The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Bitcoin wallet

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers
June 06, 2019Mohit Kumar
Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its customers' funds. The company hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company. Why? To secure funds of its customers from hackers. This may sound weird, but it's true. Komodo recently learned about a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app. The library, named "electron-native-notify," two months ago received a update from its anonymous author who included a secret backdoo

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins

Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins
November 26, 2018Mohit Kumar
A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is "Event-Stream," a toolkit that makes it easy for developers to create and work with streams, a collection of data in Node.js — just like arrays or strings. The malicious code detected earlier this week was added to Event-Stream version 3.3.6, published on September 9 via NPM repository , and had since been downloaded by nearly 8 million application programmers. Event-Stream module for Node.js was originally created by Dominic Tarr, who maintained the Event-Stream library for a long time, but handed over the development and maintenance of the project several months ago to an unknown programmer, called "right9ctrl." Apparently, right9ctrl gained Dominic's trust by making

How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs

How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs
April 23, 2018Wang Wei
Dr. Mordechai Guri, the head of R&D team at Israel's Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research named " BeatCoin ." BeatCoin is not a new hacking technique; instead, it's an experiment wherein the researcher demonstrates how all previously discovered out-of-band communication methods can be used to steal private keys for a cryptocurrency wallet installed on cold storage, preferably an air-gapped computer or Raspberry Pi. For those unaware, keeping your cryptocurrency protected in a wallet on a device which is entirely offline is called cold storage. Since online digital wallets carry different security risks, some people prefer keeping their private keys offline. Air-gapped computers are those that are isolated from the Internet, local networks, Bluetooth and therefore, are believed to be the most secure devices and are difficult to infiltrate or exfiltrate.

Hackers Exploiting 'Bitmessage' Zero-Day to Steal Bitcoin Wallet Keys

Hackers Exploiting 'Bitmessage' Zero-Day to Steal Bitcoin Wallet Keys
February 14, 2018Swati Khandelwal
Bitmessage developers have warned of a critical 'remotely executable' zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. Since it is decentralized and trustless communications, one need-not inherently trust any entities like root certificate authorities. Those who unaware, PyBitmessage is the official client for Bitmessage messaging service. According to Bitmessage developers, a critical zero-day remote code execution vulnerability, described as a message encoding flaw, affects PyBitmessage version 0.6.2 for Linux, Mac, and Windows and has been exploited against some of their users. "The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell," Bitmessage core developer Peter Šurda ex

Here's How Hackers Can Hijack Your Online Bitcoin Wallets

Here’s How Hackers Can Hijack Your Online Bitcoin Wallets
September 19, 2017Unknown
Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available for years, the global cellular networks have consistently been ignoring this serious issue, saying that the exploitation of the SS7 weaknesses requires significant technical and financial investment, so is a very low risk for people. However, earlier this year we saw a real-world attacks, hackers utilised this designing flaw in SS7 to drain victims' bank accounts by intercepting two-factor authentication code (one-time passcode, or OTP) sent by banks to their customers and redirecting it to themselves. If that incident wasn't enough for the global telecoms networks to consider fixing the flaws, white hat hackers from Positive Technologies now demonstrated how cybercriminals

Bitcoin Price Jumps Above $1150 — Highest in last 3 Years

Bitcoin Price Jumps Above $1150 — Highest in last 3 Years
January 04, 2017Mohit Kumar
What a good start of the New Year for those holding Bitcoins! Web-based digital currency Bitcoin has passed $1,110 for the first time on the Bitstamp Price Index (BPI) since early November 2013. Bitcoin broke the barrier on 1 January and now is trading above $1,150 mark at the time of writing, marking a bright beginning to 2017 for the digital currency. At the time of writing, 1 Bitcoin = $1158.99. Bitcoin is a revolutionary virtual currency that has no central authority; instead, it relies on thousands of computers worldwide that validate transactions and add new Bitcoins to the system. The world's first and most famous cryptocurrency is developed around Blockchain, which is a complex cryptographic protocol and a global computer's network that oversees and verifies which Bitcoins have been spent by whom. The identity of the people spending Bitcoins is extremely difficult to trace because of its anonymous nature. Therefore, the currency is very popular among criminal

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man

FBI is Investigating Theft of $1.3 Million in Bitcoin from a Massachusetts Man
October 15, 2016Swati Khandelwal
Over two months ago, the world's third largest Bitcoin Exchange Bitfinex lost around $72 Million worth of Bitcoins in a major hack. Shortly after the company encountered a $72,000,000 Bitcoin theft, an unnamed Bitfinex user from Cambridge, Massachusetts, filed a police report in September, alleging that $1.3 Million of funds were stolen from his account. Since then the Cambridge police have handed the case over to the FBI, which is working with the Bitcoin exchange as well as European authorities to recover funds stolen from the Bitfinex user, Coindesk reports . The individual claimed that he held $3.4 Million in Bitcoin in his personal wallet hosted by the Bitfinex Bitcoin exchange. But following the August's Bitfinex breach, he was left with $2.1 Million in his account. Bitfinex then notified the individual of his initial loss of approximately $1.3 Million in Bitcoin, but after the company issued IOU tokens as an emergency measure to keep the exchange operating, the l

BlockChain.info Domain Hijacked; Site Goes Down; 8 Million Bitcoin Wallets Inaccessible

BlockChain.info Domain Hijacked; Site Goes Down; 8 Million Bitcoin Wallets Inaccessible
October 12, 2016Wang Wei
UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article. If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It's Down! Yes, Blockchain.info, the world's most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it's believed that a possible cyber attack has disrupted the site. The site is down at the time of writing, and the web server reports a bad gateway error, with a message on the website that reads: "Looks like our site is down. We're working on it and should be back up soon." With more than 8 million Digital Wallet customers, BlockChain is users' favorite destination to see recent transactions, stats on mined blocks and bitcoin economy charts. A few hours ago, BlockChain team tweeted about the sudden breakdown of the site, saying: "We're researching a DNS

Bitcoin Exchange Offers $3.5 Million Reward for Information of Stolen Bitcoins

Bitcoin Exchange Offers $3.5 Million Reward for Information of Stolen Bitcoins
August 14, 2016Mohit Kumar
Hong Kong-based Bitcoin exchange 'Bitfinex' that lost around $72 Million worth of its customers' Bitcoins last week is now offering a reward of $3.5 Million to anyone who can provide information that leads to the recovery of the stolen Bitcoins. Bitfinex revealed on August 2 that the cryptocurrency exchange had suffered a major security breach, which resulted in the loss of nearly 120,000 BTC. The hack led to a 36 percent loss for each Bitfinex customer, who will be issued tokens to be redeemed as the company is able to reimburse the losses. Now, the exchange is willing to offer 5% of the lost funds ( nearly 6,000 BTC ) as a reward for the recovery of the stolen bitcoins. The news came after a Reddit user, using alias someguy916, inquired about a reward Bitfinex would be willing to offer for the stolen bitcoins. In response to the question, Bitfinex community director Zane Tackett stated that a bounty would be awarded to anyone who has information that would hel

Hackers claim ISIS Militants linked to Paris Attacks had a Bitcoin Wallet worth $3 Million

Hackers claim ISIS Militants linked to Paris Attacks had a Bitcoin Wallet worth $3 Million
November 16, 2015Wang Wei
The world watched in horror as coordinate attacks in Paris Friday night killed more than 130 people and  left over 352 injured. Over 20 attackers have so far been part of the terrorist cell that planned the deadly Paris attacks, with seven suicide bombers dead, seven attackers under arrest and a total of six people on the run. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks . The attacks were carried out by Islamic State (ISIS) , who later claimed responsibility for targeting innocent people at 'soft' locations that lack police or military protection, including Bataclan concert venue where at least 89 people lost their lives. Following the bloody terror attacks, the hacktivist collective Anonymous declared war on the Islamic State ( IS, formerly ISIS/ISIL ) saying, " We will launch the biggest operation ever against you. " But the Question here is: From Where did the terrorist cell that planned the brutal terrorist attacks i

Meet The World's First Person Who Hacked His Body to Implant a Bitcoin Payment CHIP

Meet The World's First Person Who Hacked His Body to Implant a Bitcoin Payment CHIP
November 02, 2015Swati Khandelwal
Hackers are now going crazy and trying new ways in Biohacking . Until now, we have seen a hacker who implanted a small NFC chip in his hand in order to hack Android smartphones and bypass almost all security measures. However, now the level of craziness has gone to a whole new level. A Swedish hacker has devised a neat trick that makes him able to buy groceries or transfer money between bank accounts by just waving his hand. Yes, you heard that right.  Patric Lanhed , a software developer at DigitasLBi, implanted a small NFC (Near Field Communications) chip with the private key to his Bitcoin wallet under his skin. So How Does the Trick Work? So, while sending Bitcoin payment from one digital wallet to another, he just has to wave his hands against an NFC chip reader that will scan the data, and a custom software will confirm the authenticity of the key, triggering the money transfer. A proof-of-concept video demonstration by Patric and his acquaintanc

Tails 1.3 Released, Introduces 'Electrum Bitcoin Wallet'

Tails 1.3 Released, Introduces 'Electrum Bitcoin Wallet'
February 27, 2015Wang Wei
A new Tails 1.3 has been released with support to a secure Bitcoin wallet. Tails, also known as the ' Amnesic Incognito Live System ', is a free security-focused Debian-based Linux distribution, specially designed and optimized to preserve users' anonymity and privacy. Tails operating system came to light when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities. Tails 1.3 offers new applications, updates to the Tor browser, and fixes a number of security vulnerabilities from previous releases of the software and specially introduces Electrum Bitcoin Wallet . NEW FEATURES IN Tails OS 1.3 Electrum Bitcoin Wallet Updated Tor Browser Bundle obfs4 pluggable transport KeyRinger Electrum Bitcoin Wallet is one of the major changes Tails 1.3 received. Electrum is a new open-source and easy-to-use bitcoin wallet that protects you fro

$1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange

 $1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange
February 16, 2015Swati Khandelwal
The most popular Chinese Bitcoin exchange BTER announced that it has been hacked on Valentine's Day and lost more than £1.1 Million-worth ($1.75 Million; one BTC is about $270) of the digital currency. The Bitcoin Exchange hasn't revealed more details about suspects behind the breach or how the cold wallets were compromised, except that 7,170 Bitcoin cryptocurrency was stolen from the company's " cold wallets ," a way of storing the digital currency offline. " All wallets have been shut down and withdrawals of unaffected coins will be arranged later, " the official website of BTER Bitcoin exchange states. Internet sleuths are already on the hunt to trace the missing Bitcoin. Because of the way the digital currency works, it is possible to trace any transaction or funds easily by using public available service, called " blockchain ." According to the announcement, the stolen Bitcoin cryptocurrencies were broadcast through the trans

Bitstamp Bitcoin Exchange Hacked, $5 Million Stolen in Hack Attack

Bitstamp Bitcoin Exchange Hacked, $5 Million Stolen in Hack Attack
January 06, 2015Mohit Kumar
One of the biggest, reliable and most trusted Bitcoin exchange — Bitstamp — on Monday announced that it has been a target of a hacking attack, which lead to the theft of " less than 19,000 BTC" (worth about $5 million in virtual currency; one BTC is about $270). Bitstamp issued a statement on its official website in which the company warned its users not to deposit any Bitcoin to previously issued addresses, so as to prevent further losses. While the investigation is going on, the company has frozen its user accounts, blocked deposits as well as other transactions and suspended the trading business. After the Slovenian-based Bitcoin exchange suspected the security breach over the weekend that compromised one of Bitstamp's operational and active bitcoin storage wallets, the exchange suspended its service for the time being. The company reassured its users that the security breach only affected its " operational wallet ," i.e. only " a small fr

Silk Road alternative 'Sheep Marketplace' shut down after $40 Million in Bitcoin Theft

Silk Road alternative 'Sheep Marketplace' shut down after $40 Million in Bitcoin Theft
December 03, 2013Swati Khandelwal
Sheep Marketplace , one of the leading anonymous websites, after Silk Road 's closure by U.S. Prosecutors, allegedly selling drugs, has gone offline claiming it was robbed of $6 million worth of Bitcoins . Like Silk Road , Sheep Marketplace was a Deep Web site accessible via the Tor network and quickly grew into a replacement of other popular underground Bazaars. Weeks ago, the Administrator of the Sheep Marketplace announced that withdrawals  from online Wallet would be closed for a few hours as a new feature was being implemented, however deposits were still allowed. Recently, The market's administration left a short message for users, which reads: We are sorry to say, but we were robbed on Saturday 11/21/2013 by vendor EBOOK101. This vendor found a bug in the system and stole 5400 BTC – your money, our provisions, all was stolen. We were trying to resolve this problem, but we were not successful. We are sorry for your problems and inconvenience, all of the current BTC will be di

Bitcash.cz Bitcoin Exchange hacked; Money from 4000 Bitcoin wallets Stolen

Bitcash.cz Bitcoin Exchange hacked; Money from 4000 Bitcoin wallets Stolen
November 13, 2013Mohit Kumar
Another Bitcoin Exchange hacked!  Bitcash. CZ based out of the Czech Republic has been hacked and Money from 4000 Bitcoin wallets have been Stolen, value of over 2 million Czech Koruna i.e. Approx $100,000. Bitcash.cz  is currently down with a maintenance message that on the evening of November 11, their server was compromised by unknown Hackers and  bitcoins from its clients were stolen. Hackers appear to have sent emails from Bitcash.cz email accounts pretending to be members of staff. The emails claim the company had to use a US recovery company to get back the bitcoins that have been stolen and recipients are then apparently asked to send 2 BTC to a wallet address in order for their bitcoins to be returned. " We are trying to resolve the situation, but we want to warn our users about fraudulent emails and scams [claiming to be from Bitcash] " site said on their Facebook page. Meanwhile, GBL, the Chinese Bitcoin exchange mysteriously disappeared, t
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.