The mailing list provider used by the Ethereum Foundation for updates was compromised, resulting in a phishing email. Hackers are now using addresses from the breach to send fake emails. These fraudulent emails claim a collaboration between Ethereum and LIDO, promising a high annual percentage yield (APY) for staked assets. Recipients are urged to avoid […]
Bitcoin News
Holograph Compromised: HLG Value Plummets as Hacker Illegally Mints 1 Billion Tokens
On June 13, an unidentified hacker minted one billion HLG tokens by exploiting vulnerabilities in the Holograph operator smart contract. The Holograph team has patched the initial exploit and is collaborating with exchange partners to freeze the affected accounts. A decentralized finance researcher suspects a rogue developer orchestrated the attack. Holograph Contemplates Engaging Law Enforcement […]
Bitcoin News
Tether CEO Advises Caution Over Suspicious Airdrop Emails Citing Compromised Mailing List Vendor
Paolo Ardoino of Tether and Bobby Ong of Coingecko have warned of a potential supply chain attack on the crypto industry. They reported that a prominent vendor managing mailing lists for crypto companies may have been compromised, urging caution against phishing emails related to fake crypto airdrops. ‘Beware of Any Emails Suggesting Crypto Airdrops’ Paolo […]
Bitcoin News
SEC’s Spot Bitcoin ETF Approval Post Unauthorized — Chair Gary Gensler Says SEC’s X Account Was Compromised
The U.S. Securities and Exchange Commission (SEC)’s X account announced the approval of spot bitcoin exchange-traded funds (ETFs) on Tuesday. However, minutes later, SEC Chairman Gary Gensler claimed that the agency’s social media account was compromised and the post was unauthorized. Some suspect an internal SEC error behind the premature bitcoin ETF announcement.
SEC’s ‘Unauthorized’ Spot Bitcoin ETF Announcement
Amidst soaring anticipation for potential spot bitcoin exchange-traded fund (ETF) approval, an official U.S. Securities and Exchange Commission (SEC) account on social media platform X announced on Tuesday that the regulator has approved spot bitcoin ETFs for trading on all registered national securities exchanges.
As excitement surged across the crypto industry and social media went wild over the fake news, SEC Chairman Gary Gensler quickly took to X platform to clarify that the SEC account was compromised and an unauthorized post claiming spot bitcoin ETF approval was posted. He emphasized that the securities regulator has not approved any listing or trading of spot exchange-traded products.
Following the unauthorized post about spot bitcoin ETF approval, X erupted with comments questioning the SEC’s ability to protect investors and accusing the regulator of market manipulation after the fake announcement. Bitcoin proponent Jameson Lopp, for example, wrote: “It’s a good thing we have the SEC keeping us safe from malicious actors in the markets. Darn shame they can’t even keep a social media account secure … Will the SEC be investigating itself for allowing this market manipulation on their watch?”
Some people on social media suspect that someone at the SEC made the mistake of posting the announcement prematurely and it was supposed to go out on Wednesday. Skybridge Capital founder Anthony Scaramucci opined on X: “I think Gensler is lying. I bet an employee screwed up and jumped the gun and he is blaming it on X … Blaming the tweet, which was carefully worded and included a produced graphic, on a hacked account is a continuation of amateurish and dishonest nature of the current SEC leadership regime.” Vaneck’s head of digital assets strategy, Gabor Gurbacs, commented on X:
I am no cybersecurity expert, but it seems almost impossible to notice a bad tweet from [an] org account, tweet from the chair’s account to correct it, then recover a hacked social media account, then tweet about incident and response to it from hacked account, all in a few minutes.
“What if this was an inside job? Is the only way to stop or delay a bitcoin ETF is to create an event like this? … Or did the message just get published early?” the Vaneck director questioned.
The SEC is expected to approve multiple spot bitcoin ETFs on Wednesday, which is the deadline for a proposal by Cathie Wood’s Ark Invest and 21shares. Ten spot bitcoin ETF applicants have filed their amended registration statements with the SEC. Several asset managers expect to start trading their spot bitcoin ETFs on Thursday.
Do you think the SEC’s X account was compromised like Chair Gary Gensler said or did someone at the SEC send out the announcement accidentally? Let us know in the comments section below.
Dwallet Labs Says It Uncovered Infstones Validator Vulnerabilities Which Left $1 Billion in Staked Assets ‘Compromised’
Cyber security firm Dwallet Labs said on Nov. 21 that vulnerabilities it found on several Infstones (a validator company) validators a few months ago “meant over B of staked assets were compromised.” Infstones has acknowledged the existence of the vulnerabilities but says it “disagrees with the severity of the potential impact.”
Traditional Web2 Threats
According to the cyber security firm Dwallet Labs, a security research study initially showed that one validator belonging to Infstones had “a potential vulnerable entry point.” The security firm argued that the vulnerability, which was uncovered more than four months ago, highlights the still significant risks posed to validators by traditional Web2 threats.
1/ Web3 security usually focuses on native Web3 primitives like smart contract. However Web3 runs on servers, and those are susceptible to traditional Web2 threats. This vulnerability highlights that traditional attack vectors are at least as important, if not more so.
— Omer Sadika (@omersadika) November 21, 2023
To prove such a vulnerability could be used to launch a devastating attack, Dwallet Labs said it created its own node on Infstones “to run our own nodes and attack them.” This step enabled the security firm to gain “full control and extract keys.” By repeating this type of attack, Dwallet Labs uncovered more vulnerabilities. The security firm was subsequently able to affect over 1,000 Infstones servers and “to get full control, including extracting validator keys that are stored locally on the server.”
Vulnerabilities a Threat to Staked Assets
In a Medium post which details the findings of the security research, Elad Enerst, a security researcher at Dwallet Labs, explained that the research had “focused on attacking blockchain networks from a more traditional angle.” The plan, he said, was to treat validators as normal cloud servers and to attack them using what he described as classic techniques.
4/7
However, InfStones disagrees with the severity of the potential impact. They responded saying that the vulnerability could only affect a small fraction of the live nodes it has launched.
— CRYPTOTAG (@CRYPTO_TAG) November 21, 2023
Meanwhile, in a social media post discussing the potential consequences if a bad actor were able to gain such control, Omer Sadika, the CEO at Dwallet Labs, said:
“The impact of the affected servers meant over B of staked assets were compromised, with validator keys that could be stolen for over 1.2% of the stake of Ethereum and 3.9% of Lido. Attackers could exploit vulnerabilities like these in many validator providers to extract keys until they get enough power to take over and/or censor networks.”
For Sadika and his team, uncovering the vulnerability demonstrates that despite having an air-tight smart contract, the infrastructure used to run such a smart contract or code can potentially create an “attack vector that allows for completely taking over the network.”
Infstones Says Appropriate Steps Already Taken
While Infstones has acknowledged the existence of a vulnerability uncovered by Dwallet Labs, the former reportedly disputes the latter’s assessment of “the severity of the potential impact.” According to a post shared by Cryptotag on X (formerly Twitter), Infstones believes the vulnerability found in 237 instances accounts for less than 0.1% of the live nodes it has launched to date.
Still, the social media post said Infstones has already resolved some of the issues raised by Dwallet Labs in its lengthy report.
However, in a later post following reports that Infstones had taken appropriate steps to resolve the issues highlighted by his firm, Sadika seemingly bemoaned Infstones’ attempt to downplay the problem.
“The worst way to handle a cybersecurity vulnerability is not taking responsibility and lying. We were super open and transparent with the goal of eliminating the risk to Web3. My take: it’s not about whether you are fully secure or not, because no one is, it’s about how you handle it and maintain the trust with your partners and customers,” Sadika stated.
What are your thoughts on this story? Let us know what you think in the comments section below.
Over 100,000 Compromised Chatgpt Accounts Discovered on Darknet Markets
Cybersecurity researchers have found tens of thousands of devices storing Chatgpt credentials that have been infected with info-stealing malware. The account details have ended up being sold on the dark web, they said, pointing out that the Asia-Pacific leads by number of such offers.
Increase of Compromised Accounts Testifies to the Growing Popularity of Chatgpt, Experts Say
Singapore-based cybersecurity firm Group-IB has identified 101,134 stealer-infected devices with saved Chatgpt credentials over the past year. The compromised accounts were found within the logs of info-stealing malware traded on darknet markets thanks to its Threat Intelligence platform which monitors such marketplaces and stores a library of dark web data.
The logs reached a high of 26,802 in May 2023, with the Asia-Pacific region seeing the highest number of Chatgpt credentials being put up for sale during the studied period — 40.5% of the stolen accounts between June 2022 and May 2023. The authors of the report noted that the increase of these offerings is an indication of the growing popularity of the chatbot.
Developed by the Microsoft-funded artificial intelligence (AI) research laboratory Openai, Chatgpt was launched in November 2022 and has been finding applications in different fields. Group-IB underscored that more and more employees of various organizations are using the chatbot to optimize their work in areas such as software development or business communications.
Chatgpt has also been making its way into the crypto space. In March, the leading U.S. digital asset exchange, Coinbase, announced it’s testing the product as a token verification tool. And in June, the blockchain analytics firm Elliptic said it intends to use it to support its intelligence gathering efforts.
“By default, Chatgpt stores the history of user queries and AI responses. Consequently, unauthorized access to Chatgpt accounts may expose confidential or sensitive information,” Group-IB’s experts remarked. The data can then exploited for targeted attacks against companies and their employees, they elaborated.
The analysis of underground marketplaces conducted by the cybersecurity firm revealed that the majority of logs containing Chatgpt accounts have been breached by the Raccoon info stealer. This type of malware collects saved account credentials, bank card details and crypto wallet information from browsers installed on infected devices as well as data from instant messengers and emails.
Do you think the theft of Chatgpt accounts will be a growing trend in the near future? Tell us in the comments section below.
Hackers Breach Nigerian Crypto Trading Platform — BTC and Naira Assets Compromised
The Nigerian gift card and crypto trading platform, Patricia, announced on May 26 that one of its trading applications had been breached and that BTC as well as naira assets were compromised. The crypto exchange platform said it has since suspended withdrawals and is presently “undergoing internal restructuring.”
Patricia Says Customer and Merchant Assets ‘Secure’
The Nigerian gift card and crypto exchange platform, Patricia, revealed on May 26 that hackers had breached its retail trading application leaving an undisclosed amount of BTC and naira assets compromised. According to an update issued by the firm, other crypto balances were not affected by the breach. Patricia also reassured the public that the assets belonging to its customers and merchants were still secure.
Hello Chief,
We have a much needed update for you. #patriciatechnologies #cryptocurrencies pic.twitter.com/AcOIdIE8Vu
— Patricia (@PatriciaSwitch) May 26, 2023
However, despite the statement which sought to assuage users of the platform, Patricia said it had stopped processing withdrawals.
“In light of this, we are undergoing internal restructuring and temporarily suspending withdrawals on our app (mobile and web). We understand how this has affected our customers and are truly appreciative of your patience through this inconvenience. We assure you we are working to strengthen our security measures,” Patricia said in a statement.
According to the update, Patricia’s security team and local law enforcement have since identified an individual who is thought to be a part of a group of hackers behind the breach. The crypto platform also said it will “pursue this lead” and collaborate with security agencies until it recovers the missing assets.
Register your email here to get a weekly update on African news sent to your inbox:
What are your thoughts on this story? Let us know what you think in the comments section below.
Hackers Are Now Using Compromised Cloud Accounts To Mine Crypto
Attackers are exploiting poorly configured cloud accounts to mine crypto, Google warned users in a recent report.
Cryptocurrency mining is a computationally intensive activity. And Google Cloud customers can access it at a cost. However, miners are now hacking Google Cloud accounts for mining purposes.
In the report titled “Threat Horizons,” Google’s cybersecurity team assessed various threats to Cloud users, providing details of the breaches.
Related Reading | Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record
The report also provided cybersecurity threat intelligence to cloud users. The aim is to enable them “better configure their environments and defenses in manners most specific to their needs.”
Crypto Miners Hacking Google Accounts
In the report, the cybersecurity team analyzed 50 recently compromised Google Cloud accounts. And out of those, 86% were related to crypto mining. “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” Google wrote.
Related Reading | Ethereum Miner Revenue Outpaces Bitcoin In 2021
The report also stated that in the majority of these incidents, the hackers downloaded crypto mining software to the compromised accounts within 22 seconds. The attacks were scripted, and it would have been impossible to manually stop them. Additionally, in 10% of these incidents, the hackers scanned other publicly available resources on the Internet to identify vulnerable systems. While in 8% of the instances, they attacked other targets.
However, as reported by the cybersecurity team, the crypto mining hacks were not the only attacks.
“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, Google Cloud Director of the office of the Chief Information Security Officer, and Seth Rosenblatt, Google Cloud Security Editor, in a blog post.
Other Threats To Google Cloud Users
Another threat the team identified was a phishing attack by the Russian group called APT28, or Fancy Bear. The attackers targeted 12,000 Gmail accounts in a mass phishing attempt. They attempted to trick users into handing over their login details. Google, however, said it had blocked all the phishing emails, and no user was compromised.
The report also pointed out an attack by a North Korean government-backed group. This hacker group posed as Samsung recruiters, sending fake job opportunities to employees at South Korean information security companies. They attached a malicious link to malware stored in Google Drive. Google said it also blocked it.
Another threat to cloud users is ransomware attacks, whereby hackers encrypt users’ data until they pay. In the report, Google mentions the formidable Black Matter ransomware group. And although the group announced that it was shutting down earlier this month, Google is still cautious. “Google has received reports that the Black Matter ransomware group has announced it will shut down operations given outside pressure. Until this is confirmed, Black Matter still poses a risk.”
Total crypto market at .4 Trillion | Source: Crypto Total Market Cap from TradingView.com
Google attributes some of these attacks to users’ poor security practices. And also vulnerabilities in third-party software that the users install.
The report also recommends a few ways to prevent these attacks. One of which is enabling two-factor authentication.
Featured image by Dreamstime, Chart from TradingView.com
NewsBTC
Infographic An Overview of Compromised Bitcoin Exchange Events
n nn nn The purpose of this infographic is to visualize the size of large cryptocurrency hacks that have occurred in the past as if they all happened today. The hacks included in this infographic extend beyond exchanges, as there were other large entities that experienced cryptocurrency hacks, such as marketplaces like Silk Road 2.0. All hacks in this infographic are displayed as if the price of bitcoin was the same when they occurred, in order to visualize their
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7
MEGA Chrome Extension Compromised to Steal Users Monero
n The MEGA extension for Chrome has been hacked and now can steal Monero from users computers, along with other sensitive datan
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7