‘How I lost £25,000 when my cryptocurrency was stolen’

By: Monty Munford

It’s bad enough realising that somebody’s nicked £25,000 of your hard-earned cash. It’s even worse when you realise there’s little chance of getting it back.

This is the story of how I got my fingers burned in the murky of world of cryptocurrency investment.

Be warned.

After a decade as a tech journalist, I liked to describe myself as a “lunchtime-adopter”, somebody who acted faster than many, but would never be as smart as the early adopters.

So it was with cryptocurrencies. I had heard about Bitcoin, but it was one of those technologies where I nodded my head sagely whenever I was in the same room with those talking about it.

As for investing or speculating, I had absolutely no intention of doing so.

But as the Bitcoin price made its merry way to a peak of nearly $20,000 (£16,500) at the end of 2017 – a rise of more than 100,000% in seven years – my curiosity got the better of me.

So in the middle of 2017, I made some investments, figuring that it was a long-term plan and might even become a nest egg for a pension.

But doing so was utterly terrifying.

Even after a lot of tutorials from very patient friends, I pulled out three times from completing my initial transaction. One wrong press of the key and I thought I’d lose my money.

How prophetic that turned out to be.

There seemed to be two options: to store my crypto on an exchange, or in an encrypted digital storage wallet.

More: https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/amp/business-49177705

Japanese Exchange Bitpoint Hit By $32m Cyber-Attack

By: Phil Muncaster

Japan-based cryptocurrency exchange Bitpoint has become the latest to lose tens of millions of dollars in a cyber-attack.

The firm said it was forced on Friday to stop all services — including withdrawals, deposits, payments, and new account openings — while it investigated the incident. It has also notified the relevant authorities in Japan.

Hackers managed to steal funds not only from the firm’s hot wallets, but also its offline cold wallets. After first detecting an error in Ripple remittances, Bitpoint said it realized it had been the victim of a cyber-attack. It then took another three hours before the firm realized the attack also compromised funds stored in Bitcoin, Bitcoin Cash, Litecoin, and Ethereal.

A total of around 3.5 billion yen ($32 million) had been stolen, most ($23m) of which were customer-owned funds. The remainder belonged to Bitpoint, but it’s not clear at this stage whether the firm is planning to reimburse its customers.

The firm is the latest in a long line of cryptocurrency exchanges to come under the scrutiny of cyber-criminals. Last year, two Japanese exchanges were hit: Zaif lost 6.7bn yen ($60m) after hackers stole it from a hot wallet, while Coincheck lost 500m NEM tokens worth $530m at the time.

Just last month, Singaporean cryptocurrency exchange Bitrue was estimated to have lost around $4.5m in funds after hackers breached a hot wallet and moved the funds to other exchanges. A month previous, hackers stole in the region of $41m from Binance in a single hot wallet transaction.

More: https://www.infosecurity-magazine.com/news/japanese-exchange-bitpoint/

GateHub Users Lose $9.7m to Hackers

By: Phil Muncaster

Two cryptocurrency firms have come under attack over recent days with users of one, GateHub, suffering losses estimated at nearly $9.7m.

The cryptocurrency wallet service provider sounded the alarm in a statement on Thursday, claiming an investigation had been started after around 100 XRP Ledger wallets were compromised. The firm urged users to transfer their funds from these to a hosted wallet.

An XRP security community revealed in a separate post that, as of Wednesday, 23.2m XRP (Ripple) coins had been stolen, of which 13.1m had already been laundered.

However, the cause of the attack remains a mystery.

“API requests to the victim’s accounts were all authorized with a valid access token. There were no suspicious logins detected, nor there were any signs of brute forcing. We have however detected an increased amount of API calls (with valid access tokens) coming from a small number of IP addresses which might be how the perpetrator gained access to encrypted secret keys,” said GateHub.

“That, however, still doesn’t explain how the perpetrator was able to gain other required information needed to decrypt the secret keys. All access tokens were disabled on June 1 after which the suspicious API calls were stopped.”

More:  https://www.infosecurity-magazine.com/news/gatehub-users-lose-97m-to-hackers-1/

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

By: Mohit Kumar

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

Fortunately, the Binance cold storage—the offline wallets where the majority of funds are kept—remain secure. Also, Internet-connected individual user wallets were not directly affected.

More:  https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html?m=1

The Joyous Union of Bitcoin and Mobile Phones

By: Soha Ali

Cryptocurrency and smartphones are married to each other whether we like it or not. One is the first successfully implemented form of digital hard money and the other is a mini-supercomputer in your pocket. It makes sense why two futuristic technologies would eventually join hands.

The seamless integration of crypto into smartphones is exactly what the SIKURPhone (read: Secure Phone) is all about. Although we have told you about crypto-supported smartphones before, none of them have been as innovative as the SIKURPhone (neither have they been so badly named.)

This device is a successor to the 2016 GranitePhone – the supposed world’s most secure smartphone. But this time, there’s a crypto twist in the mix.

The company embraced the blockchain trends and added advanced crypto functionality into the device by integrating a cold storage wallet. So you can keep all your cryptocurrency on the phone and carry it with you wherever you want. With this you can track your current balance, store currencies on SIKUR’s cloud, check the pricing for different cryptocurrencies, or read the crypto-related news in a special newsfeed space.

Now, I know what you’re thinking. Why would anyone want to store sensitive financial data on a smartphone, a device that’s usually so prone to being hacked or misplaced? Well, that brings us to the extensive security that the SIKURPhone has in it:

The Unhackable Phone

The company gave their devices to HackerOne, a company that is famous for testing vulnerabilities in software, to see if they could expose any problems and hack the device. Long story short, they tried for 2 months and failed. That should tell you just how secure your crypto-monies are going to be!

Other than that, the device has advanced remote wipe features so in the event that you lose your SIKURPhone or it gets stolen, you can completely remove any traces of your information from it, thus protecting your cryptocurrency.

More: https://blockpublisher.com/the-joyous-union-of-bitcoin-and-mobile-phones/

Alleged SIM Swap Fraudster Stole $1m from Exec

By: Phil Muncaster

A Manhattan man is alleged to have stolen $1m in cryptocurrency from a Silicon Valley executive in a classic SIM swapping attack.

Nicholas Truglia, 21, allegedly targeted several victims including Saswata Basu, CEO of blockchain service 0Chain Myles Danielsen, vice-president of Hall Capital Partners and Gabrielle Katsnelson, co-founder of startup SMBX.

He was apparently able to hijack all of their mobile phone accounts, convincing carrier staff to transfer their numbers to new SIMs, but didn’t managed to grab any funds as a result.

However, a fourth victim wasn’t so lucky. San Francisco father-of-two, Robert Ross, also had his account hijacked and this time Truglia was allegedly able to use it to access $500,000 in a Coinbase account and $500,000 in a Gemini account.

Typically, this is possible because SIM swap attackers are able to intercept the two-factor authentication codes sent via text message to ‘enhance’ account security.

Truglia was arrested at his West 42nd Street high-rise apartment where police were able to recover $300,000 in stolen funds. He now faces 21 counts related to six victims, according to reports.

The case highlights the growing pressure on mobile operator staff to ensure they carry out the appropriate identity checks on the phone or in store, when individuals request numbers to be ported to new SIMs.

However, sometimes the scammers may get help from individuals working on the inside.

More: https://www.infosecurity-magazine.com/news/alleged-sim-swap-fraudster-stole/

SIKURPhone – Beyond a Cryptocurrency Wallet and Ready for Financial Transactions

By: sikur

Whilst Sikurs competitors are promising to release secure blockchain devices, Sikur is already delivering a full and innovative operating system experience. SikurOS is powering devices that can deliver much more than secure cryptocurrency wallets and other gadgets to protect assets.

2018 has been an incredible year for us – from the rush of launching SIKURPhone at Mobile World Congress, in Barcelona, to porting SikurOS to different hardware. It has been an exciting journey and we still have more to come, said Alexandre Vasconcelos, Sikurs COO.

SikurOS is a very innovative model, although its concepts are widely available. An operating system that is capable of effectively protecting user data is an approach that has taken SIKURPhone to the next level. Combining safety with convenience is a challenge that Sikurs research and development team face every day.

According to Group-IB, more than $882 million in cryptocurrency assets was lost to fraud and hacks in 2017 and 2018, mostly in the Asian market, including the over $500 million hack of Japanese Cryptocurrency Exchange Coincheck. Protecting cryptocurrency coins for the regular investor with simplicity and usability is already possible with SIKURPhone.

After passing rigorous tests by HackerOne with a bug bounty program, securing cryptocurrency is a challenge that SIKURPhone has already overcome. Sikur is now daring to take it a step further with the Trading Station concept.

More: https://www.globalbankingandfinance.com/sikurphone-beyond-a-cryptocurrency-wallet-and-ready-for-financial-transactions/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Sikur lança solução que traz camada adicional para aplicações críticas

By: TI Inside Online

Embora os concorrentes da Sikur estejam prometendo lançar dispositivos blockchain seguros, a Sikur já está oferecendo um sistema operacional completo para uso de carteiras de criptomoedas seguras e outros gadgets para proteger ativos.

“2018 tem sido um ano incrível para nós – desde a corrida de lançamento do SIKURPhone no Mobile World Congress, em Barcelona, ??até a portabilidade do SikurOS para diferentes hardwares. Foi uma jornada emocionante e ainda temos mais por vir”, disse Alexandre Vasconcelos, COO da Sikur.

“O SikurOS é um modelo muito inovador, embora seus conceitos estejam amplamente disponíveis. Um sistema operacional capaz de proteger efetivamente os dados do usuário é uma abordagem que levou o SIKURPhone a combinar segurança com conveniência, um desafio que a equipe de pesquisa e desenvolvimento da Sikur enfrenta todos os dias”, completa.

De acordo com o Group-IB, mais de US$ 882 milhões em ativos de criptomoeda foram perdidos para fraudes e hackers em 2017 e 2018, principalmente no mercado asiático, incluindo os mais de US$ 500 milhões do Japanese Cryptocurrency Exchange Coincheck. Proteger moedas de criptomoedas para o investidor regular com simplicidade e usabilidade é o que promete o SIKURPhone.

Depois de passar por testes rigorosos da HackerOne com um programa de recompensas de bugs, garantir a criptomoeda é um desafio que a SIKURPhone já superou. Sikur está agora se atrevendo a dar um passo adiante com o conceito de Trading Station.

“O mercado financeiro é dinâmico e está em constante mudança. Os números de fraude e perda continuam aumentando à medida que a variedade de métodos de transação digital cresce. As soluções existentes não fornecem flexibilidade, usabilidade e segurança suficientes para o usuário moderno. A Sikur’s Trading Station usa a força do SikurOS e fornece camadas extras de segurança para aplicativos financeiros que exigem proteção máxima. Também introduz liberdade e flexibilidade para realizar operações de qualquer lugar, sem a necessidade de estar em escritórios ou redes altamente protegidas. As ações de trading, mobile banking e mPOS (Mobile Point of Sale) são alguns exemplos do mundo real onde a SIKURPhone pode fazer uma grande diferença para a indústria”, disse Fabio Fischer, vice-presidente executivo da Sikur.

Proteger dados localmente e na nuvem é uma alta prioridade para empresas e governos. Portanto, ter aplicativos conhecidos nesses dispositivos está se tornando obrigatório, pois a segurança preocupa mais pessoas a cada ano.

“Na Sikur, a inovação faz parte do nosso DNA. Estamos sempre procurando criar. Essa energia dá a todos mais poder e determinação para progredir. O conceito de Trading Station vem dessa maneira de pensar”, diz Alexandre Stumpf, CTO da Sikur.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/31/10/2018/sikur

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

By: Pierluigi Paganini

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

More: https://securityaffairs.co/wordpress/77213/hacking/cyber-attacks-crypto-exchanges.html

Sikur turned a Sony smartphone into a cryptocurrency vault

By: Stan Schroeder

If you need to carry a substantial amount of cryptocurrency on you at all times, but you just don’t trust the average smartphone, a company called Sikur might have a solution.

On Wednesday, Sikur launched the SIKURPhone, a customized variant of a Sony smartphone, its Android enhanced with the secure, crypto-oriented SikurOS software.

SikurOS comes with a cryptocurrency wallet and numerous security-oriented features, such as the ability to remotely wipe the device, and Sikur’s own Secure App Store (launching later this year) which should host only vetted and thoroughly checked apps. A security-oriented chat app and browser are also on board.

The phone comes in two flavors: One is based on Sony’s XZ1, a 5.2-inch smartphone with a Snapdragon 835 chip, 4GB of RAM, 64GB of storage, a 2,700mAh battery and a 19-megapixel camera on the back paired with a 13-megapixel selfie camera.

The other is based on Sony’s mid-range XA2, which has a Snapdragon 630 chip, 3GB of RAM, 32GB of storage, a 23-megapixel rear camera, and 8-megapixel selfie camera, and a 3,300mAh battery.

Neither of these devices are particularly new — Sony launched two more XZ-series flagships after the XZ1 — but their specs are still good enough to hold their own against most modern phones.

If you’ve followed Sikur over the past couple of years, this launch is probably quite confusing. The company’s original SIKURPhone, launched in February 2018, had both its hardware and software built by Sikur. Now, the company appears to have pivoted to building only software which it will deploy on phones made by other manufacturers.

More: https://www.yahoo.com/news/sikur-turned-sony-smartphone-cryptocurrency-080440484.html