Bitcoin | Breaking Cybersecurity News | The Hacker News

Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset Exchange. Based in Bratislava, Slovakia, and launched in 2019, Eterbase is a small cryptocurrency exchange platform that focuses on crypto to SEPA integration (via individual IBAN accounts), multi-asset support, and regulatory compliance. On Monday night, malicious threat actors managed to raid six Eterbase's hot wallets for Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON and transferred the funds into their wallets managed at six rival crypto exchanges, Eterbase reported on its Telegram channel on Tuesday. According to a tweet posted by the affected exchange, Eterbase t

As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its customers' funds. The company hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company. Why? To secure funds of its customers from hackers. This may sound weird, but it's true. Komodo recently learned about a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app. The library, named "electron-native-notify," two months ago received a update from its anonymous author who included a secret backdoo

Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years. In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year. But beyond the ups and downs in the market for the world's largest cryptocurrency is a much more sinister story revolving around cyber-attacks of the economy's newest asset class. In 2018, it estimated that as much as $1.7 billion worth of cryptocurrencies were swindled away from investors (likely more) through a variety of means. Whether accomplished through hacking, phishing, or other forms of scamming, it's clear that the crypto industry is facing a serious dilemma with security. For a technological movement based on decentralization and the advantages it offers for security, the number of breaches occurring is startling. Cryptocurrencies offer users a way to send money with

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing. News of the hack comes just hours after Zhao tweeted that Binance has "to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours." According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that's connected to the Internet), which contained about 2% of the company's total BTC holdings, and withdraw stolen Bitcoins

QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million (nearly USD 145 million) worth of cryptocurrency after the exchange lost access to its cold (offline) storage wallets. Reason? Unfortunately, the only person with access to the company's offline wallet, founder of the cryptocurrency exchange, is dead. Following the sudden death of Gerry Cotten , founder and chief executive officer QuadrigaCX, the Canadian exchange this week filed for legal protection from creditors in the Nova Scotia Supreme Court until it locates and secures access to the lost funds. In a sworn affidavit filed by Cotten's widow Jennifer Robertson and obtained by Coindesk , Robertson said QuadrigaCX owes its customers some CAD 260 million (USD 198 Million) in both cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, and Ethereum, as well as fiat money. However, Robertson said the cryptocurrency exchange only has smaller amount in a 'hot wallet' (U

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform StatCounter . However, after analyzing the code, the researchers found that hackers managed to compromise StatCounter and successfully replaced its tracking script with malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange. Like Google Analytics, StatCounter is also an old, but popular real-time web analytics platform reportedly being used by more than two million websites and generates stats on over 10 billion page views per month. Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange Though the malicious code was also inject

The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network, which is usually known as the most hack-proof and secure blockchain. The DDoS vulnerability, identified as CVE-2018-17144, has been found in the Bitcoin Core wallet software, which could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2. In other words, Bitcoin miners could have brought down the entire blockchain either by overflooding the block with duplicate transactions, resulting in blockage of transaction confirmation from other people or by flooding the nodes of the Bitcoin P2P network and over-utilizing the bandwidth. The vulnerability had been around since March last year, but the team says nobody noticed the bug or nobody was willing to incur the expense of exploiting it. According to the bitcoin core developers

Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses owned by the attackers mentioned on ransom notes of each SamSam version and found the attackers have received more than $5.9 million from just 233 victims, and their profits are still on the rise, netting around $300,000 per month. "In total, we have now identified 157 unique addresses which have received ransom payments as well as 89 addresses which have been used on ransom notes and sample files but, to date, have not received payments," the new report by Sophos reads. SamSam Ransomware Attacks > What makes SamSam stand out from other forms of ransomware is that SamSam is not distributed

Almost three years after the arrest of two young Dutch brothers, who pleaded guilty to their involvement in creating and distributing CoinVault ransomware malware , a district court in Rotterdam today sentenced them to 240 hours of community service. In 2015, the two suspects — Melvin (25-year-old) and Dennis van den B. (21-year-old) — were arrested from Amersfoort on suspicion of involvement in CoinVault ransomware attacks. The duo was arrested by law enforcement with the help of researchers from Kaspersky Labs , who reverse-engineered the malware and found the full name of one of the suspects and their IP address left accidentally on the command and control server. CoinVault ransomware campaign that began in May 2014 was one of the most successful file-encrypting ransomware program of its time that encrypted over 14,000 Windows computers worldwide, primarily the Netherlands, the US, the UK, Germany, and France. Just like other ransomware attacks, the sole intent of CoinVau

Bitmessage developers have warned of a critical 'remotely executable' zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. Since it is decentralized and trustless communications, one need-not inherently trust any entities like root certificate authorities. Those who unaware, PyBitmessage is the official client for Bitmessage messaging service. According to Bitmessage developers, a critical zero-day remote code execution vulnerability, described as a message encoding flaw, affects PyBitmessage version 0.6.2 for Linux, Mac, and Windows and has been exploited against some of their users. "The exploit is triggered by a malicious message if you are the recipient (including joined chans). The attacker ran an automated script but also opened, or tried to open, a remote reverse shell," Bitmessage core developer Peter Šurda ex

Pavel Lerner , a prominent Russian blockchain expert and known managing director of one of the major crypto-exchanges EXMO, has allegedly been kidnapped by "unknown" criminals in the Ukranian capital of Kiev. According to Ukraine-based web publication Strana , Lerner, 40-year-old citizen of Russia, was kidnapped on December 26 when he was leaving his office in the center of town (located on the Stepan Bandera Avenue). Unknown kidnappers in dark clothes and balaclavas dragged Lerner in their black Mercedes-Benz Vito brand (state number AA 2063 MT) car and drove away in an unknown direction. The information comes from an anonymous source in Ukrainian law enforcement agencies, though multiple investigations are currently underway to find out why and by whom Lerner was kidnapped. Lerner is a recognized IT specialist in Ukraine who led a number of startups related to blockchain technology development and mining operations. Lerner is also the managing director of EXMO

Bitcoin is breaking every record—after gaining 20% jump last week, Bitcoin price just crossed the $14,800 mark in less than 24 hours—and there can be no better reason for hackers to put all of their efforts to steal skyrocketing cryptocurrency. NiceHash, the largest Bitcoin mining marketplace, has been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at the time of breach). And guess what? You'll be surprised to know that the stolen BTC now worth over $70 million—in less than 24 hours. Founded in 2014, NiceHash is a cloud-based crypto-mining marketplace that connects people from all over the world to rent out their spare computing power to other in order to create new coins. On Wednesday, several NiceHash users reported that their BTC wallets had been emptied, which was later confirmed by NiceHash after its service went offline claiming to be undergoing maintenance. At the time of writing, the NiceHash service is still offline wi

As of today — 1 Bitcoin = $7300 USD (Approx 471,000 INR) At the beginning of this year, 1 Bitcoin was approximately equal to $1000, and now it has surged to a new height, marking its market capitalization at over $124 billion. Is it really too late to invest in Bitcoin or other cryptocurrencies like Ethereum? For those wondering if they have missed the money-making boat, the answer is—NO, it's never too late to invest. In case you are new to cryptocurrency trading, we have a simple step-by-step guide on our deal store that explains how to invest in cryptocurrencies . However, the blockchain, the revolutionary technology behind Bitcoin and other digital currencies, is not always about cryptocurrencies. Though it is a decentralized public database which ensures that all transactions are properly conducted and recorded, Blockchains can be used for a wide variety of applications, such as for digital identity management, smart assets, digital voting, distributed cloud sto

A Greek court has approved the U.S. extradition of a 38-year-old Russian national accused of laundering more than $4 billion in bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking with the help of the now-defunct BTC-e exchange. Alexander Vinnik , an alleged operator of BTC-e—a digital currency exchange service that has been in operation since 2011 but seized by the authorities right after Vinnik's arrest in a beachside village in northern Greece in late July 2016 at the request of US law enforcement authorities. Since his arrest, Moscow has also requested Vinnik be returned home, as it has previously done with other Russian nationals wanted by the United States. However, the Greek court ruled Wednesday (4 October) to extradite Vinnik to the U.S., where he will face trial on the charges with the operation of an unlicensed money service business, money laundering, conspiracy to commit money laundering, and engaging in unlawful monetary transact

Researchers have been warning for years about critical issues with the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption used by cellular networks. Despite fixes being available for years, the global cellular networks have consistently been ignoring this serious issue, saying that the exploitation of the SS7 weaknesses requires significant technical and financial investment, so is a very low risk for people. However, earlier this year we saw a real-world attacks, hackers utilised this designing flaw in SS7 to drain victims' bank accounts by intercepting two-factor authentication code (one-time passcode, or OTP) sent by banks to their customers and redirecting it to themselves. If that incident wasn't enough for the global telecoms networks to consider fixing the flaws, white hat hackers from Positive Technologies now demonstrated how cybercriminals

China's central bank today announced an immediate ban on all ICO—Initial Coin Offering—fundraising, to prevent fraud and illegal fundraising. ICO is the hottest new thing in the blockchain world, which is an alternative to crowdfunding that lets a firm raise funding from multiple sources. The People's Bank of China (PBoC), the country's central bank and financial regulator, has issued an official notice on Monday, forbidding "all types of currency issuance financing activities" that have "seriously disrupted the economic and financial order." This PBoC's bold move has been backed by many other Chinese government administrators and regulators including the China Securities Regulatory Commission, China Insurance Regulatory Commission and the Ministry of Industry and Commerce, and China Banking Regulatory Commission. This move marks the end of an era of ICO fundraising in China. The regulator claims that ICOs are being misused for "

More Ethereum Stolen! An unknown hacker has so far stolen more than $471,000 worth of Ethereum—one of the most popular and increasingly valuable cryptocurrencies—in yet another Ethereum hack that hit the popular cryptocurrency investment platform, Enigma . According to an announcement made on their official website an hour ago, an "unknown entity" has managed to hack their website, slack account and email newsletter accounts, and uploaded a fake pre-sale page with a fake ETH address to send money. The hackers also spammed their fake address in Enigma's newsletter and slack accounts for pre-sale coins, tricking victims to send their cryptocurrencies to hacker's address. Etherscan, a popular search engine for the Ethereum Blockchain that allows users to look up, confirm and validate transactions easily, has already flagged the address as compromised, but people are still sending ETH to the fake address (given below). 0x29d7d1dd5b6f9c864d9db560d72a247c178ae86

A former the United States Secret Service agent who stole hundreds of thousands of dollars worth of Bitcoins during an investigation into then-largest underground marketplace Silk Road has now pleaded guilty to money laundering. Shaun W. Bridges is one of two former US undercover agents who pleaded guilty in 2015 to one count of money laundering and one count of obstruction and was sentenced in December same year to almost six years in prison for stealing over $800,000 in Bitcoin while investigating Silk Road. 35-years-old Bridges, who had been a Special Agent with the U.S. Secret Service for almost 6 years, along with his partner stole money from Silk Road accounts and framed someone else for the laundering, which even led the Silk Road founder Ross Ulbricht to plan a murder. Ulbricht was convicted in February 2015 of running the Silk Road underground black market and is now serving life in prison sentence . According to the Department of Justice, Bridges is believed to

The hacking group that recently hacked HBO has just dropped its second trove of documents, including a month emails of one of the company's executives, and a detailed script of the upcoming fifth episode of "Game of Thrones" Season 7, set to be aired on August 13. The latest release is the second leak from the hackers who claimed to have obtained around 1.5 terabytes of information from HBO, following the release of upcoming episodes of "Ballers" and "Room 104," and a script of the fourth episode of "Game of Thrones." With the release of another half-gigabyte sample of its stolen HBO data, the hacking group has finally demanded a ransom worth millions of dollars from the entertainment giant in order to prevent further leaks. The latest HBO data dump includes company's several internal documents, including emails, employment agreements, financial balance sheets, and marketing-strategy PDFs, along with the script of the yet-to-ai