GateHub Users Lose $9.7m to Hackers

By: Phil Muncaster

Two cryptocurrency firms have come under attack over recent days with users of one, GateHub, suffering losses estimated at nearly $9.7m.

The cryptocurrency wallet service provider sounded the alarm in a statement on Thursday, claiming an investigation had been started after around 100 XRP Ledger wallets were compromised. The firm urged users to transfer their funds from these to a hosted wallet.

An XRP security community revealed in a separate post that, as of Wednesday, 23.2m XRP (Ripple) coins had been stolen, of which 13.1m had already been laundered.

However, the cause of the attack remains a mystery.

“API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing. We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys,” said GateHub.

“That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys. All access tokens were disabled on June 1 after which the suspicious API calls were stopped.”

More:  https://www.infosecurity-magazine.com/news/gatehub-users-lose-97m-to-hackers-1/

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

By: Mohit Kumar

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

Fortunately, the Binance cold storage—the offline wallets where the majority of funds are kept—remain secure. Also, Internet-connected individual user wallets were not directly affected.

More:  https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html?m=1

The Joyous Union of Bitcoin and Mobile Phones

By: Soha Ali

Cryptocurrency and smartphones are married to each other whether we like it or not. One is the first successfully implemented form of digital hard money and the other is a mini-supercomputer in your pocket. It makes sense why two futuristic technologies would eventually join hands.

The seamless integration of crypto into smartphones is exactly what the SIKURPhone (read: Secure Phone) is all about. Although we have told you about crypto-supported smartphones before, none of them have been as innovative as the SIKURPhone (neither have they been so badly named.)

This device is a successor to the 2016 GranitePhone – the supposed world’s most secure smartphone. But this time, there’s a crypto twist in the mix.

The company embraced the blockchain trends and added advanced crypto functionality into the device by integrating a cold storage wallet. So you can keep all your cryptocurrency on the phone and carry it with you wherever you want. With this you can track your current balance, store currencies on SIKUR’s cloud, check the pricing for different cryptocurrencies, or read the crypto-related news in a special newsfeed space.

Now, I know what you’re thinking. Why would anyone want to store sensitive financial data on a smartphone, a device that’s usually so prone to being hacked or misplaced? Well, that brings us to the extensive security that the SIKURPhone has in it:

The Unhackable Phone

The company gave their devices to HackerOne, a company that is famous for testing vulnerabilities in software, to see if they could expose any problems and hack the device. Long story short, they tried for 2 months and failed. That should tell you just how secure your crypto-monies are going to be!

Other than that, the device has advanced remote wipe features so in the event that you lose your SIKURPhone or it gets stolen, you can completely remove any traces of your information from it, thus protecting your cryptocurrency.

More: https://blockpublisher.com/the-joyous-union-of-bitcoin-and-mobile-phones/

Alleged SIM Swap Fraudster Stole $1m from Exec

By: Phil Muncaster

A Manhattan man is alleged to have stolen $1m in cryptocurrency from a Silicon Valley executive in a classic SIM swapping attack.

Nicholas Truglia, 21, allegedly targeted several victims including Saswata Basu, CEO of blockchain service 0Chain Myles Danielsen, vice-president of Hall Capital Partners and Gabrielle Katsnelson, co-founder of startup SMBX.

He was apparently able to hijack all of their mobile phone accounts, convincing carrier staff to transfer their numbers to new SIMs, but didn’t managed to grab any funds as a result.

However, a fourth victim wasn’t so lucky. San Francisco father-of-two, Robert Ross, also had his account hijacked and this time Truglia was allegedly able to use it to access $500,000 in a Coinbase account and $500,000 in a Gemini account.

Typically, this is possible because SIM swap attackers are able to intercept the two-factor authentication codes sent via text message to ‘enhance’ account security.

Truglia was arrested at his West 42nd Street high-rise apartment where police were able to recover $300,000 in stolen funds. He now faces 21 counts related to six victims, according to reports.

The case highlights the growing pressure on mobile operator staff to ensure they carry out the appropriate identity checks on the phone or in store, when individuals request numbers to be ported to new SIMs.

However, sometimes the scammers may get help from individuals working on the inside.

More: https://www.infosecurity-magazine.com/news/alleged-sim-swap-fraudster-stole/

SIKURPhone – Beyond a Cryptocurrency Wallet and Ready for Financial Transactions

By: sikur

Whilst Sikurs competitors are promising to release secure blockchain devices, Sikur is already delivering a full and innovative operating system experience. SikurOS is powering devices that can deliver much more than secure cryptocurrency wallets and other gadgets to protect assets.

2018 has been an incredible year for us – from the rush of launching SIKURPhone at Mobile World Congress, in Barcelona, to porting SikurOS to different hardware. It has been an exciting journey and we still have more to come, said Alexandre Vasconcelos, Sikurs COO.

SikurOS is a very innovative model, although its concepts are widely available. An operating system that is capable of effectively protecting user data is an approach that has taken SIKURPhone to the next level. Combining safety with convenience is a challenge that Sikurs research and development team face every day.

According to Group-IB, more than $882 million in cryptocurrency assets was lost to fraud and hacks in 2017 and 2018, mostly in the Asian market, including the over $500 million hack of Japanese Cryptocurrency Exchange Coincheck. Protecting cryptocurrency coins for the regular investor with simplicity and usability is already possible with SIKURPhone.

After passing rigorous tests by HackerOne with a bug bounty program, securing cryptocurrency is a challenge that SIKURPhone has already overcome. Sikur is now daring to take it a step further with the Trading Station concept.

More: https://www.globalbankingandfinance.com/sikurphone-beyond-a-cryptocurrency-wallet-and-ready-for-financial-transactions/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Sikur lança solução que traz camada adicional para aplicações críticas

By: TI Inside Online

Embora os concorrentes da Sikur estejam prometendo lançar dispositivos blockchain seguros, a Sikur já está oferecendo um sistema operacional completo para uso de carteiras de criptomoedas seguras e outros gadgets para proteger ativos.

“2018 tem sido um ano incrível para nós – desde a corrida de lançamento do SIKURPhone no Mobile World Congress, em Barcelona, ??até a portabilidade do SikurOS para diferentes hardwares. Foi uma jornada emocionante e ainda temos mais por vir”, disse Alexandre Vasconcelos, COO da Sikur.

“O SikurOS é um modelo muito inovador, embora seus conceitos estejam amplamente disponíveis. Um sistema operacional capaz de proteger efetivamente os dados do usuário é uma abordagem que levou o SIKURPhone a combinar segurança com conveniência, um desafio que a equipe de pesquisa e desenvolvimento da Sikur enfrenta todos os dias”, completa.

De acordo com o Group-IB, mais de US$ 882 milhões em ativos de criptomoeda foram perdidos para fraudes e hackers em 2017 e 2018, principalmente no mercado asiático, incluindo os mais de US$ 500 milhões do Japanese Cryptocurrency Exchange Coincheck. Proteger moedas de criptomoedas para o investidor regular com simplicidade e usabilidade é o que promete o SIKURPhone.

Depois de passar por testes rigorosos da HackerOne com um programa de recompensas de bugs, garantir a criptomoeda é um desafio que a SIKURPhone já superou. Sikur está agora se atrevendo a dar um passo adiante com o conceito de Trading Station.

“O mercado financeiro é dinâmico e está em constante mudança. Os números de fraude e perda continuam aumentando à medida que a variedade de métodos de transação digital cresce. As soluções existentes não fornecem flexibilidade, usabilidade e segurança suficientes para o usuário moderno. A Sikur’s Trading Station usa a força do SikurOS e fornece camadas extras de segurança para aplicativos financeiros que exigem proteção máxima. Também introduz liberdade e flexibilidade para realizar operações de qualquer lugar, sem a necessidade de estar em escritórios ou redes altamente protegidas. As ações de trading, mobile banking e mPOS (Mobile Point of Sale) são alguns exemplos do mundo real onde a SIKURPhone pode fazer uma grande diferença para a indústria”, disse Fabio Fischer, vice-presidente executivo da Sikur.

Proteger dados localmente e na nuvem é uma alta prioridade para empresas e governos. Portanto, ter aplicativos conhecidos nesses dispositivos está se tornando obrigatório, pois a segurança preocupa mais pessoas a cada ano.

“Na Sikur, a inovação faz parte do nosso DNA. Estamos sempre procurando criar. Essa energia dá a todos mais poder e determinação para progredir. O conceito de Trading Station vem dessa maneira de pensar”, diz Alexandre Stumpf, CTO da Sikur.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/31/10/2018/sikur

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

By: Pierluigi Paganini

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

More: https://securityaffairs.co/wordpress/77213/hacking/cyber-attacks-crypto-exchanges.html

Sikur turned a Sony smartphone into a cryptocurrency vault

By: Stan Schroeder

If you need to carry a substantial amount of cryptocurrency on you at all times, but you just don’t trust the average smartphone, a company called Sikur might have a solution.

On Wednesday, Sikur launched the SIKURPhone, a customized variant of a Sony smartphone, its Android enhanced with the secure, crypto-oriented SikurOS software.

SikurOS comes with a cryptocurrency wallet and numerous security-oriented features, such as the ability to remotely wipe the device, and Sikur’s own Secure App Store (launching later this year) which should host only vetted and thoroughly checked apps. A security-oriented chat app and browser are also on board.

The phone comes in two flavors: One is based on Sony’s XZ1, a 5.2-inch smartphone with a Snapdragon 835 chip, 4GB of RAM, 64GB of storage, a 2,700mAh battery and a 19-megapixel camera on the back paired with a 13-megapixel selfie camera.

The other is based on Sony’s mid-range XA2, which has a Snapdragon 630 chip, 3GB of RAM, 32GB of storage, a 23-megapixel rear camera, and 8-megapixel selfie camera, and a 3,300mAh battery.

Neither of these devices are particularly new — Sony launched two more XZ-series flagships after the XZ1 — but their specs are still good enough to hold their own against most modern phones.

If you’ve followed Sikur over the past couple of years, this launch is probably quite confusing. The company’s original SIKURPhone, launched in February 2018, had both its hardware and software built by Sikur. Now, the company appears to have pivoted to building only software which it will deploy on phones made by other manufacturers.

More: https://www.yahoo.com/news/sikur-turned-sony-smartphone-cryptocurrency-080440484.html

Sikur Launches Sony-Based Secure Android Smartphones, SikurPhone XZ1 & XA2

By: Alexander Maxham

 

In short: Sikur has announced that its SikurOS is now compatible with all Android smartphones, and it is also launching two highly secure smartphones that are based off of Sony’s more popular devices – the Xperia XZ1 and XA2. In fact these smartphones, even share those names as well. With the SikurPhone XZ1 and SikurPhone XA2. The hardware is the same as when Sony debuted these smartphones back in 2017, the only difference is the fact that it runs on Sikur’s highly secure Android software. Both of these devices have “several layers” of security, and it also has a pretty locked down app store. You cannot install third-party apps using the Unknown Sources feature that you would find on other smartphones. There are very few apps that are compatible with Sikur’s software. Sikur also has a cryptocurrency wallet, so if you are the type that owns some cryptocurrency, the SikurPhone is going to keep it nice and safe and away from hackers.

Why crypto investors might want to think twice about giving out their phone numbers

By: Kate Rooney

It’s a familiar scenario.

You forget a password to a website or log in from a new computer, and get locked out of your account. The website or your bank sends a text to confirm it’s you. Most of the time it is.

But the person receiving that text could be a hacker. Criminals are using a method known as “SIM swapping” to take over phone number accounts by duping wireless carriers, and in some cases stealing millions of dollars worth of cryptocurrency.

“In online banking, if someone gets into your account there’s ways to get the money back,” said Kyle Samani, managing partner at crypto hedge fund Multicoin Capital. “In crypto, if hackers get access to your your private keys, they own your money and you’re screwed.”

This week, a California man sued AT&T for $224 million after hackers used his number to steal $24 million worth of cryptocurrency stored on an online exchange. The plaintiff Michael Terpin accused AT&T of negligence, and likened it to “a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”

Terpin is hardly the only one to suffer a hack. The total in cryptocurrency lost by individuals hit $1.6 billion at the end of June, according to CoinDesk’s 2018 State of Blockchain Report.

In order to stop the trend, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers.

Swapping digits

Wireless store employees can assign your phone number to any device, with the right authorization. To confirm, they ask for pieces of private information like a birthday or a social security number. But those can be easily accessed for a price.

“Data is being bought, sold and traded on the dark web,” said Aaron Higbee, chief technology officer and co-founder of anti-phishing company Cofense. “If your phone number is of a sufficient age, you’re on a database somewhere.”

While one piece of data like a birthday might not be valuable on its own, combined with your phone number or address it can be used to answer those security questions from a wireless store employee.

After a criminal hacks into the person’s email or cryptocurrency account from their own devices, what’s known as “two-factor identification” will send a text code to the phone number as a form of security, and to prevent any sort of unauthorized log in. But because the hacker now controls that phone number, there’s no way of the rightful owner regaining control or stopping the hack.

This happened to a New York-based venture capitalist who invests in early stage tech companies. He asked not to be named for this story because he did not want to be targeted again, and feared he might egg on the hackers.

He was in his office on Monday when he was suddenly logged out of both his personal and business email accounts. When he turned on his AT&T phone, the device had no signal. Because of his experience in cryptocurrency and the tech world, he recognized it as a SIM swap attack. He immediately called his wireless carrier through Skype, and quickly went to the store to regain access to his cell phone but “not quickly enough.”

“This was the perfect storm,” he said. “If I was on vacation or didn’t know what to do immediately, they would have taken everything in my bank account.”

He was able to regain control of his email but not his Coinbase account. Hackers had already moved the cryptocurrency he held to another account, and had attempted to wire money from his CitiBank account, which was refunded by the bank, he said.

The total amount stolen was roughly $5,000 — which he says is no where near the total of his crypto holdings because the rest was stored offline.

More: https://www-cnbc-com.cdn.ampproject.org