and supporting cyber espionage efforts for criminal organizations.
#cyberattacks , #Cryptoscam , #digitalsecurity ,#northkorea , #CryptoNews🚀🔥

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation
The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.
A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.
Malware Written with Artificial Intelligence
While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.
One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

In-Depth Analysis of the Malware
Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.
The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

AsyncRAT Development and Its Risks
AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.
Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.
AI Increases the Threat of Cyberattacks
HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.
The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.
Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

WASHINGTON, Aug 10 - Donald #Trump's U.S. presidential campaign said on Saturday some of its internal communications were hacked and blamed the Iranian government, citing past hostilities between Trump and Iran without providing direct evidence.
The Republican's campaign statement came shortly after news website Politico reported it had begun receiving emails in July from an anonymous source offering authentic documents from inside Trump's operation, including a report about running mate JD Vance's "potential vulnerabilities."
"These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Trump campaign spokesperson Steven Cheung said in a statement.
Late on Saturday, Trump posted on his Truth Social app that Microsoft (MSFT.O), opens new tab had just informed the campaign that Iran had hacked one of its websites. He cast blame on #Iran , adding they were "only able to get publicly available information." He did not elaborate further on the hack.
Reuters has not independently verified the identity of the alleged hackers or their motivation.
The Trump campaign referred to a Friday report from Microsoft researchers that said Iranian government-tied hackers tried breaking into the account of a "high-ranking official" on a U.S. presidential campaign in June. The hackers had taken over an account belonging to a former political advisor and then used it to target the official, the report said. That report did not provide further details on the targets' identities.
A Microsoft spokesperson declined to name the targeted officials or provide additional details after the report was published.
Iran's permanent mission to the United Nations in New York said in an email that "the Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election."
"We do not accord any credence to such reports," it added in response to the Trump campaign's allegations.
On Friday, in response to Microsoft's findings, Iran's U.N. mission told its cyber capabilities were "defensive and proportionate to the threats it faces," and that it had no plans to launch cyberattacks.
The former president had tense relations with Iran while in office. Under Trump, the United States killed Iranian military commander Qassem Soleimani in 2020 and withdrew from a multilateral Iran nuclear deal.

#MarketDownturn #Write2Earn! #cyberattacks