Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday June 10 2019, @03:04PM   Printer-friendly
from the stuff-it-under-the-mattress dept.

The following 4 stories were submitted via IRC for SoyCow4463

Hackers hid malware in a fake trading app to steal your cryptocurrency

Security researchers have uncovered a knock-off cryptocurrency trading website designed to steal the funds of unwitting victims.

Cybercriminals have created a website that imitates the Cryptohopper cryptocurrency trading platform to distribute malware that could steal personal information, hijack your clipboard, and crypto-jack your system, Bleeping Computer reports. It appears to have helped hackers amass a trove of over $260,000 in various cryptocurrencies.

When users visit the imitation Cryptohopper website, their system will automatically download and execute a file simply called Setup.exe. While on the surface it might appear legitimate, it's actually a Trojan.

Baltimore didn't pay Bitcoin ransom so hackers leaked sensitive data on Twitter

Officials investigating the Bitcoin-fueled ransomware attack that hit Baltimore City last month believe the hackers have leaked government documents on Twitter.

A Twitter account claiming to be owned by the hackers appears to have been used to leak the sensitive documents, The Baltimore Sun reports. The now-suspended account posted a document detailing a woman's medical history last month, and claimed to have numerous other potentially sensitive documents. According to reports, the account has been taunting the city's mayor, Bernard C. "Jack" Young. No personal data has been stolen in the attack, according to a spokesperson from the mayor's office.

That said, the hackers' Twitter account allegedly messaged a Baltimore Sun reporter claiming to have financial documents and citizens' personal information. The supposed hacker threatened to leak the documents to the dark web.

Bitfinex denies role in spooky transfer of $1.37 million in stolen Bitcoin

Bitcoin BTC stolen from Bitfinex in 2016 is on the move. Earlier today, a combined 172.54 BTC ($1.37 million) was mysteriously sent from the hacker's wallets to an unknown address. Bitfinex' marketing director Anneka Dew however told Hard Fork that today's movements had nothing to do with the company at all. The set of five transfers began at approximately 07:00AM UTC, June 7, and was shared by Twitter-based transaction monitor @whale_alert.

Blockchain startup hacked itself to 'save' $13M of its users' cryptocurrency

A blockchain startup hacked its users' wallets to save $13 million in Bitcoin and other cryptocurrency from being stolen, ZDNet reports. Security researchers advised the Komodo Platform of a 'backdoor' in Agama, one of its older wallet apps, that would have allowed hackers to siphon any and all digital assets held inside. Before that could happen, devs made use of the the flaw themselvesto extract at-risk cryptocurrency to wallets under their control.

In total, Komodo's team says it 'saved' 96 BTC ($742K) and 8 million Komodo ($11.92M) from potential theft. The controlled funds can be viewed here and here.

Bad actors are said to have smuggled the backdoor into Agama by contributing useful code and updating it to include security vulnerabilities at a later date.


Original Submission #1Original Submission #2Original Submission #3Original Submission #4

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by sshelton76 on Monday June 10 2019, @09:30PM (2 children)

    by sshelton76 (7978) on Monday June 10 2019, @09:30PM (#853887)

    Interesting articles and summary. Especially good timing. We just finished building our crypto-exchange platform and we discussed the possibility of exactly this kind of attack, and eventually decided to not use certain frameworks and techniques that would have made it easier for us to scale, but also would have made it easier to spoof.
    Strange how the world works sometimes.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Monday June 10 2019, @11:05PM (1 child)

    by Anonymous Coward on Monday June 10 2019, @11:05PM (#853954)

    It's like there are some 5 people who say they invented the telephone. :)

    It's sad having superior technology isn't enough and often gets trumped by superior marketing etc bs.

    • (Score: 2) by sshelton76 on Tuesday June 11 2019, @11:46AM

      by sshelton76 (7978) on Tuesday June 11 2019, @11:46AM (#854145)

      Very true.
      In our case when designing tqnext.com we were already examining the issues faced in a previous iteration of the software.
      That software used a custodial system (the normal "you deposit here and trade, we hold the coins on your behalf"). Unfortunately a software flaw was found by users and exploited the point we had to shut it down and regroup.

      In the redesign we considered using a system that would have allowed us to function as a sort of escrow agent in the transaction. We would deploy a multisig wallet for the customer and to complete a transaction would require a signature from both us AND the customer, or a single signature from either of us with a "cooling off" period. This way either the user or us could complete the transaction, but the user never actually deposits anything with us, funds would have gone to the multisig wallet, very much under their control. Doing so would have allowed the user to initiate the transaction and go offline assured that we would be there to complete the transaction. But in the end, we put the kibbutz in the idea once we realized that any access system can be exploited. Net result we can create payment addresses that are automatic for the end user, but they must remain online to complete the transaction. The customer maintains their wallet and their keys themselves and we serve solely as a matchmaker between buyer and seller.

      This places strict limits on what we can do, but it also provides a much higher level of assurance that customer funds stay under customer control.