#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Bitcoin | Breaking Cybersecurity News | The Hacker News

Category — Bitcoin
FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People

FBI Seizes 'SSNDOB' ID Theft Service for Selling Personal Info of 24 Million People

Jun 08, 2022
An illicit online marketplace known as SSNDOB was taken down in operation led by U.S. law enforcement agencies, the Department of Justice (DoJ) announced Tuesday. SSNDOB trafficked in personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S., generating its operators $19 million in sales revenue. The action saw the seizure of several domains associated with the marketplace — ssndob.ws, ssndob.vip, ssndob.club, and blackjob.biz — in cooperation with authorities from Cyprus and Latvia. According to blockchain analytics firm  Chainalysis , SSNDOB's Bitcoin payment processing system has received nearly $22 million worth of Bitcoin across over 100,000 transactions since April 2015. Furthermore, bitcoin transfers to the tune of more than $100,000 have been unearthed between SSNDOB and  Joker's Stash , another darknet market that specialized in stolen credit card information and voluntarily ...
Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Germany Shuts Down Russian Hydra Darknet Market; Seizes $25 Million in Bitcoin

Apr 05, 2022
Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), on Tuesday announced the official takedown of Hydra, the world's largest illegal dark web marketplace that has cumulatively facilitated over $5 billion in Bitcoin transactions to date. "Bitcoins amounting to currently the equivalent of approximately €23 million were seized, which are attributed to the marketplace," the BKA said in a press release. Blockchain analytics firm Elliptic confirmed that the seizure occurred on April 5, 2022 in a series of 88 transactions totaling 543.3 BTC. The agency attributed the shutdown of Hydra to an extensive investigation operation conducted by its Central Office for Combating Cybercrime (ZIT) in partnership with U.S. law enforcement authorities that it said had been underway since August 2021. Launched in 2015, Hydra was a Russian-language darknet marketplace that opened as a competitor to the now-defunct Russian Anonymous Marketplace (aka RAMP), primarily...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

Feb 15, 2022
A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot , first detected in 2018, is known to  feature  an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems. Chief among its methods to evade detection and stay under the radar included a delay of 14 days before accessing its command-and-control servers and the facility to execute malicious binaries directly from memory. MyloBot also leverages a technique called  process hollowing , wherein the attack code is injected into a suspended and hollowed process in order to circumvent process-based defenses. This is achieved by unmapping the memory allocated to the live process and replacing it with the arbitrary code to be executed, in this case a decod...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

Feb 09, 2022
The U.S. Justice Department (DoJ) on Tuesday  announced  the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the  hack  of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, are alleged to have "stolen funds through a labyrinth of cryptocurrency transactions," with the law enforcement getting hold of over $3.6 billion in cryptocurrency by following the money trails, resulting in the "largest financial seizure ever." Prosecutors charged the couple not for the hack itself, but rather for receiving the stolen bitcoin into a digital wallet under their ownership, a part of which was laundered to conceal the activities and the movement of the money. In 2019, Israeli authorities apprehended two brothers, Eli and Assaf Gigi, over their supposed involvement in the 2016 security breach. "Bitfinex will work with the Do...
Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers

Google Disrupts Blockchain-based Glupteba Botnet; Sues Russian Hackers

Dec 08, 2021
Google on Tuesday said it took steps to disrupt the operations of a sophisticated "multi-component" botnet called Glupteba that approximately infected more than one million Windows computers across the globe and stored its command-and-control server addresses on Bitcoin's blockchain as a resilience mechanism. As part of the efforts, Google's Threat Analysis Group (TAG) said it partnered with the CyberCrime Investigation Group over the past year to terminate around 63 million Google Docs that were observed to have distributed the malware, alongside 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts that were associated with its distribution. Google TAG further said it worked with internet infrastructure providers and hosting providers, such as Cloudflare, to dismantle the malware by taking down servers and placing interstitial warning pages in front of the malicious domains. In tandem, the internet giant also announced a lawsuit against two Russ...
Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices

Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices

Dec 08, 2021
Network-attached storage (NAS) appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CPU usage becomes unusually high where a process named '[oom_reaper]' could occupy around 50% of the total CPU usage," the Taiwanese company  said  in an alert. "This process mimics a kernel process but its [process identifier] is usually greater than 1000." QNAP said it's currently investigating the infections, but did not share more information on the initial access vector that's being used to compromise the NAS devices. Affected users can remove the malware by restarting the appliances. In the interim, the company is recommending that users update their QTS (and QuTS Hero) operating systems to the latest version, enforce strong passwords for administr...
US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs

Sep 22, 2021
The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department  said  in a press release. "Analysis of known SUEX transactions shows that over 40% of SUEX's known transaction history is associated with illicit actors. SUEX is being designated pursuant to  Executive Order 13694 , as amended, for providing material support to the threat posed by criminal ransomware actors." According to blockchain analytics firm  Chainalysis , SUEX is legally registered in the Czech Republic and operates out of office...
Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Aug 11, 2021
Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. Gox in recent years. Poly Network, a China-based cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin and Ethereum, on Tuesday  disclosed  unidentified actors had exploited a vulnerability in its system to plunder thousands of digital tokens such as Ether. "The hacker exploited a vulnerability between contract calls," Poly Network said.  The stolen Binance Chain, Ethereum, and Polygon assets are said to have been transferred to three different wallets, with the company urging miners of affected blockchain and centralized crypto exchanges to blocklist tokens coming from the addresses. The three wallet addresses are as follows -  Ethereum: 0xC8a6...
Users Can Be Just As Dangerous As Hackers

Users Can Be Just As Dangerous As Hackers

Aug 09, 2021
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of ...
Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

Jul 22, 2021
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor , 22, has been  charged  with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish National Police made the arrest pursuant to a U.S. warrant. Besides his role in the Twitter hack, O'Connor is also charged with computer intrusions related to takeovers of TikTok and Snapchat user accounts and cyberstalking an unnamed juvenile victim. The  great Twitter hack  of July 15, 2020, emerged as one of the biggest security lapses in the social media platform's history after O'Connor, along with  Mason Sheppard, Nima Fazeli, and Graham Ivan Clark , managed to gain access to Twitter's internal tools, abusing it to breach the accounts of politicians, celebr...
U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers

U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers

Jun 08, 2021
In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The  ransomware attack  also hobbled the pipeline company's fuel supply, prompting the government to issue an  emergency declaration , even as the company shelled out a ransom amount of approximately  75 bitcoins  ($4.4 million as of May 8) to regain access to its systems. A week after the highly publicized incident, the ransomware-as-a-service syndicate disbanded with a May 14 farewell message to affiliates, stating that its internet servers and cryptocurrency stash were  seized  by unknown law enforcement entities. While DarkSide's announcement was perceived as an exit scam, the latest move from DoJ confirms earlier speculations of law enforcement involvem...
U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

May 17, 2021
Just as Colonial Pipeline  restored  all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network (CDN) servers, have gone dark and remain inaccessible as of writing. In addition, the funds from their cryptocurrency wallets were allegedly exfiltrated to an unknown account, according to a note passed by DarkSide operators to its affiliates. "At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked," the  announcement  obtained by Intel 471 read. The development comes as DarkSide closed its Ransomware-as-a-Service (RaaS) affiliate program for good "due to the pressure from the U.S.", with the group stating th...
Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

Sep 10, 2020
Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital Asset Exchange. Based in Bratislava, Slovakia, and launched in 2019, Eterbase is a small cryptocurrency exchange platform that focuses on crypto to SEPA integration (via individual IBAN accounts), multi-asset support, and regulatory compliance. On Monday night, malicious threat actors managed to raid six Eterbase's hot wallets for Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON and transferred the funds into their wallets managed at six rival crypto exchanges, Eterbase reported on its Telegram channel on Tuesday. According to a tweet posted by the affected exchange, Eterbase t...
Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor

Aug 26, 2019
As suspected, the KYC details of thousands of Binance's customers that hackers obtained and leaked online earlier this month came from the company's third-party vendor, Malta-based cryptocurrency exchange Binance confirmed. For those unaware, Binance, the world's largest cryptocurrency exchange by volume, hit by a " Potential KYC leak " earlier this month, with an unknown hacker distributing the Know Your Customer (KYC) images of hundreds of its users online and to media outlets. Before leaking the KYC images online, the alleged hacker threatened the exchange to release KYC data of its 10,000 customers if the company did not pay 300 Bitcoins—equivalent to over $3 million at today's exchange value. While Binance CEO Changpeng Zhao called the incident a fud (fear, uncertainty, doubt), the exchange recently confirmed that some of the leaked images match actual accounts though others show evidence of manipulation. According to an official blog post , t...
Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Jun 06, 2019
Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its customers' funds. The company hacked its customers and unauthorisedly transferred nearly 8 million KMD and 96 Bitcoins from their cryptocurrency wallets to a new address owned by the company. Why? To secure funds of its customers from hackers. This may sound weird, but it's true. Komodo recently learned about a malicious open source, third-party JavaScript library that the company was using in its Agama Wallet app. The library, named "electron-native-notify," two months ago received a update from its anonymous author who included a secret backdoo...
Cryptocurrency Hacks Still Growing — What Does That Mean for the Industry?

Cryptocurrency Hacks Still Growing — What Does That Mean for the Industry?

May 14, 2019
Though once synonymous with underground networks and black hat hackers, bitcoin and other cryptocurrencies have gone mainstream over the past two years. In 2017, we saw the skyrocket of bitcoin to an all-time high of close to $20,000 followed by a significant decline the following year. But beyond the ups and downs in the market for the world's largest cryptocurrency is a much more sinister story revolving around cyber-attacks of the economy's newest asset class. In 2018, it estimated that as much as $1.7 billion worth of cryptocurrencies were swindled away from investors (likely more) through a variety of means. Whether accomplished through hacking, phishing, or other forms of scamming, it's clear that the crypto industry is facing a serious dilemma with security. For a technological movement based on decentralization and the advantages it offers for security, the number of breaches occurring is startling. Cryptocurrencies offer users a way to send money with...
Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

May 08, 2019
Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing. News of the hack comes just hours after Zhao tweeted that Binance has "to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours." According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that's connected to the Internet), which contained about 2% of the company's total BTC holdings, and withdraw stolen Bitcoins ...
Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password

Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password

Feb 04, 2019
QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million (nearly USD 145 million) worth of cryptocurrency after the exchange lost access to its cold (offline) storage wallets. Reason? Unfortunately, the only person with access to the company's offline wallet, founder of the cryptocurrency exchange, is dead. Following the sudden death of Gerry Cotten , founder and chief executive officer QuadrigaCX, the Canadian exchange this week filed for legal protection from creditors in the Nova Scotia Supreme Court until it locates and secures access to the lost funds. In a sworn affidavit filed by Cotten's widow Jennifer Robertson and obtained by Coindesk , Robertson said QuadrigaCX owes its customers some CAD 260 million (USD 198 Million) in both cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, and Ethereum, as well as fiat money. However, Robertson said the cryptocurrency exchange only has smaller amount in a 'hot wallet' (U...
StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Nov 08, 2018
Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websites that were bundled with the traffic tracking code from the leading web analytics platform StatCounter . However, after analyzing the code, the researchers found that hackers managed to compromise StatCounter and successfully replaced its tracking script with malicious JavaScript code primarily designed to target customers of the Gate.io cryptocurrency exchange. Like Google Analytics, StatCounter is also an old, but popular real-time web analytics platform reportedly being used by more than two million websites and generates stats on over 10 billion page views per month. Here's How Hackers Tried to Steal Bitcoins from Crypto Exchange Though the malicious code was also inject...
Expert Insights / Articles Videos
Cybersecurity Resources