The following 4 stories were submitted via IRC for SoyCow4463
Hackers hid malware in a fake trading app to steal your cryptocurrency
Security researchers have uncovered a knock-off cryptocurrency trading website designed to steal the funds of unwitting victims.
Cybercriminals have created a website that imitates the Cryptohopper cryptocurrency trading platform to distribute malware that could steal personal information, hijack your clipboard, and crypto-jack your system, Bleeping Computer reports. It appears to have helped hackers amass a trove of over $260,000 in various cryptocurrencies.
When users visit the imitation Cryptohopper website, their system will automatically download and execute a file simply called Setup.exe. While on the surface it might appear legitimate, it's actually a Trojan.
Baltimore didn't pay Bitcoin ransom so hackers leaked sensitive data on Twitter
Officials investigating the Bitcoin-fueled ransomware attack that hit Baltimore City last month believe the hackers have leaked government documents on Twitter.
A Twitter account claiming to be owned by the hackers appears to have been used to leak the sensitive documents, The Baltimore Sun reports. The now-suspended account posted a document detailing a woman's medical history last month, and claimed to have numerous other potentially sensitive documents. According to reports, the account has been taunting the city's mayor, Bernard C. "Jack" Young. No personal data has been stolen in the attack, according to a spokesperson from the mayor's office.
That said, the hackers' Twitter account allegedly messaged a Baltimore Sun reporter claiming to have financial documents and citizens' personal information. The supposed hacker threatened to leak the documents to the dark web.
Bitfinex denies role in spooky transfer of $1.37 million in stolen Bitcoin
Bitcoin BTC stolen from Bitfinex in 2016 is on the move. Earlier today, a combined 172.54 BTC ($1.37 million) was mysteriously sent from the hacker's wallets to an unknown address. Bitfinex' marketing director Anneka Dew however told Hard Fork that today's movements had nothing to do with the company at all. The set of five transfers began at approximately 07:00AM UTC, June 7, and was shared by Twitter-based transaction monitor @whale_alert.
Blockchain startup hacked itself to 'save' $13M of its users' cryptocurrency
A blockchain startup hacked its users' wallets to save $13 million in Bitcoin and other cryptocurrency from being stolen, ZDNet reports. Security researchers advised the Komodo Platform of a 'backdoor' in Agama, one of its older wallet apps, that would have allowed hackers to siphon any and all digital assets held inside. Before that could happen, devs made use of the the flaw themselvesto extract at-risk cryptocurrency to wallets under their control.
In total, Komodo's team says it 'saved' 96 BTC ($742K) and 8 million Komodo ($11.92M) from potential theft. The controlled funds can be viewed here and here.
Bad actors are said to have smuggled the backdoor into Agama by contributing useful code and updating it to include security vulnerabilities at a later date.
Original Submission #1 Original Submission #2 Original Submission #3 Original Submission #4
(Score: 3, Insightful) by ikanreed on Monday June 10 2019, @03:19PM (1 child)
Is that John McAfee is not going to sever and eat his own genitalia. Who can get invested in cryptocurrency after that kind of lie.
(Score: 2) by progo on Monday June 10 2019, @03:39PM
> This is because the 2020 U.S. presidential candidate still [38 days ago] stands by his prediction that bitcoin will reach $1,000,000 by the end of next year.
https://finance.yahoo.com/news/bitcoin-price-hit-1-million-124338517.html [yahoo.com]
(Score: 2) by takyon on Monday June 10 2019, @03:53PM (1 child)
More trustworthy than Baltimore govt.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by DannyB on Monday June 10 2019, @04:21PM
Hackers more trustworthy, yes. Because they do what they say.
But imagine a new advertising slogan to regain people's trust in Bitcoin:
Bitcoin -- More Trustworthy than the Baltimore Government !
What doesn't kill me makes me weaker for next time.
(Score: 1, Interesting) by Anonymous Coward on Monday June 10 2019, @04:05PM (4 children)
After the mining epoch finishes, if someone suddenly steals all the existing bitcoins, the game is all over, isn't it? He could not spend them either, because everyone would knew it is him... The end of bitcoin, as spectacular as it could be.
(Score: 2) by Snow on Monday June 10 2019, @04:37PM (3 children)
What?
If someone stole ALL the bitcoins, then ECDSA is broken and so is much of the Internet.
Plus mining rewards don't end for another 100 years or so.
(Score: 0) by Anonymous Coward on Monday June 10 2019, @05:19PM (2 children)
Get ready for Quantum Break!
(Score: 2) by kazzie on Monday June 10 2019, @05:35PM (1 child)
Is that like Spring Break, but shorter?
(Score: 1, Funny) by Anonymous Coward on Monday June 10 2019, @05:57PM
I thought Quantum Break was what happens when Quantum Leap cuts to commercials.
(Score: 2) by sshelton76 on Monday June 10 2019, @09:30PM (2 children)
Interesting articles and summary. Especially good timing. We just finished building our crypto-exchange platform and we discussed the possibility of exactly this kind of attack, and eventually decided to not use certain frameworks and techniques that would have made it easier for us to scale, but also would have made it easier to spoof.
Strange how the world works sometimes.
(Score: 0) by Anonymous Coward on Monday June 10 2019, @11:05PM (1 child)
It's like there are some 5 people who say they invented the telephone. :)
It's sad having superior technology isn't enough and often gets trumped by superior marketing etc bs.
(Score: 2) by sshelton76 on Tuesday June 11 2019, @11:46AM
Very true.
In our case when designing tqnext.com we were already examining the issues faced in a previous iteration of the software.
That software used a custodial system (the normal "you deposit here and trade, we hold the coins on your behalf"). Unfortunately a software flaw was found by users and exploited the point we had to shut it down and regroup.
In the redesign we considered using a system that would have allowed us to function as a sort of escrow agent in the transaction. We would deploy a multisig wallet for the customer and to complete a transaction would require a signature from both us AND the customer, or a single signature from either of us with a "cooling off" period. This way either the user or us could complete the transaction, but the user never actually deposits anything with us, funds would have gone to the multisig wallet, very much under their control. Doing so would have allowed the user to initiate the transaction and go offline assured that we would be there to complete the transaction. But in the end, we put the kibbutz in the idea once we realized that any access system can be exploited. Net result we can create payment addresses that are automatic for the end user, but they must remain online to complete the transaction. The customer maintains their wallet and their keys themselves and we serve solely as a matchmaker between buyer and seller.
This places strict limits on what we can do, but it also provides a much higher level of assurance that customer funds stay under customer control.
(Score: 2, Troll) by realDonaldTrump on Monday June 10 2019, @10:44PM (2 children)
But, you'll never hear the FULL story from Soylent News. Because Politically Biased Editors "don't think it makes sense" to put up the rest of the story. They censored that one. Because the Mayor of Baltimore is -- you guessed it -- a Dem. foxnews.com/tech/google-baltimores-ransomware-attack [foxnews.com] foxnews.com/us/baltimore-mayor-open-paying-hackers [foxnews.com]
(Score: 1, Flamebait) by janrinok on Tuesday June 11 2019, @05:20AM (1 child)
The editors gave you the link to the story - we're not here to read it out to you.
(Score: 2, Interesting) by realDonaldTrump on Wednesday June 12 2019, @06:40AM
WRONG. Amazingly wrong. I gave the Editors Subs for 2 Stories about the horrible Baltimore situation. And I gave them the same Links I gave here. But, Editor Fnord666 rejected both. Saying, "I don't think it makes sense to merge." While stories about the Baltimore "hack" from other folks get merged. And sail right through. Double standard!!!