Japanese Crypto Exchange Hit by $60m Heist

By: Phil Muncaster

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaifsuffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

More: https://www.infosecurity-magazine.com/news/japanese-crypto-exchange-hit-by/

Hackers disseminam vírus de macOS em grupos de bate-papo do Slack e Discord sobre criptomoedas

By: Altieres Rohr

Especialistas em segurança da DutchSec e da Malwarebytes analisaram um código malicioso distribuído em canais de bate-papo que abordam assuntos relacionados a criptomoedas como o Bitcoin e que, portanto, atinge usuários com interesse nesse assunto. A praga digital foi programada para computadores macOS da Apple (tais como o MacBook, o iMac e o Mac mini) e dá o controle total do computador infectado ao hacker.

Para convencer as vítimas a instalarem o vírus, os criminosos se disfarçam de moderadores ou membros da equipe dos canais e sugerem o uso de um comando especial que, segundo eles, resolveria problemas técnicos que as pessoas estariam enfrentando. O comando, porém, é responsável por baixar o programa malicioso e executá-lo com permissão total (“root”).

Os especialistas batizaram o vírus de OSX.Dummy (uma palavra em inglês que pode ser traduzida como “bobo”, “leigo” ou “burrinho”) pela falta de sofisticação do código malicioso e do ataque. No entanto, o ataque chama atenção por atingir usuários de computadores da Apple, que raramente são atingidos por pragas digitais.

Uma vez instalado no computador, o vírus cede o controle total do sistema aos responsáveis pelo vírus. A praga também rouba a senha de “root” da vítima.

Cryptocurrencies lose $42b after South Korean bourse hack

By: Eric Lam Jiyeun Lee and Jordan Robertson

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

 Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The slump may have been exacerbated by low market liquidity during the weekend, Innes added.

“The markets are so thinly traded, primarily by retail accounts, that these guys can get really scared out of positions,” he said. “It actually doesn’t take a lot of money to move the market significantly.”

More: https://www.bloomberg.com/news/articles/2018-06-10/bitcoin-tumbles-most-in-two-weeks-amid-south-korea-exchange-hack

Effects of Cyber-Attack Still Unfold for Atlanta

By: Kacy Zurkus

Even though it’s been more than two months and $2.7 million since a major ransomware attack nearly crippled the city of Atlanta, the aftershock continues to impact municipal employees across several departments.

At a 6 June Department of Atlanta Information Management (AIM) meeting, a city official requested an additional $9.5 million to try and correct the affected systems. Infosecurity Magazine attempted to contact AIM but has not received a response.

The city continues to work with private and government partners to understand the full scope of the attack’s impact, but Atlanta’s interim chief information office, Daphne Rackey, reportedly said that the number of impacted applications is more than 30% of the 424 mission critical programs. That number “seems to grow every day,” Rackey reportedly told the Atlanta city council.

The attack, which came with the demand for $51,000 worth of Bitcoin that the city said it did not pay, encrypted city files, leaving customers unable to access city applications. Information on current city operations is available to residents, but whether any lost data has been restored is unclear because the city’s website has not updated information on the attack since 30 March.

Several different agencies are said to have told the city council on 6 June that their workplace has yet to return to normal. “This has been painful on many fronts,” Atlanta police chief Erika Shields told WSB-TV in a live interview on 1 June. Referring to the police dashcam data that was lost in the attack, Shields said, “That is lost and will not be recovered. That could compromise potentially a DUI case.”

It’s unclear what has been most painful for the department, however, because Shields also said that she is not overly concerned. “It’s a tool, a useful tool, but the dashcam doesn’t make cases for us.”

More: https://www.infosecurity-magazine.com/news/effects-of-cyber-attack-still/

Cryptocurrency Attacks Are Rising

By: Olga Kharif

One of the most-feared quirks of cryptocurrencies is becoming more of a headache.

 Over the past few weeks, rogue operators of some of the computer networks that perform the complex calculations that verify transactions for various coins are attacking their own networks again. This time it’s Bitcoin Gold, an offshoot of the most widely known form of digital money, with a $717 million market capitalization.

Such 51 percent attacks, in which so-called miners gain control of the majority of the network’s computing power to falsify transactions, are generating ill-gotten gains that risk collapsing the value of the coins. Under attack for more than a week, Bitcoin Gold is down about 25 percent since May 18.

 Similar attacks have targeted Verge, Monacoin and Electroneum, according to Autonomous Research LLC. To gain power over a coin with a market cap of $500 million, an attacker may need to spend as little as $778 an hour, according to Autonomous.

After all, many of these smaller coins — and there are now more than 1,600 of just the major ones — have ballooned in value, becoming valuable targets for criminals. Some bad actors also may want to torpedo one coin to boost the value of another, Spencer Bogart, partner at Blockchain Capital LLC, said in an email.

Healthcare Prone to Attack, Still Unprepared

By: Kacy Zurkus

The one-year anniversary of WannaCry, the ransomware that disrupted businesses across the globe, is upon us. Since the ransomware attack that impacted an estimated 200,000 computers, new research suggests that organizations across the UK are still struggling to deal with ransomware, none more than those in the healthcare industry.

Over 400 IT decision makers at UK businesses partook in a recently released report from Webroot, which found that a large majority of the respondents (88%) feel better equipped to deal with a ransomware attack. Healthcare organizations are more prone to attacks than other industries, yet 98% of respondents in the healthcare sector said they are better equipped to deal with an attack now than they were one year ago.

That number could indicate a false sense of security, given that 45% of respondents had suffered a ransomware attack. Of those, nearly a quarter (23%) actually paying the ransom. More than half of the healthcare companies polled (52%) admitting to having suffered an attack.

“Organizations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high-profile target, with valuable data at stake, and take special care to ensure that defenses are in place,” said David Kennerley, director of threat research, Webroot.

In the healthcare sector, multiple attacks hit over one in four (26%) organizations. Of the 400 survey participants, 56% of respondents would consider paying the ransom. That number is smaller for organizations in the healthcare sector, with only 34% saying they would consider paying. Interestingly, only 5% of all those surveyed have stocked Bitcoin should they need to pay a ransom. However, 8% of organizations in the healthcare sector have acquired cryptocurrency.

More: https://www.infosecurity-magazine.com/news/healthcare-prone-to-attack-still/

The Three Layers Of Cryptocurrency Security

By: Ivan Novikov

The cryptocurrency marathon started in 2009 from the initial release of Bitcoin — the first decentralized cryptocurrency. By definition, a decentralized system operates with no servers and each participant is allowed execute transactions. In the case of the blockchain, each participant also has to perform some system tasks like storing transactional data. A group of participants can even run an alternative version of reality called a fork. This fork would work by the same rules as the original decentralized system but would have a different state.

This diagram illustrates the hierarchical nature of cryptocurrency security:

Wallarm Inc.

Hierarchical nature of cryptocurrency security.

The bottom line is, if there is an issue at the first layer in a coin protocol, you will be compromised, regardless of how secure are your second and third layers are.

Let’s look into each of the layers separately.

The First Layer: Coins And Tokens

Your security in the world of cryptocurrencies is, first and foremost, based the security of the protocol. When you are choosing a cryptocurrency you are taking on all the risks related to the protocol. If somebody can identify and exploit protocol flaws, they will compromise the entire network, including you, and it will not matter which exchange or wallet you are using.

At this layer there are two different types of currencies:

 The coins themselves (Bitcoin, Bitcoin Cash/Gold, Ethereum, NEO, etc.)

MORE: https://www.forbes.com/sites/forbestechcouncil/2018/05/03/the-three-layers-of-cryptocurrency-security/2/#5ebdbfe92d89

Bitcoin in Brief Wednesday: Hacker Gets Trolled, Vertcoin Gets Hacked

By: Avi Mizrahi

With all the talk about buying lambos, and some people making serious money, it’s no surprise that the cryptocurrency world attracts hackers looking for rich targets. Today’s edition of Bitcoin in Brief showcases two typical cases and one atypical response.

Ransomware Hacker Trolled

Aaron Lammer, a cryptocurrency podcaster, got his website hijacked by a hacker demanding ransom. But instead of paying the requested 0.025 bitcoin or calling the police, he decided to have some fun with the criminal.

The hacker left a ‘contact us’ option, which is not as unusual as it might sound because often such schemers need to help victims with the process. The link directed Lammer to the facebook profile of one Barberousse Mohammed, and so he began trolling him. After Mohammed refused to accept a million pre-sale ICO tokens instead of bitcoin, Lammer tried to lure his hacker into the whole BTC vs. BCH debate by appearing to educate him about the advantages of bitcoin cash. See the entire amusing chat transcript here.

And don’t worry, eventually the website was restored by the hosting service. They said the hacker used a WordPress exploit on a different domain housed under the same user to gain control.

Vertcoin Twitter Hacked

Fake cryptocurrency giveaway scams continue to plague Twitter, with the latest example coming from Vertcoin. Usually the scammers create a new account that looks as close as possible to the real one and reply to all tweets with promises to send back large amounts to anyone that sends them ether. This time they actually took over the official Vertcoin account to promote the scam. Luckily, it appears that only three people actually fell for it and sent BTC to the address before the tweet was taken down.

More: https://news.bitcoin.com/bitcoin-in-brief-wednesday-hacker-gets-trolled-vertcoin-gets-hacked/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Financial Firms are Ready to Enter the Cryptocurrency Market Says New Survey From Thomson Reuters

By: Melanie Kramer

A Thomson Reuters survey claims that one in five financial institutions are considering cryptocurrency trading in 2018, with many planning to do so in the next few months.

The survey by the leading professional market news service was conducted with over 400 Thomson Reuters trading solutions clients, including users of the Eikon, REDI, and FX platforms.

20% of the participants indicated that they are considering trading cryptocurrencies over the next 3-12 months, with 70% of positive respondents planning to trade in cryptocurrencies in the coming 3-6 months.

Neill Penney, co-head of Trading for Thomson Reuters, commented on the recent change in sentiment:

“Cryptocurrency is still a relatively small part of the trading market, but this survey indicates this niche segment is starting to enter the mainstream of the financial services industry.  This is a major change from a year ago.”

Penney identified the immediate priority for clients as the need to seamlessly access news and data around cryptocurrencies in order to make informed trading decisions.

“As a leading provider of news, data, and trading capabilities Thomson Reuters is well-positioned to deliver solutions that address client demand in the growing cryptocurrency market,” said Penney.

Thomson Reuters’ Eikon desktop platform provides prices for Bitcoin and altcoins. Its MarketPsych indices now includes the first sentiment data feed for Bitcoin, in addition to other new capabilities. The 100-year-old business intends to introduce further functionality for the sector in response to customer needs.

The survey also found widespread familiarity among participants, which may indicate that cryptocurrency trading is a long way from being seen as the niche market it once was.

Kevin Murcko, CEO of cryptocurrency exchange CoinMetro commented directly on the results of the survey:

“Historically, the banking sector has been notoriously dismissive of the crypto movement. Cryptocurrency has variously been called a bubble, an asset for criminals, and worthless. But today’s survey demonstrates that while financial institutions are saying one thing, they’re doing quite another.”

More: https://coinjournal.net/financial-firms-are-ready-to-enter-the-cryptocurrency-market-says-new-survey-from-thomson-reuters/