Browsing Tag

hack

security,

Top 5 Cryptocurrency Scams And How To Avoid Them

As we approach the end of the year, it is time to summarize the past 12 months. But as you know we eat and breathe security and our summary is more like a short guide on fraudsters’ favorite tactics and how to avoid them. As if the bear market was not enough, the cryptocurrency community had to withstand the rise of crypto-related scams. Unfortunately, there isn’t a sole thing that can guarantee you a 100% protection. But the good news is that by investing a couple of minutes (and some brain cells) a day, you can stay afloat the swindle ocean.

So without further ado, here’s the list of cryptocurrency scams that rose to prominence in 2018.

Straightforward hacking

There is nothing fancy about it except the fact that the evilest and powerful hacking entity is Lazarus. In case you’ve missed the news, Lazarus is the brainchild of the North Korean regime. Yeah, that’s right, the commies have their own hacking entity, which is believed to be behind the infamous Coincheck hack.

Kaspersky Labs has been closely following Lazarus over the years and has warned that it is already building a brand new malicious software aimed to take on Linux. The cybersecurity company states:

“It would seem that in the chase after advanced users, software developers from supply chains and some high-profile targets, threat actors are forced to develop Mac OS malware tools. The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms.”

Lazarus has become notorious for penetrating Windows and Mac systems, fintech companies, exchanges, and whatever comes to your mind. Since the group is not kidding we believe that the smartest thing to do is to refrain from using online wallets. It would be much better to go for a hardware wallet instead. If you are not sure why, check our cryptocurrency wallet guide.

Bitcoin blackmailing

While blackmailing is a classic move, it wasn’t until that summer that it became a thing in the crypto world. Here is how it goes. You open your email and there is suddenly someone telling you they know your password (which they do) and have photos of you doing your thing while watching those nasty movies (which is most likely a false claim). The bad actors tell you that if you don’t pay a certain amount of Bitcoin, they will send all of your “Oh” photos to your contacts.

But don’t panic. While the baddies might indeed have some of your passwords it doesn’t mean that they know something about you, neither do they have any photos. These are just randomly sent emails, which rely on recipients fears. For your own safety, it is better to change passwords and cover your laptop camera. However, you can always check how the culprits got your password using this search engine.

Did I fail to mention not to pay the ransom? Well, don’t! Those fuckers don’t deserve a penny. Do not respond to their email either.

Botnets

These are designed to spread malware all over the internet and infect websites, computers, servers, etc. Once the baddies infect their targets, they can control them directly all pull all sorts of nasty tricks. Luckily, the cybercriminals are often using them for cryptojacking purposes, which you can easily block by using the right browser extensions.

In worse case scenarios, you might be tricked into downloading malicious files. Despite that, a top-notch antivirus should be able to handle the situation.

Social engineering

Some culprits prefer to do it the old-school way. Unfortunately, social engineering and phishing still work surprisingly well. According to Kaspersky, over 100,000 malicious pages have been used to redirect traffic to authorization pages of renowned exchanges like Bittrex, Binance, and Kraken. Of course, these are just copycats aiming to steal your credentials. And even EtherDelta users ate some phish (pun badly intended) earlier this year.

Kaspersky elaborates:

“Scammers also try to use the speculation around cryptocurrencies to trick people who don’t have a wallet: they lure them to fake crypto wallet sites, promising registration bonuses, including cryptocurrency. In some cases, they harvest personal data and redirect the victim to a legitimate site. In others, they open a real wallet for the victim, which is compromised from the outset.”

Sadly, the only way to protect yourself from phishing and social engineering is to be extra cautious when typing private seeds and passwords. Plus, it is advisable to enable two-factor authentication (a.k.a. 2FA) just in case.

Fake wallets

Google Play and Apple’s AppStore are plagued with copycats of legitimate cryptocurrency wallets. Always pay extra attention to tiny details such as publisher, publishing date, number of downloads, etc. In addition, do your research before installing a mobile wallet and double-check its rating and reviews. And as always, please don’t go for wallets that offer you some free tokens upon registration, you’ll thank me later.

 

Exchanges,

Mintpal Hack Took Place Exactly 4 Years Ago

Those of you who have been around in the crypto thing probably remember that exactly four years ago, we witnessed one of the most notorious hacks in the history of digital assets.

Back in 2014, there was an exchange called Mintpal and to say that it had a rough year would be a major understatement. First, it came to life in February and according to statements from its developing team it had two major goals in mind – ultra fast support and the best UX possible. Every month Mintpal added new assets, the most popular among them. These tactics proved to be working pretty well since at one point it was one of the most well-known exchanges offering altcoins.

However, on July 13 someone conducted an attack at a Vericoin wallet and successfully ran away with 8,000,000 Vericoin tokens. Back then that was worth $2 million and the number of tokens stolen was roughly 30% of the circulating supply. What’s the moral of the story? If you keep your tokens in a hot wallet (like Mintpal did) you are an easy target.

The culprits tried to drain Bitcoin and Litecoin wallets as well but this time Mintpal was clever enough to store its Litecoin and Bitcoin supplies in cold wallets. If you are new to cryptocurrency and you are not familiar with the types of cryptocurrency wallets, refer to our Ultimate Guide to Cryptocurrency Wallets.

At around the same time, Alex Green’s Moolah (officially known as Moopay LTD.) acquired Mintpal. The idea was Mintpal to act the main altcoin exchange for Green’s then operating platform. Unfortunately, Mintpal just was born with a bad luck. In late October, the exchange suffered another attack and as a result, 3,700 Bitcoins vanished out of thin air.

Surprisingly, the community later revealed that it was actually Alex Green, the CEO of Moolah, who staged the whole thing. At that time, the stolen Bitcoins were worth $1,500,000. Thankfully, three years later, in 2017 the authorities launched a criminal investigation, which is still going.

What’s the moral of the story? You cannot trust an exchange but you can trust a cold wallet. In fact, this is more relevant than ever since in 2018 the cybercriminals have stolen $833 million worth of crypto. Get your Trezor, KeepKey, or Ledger now and show them the finger!

 

security,

Crypto Thefts In Japan Triple In H1 2018

According to the Japanese media The Asahi Shimbun, the number of cryptocurrency thefts has tripled over the first half of 2018. Japan is one of the leading crypto markets but it looks like it has a hard time keeping cybercriminals away. The National Police Agency (NPA) reports that compared to the same period last year, the number of hacks has grown immensely.

In 2017, the authorities have registered less than 60 cases, while this year they are 158 and counting. Unsurprisingly, Bitcoin leads the race. The number one cryptocurrency seems to be the most targeted  as it was the prime subject of the attacks 94 times. Bitcoin thefts amount to 860 million yen stolen. Second comes Ripple’s XRP, which was targeted 42 times. The bad guys have snatched 1.52 billion yen worth of XRP in the first six months of the year. Surprisingly, Ethereum was the prime target in just 14 cases, which however result in 60 million yen losses.

Of course, tens of altcoins have been compromised as well. NEM (XEM) for example made the news during the infamous Coincheck hack.

“More than 60 percent of all cases, or 102 incidents, involved individuals who used the same ID and password for their e-mail account and other Internet services, such as online shopping, for cryptocurrency dealings,” read the police report.

In total, the Japanese market has lost over 60.50 billion yen (roughly $540 million) in the first half of 2018. In contrast, for the same period last year, the cyber thieves have stolen a mere $5.5 million. We should note, however, that since the Coincheck wrongdoing the officials introduced stricter regulations. The NPA is monitoring whether exchanges comply with KYC and AML policies, while the Financial Services Agency has investigated many of the domestic exchanges.

Though in general, the number of crypto thefts declined after March, the culprits still managed to steal $60 million from Zaif earlier this week.

 

Exchanges, security,

Korean Exchange Bithumb Lost Over $30 Million During A Hack

You know there is something wrong when a whole week passes by without a trouble. Needless to say, the cryptocurrency community has never experienced such thing. Just days after the Coinrail hack, hackers crushed their next victim.

On Tuesday an unknown group of hackers managed to breach the security of Bithumb. The Korean exchange was the sixth-largest cryptocurrency marketplace in terms of trading volumes. Unfortunately, it joins a long queue of exchanges that got hacked this year. The company reported about the stunt on its official website.

As of the statement, over $30 million worth of digital currencies has been stolen. As a security measure, the exchange has blocked all deposits, transactions, and withdrawals. Another smart move by Bithumb was the removal of all remaining funds into cold wallets. After all, the exchange staff should have done that a long time ago.

Anyways, the exchange promises to refund all the victims from its own vaults in case the stolen funds cannot be traced and returned to the exchange.

Why Bithumb?

If you closely investigate trading data on CoinMarketCap you may notice that when the attack took place, Bithumb accounted for 10% of the world’s XRP trading volume. This makes us think that the prime target of the attackers was Ripple’s in-house token. However, this is yet to be confirmed.

On June 16 Bithumb team did a security enhancement operation. The exchange explained back then:

“Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system.”

Furthermore, Bithumb started relocating user funds into hardware wallets. Having said that, we believe that the recent fiasco is just a successful attempt after a long series of failed ones. It looks like, the exchange staff started to figure out what is going on but it was too late.

So far, we don’t know how exactly the hackers managed to sneak past security layers but it’s obvious that they had found vulnerabilities long time ago.

Stay tuned for more and don’t forget to store your funds in hardware wallets.

Exchanges, security,

Hackers Snatched $40 Million Worth Of Altcoins From Coinrail

Well, it happened again. We have another cryptocurrency exchange that just got hacked. The South Korea-based Coinrail fell victim to an unknown group of hackers who did away with roughly $40 million worth of altcoins.

What exactly happened?

In the 24 hours prior to the attack, Coinrail’s trading volume accounted for $2.48 million. According to CoinMarketCap, it was enough to take the exchange to the top 100 list. Just after the attack took place, the exchange was quick to notify its customers about the breach via Twitter:

coinrail

As of writing, the official website is unavailable. Not surprising, having in mind the hacker have snatched nearly 30% of its token supply. They have stolen altcoins most of which based on Ethereum. Coinrail claims it may refund 20% of the theft thanks to the support of other exchanges, which can halt transactions during the investigation but it cannot guarantee for the remaining 10%. The thieves ran away with $20 million worth of NXPS, which is 3% percent of its market cap. Other coins that took heavy blows were Aston X, Dent, TRON, NPER, Kyber Network, Jibrel Network, Storm, and B2BX.

What’s next?

All Pundi X (NXPS) tokens were relocated to IDEX (decentralized exchange), while all others ended up in EtherDelta. Luckily, IDEX has agreed to freeze all transactions involving NXPS tokens. Investigations have already begun and the Korean Internet & Security Agency is also taking part as per the local media Korea Herald.

Unfortunately, Coinrail is not the first and it won’t be the last exchange that gets hacked. Earlier this year, the Japanese Coincheck lost a staggering $420 million, Coinsecure joins the list with $3.5 million, while BitGrail said goodbye to roughly $150 million if not more. According to certain sources, thieves have already stolen more than $1 billion worth of crypto this year.

Hacker’s attacks have been around since the arrival of the internet and nothing can prevent them. However, you can protect your coins just by storing them in a hardware wallet. And the better cold wallets out there are Trezor, KeepKey, and Ledger.

 

Exchanges, security,

Taylor Got Hacked, Over A Million Worth Of Ether Is Lost

The more cryptocurrencies grow in popularity, the more their value increases. This, in turn, attracts even more people into the ever-growing world of crypto finance. However, a great part of the newcomers are non-tech individuals who don’t necessarily understand the market.

For traders like them, there are various applications that are supposed to make their lives easier. Though relying on third-party solutions is a bad idea, especially when it comes to your funds. Yet, many prefer to “trade” via automated platforms, thus relegating their finances to others. This requires trust, and in the case of Taylor that trust was unjustified. Here’s why – when developers decide to cash in on the crypto trend they create cryptocurrency platforms. Unfortunately, even if they come up with a useful solution they often underestimate security.

What I’m trying to say is, the more popular a crypto app, the more money it proceeds. Hackers know that and once they are sure they can deliver a proper attack they strike. And boy, this time they ran away with 2.578 Ether from Taylor. By today’s prices, this is close to $1.5 million. Additionally, all TAY wallets were drained, including team and bounty pools. Interestingly the founder of Taylor and his advisors have their funds as prior to the attack. There is a reason for that however, they were locked in a contract.

Why, Why, Why?

In a post, the company hints that the probable perpetrator is the same group that conducted the CypheriumChain attack. The company also states that IDEX has delisted TAY tokens until there are more details available. Even worse, Taylor admits that they will be unable to refund the lost funds. So if you had some tokens there, the chances are you will never see them again in any form.

Unfortunately, there are still many inexperienced traders who rely on third-parties to take care of their funds. These days even little kids know that leaving your tokens in an online exchange is a very bad idea. Especially when there are super secure crypto wallets like Ledger, Trezor, and KeepKey.