Malware that hijacks clipboard monitoring over 2.3 million bitcoin addresses


Bleeping Computer today revealed that they discovered a type of “clipboard hijacker” malware that monitors over 2.3 million bitcoin addresses.

A clipboard hijacker malware works by tricking users by switching the bitcoin address from their clipboard to another address that the attacker control. Since bitcoin addresses are long and hard to remember, this method works easily for hackers since users simply copy paste addresses from one application to another when sending cryptocoins.

The malware reportedly comes as a part of the All-Radio 4.27 Portable malware affecting Windows computers and monitors the Windows clipboard for a bitcoin address. Unless the user double-checks the address after pasting it, the bitcoin will go to the attackers’ address.

“While we have covered cryptocurrency clipboard hijackers in the past and they are not new, most of the previous samples monitored for 400-600 thousand cryptocurrency addresses,” their report on the malware read. They also posted a video showing how the malware works: 


Bitcoin users are advised to always double-check the address before making a transaction and to have a trusted antivirus program installed on their device.


Japan Cryptocurrency Exchange Coincheck starts refunds for $530m hack

The cryptocurrency exchange that fell to a hack of about $534 million in January this year has now started reimbursing the affected customers that lost fund in the hack.

In its blog post, Coincheck said that it will refund users as per its original compensation plan at the rate of 88.549JPY ($0.83) per NEM stolen and that to qualify for reparations, users must have held that amount of NEM on their platform at 23:59:59 JST on 26 January, 2018.

The total amount reimbursed will equal to about $420 million.

After the hack, Coincheck had imposed restrictions on trading and withdrawal of some cryptocurrencies on the exchange. The company is now going to lift some of these restrictions to allow for withdrawals and sales, according to another blog post.

It also said that it is working on evaluating the risks associated with each currency and will “confirm the technical security of our systems regarding these currencies in order to resume normal operations.”

The exchange also plans to resume deposits and purchases of all currencies, and open for new registrations once security and management systems have been updated.

“Once again, we would like to apologize for the inconveniences that the illicit transfer of NEM from out platform and the resulting suspension in services has caused our customers and anyone else affected by this incident. Thank you for your patience,” the company said in its blog post.

Hacker Infiltrates the Company's IT Network; Businesses affected suffered an estimated $1.5 Million damages.






A 37-year-old man from Edmonton is facing fraud and extortion charges against him after a local business network was allegedly hacked by him.

The police said in a release that they had received a report over the alleged hacking of their IT infrastructure in July 2017. And believe that the suspect infiltrated the company’s IT Network and quite successfully took control over their email and smartphone servers and demanded payment in bitcoins in order to keep any further harm to the business.

 The EPS Cyber Crime Investigations Unit investigated the case further and managed to identify the alleged suspect successfully.

 The police postulate that the same man is responsible for hacking the networks of no less than four other Edmonton-based companies.

 “Once the networks were accessed, the suspect targeted financial data, including online store accounts and email accounts, from the companies as well as the employees.” Says, Const. Phil Hawkins.

Including moreover, he clarified that the type of intrusion that occurred in this case, which resulted in a momentous loss to the business, including the time and resources has affected the business in such a way that it suffered an estimated $1.5 million in combined damages.


The 37-year-old Jeffrey Johnston, therefore, is charged with 18 criminal offences including, three counts each dealing with mischief in relation to computer data, two each of fraudulently obtaining computer service, along with mischief related to data and unauthorized use of computer services and not to mention single counts of theft over $5,000.

Leaked US Army Cyber Protection Brigade Memorandum appears to show Privacy Solutions compromised




The picture being referred to is a leaked picture of a memorandum on image board 4chan, complete with Department of Defence letterhead, seeming, by all accounts, to be from the United States Army’s Cyber Protection Brigade.

The posted picture displays an official document brought up on a terminal screen, on one side of which is a Common Access Card or CAC, complete with picture, conventional of a Department of Defence employee. It seems, by all accounts, to be a legitimate one, however it reeks of incredulity and skepticism. Be that as it may, it's as yet not clear with respect to why somebody would want this data leaked.

However another sensible theory can be that, there might be some sort of involvement of the cryptocommunity. Nevertheless an extraordinary method to constrain utilization of privacy solutions is to convey into the environment rumours about their being anything but, a sort of scheming way of spreading trepidation, uncertainty and doubt.

 “The success we have had with Tor, I2P, and VPN, cannot be replicated with those currencies that do not rely on nodes. There is a growing trend in the employment of Stealth addresses and ring signatures that will require additional R&D.” reads the document.

the memo's first line uncovers a unit required with the National Security Administration (NSA) and Cyber Protection Team (CPT) encouraging all the more financing for "new contracts and extra subsidizing to meet GWOT and drug interdiction targets aimed in July's Command update brief," Global War On Terror (GWOT) being a go-to pretext for about two decades of obtrusive military and law enforcement action.

“In order to put the CPT back on track, we need to identify and employ additional personnel who are familiar with the Crypto Note code available for use in anonymous currencies,” the memo stressed.
Crypto Note which is likewise the application layer for privacy tokens, for example, Bytecoin (BCN), Monero (XMR), utilizes a memory bound function which is hard to pipeline, that the pertinent agencies entrusted with monitoring and tracking internet solutions, and now coins, needs outside help with Crypto Note may say a lot about where the different government divisions are in terms of their security keenness.

The picture was distributed among Steemit, Veekly, and even Warosu exactly five months back, yet outlets, for example, Deep Dot Web may claim to have broken news. The document but is as yet worth dissecting, assuming its legitimacy.


As far as concerns its, Deep Dot Web claims to have contacted "a Monero developer, who spoke on state of obscurity," and the dev "said that the vast majority of the Monero engineers who have seen the leak trust it to be true. A few sources who were some time ago in the Armed force have additionally said they trust the report to be genuine." Offering ascend to the way that the contents of the document do give off an impression of being totally conceivable.

Japan cryptocurrency exchange to refund stolen assets worth $400m

Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

Over 260,000 are reported to have been affected by the hack.

According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

Unknown Hackers demand Ransom in Bitcoin

Recently the news came out of a ransomware attack in Old Delhi after three of the hacked victims came forward to uncover more about the attack. The victims i.e. the traders were demanded ransom in Bitcoin from the unknown hackers.

Although it is believed that the hackers are supposedly from either Nigeria or Pakistan, they were responsible for encrypting files on the computers of the businessmen which comprised of key records. The hackers at that point, as indicated by the police coerced the victims, gave them the links to purchase bitcoins through which they needed to make payments for the release of critical documents.

 “Some traders paid in Bitcoins and got their data back. Some deposited the money from abroad. When my data was hacked, I spoke to fellow traders and learnt that there were other such cases. I wrote to the hackers and they agreed to decrypt the files for $1,750 (around Rs 1.11 lakh),” Mohan Goyal, one of the victims was quoted saying in the report.

According to reports, the hacked traders found the message that said there was a 'security issue' in the system displayed on their computers. The traders were then given case numbers and email addresses for correspondence. They were then at first offered decryption of five of their documents and files for free by the hackers, who later demanded the payment of ransom for the rest of the records.

While one of the IP address utilized by hackers was purportedly traced back to a system in Germany, but the fingers remain pointed towards hackers from Nigeria and Pakistan.

Experts say that for making it difficult to trace the money, getting the money in bitcoin works for the hackers. The Delhi crime branch which registered the FIR has already sent the hard disks of the complainants for further forensic tests. As of not long ago, three complaints already have been registered by the police and it is believed that the number of victims could be much higher.

Ripple passes Ethereum to become World’s Second-Largest Cryptocurrency

Ripple has overtaken Ethereum as world’s second-largest cryptocurrency. Its XRP token climbed more than 50% on Saturday.

In just 24 hours, Ripple rose to as much as $2.20.

Ripple has had one of the biggest growth amongst digital tokens this year, going from less than a cent ($0.006523) in January, to $2.24 on Saturday, which represents a surge of almost 350 times in value.

This could be because of the increase in interest by speculators, as is the case of most cryptocurrencies, but various experts claim that Ripple is worth looking into.

The advantage of ripple, according to its backers, is that it is not just a cryptocurrency but is also used as a digital protocol that acts as a bridge to other currencies and doesn’t discriminate against peers, whether they are using digital money, fiat currencies, or even mobile minutes.

Unlike bitcoin and other cryptocurrencies, Ripple follows a centralised system and its owners are known.

The descend of SEBI on illicit coin offers

Everyone's eyes are presently on SEBI which has descended vigorously on unlawful 'initial coin offers' seeking for public or open ventures with a guarantee of significant yields from Bitcoins and other virtual monetary forms ,without any regulatory regime. Be that as it may, Sebi also isn't quick to take on the mantle of an administrative for such 'trading', as the underlying product, which is Bitcoin or any other such cryptographic currency, that isn't an approved product by RBI or some other agency.

In the meantime, it also cannot allow naïve financial specialists to be taken for a ride with unlawful guarantees by these trades and those asserting to be 'mint' digital forms of money. As of now a number of them are suspected to be indulging in false exercises.

These days a great deal of 'coin offerings' being made in India are nothing but fake shell games or fraudulent business models, which together sooner or later give auxiliary purchasing and offering in bitcoins or the other distinctively established digital currencies.

As of late the RBI had made open its dissatisfaction for every such currencies, having said that it has not affirmed any of them, at the same time the tax authorities have consistently been leading inquiries at different trades and have believed to have gathered data on huge measures of sections also including those of HNI's who could have traded there.

The regulators and the government agencies are too in a condition of problem as forcing an assessment would add up to giving a lawful status to such monetary forms, for which any agreement remains subtle given the colossal dangers, including money laundering and terrorist financing , attached with such exercises.

However, what has left the regulators flummoxed is a gravity-defying bitcoin rally to over Rs 10 lakhs for each unit, sprinkled with 'stories' of individuals making crores from thousands.

The RBI has, then again, kept issuing notices since 2013, from the time when the surge in bitcoins caught the attention of Indians. Yet the dangers have multiplied many now, in the wake of a huge spurt in the valuation of numerous such virtual currencies with a rapid development in the Initial Coin Offerings (ICOs).

Although a few entities have started falling back on ICOs to raise funds from investors, including HNI's and other individuals, who are getting lured into assertions of huge returns from bitcoins and other such variations, clearly getting fabricated in the digital world yet in addition reaching out to this present reality.


Larceny of $70 million from the largest crypto-mining marketplace

The notice announcing "service unavailable" as well as an official press release was displayed on the website of the Slovenian digital currency mining firm NiceHash, which it said endured a hack of its Bitcoin wallet on the seventh of December.

 In a video update that streamed live on Facebook, the CEO and co-founder Marko Kobal provided an update to a rather startling declaration that the organization, established in 2014, had been subjected to a hack and ensuing theft which additionally compromised its payment system also.

 The news was accompanied by the increasing reports of vacant wallets as well as an additionally expanded downtime period for the service's website; every one of the operations for the website in question has been halted for the following 24 hours.

As per Kobal, the attack began in the early hours of December 6 after a worker's PC had been compromised , he further added that their team is working with law enforcement and clarified that " we're still conducting a forensic analysis” to determine how it all happened and to discover the exact amount of bitcoin that was stolen.

Kobal went ahead to state that he couldn't give extra points of interest, however, he added that the attack seems, by all accounts, to be “an incredibly coordinated and highly sophisticated one.”

However the Wall Street Journal reported that, Andrej P. Škraba, the head of the marketing at NiceHash, affirmed to the outlet that roughly 4,700 bitcoins, worth up to $70 million disappeared from NiceHash's bitcoin wallet, Škraba also told the Journal that he too like Kobal trusted that "it was a professional attack", but would not give any more information on the matter, taking note of that the further improvements would be released at a later date.

NiceHash, which exhorted its clients to change their online passwords after it stopped operations on Wednesday, has given a couple of other insights about the attack on its payment system also.

"We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service", it said on its website.

The Slovenian police said that were investigating the hack, but however, declined to further comment.

Suspected Criminal Mastermind detained for laundering money through Bitcoin



In Greece, Russian citizen Alexander Vinnik was detained. It is assumed that 38 year-old-man since 2011 is used Crypto Currency to launder more than 4 billion dollars.

Greek police said that Russian man is a head of a criminal group. It is alleged that Vinnik is one of the owners of the BTC-e.  BTC-e is one of the largest crypto currency exchanges in the world, based in Bulgaria, and its server is located in the Seychelles - It is also said that this is criminals favorite platform.

"He is also charged with identity theft, promotion of drug trafficking, and assistance in laundering proceeds from criminal activities for syndicates from around the world." the local report quotes the head of the crime investigation department at the US Internal Revenue Service.

U.S. authorities are sure that some part of money is money obtained as a result of a cyber attack on the Japanese digital currency exchange Mt.Gox, which is now closed.

Vinnik was detained in Greece on 25 July at the request of the American authorities. On set of charges to he faces up to 25 years in prison.

- Christina



Hacker surrenders, after Roger Ver puts $20,000 bounty on the Hacker


Be Careful who you are messing with, An attacker realized he picked a wrong victim when the victim decided to spend $20,000 to find him.

Roger Ver, the man known as "Bitcoin Jesus, who is the Angel investor in lots of Bitcoin startups, announced a 37.6BTC reward(about $20k) for information that leads to the arrest of the hacker who hijacked his Hotmail account and threatened to ruin his life.

It all started when the hacker managed to hijack an old Hotmail account of Roger by answering the security questions.

According to reddit, the attacker used the hotmail account to gain access to Roger's old facebook account and one of his domain accounts at register.com.  The attacker also attempts to hack his primary email account and domain name. 

The attacker using the screen name 'savaged' contacted Roger via Skype and demanded "37.63289114 BTC"

"I think we both know this won't be pleasent and let's be honest there is nothing you can do to have me caught, I've been around too long" The attacker said.

"Let's be honest I will sell [SSN REDACTED] + your information to fraudsters that will credit f*** you then get your moms social and credit f*** her too and ruin both your lives"

The hacker also claimed he is the one who hacked @UberFacts twitter account which has 6.7 M followers.

A Bounty on the Hacker:
But, Roger decided to follow a technique used in the movie called 'Ransom': Rather than giving the money to criminals, he posted he was putting a bounty on the hacker instead.



When the attacker learned of the bounty on his head, he got scared and deleted Roger's hotmail and gave the password for all other accounts and ran away.

"I just need to raise funds for my mother, but since you aren't going to help, all your passwords are: Nigger55" The person on the end of skype said.

"Goodbye, Sir, I am sincerely sorry I am just a middleman I was being told what to tell you."

Roger said in his tweets the things are back to control and not a single Bitcoin was stolen. 

Reserve Bank of India warns public against use of Virtual Currency Bitcoin


The Reserve Bank of India(RBI) has issued a warning against the use of Virtual currencies such as controversial Bitcoin saying that they poses a potential financial, legal and security related risks.

RBI warned in its press release that creating, trading or using any of virtual currencies including Bitcoin, Litecoins, bbqcoins, dogecoins are not authorized by any central bank or monetary authority.

RBI said since the virtual currencies are stored in digital form(electronic wallets), they are prone to losses arising out of hacking, loss of password, compromise of access credentials, malware attack.

The warning comes few days after Chinese government banned the use of Bitcoin in their countries Banks, pointing out the risks of using Virtual Currency.

Earlier this month, the French Central Bank also issued a warning about the Bitcoin transaction. 

US Charges three more in Silk Road Online black market case


US authorities have charged three more people in connection with the operation of Silk Road, the online black market for illicit goods such as drugs, illegal guns and more.

24-year-old a Virginia resident 'Andrew Michael Jones', 25-year-old Irish 'Gary Davis', 40-year-old 'Peter Phillip Nash' from Australia, were charged in a federal indictment unsealed today in New york.

The three men are charged with money laundering, conspiracy to engage in narcotics trafficking and computer hacking, according Reuters.

Jones & Davis is reportedly worked as site admin of Silk Road while Nash worked as primary moderator on their website discussion forums.

The charges followed the arrest in October of Ross Ulbricht, who is allegedly known as "Dread Pirate Roberts" and reportedly the founder of Silk Road. Ulbricht gave the employees a salary ranging from $50,000 to $75,000 a year.

Chinese Vendors no longer accepting Bitcoins as currency

We aware that Chinese Government restricts Banks from doing Bitcoin transactions.  As a result of this, Chinese vendors that previously accepted bitcoins as currency also stopped doing the Bitcoin transactions.

Baidu, Chinese Biggest Search engine, that had started accepting the virtual currency on October 14 for their website-hosting service, also stopped accepting Bitcoins.

Chinese local smartphone and Smartwatch vendor Geak which claimed to be the first China's commercial company allow bitcoin transaction said it would cease accepting bitcoin, PCWorld reports.

And a Chinese grocery store said they also stopped accepting bitcoin.



Highly Unstable Virtual Currency "Bitcoins


Bitcoins are highly Unstable, the Price keeps going up to $1100 and then it crashes back one nite to $700 and again climbs to $1100, then again drops with negative news. Looks like buying has been more of speculative nature.

Is it worth mining:

Depends on what price you get the miners. Most of people who are benefitting are people who are talented to make the miners(and sell hashfast.com, BFL labs(butterfly labs).

The bulls are brilliant as they know what to do with the money they make. They rotate it, sell it on ebay/paypal or buy from one exchange and sell on other exchange which gives them more return. they resort to trading to improve the money.

There is a pump and dump scam going on, which leads them to pump it falsely and then dump.

In long run the above methods removes the trust on bitcoin and eventually the bitcoins will crash. Computer programmers/hackers/technologist should protect the bitcoin and not go greedy about it.

We evaluated some of the mining:

a. cloudhasing.com - Cloud mining for bitcoins. contracts are so costly like 1 Ths cost around $20,000 (for a one month pre-order booking). Now when we computed the amount of money you make at current exchange rate. First month you make good money like $10,000 as the difficulty increases(around 15% every month) the amount of machine you need is close to 20% every month to make the same money.

cloud providers also take management fee, contract payment fee, electricity - Cooling. So eventually you make only 50% of actual BTC which is made. So it actually takes around 5 months to recover your investment with all exchange rate, mining difficulty(maintained at 15% per month). If exchange rate for Bitcoin does not increase regularly then its not worth. After china talked about bitcoin , bitcoin has crashed with not much buyers. If there is negative news from india, US...most of bitcoin exchange rate would fall and there would be no takers.

Cloud mining companies out of greed are retaining the bitcoin (they earn from buy orders) and they will go backrupt eventually. One of the provider takes money 4 months in advance for cloud minning of BTC. by the time the contract comes its not worth.

b. Grouphashing(announced) contracts for mining litecoin. It is not worth. You spend 1Mhs - 1.2BTC for a year contract which is close to $800 in todays rate. Takes you 50 Litecoin in today exchange rate to buy. You may make 0.4 litecoin a day.

c. CEX.io is too costly and not worth the returns.

d. Miners like KNC - 3 Ths are better bet if they deliver on time after 3 months.

Bitcoin is a gambling. if Exchange rate constantly goes up, Mining difficulty increases drastic because every one wants to get into it. If exchange rate for BTC falls, mining difficulty decreases. The net money you make as investor is not really worth after all the pain.

The exchanges in india like BuysellBTC closes half the days. when you want to sell(price is high-they are shutdown) because they dont want to pay you. when its BTC rate is low, they close down because they dont want to sell you at low rate :) . So even if you make profit you wont get in hand.

Citadel Malware targets Bitcoin users, takes screenshots of browsers


Virtual currency Bitcoin become the most hot topic in the Internet after its value recently reached unbelievable level.

We recently aware that cyber criminals breached Bitcoin related websites to steal the Bitcoins.  There are also malware that will install Bitcoin Miner in victim's machine(eg: ZeroAccess).

Trusteer’s Security team have come across a new variant of Citadel malware which targets Bitcoin users capable of capturing screenshots of victim's browser whenever they visit Bitcoin related websites.

It also targets other virtual currency related websites such as Yandex money(money-yandex.ru), Webmoney.ru, QIWI.ru, Perfect Money(perfectmoney.com).

Bitcoin falls after China restrict Banks from using Bitcoin as currency

Earlier today, Chinese government banned the country's Banks from using the virtual currency 'Bitcoin', warning that it could be used for illegal activities.

After China banned Banks from using Bitcoin in transactions, the Bitcoin prices fell from $US1,240 to around $1,079.

The government pointed out the list of risks using the virtual currency that has 'no price limit', 'higher risk of money laundering' and the risk of being exploited for criminal activities such as drugs and guns.

Considering the risks of using Bitcoins, the China Government concluded the bitcoin could not meet the requirements to be used in Bank transactions.

The public is free to use the Bitcoin in their online transactions if they ready to take care of the risks.

Hackers steal $1 million from Australian bitcoin bank website

 

An Australian entrepreneur who is running the Bitcoin bank website has claimed hackers stole more than $1 million of virtual currency bitcoin from his website(Inputs.io).

The security breach reportedly took place on both October 23 and October 26, hackers managed to steal 4,100 bitcoins worth more than $1 million, according to service’s operator only known as "Tradefortress".

In an email interview with Fairfax media, TradeFortress said he would try to refund some of the money using more than 1,000 bitcoins he personally owned.

He said he won't be reporting the incident to law enforcement because there were "extremely limited actions" it could undertake considering the currency can't be easily traced, According to the Sydney Morning Herald report.

A spokesperson for the Australian Federal Police told Daily Mail that a theft of bitcoins has never been investigated but if it was reported to officers then police would investigate it like any other theft.