Browsing Category



Top 5 Cryptocurrency Scams And How To Avoid Them

As we approach the end of the year, it is time to summarize the past 12 months. But as you know we eat and breathe security and our summary is more like a short guide on fraudsters’ favorite tactics and how to avoid them. As if the bear market was not enough, the cryptocurrency community had to withstand the rise of crypto-related scams. Unfortunately, there isn’t a sole thing that can guarantee you a 100% protection. But the good news is that by investing a couple of minutes (and some brain cells) a day, you can stay afloat the swindle ocean.

So without further ado, here’s the list of cryptocurrency scams that rose to prominence in 2018.

Straightforward hacking

There is nothing fancy about it except the fact that the evilest and powerful hacking entity is Lazarus. In case you’ve missed the news, Lazarus is the brainchild of the North Korean regime. Yeah, that’s right, the commies have their own hacking entity, which is believed to be behind the infamous Coincheck hack.

Kaspersky Labs has been closely following Lazarus over the years and has warned that it is already building a brand new malicious software aimed to take on Linux. The cybersecurity company states:

“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”

Lazarus has become notorious for penetrating Windows and Mac systems, fintech companies, exchanges, and whatever comes to your mind. Since the group is not kidding we believe that the smartest thing to do is to refrain from using online wallets. It would be much better to go for a hardware wallet instead. If you are not sure why, check our cryptocurrency wallet guide.

Bitcoin blackmailing

While blackmailing is a classic move, it wasn’t until that summer that it became a thing in the crypto world. Here is how it goes. You open your email and there is suddenly someone telling you they know your password (which they do) and have photos of you doing your thing while watching those nasty movies (which is most likely a false claim). The bad actors tell you that if you don’t pay a certain amount of Bitcoin, they will send all of your “Oh” photos to your contacts.

But don’t panic. While the baddies might indeed have some of your passwords it doesn’t mean that they know something about you, neither do they have any photos. These are just randomly sent emails, which rely on recipients fears. For your own safety, it is better to change passwords and cover your laptop camera. However, you can always check how the culprits got your password using this search engine.

Did I fail to mention not to pay the ransom? Well, don’t! Those fuckers don’t deserve a penny. Do not respond to their email either.


These are designed to spread malware all over the internet and infect websites, computers, servers, etc. Once the baddies infect their targets, they can control them directly all pull all sorts of nasty tricks. Luckily, the cybercriminals are often using them for cryptojacking purposes, which you can easily block by using the right browser extensions.

In worse case scenarios, you might be tricked into downloading malicious files. Despite that, a top-notch antivirus should be able to handle the situation.

Social engineering

Some culprits prefer to do it the old-school way. Unfortunately, social engineering and phishing still work surprisingly well. According to Kaspersky, over 100,000 malicious pages have been used to redirect traffic to authorization pages of renowned exchanges like Bittrex, Binance, and Kraken. Of course, these are just copycats aiming to steal your credentials. And even EtherDelta users ate some phish (pun badly intended) earlier this year.

Kaspersky elaborates:

“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency. In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”

Sadly, the only way to protect yourself from phishing and social engineering is to be extra cautious when typing private seeds and passwords. Plus, it is advisable to enable two-factor authentication (a.k.a. 2FA) just in case.

Fake wallets

Google Play and Apple’s AppStore are plagued with copycats of legitimate cryptocurrency wallets. Always pay extra attention to tiny details such as publisher, publishing date, number of downloads, etc. In addition, do your research before installing a mobile wallet and double-check its rating and reviews. And as always, please don’t go for wallets that offer you some free tokens upon registration, you’ll thank me later.



Malware Found In CoinTicker App

To say that cryptocurrency trade in 2018 is a stressful activity would be a major understatement. Apart from keeping an eye on the market, one should also pay attention to the security or see their tokens vanish out of thin air.

I guess that many of you rely on cryptocurrency ticker apps to stay up-to-date with the current market situation, and to seamlessly monitor your crypto holdings. Yeah, I know that price fluctuation can be really intimidating sometimes but as I said before, you gotta have balls.

Now straight to the point, one guy sounded the alarm in the Malwarebytes forum, when he revealed some ticker apps installing unknown software on users’ devices. There seem to be something concerning about MacOS’ CoinTicker app. It looks like it installs two “open-source backdoors: EvilOSX and EggShell.”

As of writing, nobody has uncovered what these two malware pieces do with your (and our) machines. Nevertheless, Malwarebytes suspects that these are backdoors that could be the exit for your tokens. Put simply, security researchers believe that since this malware lies within a cryptocurrency app, their most likely task is to compromise your security and allow the bad actors to steal your fortune.

What makes this app perfect for setting up backdoors? It does not ask for access to root and administration privileges. Since after installation CoinTicker only shows cryptocurrency prices, there is nothing that can make you suspicious there is something wrong.

This is not the first time we see fraudsters come up with innovative ways to con reckless crypto geeks. This is especially true when talking about cryptojacking. There is no evidence that the above-mentioned pieces of malware are crypto mining scripts but do refrain from using CoinTicker at least for now. Of course, it is always better to be cryptojacked than being robbed. Luckily, you can always store your tokens in a cold wallet and give the baddies the finger.


Stay Ahead Of Cryptojackers With This Simple Guide

The regular cryptocurrency trader is rather familiar with the variety of threats that lurk in the space. However, newbies and seasonal traders might be less educated about the industry and this makes them easy targets. The baddies are good at pulling all sorts of nasty tricks and we have to say that getting conned is not that difficult.

Many of the community members pay attention to the market before purchasing or selling their tokens. That’s good, what’s even better is using a hardware wallet. Nevertheless, we somehow seem to neglect cryptojacking as an emerging threat. Click here, to learn more about cryptojacking. In short, cryptojackers steal your computing power to mine cryptocurrencies. Unfortunately, this might make your device completely unusable. If you want to understand whether you have been cryptojacked and how to protect yourself, keep reading.

Is my device cryptojacked?

The easiest way to detect the symptoms of the cryptojacking fever is to check whether your device is running hot and whether there is a strange noise coming from it. Mining cryptocurrencies uses a lot of your CPU power, meaning your device will be much noisier and hotter than usual. Your other options include checking your resource monitor. Open Task Manager on Windows by pressing ctrl + shift + Esc and if you are using Mac search for Activity Monitor.

If you believe your CPU shouldn’t be working on full capacity but it is… Well, you’ve been cryptojacked. Alternatively, you can always use Opera’s Cryptojacking Test even you work with another browser.

Cryptojacking protection

Since cryptojackers are becoming extra creative in recent months, you should always pay attention to the files and updates you download. However, the most common method they rely on is to embed malicious codes in websites and wi-fi networks. But don’t worry. There is always a way to block the code. Most of the internet browsers already have extensions designed to keep the bad actors away. We guarantee you that minerBlock, NoCoin, Coin-hive Blocker will protect your Chrome. Firefox has its own version of minerBlock and NoMiner.

To level up your security it is advisable to use prominent anti-virus, which protects you against cryptojacking among other nasties. Perhaps the most troublesome scenario is when the culprits infect a router or a network of routers. Unfortunately, it is much harder to identify this type of attack. This is why we advise you to regularly update your router’s firmware.


Cryptojackers Get Super Creative – Infected Updates Are Now Viral

Cryptojackers are here to make fun of legitimate app developers and to make some money along the way. Since everything in technology changes, the cyber culprits are not going for infecting Wi-Fi networks, Amazon Fire TVs, and random websites with Coinhive. These days they are delivering the change by compromising otherwise legitimate Adobe Flash Players.

In fact, it is the old-school Trojan horse tactics but hey, old-school always works. In short, when you download the latest Adobe Flash Player update, you get an XMRig bot, which is here to hijack your computing power and mine some Monero for the bad boys.


Source: Palo Alto Networks

The first to uncover the mining malware was the cybersecurity entity Palo Alto Networks. Indeed the corrupted Flash updater has been circulating the internet since the beginning of August. Apart from getting the “newest” Flash Player, you get the “newest” mining malware installed in the background, silently making profits for someone else. The chances are many users are unaware of the fact that they have been cryptojacked. While they may experience system outages, slow and impaired performance, those who are not familiar with crypto malware may have a hard time figuring out what is wrong with their devices.

The cybersecurity researchers have stumbled upon 113 files dubbed “AdobeFlashPlayer”. But the catch is, none of them are stored on Adobe-owned servers. Palo Alto Networks suggests that the cryptojackers have used bogus URLs to redirect their potential victims. One question remains, however, how and why users reached these URLs?

While the analysis of the URLs showed no signs of something suspicious, after the installation process the mining bot immediately connects to a Monero mining pool and starts doing its thing.

“Because of the legitimate Flash update, a potential victim may not notice anything out of the ordinary. Meanwhile, an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer,” reads the post.


Google Restricts Third-party Apps From Using Sensitive Data

Traders from all walks of life know that storing cryptocurrencies in a mobile wallet is bad, bad, bad. There are hundreds of reasons one should refrain from hot wallets in general but mobile wallets and easily the most vulnerable of them all.

It’s not only that there are copycat applications that impersonate legitimate apps. The problem is that even “legitimate” apps sometimes do get compromised. And when that happens, oh boy… You can only hope you are fast enough to relocate your tokens. Indeed, hackers manage to corrupt mobile application much more often than you think.

This is the reason why Google has revamped their Apps Policy. In a blog post published on Monday, the tech giant clarifies that apart from shutting down its social media Google+ it will also give more power to decide what data they share with third-party apps. This puts the power back in users’ hands. From now on, when you install an app you can specifically choose what you share with it and what you don’t. This means that you can restrict camera, photos, docs, and calls access.

What does it mean for crypto geeks?

It means that in case you still want to store some tokens in a mobile wallet, they are a just a little better protected now. The new app update doesn’t prevent future hacks but it still levels up security. You should be careful how you handle your sensitive data such as passwords, PINs, 2FA, etc. The good news is that even if the bad guys sneak into your phone through an (supposedly compromised) app, they would not be able to access your docs, notes, etc. if you have explicitly restricted the app in question from using them.

Google says:

“Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps.).”

Yeah, not necessarily a problem solver but still better than the previous data policy we would say. You never know when the bandits are coming for you, so you’d better go for a cold wallet instead.


Cryptojackers Wage War On India

In case you haven’t noticed, there is already a cryptojacking pandemic. The largest infection this year took place in Brazil where the culprits compromised quite a lot of routers. Unsurprisingly, crypto mining software is multiplying, thus plaguing India as well.

The cryptojackers have declared war on the internet in general and their latest attack targeted 30,000 MikroTik routers in India. Combined with the 280,000 infected units in South America, we can safely say that cryptojacking is big bizniz now.

The internet punks have secretly inserted Coinhive in literally tens of thousands of routers and it looks like the Indian internet providers are a) unaware or b) they just don’t care. This forces corrupted MikroTik routers to mine Monero on every page opened.

Coinhive is by far the most popular Monero mining script. The tiny JavaScript code allows the cybercriminals to embed it in websites, ad banners, routers, wi-fi networks, etc and thus secretly mine Monero on users’ devices.
Now, Coinhive could be put in action for noble purposes as well. For example, UNICEF used it to raise funds for charity. If you want to dig deeper into cryptojacking click here.

Coinhive wouldn’t have been such a pain if the baddies did not make hundreds of versions out of it. They do that in order to circumvent security layers and trick networks into running it. In fact, McAfee Labs reports that just in the last three months they have launched 2.5 million versions of cryptojacking software. Notable, most of them are Coinhive-based.

Banbreach has found that at least 45% of the infected routers are located in rural areas. While such massive attacks are barely something unusual anymore it is still striking that internet providers seem to just neglect the threat. Not that cryptojacking can really harm you since it neither steals money nor data but it can really ruin your browsing experience and even your device.

If your PC or smartphone suddenly gets super slow, the chances are you have been cryptojacked. The easiest thing to do is to close your browser and open other websites. If nothing changes, you’d better contact your internet operator.


How To Protect Your Cryptocurrency In 1 Single Step

If you haven’t noticed so far we are often bitchin’ about security here. And while there are some things that are out of your control (like hacker’s attacks), others are up to you. For example, talking about how much Bitcoins you own is a bad idea. Doing this in public is even worse because you can easily drag the attention of any fraudsters nearby. Your bragging is music to their ears as they start to see you as a target.

In case you don’t believe us, consider this – a Google executive who specializes in fighting email frauds recently discussed the matter in a chat with CNBC. Mark Risher explained that people who like to talk about their cryptocurrency fortunes in public often fall victims to email hack attempts.

“It could just be a case of mistaken identity or guilt by association,” he said, adding that cybercriminals can easily find your email. He explained that they often monitor social media accounts and target people who are smart enough to reveal they own some tokens.

“They could be using someone who seems to be low value to pivot toward somebody considered a higher value target, like somebody political in nature. Or maybe they saw that you were discussing Bitcoin on a public message board.”

Another bad idea is to use one and the same email address to both log in to social media and back up your cryptocurrency wallet. It is a piece of cake to check somebody’s email on Facebook and then hack it, reset its password and do some other nasties.

Fraudsters are getting smarter

While you are unlikely to fall for the ancient “Nigerian Prince” scam (we hope so) the bad boys often do their research pretty well before contacting you. They might be impersonating someone you know and trust.

“You might think of this generic ‘Dear Sir or Madam, I am contacting you to ask you for a favor,’ but the truth is many of these attackers have done some serious research on their victims. So you might get what we call ‘social truth’ in your message,” Risher adds.

The point here is, don’t talk about crypto. Neither in public nor in social media. Use several email addresses and pay extra caution when dealing with those connected to financial services. Level up your passwords and pins to further enhance your protection.


A Crucial Bug In Monero Could’ve Resulted In Millions Lost

Monero might be one of those cryptocurrencies that care about use anonymity but it turns out Monero was too vulnerable to hacks. Well, until now, according to its core development team. Today the devs made the news by revealing the Monero network had a severe security flaw left unnoticed.

An excerpt from the bone-chilling blog post reads:

“The bug basically entails the wallet not providing a warning when it receives a burnt output. Therefore, a determined attacker could burn the funds of an organization’s wallet whilst merely losing network transaction fees.” Further adding, “In sum, a bug in the wallet software allowed a determined attacker to cause significant damage to organizations present in the Monero ecosystem with minimal cost. Fortunately, the bug did not affect the protocol and thus the coin supply was not affected.”

How does it happen?

We are not getting in details here but just like the Bitcoin and Ethereum networks, the Monero blockchain can also “burn” its own tokens. When similar or identical stealth addresses settle transactions between each other the Monero mainnet is programmed to allow only one “correct” transaction. It considers the remaining transactions fake and “burns” them. The burnt XMR tokens become unusable as they are neither removed nor replaced with new tokens.

However, the security researchers have recently discovered that hacker might exploit that and smuggle tokens directly from external wallets and third-party apps.

The disclosure explains that the bad guys can generate a private key and then adjust in such a way that it redirects funds to a certain public address(let’s say a wallet in an exchange), which is the same as the stealth address (which they control). The attackers then send a thousand transactions of one XMR to the exchange wallet.

What happens then? The blog post outlines, “Because the exchange’s wallet does not warn for this particular abnormality (i.e. funds being received on the same stealth address), the exchange will, as usual, credit the attacker with 1000 XMR. The attacker then sells his XMR for BTC and lastly withdraws this BTC. The result of the hacker’s action(s) is that the exchange is left with 999 unspendable/burnt outputs of 1 XMR.”

The Monero developers insist they have contacted major exchanges and offered their help in fixing the problem. In fact, they have released and sent a private patch to exchanges. We must all thank the Monero community members who voiced their concerns on the potential attack on Reddit. It helped the developing team investigate and review the code before someone have managed to pull a nasty trick.

In conclusion, the announcement reads, “this event is again an effective reminder that cryptocurrency and the corresponding software are still in its infancy and thus quite prone to (critical) bugs.”



Crypto Thefts In Japan Triple In H1 2018

According to the Japanese media The Asahi Shimbun, the number of cryptocurrency thefts has tripled over the first half of 2018. Japan is one of the leading crypto markets but it looks like it has a hard time keeping cybercriminals away. The National Police Agency (NPA) reports that compared to the same period last year, the number of hacks has grown immensely.

In 2017, the authorities have registered less than 60 cases, while this year they are 158 and counting. Unsurprisingly, Bitcoin leads the race. The number one cryptocurrency seems to be the most targeted  as it was the prime subject of the attacks 94 times. Bitcoin thefts amount to 860 million yen stolen. Second comes Ripple’s XRP, which was targeted 42 times. The bad guys have snatched 1.52 billion yen worth of XRP in the first six months of the year. Surprisingly, Ethereum was the prime target in just 14 cases, which however result in 60 million yen losses.

Of course, tens of altcoins have been compromised as well. NEM (XEM) for example made the news during the infamous Coincheck hack.

“More than 60 percent of all cases, or 102 incidents, involved individuals who used the same ID and password for their e-mail account and other Internet services, such as online shopping, for cryptocurrency dealings,” read the police report.

In total, the Japanese market has lost over 60.50 billion yen (roughly $540 million) in the first half of 2018. In contrast, for the same period last year, the cyber thieves have stolen a mere $5.5 million. We should note, however, that since the Coincheck wrongdoing the officials introduced stricter regulations. The NPA is monitoring whether exchanges comply with KYC and AML policies, while the Financial Services Agency has investigated many of the domestic exchanges.

Though in general, the number of crypto thefts declined after March, the culprits still managed to steal $60 million from Zaif earlier this week.


Exchanges, security,

Fake EOS Tokens Flood A Fake Decentralized Exchange, $60k Stolen

If you think your tokens are safe in an exchange, you are wrong. If you think trading through an exchange is safe, you are wrong again. If an exchange claims it is decentralized, well it doesn’t mean it really is. So why am I bitching about this again? Well, partly because crypto security is an evergreen topic and partly because somebody somehow exploited exchange vulnerabilities once again.

Pssst, kid! Wanna buy some EOS?

It seems like EOS troubles have no end. The startup did raise $4 billion from institutional investors to challenge Ethereum and virtually every couple of days we see hackers chewing off bits of EOS and spitting them in investors’ faces.

The EOS protocol allows everyone to create a token and name it whatever they like. Yes, “EOS” is just the perfect name and it’s free, ya know. Thanks to this smart move from the real EOS engineers, the baddies “developed” an EOS-based token, named it “EOS” and flooded one particular “decentralized” exchange with copycats. One billion fake tokens to be exact. And do you know what’s worse? By the end of the perfectly staged attack, the culprits smuggled some $58,000 from ordinary traders.

Decentralize this!

Probably, this is the most hackless hack in the history of hacks and here’s why. The bad boys never really had to hack the exchange, because it doesn’t utilize smart contracts and it is not even decentralized. They purchased some altcoins with their fake EOS tokens and then exchanged them for the real EOS equivalent, which they siphoned through Bitfinex.

Newdex (the “hacked” marketplace) said in a statement:

“EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens. After testing the feasibility of the attack, the account began to place large [buy orders]. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”

Thanks, Captain Obvious! Now, since there is no smart contract to verify the authenticity of the tokens it receives, anyone can send anything and fool the system. In other words, Newdex is not a decentralized exchange. It is just a single account that conducts the transactions, pretending to be an asset exchange. Ha-ha-ha, very smart. It turns out traders were just sending money to a personal EOS account, hoping it would settle their transactions accordingly.

In fact, the crypto community smelled something wrong is going on days before the attack:

“Unlike a real DEX, they do not have a smart contract that holds funds / handles order matching on-chain. Instead, they match all orders off-chain in a centralized server. […] What’s worse, they deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality, you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it. […]This means there’s no smart contract or ABI on that account. Essentially all you are doing when you submit an order from their interface is sending your funds to their personal EOS account and hoping they return you the tokens you’re buying/selling.”

Well, I have nothing more to add, this whole fiasco has really blown me away. And remember, stay off of Newdex.