Search This Blog

Showing posts with label cryptocurrency. Show all posts

As Crypto Exchange Attacks Surge Users Must Protect Their Crypto Wallets

As cryptocurrency goes from being an academic concept to becoming a type of transaction that has the potential to significantly reduce cyber fraud, cryptocurrency crimes have seen a likewise rise with cybercriminals targeting cryptocurrency exchanges and crypto-wallets. 

Despite the global pandemic wreaking havoc on economies, cryptocurrency has continued to grow, leading to a rise in the number of crypto exchanges worldwide. Subsequently, several top crypto companies in the Bay area were seen investing in Indian exchanges as well. 

While cryptocurrencies are particularly secure, crypto exchanges are susceptible to a number of vulnerabilities as they remain largely unregulated. It has resulted in exchanges being hacked every year in large numbers. The sudden surge in the popularity of cryptocurrency has meant investments by many amateur investors who didn't take time to fully understand how the crypto scene works. The lack of knowledge has been rampantly exploited by threat actors who saw it as a chance to scam and exploit crypto space. 

Throughout 2020, attacks linked to Blockchain alone accounted for nearly a third of all time attacks targeted at blockchain. Reportedly, the total monetary losses in a total of 122 attacks were almost $3.78 billion. Ethereum (ETH) DApps were the most often targeted – costing users nearly $436.36 million in 2020 alone. There were 47 successful attacks aimed at decentralized applications based on the Ethereum smart contract. 

New-Zealand-based, Cryptopia exchange was breached in 2019 as hackers managed to siphon $11 million worth of funds from the exchange. Following the security breach, the exchange went dark citing an announcement that read: “We are experiencing an unscheduled maintenance, we are working to resume the services as soon as possible. We will keep you updated.” 

Altsbit, an Italian crypto exchange, lost $70,000 in a hack within a few months of being around. The exchange announced that it will refund the affected users and will terminate its services in May 2020. “We will refund whatever we are holding on cold storage to users and then the platform will close down, ” the company stated in an email to Cointelegraph. Though it remained unclear how the hackers pulled off the attack, reports stated that the cybercrime group 'Lulzsec' was behind the hack. 

UPbit, a popular South Korean cryptocurrency exchange lost approximately $45 million (342,000 ETH) in a 2019 crypto theft. It went on to become the seventh-largest crypto exchange hack of the year. 

Liquid Global, a Japanese crypto exchange reported suffering a massive hacking incident, which resulted in the loss of digital assets worth $97 million. It included Bitcoin, Ethereum, XRP, and stablecoins. Liquid claimed that the attacker targeted a Multi-Party Computation wallet (an advanced cryptographic technique). 

In order to stay ahead of the crypto hackers, a few ways to secure your cryptocurrency are: ensuring the security of the Internet, using a cold wallet, changing passwords at regular periods, maintaining multiple wallets, staying wary of phishing attacks, and securing your personal device.

Cryptocurrency Exchange Bilaxy Under Attack, Hacker Stole ERC20 Wallet Tokens


On Sunday 29th of August, the Hong Kong-based cryptocurrency exchange Bilaxy was the subject of a breach that infiltrated a hot wallet on its system, resulting in the transaction of 295 ERC-20 tokens valued over $21 million to a single wallet. Bilaxy was founded in 2018 and is licensed in the Republic of Seychelles. 

According to, the Bilaxy hack is indeed the 20th DeFi incident that took place this month. Bilaxy confirmed this incident via its Telegram channel articulating that the cryptocurrency exchange was hacked on Saturday between 6 and 7 p.m. UTC, leading to the transfer of 295 distinct ERC-20 tokens. 

The message reads as, "Dear Users, Sorry for the waiting. We just completed a series of emergency work to avoid further loss and would like to update you as below at our first available time. Bilaxy ERC20 hot wallet (0xCCE8D59AFFdd93be338FC77FA0A298C2CB65Da59) suffered a serious hack between 18:00 and 19:00, Aug.28(UTC), about 295 ERC20 tokens were hacked and transferred by the hacker.” 

HOGE, one of the many tokens offered on Bilaxy, tweeted that the attacker had moved all of its cryptocurrencies on Bilaxy to that wallet, making the cost of HOGE decrease by 35%. Bilaxy later placed all non-stolen tokens to a so-called cold wallet, ensuring that they could not be hacked, then shut down the server under the name of system maintenance. 

Bilaxy has halted transactions on its site, and customers have already been advised to not put tokens for trade into the exchange for the time being. The site will be offline for at least 2 weeks as it analyzes the hack and renovates the system architecture, whereas a professional team examines and attempts to retrieve the stolen ERC-20 tokens. 

The dollar worth of the funds acquired by the hacker has not been disclosed by Bilaxy. However, according to unsubstantiated allegations, the exchange may have lost up to $450 million. 

Hoge Finance also updates that, the attack included a hack and the transfer of approximately 300 cryptocurrencies, notably Tether (USDT), USD Coin (USDC), Uniswap (UNI), and many others. Hoge Finance stated that virtually all of Bilaxy's 1 billion HOGE tokens ($141,000) have been transferred to some other wallet out of an estimated total of $22 million taken from the platform. 

The announcement for the hack comes as the Liquid exchange tries to recover from a nearly $100 million breach that occurred in mid-August. Liquid restored withdrawals and deposits for many tokens on Sunday, including ERC-20 and Stellar-based USDC, Dai, and GYEN.

Supply Chain Attacks Using Container Images


According to cybersecurity firm Aqua Security, a recently discovered crypto mining technique used malicious Docker images to takeover companies' computing resources to mine bitcoin.  

The photos were published to Docker Hub's official repository. The researchers discovered five Docker Hub container images that could be utilised in a supply chain attack against cloud-native systems. Developers use Docker, a prominent platform-as-a-service container provider for Linux and Windows devices, to help them build and package apps. 

According to Assaf Morag, principal data analyst at Aqua Security, the researchers discovered the infected pictures during their routine manual examination. 

"We regularly share this kind of information with Docker Hub and other public registries or repositories (GitHub, Bitbucket, etc)," Morag says. 

"Based on the information we share with Docker Hub, they conduct their investigation and decide whether or not they close the namespace. In this particular case, they closed these namespaces on the same day we had reached out to them. Docker Hub’s reaction and response time are absolutely amazing.” 

The first three containers discovered by the researchers - thanhtudo, thieunutre, and chanquaa - launch the Python script, which has been used in various past campaigns to obscure harmful container images in Docker Hub via typosquatting. The names of the other two container images are openjdk, and golang are. 

"We haven’t seen any indication that they were used in attacks in the wild but that doesn’t mean that they were or weren’t. Our goal is to shine a bright light on these container images with misleading names, saying that they contain cryptominer which is executed once you run the container, even though there is no indication in the namespace that this is the purpose of these container images." 

These malicious containers are designed to be readily mistaken as legitimate container images, although the Docker Hub accounts responsible for them are not official accounts. 

"Once they are running, they may look like an innocent container. After running, the binary xmrig is executed (MD5: 16572572588c2e241225ea2bf6807eff), which hijacks resources for cryptocurrency mining," the researchers added. 

"I guess you will never log in to the webpage mybunk[.]com, but if the attacker sent you a link to this namespace, it might happen," he says. "The fact is that these container images accumulated 10,000-plus pull, each." 

While it's unknown who's orchestrating the scam, according to the study, the fraudulent Docker Hub account was taken down when Aqua Security alerted Docker. According to Morag, these containers are not directly controlled by a hacker, but a script at the entry point/cmd is designed to launch an automated assault. The assaults, in this case, were confined to stealing computing resources to mine bitcoin. 

Morag added, "When someone runs these container images, there’s a script that 'loads' the mining configuration and executes a binary that is designed to communicate with a mining pool and execute a crypto mining script. In all cases – XMRIG.” 

Attackers are increasingly targeting software supply chains, and they're growing better at concealing their attacks. As a result, businesses should strengthen their security to decrease the chance of falling victim to such an attack. Here are some suggestions to help to enhance the security posture by Aqua Security: 
1. Control access to public registries: When running containers from a public registry, consider the registry a high-risk source for supply chain attacks. Attackers are attempting to dupe developers into unintentionally fetching malicious container images by masquerading them as popular ones. Create a curated internal registry for base container images to minimise risk, and restrict who can access public registries. Implement policies to ensure that container images are verified before they are added to the internal registry. 

2. Scan container images for malware using static and dynamic analysis: When companies utilise static, signature- or pattern-based scanning, sophisticated assaults can easily evade detection. Threat actors, for example, might avoid detection by embedding code in container images that only downloads malware during execution. 

3. Digitally signing container images or utilising other image integrity measures This helps to guarantee that the container images in use are the same ones reviewed and approved.

FBI Told Congress That Ransomware Payments Shouldn't be Prohibited


After meeting with the business sector and cybersecurity experts, the Biden administration backed away from the concept of barring ransomware payments, according to a top cybersecurity official on Wednesday. At an Aspen Security Forum event, Anne Neuberger, deputy national security adviser for cyber and new technology, said, "Initially, I thought that was a good approach. We know that ransom payments are at the heart of this ecosystem.”

A top FBI official told US lawmakers in July that making ransom payments to cybercriminals illegal is not the best way to combat the danger of ransomware. According to Bryan Vorndran, assistant director of the FBI's cyber division, banning ransom payments could unwittingly open the door to more extortion by ransomware gangs. 

"If we ban ransom payments now, you're putting US companies in a position to face yet another extortion, which is being blackmailed for paying the ransom and not sharing that with authorities," Vorndran said at a Senate Judiciary Committee hearing on ransomware. 

The debate over whether or not ransomware payments should be illegal exemplifies the larger issue that policymakers have in trying to combat a crime that takes advantage of a victim's financial incentives. According to cybersecurity experts, paying in the hopes of rapidly fixing an issue is often more appealing than refusing to negotiate, having to recover data from backups, and risking the publishing of sensitive information online. 

“We heard loud and clear from many that the state of resilience is inadequate, and as such, if we banned ransom payments we would essentially drive even more of that activity underground and lose insight into it that will enable us to disrupt it,” Anne said. 

Work to gain transparency into cryptocurrency networks, which have become a popular method of payment for cybercriminals, is one of the disruptive attempts. The National Security Council, according to Neuberger, is working with other members of an interagency task force to review regulations and safeguards that would allow for improved payment monitoring. 

“Our driving goal is rapid tracing and really the strengthening of domestic and international virtual currency regulatory environments to enable that,” she said. “One big part of it is also building in those types of protections in the design of new virtual currencies and addressing that in a way that we can both have the innovation, and not have a broad illicit use that’s driving criminal activity.”

Crackonosh Malware Exploits Windows Safe Mode to Mine Cryptocurrency Secretly


Researchers have uncovered a variant of cryptocurrency-mining malware that exploits Windows Safe Mode during attacks. 

Researchers at Avast have termed the malware Crackonosh, and it spreads through pirated and cracked software, which may be found through torrents, forums, and "warez" websites. 

Upon seeing reports on Reddit of Avast antivirus users who were concerned about the sudden disappearance of the antivirus program from their system files, the team investigated the matter and discovered it was the result of a malware infection. 

Since at least June 2018, Crackonosh has been in circulation, and when a victim runs a file that they think is a cracked version of genuine software, the virus gets installed as well. The infection chain starts with the distribution of an installer and a script that changes the Windows registry to allow the main malware executable to run in Safe mode. On the subsequent startup, the infected system is set to launch in Safe Mode. 

The researchers stated, "While the Windows system is in safe mode antivirus software doesn't work. This can enable the malicious Serviceinstaller.exe to easily disable and delete Windows Defender. It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct." 

Crackonosh scans for antivirus software, such as Avast, Kaspersky, McAfee's scanner, Norton, and Bitdefender, and attempt to disable or destroy them. The log system files are then deleted to erase the evidence. Crackonosh also tries to disable Windows Update and replace Windows Security with a phoney green tick tray icon. 

The deployment of XMRig, a cryptocurrency miner that leverages system power and resources to mine the Monero (XMR) cryptocurrency, is the last step in the journey. 

According to Avast, Crackonosh has generated at least $2 million in Monero for its operators at today's pricing, with over 9000 XMR coins mined. Around 1,000 devices are infected each day and over 222,000 machines affected worldwide. There are 30 different variations of the malware, with the most recent one being released in November 2020. 

Avast stated, "As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers. The key take-away from this is that you really can't get something for nothing and when you try to steal software, odds are someone is trying to steal from you."

DubaiCoin: Dubai's First Cryptocurrency Rose Over 100% Since its Debut


Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain, which means that anyone can mine DBIX to generate their own.  

On May 27, around 4 p.m. IST, it was trading at roughly $1.13, up from the original price of $0.17. According to, the price of the cryptocurrency has increased by over 1000 percent in the last 24 hours.

The city of Dubai, on the other hand, issued a statement late last night denying this According to the official Dubai Media Office, “Dubai Coin cryptocurrency was never approved by any official authority. The website promoting the coin is an elaborate phishing campaign that is designed to steal personal information from its visitors.”

Arabianchain Technology, based in the United Arab Emirates (UAE), claimed to be the first public blockchain in the Arabic world when it introduced cryptocurrency. In a press release, the company stated, “DubaiCoin will soon be able to be used to pay for a range of goods and services both in-store and online, with the clear intention for the coin to be used in place of traditional bank-backed currencies. Circulation of the new digital currency will be controlled by both the city itself and authorized brokers.” 

The United Arab Emirates is regarded as being a safe place for cryptocurrency investors but the Dubaicoin, on the other hand, would be distinct from other cryptocurrencies. While mining should make it fairly volatile, and as it is built on a public blockchain, it's unclear what Arabchain means when it says the city of Dubai is regulating its pricing. If the coin replaces (or operates interchangeably with) the Dirham inside the UAE, it may qualify as a central bank digital currency (CBDC). 

Being located in Dubai should provide the coin some stability since Dirham is always stable versus the dollar because of specific international treaties between the two countries. 

Although the Dubaicoin is not exactly CBDC, it is the closest thing to China's official digital Yuan, which is now being tested in the country. Countries such as the United States, India, the United Kingdom, and the European Union are considering digital versions of fiat currencies.

Thousands of Cryptocurrency Users Targeted by Tor Network Exit Nodes


Cybersecurity researchers have said a threat actor has been adding malicious servers into the Tor network to intercept traffic heading to cryptocurrency websites and carry out SSL stripping attacks on users while accessing mixing websites.

The threat actor, through its exit relays, performed an SSL stripping attack on traffic headed towards cryptocurrency websites, downgrading the encrypted HTTPS connection to plaintext HTTP. In the case of the attacks against the Tor network, threat actors aimed at replacing the addresses of legitimate wallets with the ones under the control of the attackers to hijack transactions.

In August 2020, the security researcher and Tor node operator Nusenu first highlighted this malicious behavior and has now shared more details about the ongoing malicious behavior in a follow-up post. Nusenu has revealed a new part of its research that says threat actors are still active. 

“You can see the repeating pattern of new malicious relays getting added to the tor network and gaining significant traction before dropping sharply, when they got removed.” reads the study

“In terms of scale of the attacker’s exit fraction, they managed to break their own record from May 2020 (>23% malicious exit fraction) twice:

• on 2020–10–30 the malicious entity operated more than 26% of the tor network’s exit relay capacity

• on 2021–02–02 they managed more than 27% of tor’s exit relay capacity. This is the largest malicious tor exit fraction I’ve ever observed by a single actor.”

According to the researcher, the threat actor managed to fly under the radar for more than a year because the malicious exit relays were added to the Tor network in small increments until they made up more than 23% of all exit nodes. Threat actors operated more than 26% of the tor network’s exit relay capacity two times in the last year, reaching 27% in February 2021. 

Once the scheme was discovered, the exit relays were removed from the Tor network, anyway, the experts pointed out that threat actors were able to intercept the traffic for months. Despite being outed, the threat actor continues to add new malicious nodes and Nusenu estimates that between 4% and 6% of the Tor exit nodes are still under the control of the threat actor.

Cryptocurrency Mining Will Void Your SSD Warranty, Manufacturer Galax Warns


SSD designer Galax has warned users on its Chinese website that mining cryptocurrency with the company’s Solid State Drives (SSDs) will void their warranty with that product. This comes as no surprise with miners getting prepared to start mining the new Chia cryptocurrency which focuses on storage to mine coins rather than requiring the best mining GPUs.

“If users use our SSDs for mining/farming and other abnormal operations, the data writing volume is much higher than the standard for daily use, and the SSD will slow down or get damaged due to excessive data writing volume. Due to the tests carried out, the damages are qualitative according to the test results, and that is why according to the quality assurance standards of our SSDs, we have the right to refuse to provide warranty services. The right of final interpretation belongs to the company, " Galax published a note on their website.
Chia is a new cryptocurrency that isn't even available to trade just yet, but it's already gaining in popularity. The main attraction for this new crypto is the way you can mine the cryptocurrency. Chia relies on a 'proof of time and space' algorithm to mine the currency on hard drives and SSDs, so there's no need to optimize your GPU for mining.

The makers of Chia designed it to be mined this way so mining the cryptocurrency is more accessible to the end-user and won't penalize the customer with big electricity bills or the purchasing of single-use hardware (i.e., ASICs). But, on the negative side of things, this mining technique could severely affect storage supply and demand. If Chia gets popular at all, we will probably see the same shortages we're seeing on GPUs applied to hard drives and SSDs as well. At present, Chia already has over 950 petabytes of storage, consisting of 101.4GiB plots. That's a lot of hard drives and SSDs, and that space remains occupied as long as a miner wants to try to harvest Chia. 

Given how much data write is required to design a Chia plot, it's no surprise that Galax is already preventing users from using their warranty on its SSDs when it comes to mining workloads. If Chia is demanding enough on write performance, we could see all other SSD manufacturers following suit.

Nagios XI Servers: Seems to be Turning Into Cryptocurrency Miners for Attackers


Nagios XI is a popular enterprise server and network monitoring solutions. The feature “Configuration Wizard: Windows Management Instrumentation (WMI)” is being exploited in Nagios XI. 

On March 16, 2021, Unit 42 researchers observed an attacker targeting Nagios XI software to exploit the vulnerability CVE-2021-25296, a remote command injection vulnerability impacting Nagios XI version 5.7.5, to conduct a cryptojacking attack and deploy the XMRig coin miner on victims’ devices.

The XMRig coin miner is an open-source cross-platform cryptocurrency miner. If the attack is successful, the XMRig coin miner will be installed on the compromised devices. The vulnerability can be lessened by updating Nagios XI to the most recent update. 

In order to understand if a device is compromised and running XMRig miner, users can either:
1.Execute commands ps -ef | grep '\|\|\|\|\|\|systemd-dev' and check the result. If the processes of the mentioned scripts are running, the device might be compromised. 

2.Check the files in the folder /usr/lib/dev and /tmp/usr/lib to see if the mentioned scripts exist or not. If they exist, the devices might be compromised. If the system is discovered to be hacked, simply terminating the operation and deleting the scripts will remove the XMRig used in the attack. 

The attacks try to execute a malicious bash script fetched from the malicious server 118[.]107[.]43[.]174. The bash script dropped by the attacker downloads the XMRig miner from the same server where the script is hosted and releases a series of scripts to run the XMRig miner in the background. Once the attack succeeds, the devices will be compromised for cryptojacking. 

The attack targeting Nagios XI 5.7.5, exploits CVE-2021-25296 and drops a cryptocurrency miner, jeopardizing the security of systems running out-of-date Nagios XI applications. 

Cryptojacking malware-infected devices can experience performance degradation. Furthermore, the attacker could modify the script online, causing the new script to be automatically downloaded and executed on the compromised computers, resulting in additional security risks. 

Security subscriptions protect Palo Alto Networks Next-Generation Firewall customers from the vulnerability: 
1.Threat Prevention can block attacks with Best Practices through Threat Prevention signature 90873. 
2. Static signature detections in WildFire can avoid malware. 
3.Malicious malware domains can be blocked using URL filtering.

Crypto Lending Service, Celsius Suffers Third Party Data Breach


Cryptocurrency rewards portal, Celsius has witnessed a data breach, with the personal details of its clients disclosed by a third-party services provider that resulted in a phishing attack, as confirmed in the email sent out to the Celsius clients. 

Celsius CEO Alex Mashinsky indicated that perhaps the third-party commercialization server of Celsius has been hacked and threat actors acquired access to a partial Celsius client list. The hackers used this knowledge to send Celsius clients malicious e-mails and text messages to reveal their secret keys. 

"An unauthorized party managed to gain access to a backup third-party email distribution system which had connections to a partial customer email list. Once inside the system, this unauthorized party sent a fraudulent email announcement, of which we know some of the recipients to be Celsius customers," sources noted.

The breach was intended to make clients believe that the malicious email originated from Celsius, also that the malicious website was a Celsius Website, and that they had their own (non-Celsius) wallet possession of the recipients' assets by encouraging the client to provide their private wallet address. The actors behind the attack caught up with Celsius Networks in phishing texts and emails promoting a new Celsius Web Wallet after accessing the customer list. To encourage people to visit the website, the Celsius text says, when they build a wallet and enter a certain promotion code, they will offer $500 for the CEL cryptocurrency. After clicking on the mentioned link, clients were asked to build a Celsius Web Wallet by the celsiuswallet[.]network website, which is now closed. Furthermore, Celsius users complained that phishing messages are received on phone numbers they have never sent to Celsius. 

The issue came to light on 14th April 2021 when clients from Celsius started reporting about a fake website claiming to be the Celsius official portal. The company has also notified some Celsius customers receiving SMS and emails claiming to be Celsius officials, referring to this website and encouraging recipients to enter confidential details according to their source. Meanwhile, the team also examined how hackers accessed Celsius customer telephone numbers because of the breach in an email management system. 

Nevertheless, some of the Celsius employees had the encouraging concept in response to recent incidents of setting up a compensation fund to help people who might have lost cryptocurrency assets.

Bitcoin Touches the Peak at $60,000 – Everything you Need to Know!


On Saturday 13 March, Bitcoin, the world's largest cryptocurrency, had gone up again, touching an all-time milestone. As per Coin Desk reports, it increased to $60,0,065, up from a preceding $58,330 peak on February 21, by more than 2 percent. At 12.34 GMT on 13th March, the digital monetary reached $60,197 and remained at around $60,000. "It increased almost 6% in the past 24 hours alone." On the other hand,  Ethereum was 4.7% higher at $2,173.63. 

Whereas the volatility has dropped in the crypto market following the six consecutive months of the double-digit returns on bitcoin (BTC). Experts believe that there are indications that the horizon is moving significantly. 

At first, Bitcoin reached heights of $30,000 and $40,000 in January for a couple of days. Bitcoin’s worth is over $1 trillion in circulation. It retreated to $43,000 just after the high of February 21, following uncertainties about stimulus prospects as well as its effect on the US bond returns. Later for seven days, stocks and cryptocurrencies experienced decline alongside lateral trade for weeks before re-starting. After swelling from below $1,000 in January to close to $ 20,000 in December, Bitcoin, which was launched back in 2009, hit the headlines again. 

On Saturday 13th, the record came after the huge $1.9 trillion stimulus bill signed on Thursday by US President Joe Biden. The bill would provide most Americans with a check payment of $1,400, assist the unemployed, increase public health, and raise money for vaccine programs. Kraken Intelligence reports that with April being the second most successful month on average, bitcoin could be expected to finish higher and thus to bind up for the longest winning streak since the start of the cryptocurrency. 

Historical information shows that both bitcoin and Ethereum generally achieve a positive return portion in the second quarter of the calendar year. Since 2011, BTC has, on aggregate, returned 256 percent in 2Q, while ETH, on average, returned 141 percent in 2016. 

Due to the $58,786 market price of bitcoin in the March-end, it is assumed that in the second quarter of 2021, the price will end at 256 percent higher, also it can be expected to trade around $209,000 from 1 July 2021. The world's largest crypto-currency will stand at approximately $82,000, based on an average 2nd-quarter return of 39.5%. 

In the meantime, throughout March, Bitcoin's steady upward trend led to a drop in volatility of almost 40% point a month to 63%, almost three months down. The absence of market uncertainty led to a 5 percent decrease in trade volumes and to an annual drop of about 255 billion dollars. 

It has been praised as 'digital gold' by Bitcoin proponents claiming that it will address the inflation risks posed by large central banks and government stimulus packages aimed at tackling the economic effects of the crisis from the pandemic of the Covid-19. Critics consider the rally to be just a stimulus-powered bubble that will soon explode in the same direction as during the boom period 2017-2018.

More Businesses are Accepting Bitcoin


Bitcoin is turning into an undeniably well-known payment alternative among numerous organizations. Fast-food chains, large tech organizations, and major beverage organizations are accepting cryptocurrency.  

Bitcoin(₿) is a cryptocurrency created in 2008 by an obscure individual or group of people utilizing the name Satoshi Nakamoto. The currency began use in 2009 when its execution was released as open-source software. Bitcoin utilizes peer-to-peer technology to work with no central authority or banks; overseeing transactions and the issuing of bitcoins is completed on the whole by the network. Bitcoin is open-source; its design is public, no one owns or controls Bitcoin and everybody can take part. 

Its costs on the trading stock exchanges plunged around Thanksgiving a year ago – only to turn back the clock and set an unsurpassed high of $ 19,857 on November 30: a 177% increment since the beginning of the despicable year up 14% of the S&P 500, as Insider recently reported. Then, a month ago, the cryptocurrency hit an all-time high, with costs moving to $ 60,000. A quirk of the increment implied that two pizzas purchased by crypto legend Laszlo Hanyecz would have really been valued at $ 613 million. 

Restaurant Brands International is one of the world's biggest fast-food holding organizations. It is the parent organization of Burger King, Tim Hortons, and Popeyes. A year ago, Burger King Venezuela declared that it would begin accepting bitcoin and other cryptocurrencies. It has worked with Cryptobuyer, a platform that generates the conversion of cryptocurrencies into normal currency, Yahoo Finance reported. Yum Brands, which operates KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, likewise accept cryptocurrencies. Yum Brands has additionally collaborated with CryptoBuyer to commence the launch of encrypted payment methods, according to Nasdaq. 

After briefly suspending acceptance of cryptocurrency as a legitimate payment method because of its volatility, Xbox accepts bitcoin payments for Xbox store credits. Coca-Cola Amatil is one of the world's biggest bottlers and distributors of non-alcoholic and ready-to-drink beverages in the Asia-Pacific area. A year ago, the organization declared in a press release that it was partnering with an online asset platform, Centrapay, to permit bitcoin as an official payment method.

A 38-Year-Old Indian Professor, Lost Rs 10 Lakh to a Scammer in Cryptocurrency Trading


A Bengaluru-based 38-year-old professor new to the cryptocurrency world lost Rs 10 lakh in bitcoins to a scammer, who assured to manage his cryptocurrency account. This Palace Gutahalli resident and a private university lecturer brought a complaint on Saturday to the Central CEN Police. The incident took place on 22 February, after attempting to register to a cryptocurrency trading platform, as per the complainant.

“As he was unaware of how to handle cryptocurrency, he had visited certain groups on Telegram, where discussions on the same took place. As he (the victim) had doubts regarding how to use CoinSwitch Kuber, the trading platform, the hacker approached him promising to help in handling bitcoins to ensure high returns,” the police said. CoinSwitch Kuber is a simple and safe platform for Indian users, which allows them to purchase more than 100 cryptocurrencies, including Bitcoin, Ethereum, Ripple, etc. 

The victim posted a query on a Telegram group following failure to effectively add Rs 90,000 to his account. He also registered into a couple of crypto-currency rooms of the mobile app, Telegram – to understand the trade process and share their views. Later a scammer told the victim himself that he could manage the bitcoins that the latter purchased and make high returns from it. The alleged scammer pursued his credentials, including a one-time password (OTP), and then the Bitcoins worth Rs 10 lakh were transferred from the wallet of the victim to some other wallet in the following few minutes. 

In response to a complaint from the victim, a case was also registered by the Central CEN police, in compliance with the appropriate sections of the Information Technology and Indian Penal Code (IPC). A senior police officer said that this is their first-of-a-kind case and that they are examining how they want to verify. 

“We are exploring options on how to conduct the investigation. To begin with, we will approach CoinSwitch Kuber as there are no other regulators that can be communicated to take this forward,” the officer added. 

In response to the incident, CoinSwitch Kuber said in a statement: “It is unfortunate that one of our users has been subjected to fraud by a third party. We will cooperate with the investigating authorities and provide them all possible assistance. We request all our users to be extremely careful in handling their OTPs and account details.” 

Further, the company warned its users by stating that, the credentials are just as sacrosanct as the credentials of one's bank and therefore it should not be shared with any third party. Customers also need to note that CoinSwitch Kuber and its staff never demand for their login credentials.

Twitter Ads used by Scammers to Promote Fake Cryptocurrency


One must pay attention to all Twitter advertisements that propagate all kinds of the falsified cryptocurrency scam. Tweeters can "promote" an existing tweet in order to promote their own services and information, by showing it to other followers or users on Twitter. The scammers' report on Twitter checked accounts supporting bogus cryptocurrency scams. The scams are allegedly made under the name of these well-known individuals or companies such as Elon Musk's Tesla, Gemini Exchange, Chamath Palihapitiya, and Social Capital. The threat actors have indeed been unbelievably successful with a round of attacks raising over $580,000 in a single week. 

If anyone receives messages from Tesla, Elon Musk, Gemini exchange, Palihapitiya Chamath, Social Capital, or other famous cryptocurrency donations – individuals or companies, they must go as far as they can from such types of posts, because the handles are compromised, and they are scammed. 

Since these scams continue to produce revenue by plundering thousands of dollars via the promotion of Bitcoin, the threat actors are also beginning to threaten other recent prominent cryptocurrencies, including Dogecoin. Dogecoin is the cryptocurrency of Billy Markus and Jackson Palmer, software engineers, who wanted to build an immediate, enjoyable, and conventional banking fees-free payment system. Dogecoin has as its emblem and its name as the face of Shiba Inu dog from the "Doge" memes. 

Twitter users are able to "promote" an ongoing tweet by paying for it being displayed to many other users in their Twitter feeds to advertise its services and content. Security researchers such as Zseano, Jake, and MalwareHunterTeam have found a new technique that crypto-currency fraudsters use, i.e. via tweets on Twitter. 

The technique comprises of the splitting up of URLs so as not to differentiate them by the Twitter algorithms of advertising for fraud. This then brings users to fakes landing pages which have been the social capital; exchanges between Tesla and Gemini, etc. and leads the user to additional real websites with the topics of Tesla or Elon Musk and an address with a Bitcoin, Dogecoin, or Ethereum. Besides, users can send coins to the address and they will actually increase the sum in return. 

Based on some of those scams, a total of $39,628.06 so far has been raised through the use of Bitcoin and Ethereum addresses. Unfortunately, several more cryptocurrency addresses are currently used by scammers, so the created sum is significantly greater. It doesn't mean that it is secure, only because the crypto app is in the app store. Recently, a Trezor-named application has been uploaded to the Apple store. Later, it was discovered to be a scam and the software has been used for phishing passwords and private keys.

US Agencies Publish Advisory on North Korean Cryptocurrency Malware, AppleJeus


The Federal Bureau of Investigation (FBI) jointly with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury, released an advisory on North Korea's cyber-threat to cryptocurrency and on suggestions for mitigating. 

Operated with the US government allies, FBI, CISA and the Treasury assess that, Lazarus Group –advanced persistent threat (APT) actors assisted by these agencies in North Korea is targeting the consumers and firms through the dissemination of cryptocurrency trading apps, including crypto-currency exchange and financial service providers, that have been updated to cover. 

“This advisory marks another step by the U.S. Government to counter the ongoing and criminal North Korean global cryptocurrency theft scheme targeting finance, energy, and other sectors,” said CISA Acting Executive Assistant Director of Cybersecurity Matt Hartman. “The FBI, Treasury, and CISA continue to assess the evolving cyber threat posed by North Korea, cybercriminals, and other nation-state actors and are committed to providing organizations timely information and mitigations to combat these threats.” 

In the last year alone, these cyber actors attacked organizations for cryptocurrency theft, in more than 30 nations. These actors would undoubtedly see amended cryptocurrency trade applications as a way of bypassing North Korea's foreign sanctions—applications that allow them to gain access to cryptocurrency exchanges and loot cryptocurrency cash from victims' accounts. 

The US government refers to the North Korean Government's malicious cyber activity as HIDDEN COBRA. Malware and indicators of compromise (IOCs) have been identified by the United States Government to facilitate North Korean cryptocurrency robbery, which is called "AppleJeus" by the Cyber Security community. 

Although the malware was first found in 2018, North Korea has used several versions of AppleJeus. In the first place, HIDDEN COBRA actors used websites that seemed to host genuine cryptocurrency trading platforms, but these actors seem to be using other infection feature vectors, such as phishing, social networking, and social engineering, to get users to download the malware and to infect victims with AppleJeus. They are also using other infection vectors. Active AppleJeus Malware agencies in several areas, including energy, finances, government, industry, technology, and telecommunications, were targeted by HIDDEN COBRA actors. 

Ever since it was discovered, several variants of AppleJeus were found in the wild. Most of them are supplied as relatively simple applications from attacker-controlled websites that resemble legitimate cryptocurrency exchange sites and firms. 

“It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea — the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts,” states the report. 

If consumers perceive that they have been affected by AppleJeus, the findings suggest victims creating new keys or transferring funds from corrupted crypto wallets, expelling hosts, running anti-malware tests on tainted devices, and notifying the FBI, CISA, or treasury.

Bitcoin Surpasses $50,000 Mark For The First Time Ever


The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street institutions has added to the momentum. Bitcoin rose by as much as 4.9%, to $50,547.70. The cryptocurrency at that point pared gains slightly, exchanging at $48,853.99 as of 9 a.m. ET. After ending last year with a fourth-quarter surge of 170% to around $29,000, Bitcoin token leaped to $40,000 seven days after the fact. It took just nearly a month and a half to breach the latest threshold, buoyed by endorsements from the likes of Paul Tudor Jones, Stan Druckenmiller, and Elon Musk. Bitcoin exchanged for a few cents for quite a long while after its introduction more than a decade ago. 

Tesla Inc's. declaration that it added $1.5 billion in Bitcoin to its balance sheet was the most noticeable recent impetus, sending the cost up 16% on Feb. 8, the greatest one-day acquire since the Covid-19 inspired financial markets volatility in March. Optimism grew after Mastercard Inc. furthermore, Bank of New York Mellon Corp. moved to make it simpler for clients to utilize cryptocurrencies, while Bloomberg reported on Saturday that Morgan Stanley may add Bitcoin to its rundown of possible bets. 

Sustained interest from organizations decidedly affects Bitcoin's value, pushing it on an upward bend. In December of 2020, it touched an all-time high crossing $24,000 in valuation. This was a 224% expansion from where it began its excursion toward the start of the year. By the start of 2021, BTC had leaped to a $40,000 valuation. In the second seven-day stretch of May 2020 Bitcoin saw its third halving occurred since its inception, in this way getting a further drop in its assessed future supply, Sumit Gupta, CEO, and Co-Founder, CoinDCX said. 

The interest from huge players has upheld the narrative that institutional investors are increasingly interested in Bitcoin. This conviction has been a critical driver of the bewildering rally in the cost of Bitcoin. It has likewise helped other cryptocurrencies, for example, ether, the coin on the Ethereum network. Its cost was roughly flat on Tuesday, at $1,793, in the wake of hitting a record high above $1,870 over the course of the weekend.

Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies.

 The Minister of Digital Transformation Mikhail Fedorov said that his department is in contact with the team of the developer of the Telegram messenger Pavel Durov.

According to Fedorov, he is familiar with Durov's team. Employees of the Ministry of Digital Transformation received advice on bills related to virtual assets and cryptocurrency

"I know Durov's team. I know all its management, we communicate, consult even on bills related to cryptocurrency, virtual assets, and so on."

The Minister said that he actively uses the Telegram messenger for fast communications. However, the information exchanged by officials is protected as much as possible, and all documents pass through electronic document management.

"Of course, questions of national importance do not need to be sent in messengers, this is understandable," added Mikhail Fedorov.

Answering the question about which of the messengers is the safest for him, the head of the Ministry of Digital Transformation noted that he most often uses Telegram and WhatsApp.

Recall that on December 2, the Verkhovna Rada of Ukraine in the first reading adopted as a basis the draft law "On virtual assets" regulating operations with cryptocurrencies in the country. The bill classifies virtual assets (VA) as an intangible good.

The function of the market regulator is assigned to the Ministry of Digital Transformation, and in some cases to the National Bank and the National Commission on Securities and Stock Market.

According to experts, the daily volume of cryptocurrency transactions in Ukraine is about $150-200 million. One of the authors of the document, Deputy Oleksiy Zhmerenetsky, noted that the bill will allow cryptocurrency companies to pay taxes and allow specialized foreign firms to cooperate with Ukrainian banks and invest in the industry.

Ukraine did not follow the Russian path of banning virtual assets, because this market is a growth point for Ukraine's GDP and an opportunity to become one of the world's technology leaders. In addition, it makes no sense to prohibit something that is technically impossible to control, as we have already seen in the case of blocking Telegram in Russia.

Recall that Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia.

Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI


Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack to hit the 'nascent defi industry'. 
When the attack occurred, (GMT timezone) Akropolis admins stopped all transactions on the platform to forestall further losses. In a statemen on Nov. 12, Akropolis revealed that the hack was executed over an assemblage of s contracts in its "savings pools". 

The attacker stole the platform's Ycurve pool in batches of $50,000 in the stablecoin DAI. This specific pool permits investors to trade stablecoins and procure interest.

Despite the fact that Akropolis says that it recruited two firms to further investigate the incident, yet unfortunately neither one of the companies were able to pinpoint the attack vectors utilized in the exploit.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools,” revealed Akropolis. 

The hacker though was still able to discover loop holes to exploit, wiring his 'loot' to this address. Akropolis clarified additionally: “The attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with Dydx flash loan origination.”

Flash loan attacks have gotten rather common against cryptocurrency services running DeFi (decentralized financed) platforms that enables users to either borrow or loan 'using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.' 

These attacks are noticed to have been on a quite steady rise since early February this year, and one of the biggest flash loan attacks occurred just a month ago, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance. 

Others pools were fortunately not affected. These included compound DAI, compound USDC, AAVE sUSD, AAVE bUSD, curve bUSD, curve sBTC. Native AKRO and ADEL staking pools were also left untouched. 

Nonetheless, the Akropolis group said that it is still looking for approaches to repay the affected user “in a way that is sustainable for the project”. All stable coin pools have been put on a hold currently, it added.

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020

Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies – 46,000 bitcoin, 2.04 million ethereum, 56,000 bitcoin cash, 292,000 litecoin, and 684,000 EOS.

Cryptocurrency is a virtual or digital currency that uses cryptographical functions to make financial transactions. In order to gain transparency and immutability, it makes use of blockchain technology. It is decentralized in nature as there is no central authority controlling or interfering in the processes that include making cryptocurrency exchanges directly between two parties using private and public keys. Equating to money in the real-world it attracts a large possibility of cyber fraud.

On June 2, 2020, CipherTrace released its Cryptocurrency Crime and Anti-Money Laundering Report covering the global trends and latest developments to fight money laundering, terrorism financing, and sanctions evasion. It highlighted the need for regulation and compliance while reporting that 74% of bitcoin in exchange-to-exchange transactions was the cross border and 88% of funds sent to exchanges in 2019 by US Bitcoin ATMs were offshore. Researchers also noted that phishing sites are the most popular COVID-19 related products marketed on the dark web.

“While only 9.8% of the dark market’s one-hop (direct) interactions went directly to exchanges, 30.7% of its two-hop (once removed) interactions went to exchanges—more than tripling the risk exposure to exchanges,” the report read.

In addition, cryptocriminals are also employing several new malware to target cryptocurrencies, an undocumented Trojan called ‘KryptoCibule’ has been found targeting various cryptocurrencies by replacing wallet addresses and stealing cryptocurrency-related files. Previously reported P2P botnet, FritzFrog attempted to brute-force SSH servers of government, education and medical institutions, and telecom players, with an objective of mining cryptocurrency via XMRig miner. Over two weeks ago, a new botnet, dubbed as TeamTNT was observed stealing AWS credentials from affected servers.

With the old techniques being upgraded and the new ones being continually introduced to mine illicit financial gains, cryptocurrencies have become one of the most increasingly targeted areas at present. Users are advised to stay perceptive to indicatives of criminal behavior.

The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations' Networks

Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.