Hackers have stolen more than $1 billion from cryptocurrency exchanges in 2018

By: Sam Jacobs

The popularity of cryptocurrency has also given rise to a proliferation in the number of crypto exchanges.

The website coinmmarketcap.com lists 205 crypto exchanges, with Japan-based Binance topping the rankings for 24-hour transaction volume.

Clearly, there’s an opportunity in the space to make a profit by clipping the ticket on crypto trades.

At the same time, more transaction providers in the nascent, largely unregulated market for cryptocurrencies means more targets for hackers. So far in 2018, the hackers have been busy.

A report in the Wall Street Journal shows more than $US800 million ($AU1.08 bn) worth of cryptocurrency has been stolen by hackers this year.

The figures are based on an investigation by Autonomous Research, an independent research provider for the finance industry.

The biggest hack this year took place on Coincheck, a Japanese-based exchange which had more than $US500 million worth of crypto stolen in late-January.

Last month, South Korean exchange Bithumb was targeted, as hackers made off with around $US30 million while the company suspended operations and moved its crypto holdings to cold storage.

While companies such as Binance, Coincheck and Bithumb are usually referred to as exchanges, their functions differ from traditional stock exchanges such as the ASX.

Earlier this year, the chair of the Australian Digital Commerce Association (ADCA), Loretta Joseph, told Business Insider that exchanges should be referred to as “digital marketplaces”, given that they aren’t regulated and merely provide a forum for buyers and sellers to exchange crypto independently.

Another way in which crypto exchange companies differ from stock exchanges is that they often provide a vehicle to store users’ cryptocurrency, which is also what makes them a target for hackers.

Going back to 2011, there’s been a total of 56 cyber attacks across currency exchanges and initial coin offerings.

Autonomous Research said there’s been seven crypto exchange hacks so far this year, four of them in Asia.

More: https://www.businessinsider.com.au/cryptocurrency-exchange-hackers-2018

$1.1 billion in cryptocurrency has been stolen this year, and it was apparently easy to do

By: Kate Rooney

Roughly $1.1 billion worth of cryptocurrency was stolen in the first half of 2018, and unfortunately for owners, it’s pretty easy to do, according to cybersecurity company Carbon Black.

Criminals use what’s known as the dark web to facilitate large-scale cryptocurrency theft. There are now an estimated 12,000 marketplaces and 34,000 offerings related to cryptotheft for hackers to choose from, the company said in a study released Thursday.

“It’s surprising just how easy it is without any tech skill to commit cybercrimes like ransomware,” Carbon Black Security strategist Rick McElroy told CNBC. “It’s not always these large nefarious groups, it’s in anybody’s hands.”

The necessary malware, which McElroy said even occasionally comes with customer service, costs an average of $224 and can be priced as low as $1.04. That marketplace has emerged as a $6.7 million economy, according to the study.

The dark web is a part of the World Wide Web accessible only through special software. It lets users remain anonymous and largely untraceable.

“You just have to able to log in and be able to buy the thing — you can call customer support and they’ll give you tips,” McElroy said.

Thefts can come from organized cartels or crime groups extorting exchanges and companies. But it is often as simple as a highly trained but unemployed engineer looking to make extra cash.

“You have nations that are teaching coding, but there’s no jobs,” McElroy said. “It could just be two people in Romania needing to pay rent.”

As the price of bitcoin skyrocketed more than 1,300 percent last year, new buyers flooded the market. Unlike banks, cryptocurrency is typically not protected or insured by a third party, which first-time investors might not know.

More: https://www.cnbc.com/2018/06/07/1-point-1b-in-cryptocurrency-was-stolen-this-year-and-it-was-easy-to-do.html?__source=facebook%7Ccrypto+

Cryptocurrency Attacks Are Rising

By: Olga Kharif

One of the most-feared quirks of cryptocurrencies is becoming more of a headache.

 Over the past few weeks, rogue operators of some of the computer networks that perform the complex calculations that verify transactions for various coins are attacking their own networks again. This time it’s Bitcoin Gold, an offshoot of the most widely known form of digital money, with a $717 million market capitalization.

Such 51 percent attacks, in which so-called miners gain control of the majority of the network’s computing power to falsify transactions, are generating ill-gotten gains that risk collapsing the value of the coins. Under attack for more than a week, Bitcoin Gold is down about 25 percent since May 18.

 Similar attacks have targeted Verge, Monacoin and Electroneum, according to Autonomous Research LLC. To gain power over a coin with a market cap of $500 million, an attacker may need to spend as little as $778 an hour, according to Autonomous.

After all, many of these smaller coins — and there are now more than 1,600 of just the major ones — have ballooned in value, becoming valuable targets for criminals. Some bad actors also may want to torpedo one coin to boost the value of another, Spencer Bogart, partner at Blockchain Capital LLC, said in an email.

Healthcare Prone to Attack, Still Unprepared

By: Kacy Zurkus

The one-year anniversary of WannaCry, the ransomware that disrupted businesses across the globe, is upon us. Since the ransomware attack that impacted an estimated 200,000 computers, new research suggests that organizations across the UK are still struggling to deal with ransomware, none more than those in the healthcare industry.

Over 400 IT decision makers at UK businesses partook in a recently released report from Webroot, which found that a large majority of the respondents (88%) feel better equipped to deal with a ransomware attack. Healthcare organizations are more prone to attacks than other industries, yet 98% of respondents in the healthcare sector said they are better equipped to deal with an attack now than they were one year ago.

That number could indicate a false sense of security, given that 45% of respondents had suffered a ransomware attack. Of those, nearly a quarter (23%) actually paying the ransom. More than half of the healthcare companies polled (52%) admitting to having suffered an attack.

“Organizations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high-profile target, with valuable data at stake, and take special care to ensure that defenses are in place,” said David Kennerley, director of threat research, Webroot.

In the healthcare sector, multiple attacks hit over one in four (26%) organizations. Of the 400 survey participants, 56% of respondents would consider paying the ransom. That number is smaller for organizations in the healthcare sector, with only 34% saying they would consider paying. Interestingly, only 5% of all those surveyed have stocked Bitcoin should they need to pay a ransom. However, 8% of organizations in the healthcare sector have acquired cryptocurrency.

More: https://www.infosecurity-magazine.com/news/healthcare-prone-to-attack-still/

Portuguese Parliament to Discuss Cryptocurrency Payment Regulations.

By: Francisco Memoria

Portugal’s parliament is set to discuss cryptocurrency payment regulations this week, with the goal of adopting a new legal framework for cryptocurrency payment services, while guaranteeing users’ safety using these services.

According to local news outlet Jornal de Negócios, applicable sanctions and the issuance of digital currencies – presumably initial coin offerings (ICOs) – will also be discussed. The government will reportedly discuss cryptocurrencies so new payment services can emerge in the market, while ensuring users can choose between safe, cost-effective options.

Per the Portuguese government, regulations will allow cryptocurrency-related services to expand within the country, which will benefit consumers by promoting competition, while ensuring safety and transparency in “the issuance of cryptocurrencies.”

The government argued (roughly translated):

“The regulation of certain aspects, not yet regulated, will allow for the expansion of new types of payment services, contributing to a legal framework to accommodate the innovation, to the benefit of consumers, and to even promote competition.”

The regulatory framework is set to apply “new rules to access payment accounts,” so as to prevent unjustified setbacks and ensure payments are safe. It’ll also introduce rules on managing operational risks, while offering service providers and ICO operators “complaint mechanisms.”

Per the somewhat vague information available, when it comes to dispute resolutions “payment service providers are obliged” to work with dispute resolution organizations over potential disputes. The government also plans on introducing “complaint mechanisms for payment service providers and for electronic money issuers, as well as for the respective supervisory authority. “.

More: https://www.ccn.com/portuguese-parliament-to-discuss-cryptocurrency-payment-regulations/

The Three Layers Of Cryptocurrency Security

By: Ivan Novikov

The cryptocurrency marathon started in 2009 from the initial release of Bitcoin — the first decentralized cryptocurrency. By definition, a decentralized system operates with no servers and each participant is allowed execute transactions. In the case of the blockchain, each participant also has to perform some system tasks like storing transactional data. A group of participants can even run an alternative version of reality called a fork. This fork would work by the same rules as the original decentralized system but would have a different state.

This diagram illustrates the hierarchical nature of cryptocurrency security:

Wallarm Inc.

Hierarchical nature of cryptocurrency security.

The bottom line is, if there is an issue at the first layer in a coin protocol, you will be compromised, regardless of how secure are your second and third layers are.

Let’s look into each of the layers separately.

The First Layer: Coins And Tokens

Your security in the world of cryptocurrencies is, first and foremost, based the security of the protocol. When you are choosing a cryptocurrency you are taking on all the risks related to the protocol. If somebody can identify and exploit protocol flaws, they will compromise the entire network, including you, and it will not matter which exchange or wallet you are using.

At this layer there are two different types of currencies:

 The coins themselves (Bitcoin, Bitcoin Cash/Gold, Ethereum, NEO, etc.)

MORE: https://www.forbes.com/sites/forbestechcouncil/2018/05/03/the-three-layers-of-cryptocurrency-security/2/#5ebdbfe92d89

Bitcoin in Brief Wednesday: Hacker Gets Trolled, Vertcoin Gets Hacked

By: Avi Mizrahi

With all the talk about buying lambos, and some people making serious money, it’s no surprise that the cryptocurrency world attracts hackers looking for rich targets. Today’s edition of Bitcoin in Brief showcases two typical cases and one atypical response.

Ransomware Hacker Trolled

Aaron Lammer, a cryptocurrency podcaster, got his website hijacked by a hacker demanding ransom. But instead of paying the requested 0.025 bitcoin or calling the police, he decided to have some fun with the criminal.

The hacker left a ‘contact us’ option, which is not as unusual as it might sound because often such schemers need to help victims with the process. The link directed Lammer to the facebook profile of one Barberousse Mohammed, and so he began trolling him. After Mohammed refused to accept a million pre-sale ICO tokens instead of bitcoin, Lammer tried to lure his hacker into the whole BTC vs. BCH debate by appearing to educate him about the advantages of bitcoin cash. See the entire amusing chat transcript here.

And don’t worry, eventually the website was restored by the hosting service. They said the hacker used a WordPress exploit on a different domain housed under the same user to gain control.

Vertcoin Twitter Hacked

Fake cryptocurrency giveaway scams continue to plague Twitter, with the latest example coming from Vertcoin. Usually the scammers create a new account that looks as close as possible to the real one and reply to all tweets with promises to send back large amounts to anyone that sends them ether. This time they actually took over the official Vertcoin account to promote the scam. Luckily, it appears that only three people actually fell for it and sent BTC to the address before the tweet was taken down.

More: https://news.bitcoin.com/bitcoin-in-brief-wednesday-hacker-gets-trolled-vertcoin-gets-hacked/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Isolated, Air-Gapped Cypto-Wallets Hacked

By: Kacy Zurkus

He who holds the private keys owns all of the bitcoins. For those who manage their cryptocurrency in offline, or “cold,” wallets under the premise that they cannot be compromised, recent news from researcher Dr. Mordechai Guri from Ben-Gurion University of the Negev, Israel, raises some alarms. Guri demonstrated that cold wallets can be infected with malicious code, allowing an attacker to access the wallet’s private keys.

Because cold wallets are presumably safer than storing their keys in “hot,” or online, wallets, many cryptocurreny owners keep their bitcoin wallets isolated in air-gapped PCs so that they are away from the internet and not connected to any network, Wi-Fi or Bluetooth.

In addition to publishing a white paper, Guri also demonstrated the attack method’s effectiveness using malware called bridgeware, which successfully leaks the bitcoin private key over air gap via ultrasonic signals in only 3 seconds.

The discovery isn’t new, nor is it the first time a hacking technique was used to compromise an isolated machine. Rather, Guri’s experiment showed that private cryptocurrency keys can be stolen using out-of-band communication methods.

Malware can be preinstalled, delivered during the initial installation of the wallet, or pushed through a removable media. Once the malware is installed, there are a variety of exfiltration methods an attacker can use, and Guri evaluated several, including physical, electromagnetic, electric, magnetic, acoustic, optical and thermal.

“This research shows that although cold wallets provide a high degree of isolation, it’s not beyond the capability of motivated attackers to compromise such wallets and steal private keys from them. We demonstrate how a 256-bit private key (e.g., bitcoin’s private keys) can be exfiltrated from an offline, air-gapped wallet … within a matter of seconds,” Guri noted.

The PC and keyboard are removed in the second video to demonstrate an additional exfiltration method – a technique known as a RadIoT attack. In about 15 seconds, Guri successfully transmits private keys from a Raspberry Pi to a nearby smartphone over air gap by way of electromagnetic signals.

MORE: https://www.infosecurity-magazine.com/news/isolated-airgapped-cypto-wallets/

Financial Firms are Ready to Enter the Cryptocurrency Market Says New Survey From Thomson Reuters

By: Melanie Kramer

A Thomson Reuters survey claims that one in five financial institutions are considering cryptocurrency trading in 2018, with many planning to do so in the next few months.

The survey by the leading professional market news service was conducted with over 400 Thomson Reuters trading solutions clients, including users of the Eikon, REDI, and FX platforms.

20% of the participants indicated that they are considering trading cryptocurrencies over the next 3-12 months, with 70% of positive respondents planning to trade in cryptocurrencies in the coming 3-6 months.

Neill Penney, co-head of Trading for Thomson Reuters, commented on the recent change in sentiment:

“Cryptocurrency is still a relatively small part of the trading market, but this survey indicates this niche segment is starting to enter the mainstream of the financial services industry.  This is a major change from a year ago.”

Penney identified the immediate priority for clients as the need to seamlessly access news and data around cryptocurrencies in order to make informed trading decisions.

“As a leading provider of news, data, and trading capabilities Thomson Reuters is well-positioned to deliver solutions that address client demand in the growing cryptocurrency market,” said Penney.

Thomson Reuters’ Eikon desktop platform provides prices for Bitcoin and altcoins. Its MarketPsych indices now includes the first sentiment data feed for Bitcoin, in addition to other new capabilities. The 100-year-old business intends to introduce further functionality for the sector in response to customer needs.

The survey also found widespread familiarity among participants, which may indicate that cryptocurrency trading is a long way from being seen as the niche market it once was.

Kevin Murcko, CEO of cryptocurrency exchange CoinMetro commented directly on the results of the survey:

“Historically, the banking sector has been notoriously dismissive of the crypto movement. Cryptocurrency has variously been called a bubble, an asset for criminals, and worthless. But today’s survey demonstrates that while financial institutions are saying one thing, they’re doing quite another.”

More: https://coinjournal.net/financial-firms-are-ready-to-enter-the-cryptocurrency-market-says-new-survey-from-thomson-reuters/

Crypto Investor Ian Balina Hacked for Millions in Ether During Livestream.

By: Conor Maloney

Notable cryptocurrency investor and Youtube influencer Ian Balina ended a livestreamed ICO review last night when he realized he was being hacked. Balina seemed to realize something was amiss when he was required to sign back into Google to save changes to the spreadsheet he was using, saying “I have to get going” and ending the stream.

Balina took to social media to ask for the support of his followers in tracing over $2 million worth of cryptocurrency being moved from his Etherscan wallets. He said he didn’t care about the money, and just wanted to catch the person or people responsible.

Security Breaches

There were a number of vulnerabilities in Balina’s security which he admits were the cause of the hack. His main email account was backed up by an old college email account, long-since abandoned. In the event of Balina losing the password to his account, the college account could be used to reset the password. Hackers discovered this account and accessed it, using it to reset the password and access the main account where they came across the second major security breach.

More: https://www.ccn.com/ian-balina-hacked-for-millions-through-old-email-account/