‘How I lost £25,000 when my cryptocurrency was stolen’

By: Monty Munford

It’s bad enough realising that somebody’s nicked £25,000 of your hard-earned cash. It’s even worse when you realise there’s little chance of getting it back.

This is the story of how I got my fingers burned in the murky of world of cryptocurrency investment.

Be warned.

After a decade as a tech journalist, I liked to describe myself as a “lunchtime-adopter”, somebody who acted faster than many, but would never be as smart as the early adopters.

So it was with cryptocurrencies. I had heard about Bitcoin, but it was one of those technologies where I nodded my head sagely whenever I was in the same room with those talking about it.

As for investing or speculating, I had absolutely no intention of doing so.

But as the Bitcoin price made its merry way to a peak of nearly $20,000 (£16,500) at the end of 2017 – a rise of more than 100,000% in seven years – my curiosity got the better of me.

So in the middle of 2017, I made some investments, figuring that it was a long-term plan and might even become a nest egg for a pension.

But doing so was utterly terrifying.

Even after a lot of tutorials from very patient friends, I pulled out three times from completing my initial transaction. One wrong press of the key and I thought I’d lose my money.

How prophetic that turned out to be.

There seemed to be two options: to store my crypto on an exchange, or in an encrypted digital storage wallet.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/business-49177705

Japanese Exchange Bitpoint Hit By $32m Cyber-Attack

By: Phil Muncaster

Japan-based cryptocurrency exchange Bitpoint has become the latest to lose tens of millions of dollars in a cyber-attack.

The firm said it was forced on Friday to stop all services — including withdrawals, deposits, payments, and new account openings — while it investigated the incident. It has also notified the relevant authorities in Japan.

Hackers managed to steal funds not only from the firm’s hot wallets, but also its offline cold wallets. After first detecting an error in Ripple remittances, Bitpoint said it realized it had been the victim of a cyber-attack. It then took another three hours before the firm realized the attack also compromised funds stored in Bitcoin, Bitcoin Cash, Litecoin, and Ethereal.

A total of around 3.5 billion yen ($32 million) had been stolen, most ($23m) of which were customer-owned funds. The remainder belonged to Bitpoint, but it’s not clear at this stage whether the firm is planning to reimburse its customers.

The firm is the latest in a long line of cryptocurrency exchanges to come under the scrutiny of cyber-criminals. Last year, two Japanese exchanges were hit: Zaif lost 6.7bn yen ($60m) after hackers stole it from a hot wallet, while Coincheck lost 500m NEM tokens worth $530m at the time.

Just last month, Singaporean cryptocurrency exchange Bitrue was estimated to have lost around $4.5m in funds after hackers breached a hot wallet and moved the funds to other exchanges. A month previous, hackers stole in the region of $41m from Binance in a single hot wallet transaction.

More: https://www.infosecurity-magazine.com/news/japanese-exchange-bitpoint/

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

By: Mohit Kumar

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

Fortunately, the Binance cold storage—the offline wallets where the majority of funds are kept—remain secure. Also, Internet-connected individual user wallets were not directly affected.

More:  https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html?m=1

Japanese Crypto Exchange Hit by $60m Heist

By: Phil Muncaster

Yet another Japanese cryptocurrency exchange has been targeted by hackers: this time Zaifsuffered losses worth 6.7bn yen ($60m) earlier this month.

Virtual currencies including Bitcoin, Monacoin and Bitcoin Cash were stolen from the exchange’s hot wallet, with 4.5bn yen’s worth ($40m) belonging to Zaif customers.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

More: https://www.infosecurity-magazine.com/news/japanese-crypto-exchange-hit-by/

Hackers disseminam vírus de macOS em grupos de bate-papo do Slack e Discord sobre criptomoedas

By: Altieres Rohr

Especialistas em segurança da DutchSec e da Malwarebytes analisaram um código malicioso distribuído em canais de bate-papo que abordam assuntos relacionados a criptomoedas como o Bitcoin e que, portanto, atinge usuários com interesse nesse assunto. A praga digital foi programada para computadores macOS da Apple (tais como o MacBook, o iMac e o Mac mini) e dá o controle total do computador infectado ao hacker.

Para convencer as vítimas a instalarem o vírus, os criminosos se disfarçam de moderadores ou membros da equipe dos canais e sugerem o uso de um comando especial que, segundo eles, resolveria problemas técnicos que as pessoas estariam enfrentando. O comando, porém, é responsável por baixar o programa malicioso e executá-lo com permissão total (“root”).

Os especialistas batizaram o vírus de OSX.Dummy (uma palavra em inglês que pode ser traduzida como “bobo”, “leigo” ou “burrinho”) pela falta de sofisticação do código malicioso e do ataque. No entanto, o ataque chama atenção por atingir usuários de computadores da Apple, que raramente são atingidos por pragas digitais.

Uma vez instalado no computador, o vírus cede o controle total do sistema aos responsáveis pelo vírus. A praga também rouba a senha de “root” da vítima.

Cryptocurrencies lose $42b after South Korean bourse hack

By: Eric Lam Jiyeun Lee and Jordan Robertson

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

 Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

 “This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The slump may have been exacerbated by low market liquidity during the weekend, Innes added.

“The markets are so thinly traded, primarily by retail accounts, that these guys can get really scared out of positions,” he said. “It actually doesn’t take a lot of money to move the market significantly.”

More: https://www.bloomberg.com/news/articles/2018-06-10/bitcoin-tumbles-most-in-two-weeks-amid-south-korea-exchange-hack

Effects of Cyber-Attack Still Unfold for Atlanta

By: Kacy Zurkus

Even though it’s been more than two months and $2.7 million since a major ransomware attack nearly crippled the city of Atlanta, the aftershock continues to impact municipal employees across several departments.

At a 6 June Department of Atlanta Information Management (AIM) meeting, a city official requested an additional $9.5 million to try and correct the affected systems. Infosecurity Magazine attempted to contact AIM but has not received a response.

The city continues to work with private and government partners to understand the full scope of the attack’s impact, but Atlanta’s interim chief information office, Daphne Rackey, reportedly said that the number of impacted applications is more than 30% of the 424 mission critical programs. That number “seems to grow every day,” Rackey reportedly told the Atlanta city council.

The attack, which came with the demand for $51,000 worth of Bitcoin that the city said it did not pay, encrypted city files, leaving customers unable to access city applications. Information on current city operations is available to residents, but whether any lost data has been restored is unclear because the city’s website has not updated information on the attack since 30 March.

Several different agencies are said to have told the city council on 6 June that their workplace has yet to return to normal. “This has been painful on many fronts,” Atlanta police chief Erika Shields told WSB-TV in a live interview on 1 June. Referring to the police dashcam data that was lost in the attack, Shields said, “That is lost and will not be recovered. That could compromise potentially a DUI case.”

It’s unclear what has been most painful for the department, however, because Shields also said that she is not overly concerned. “It’s a tool, a useful tool, but the dashcam doesn’t make cases for us.”

More: https://www.infosecurity-magazine.com/news/effects-of-cyber-attack-still/

Cryptocurrency Attacks Are Rising

By: Olga Kharif

One of the most-feared quirks of cryptocurrencies is becoming more of a headache.

 Over the past few weeks, rogue operators of some of the computer networks that perform the complex calculations that verify transactions for various coins are attacking their own networks again. This time it’s Bitcoin Gold, an offshoot of the most widely known form of digital money, with a $717 million market capitalization.

Such 51 percent attacks, in which so-called miners gain control of the majority of the network’s computing power to falsify transactions, are generating ill-gotten gains that risk collapsing the value of the coins. Under attack for more than a week, Bitcoin Gold is down about 25 percent since May 18.

 Similar attacks have targeted Verge, Monacoin and Electroneum, according to Autonomous Research LLC. To gain power over a coin with a market cap of $500 million, an attacker may need to spend as little as $778 an hour, according to Autonomous.

After all, many of these smaller coins — and there are now more than 1,600 of just the major ones — have ballooned in value, becoming valuable targets for criminals. Some bad actors also may want to torpedo one coin to boost the value of another, Spencer Bogart, partner at Blockchain Capital LLC, said in an email.

Healthcare Prone to Attack, Still Unprepared

By: Kacy Zurkus

The one-year anniversary of WannaCry, the ransomware that disrupted businesses across the globe, is upon us. Since the ransomware attack that impacted an estimated 200,000 computers, new research suggests that organizations across the UK are still struggling to deal with ransomware, none more than those in the healthcare industry.

Over 400 IT decision makers at UK businesses partook in a recently released report from Webroot, which found that a large majority of the respondents (88%) feel better equipped to deal with a ransomware attack. Healthcare organizations are more prone to attacks than other industries, yet 98% of respondents in the healthcare sector said they are better equipped to deal with an attack now than they were one year ago.

That number could indicate a false sense of security, given that 45% of respondents had suffered a ransomware attack. Of those, nearly a quarter (23%) actually paying the ransom. More than half of the healthcare companies polled (52%) admitting to having suffered an attack.

“Organizations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high-profile target, with valuable data at stake, and take special care to ensure that defenses are in place,” said David Kennerley, director of threat research, Webroot.

In the healthcare sector, multiple attacks hit over one in four (26%) organizations. Of the 400 survey participants, 56% of respondents would consider paying the ransom. That number is smaller for organizations in the healthcare sector, with only 34% saying they would consider paying. Interestingly, only 5% of all those surveyed have stocked Bitcoin should they need to pay a ransom. However, 8% of organizations in the healthcare sector have acquired cryptocurrency.

More: https://www.infosecurity-magazine.com/news/healthcare-prone-to-attack-still/