#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

NFT | Breaking Cybersecurity News | The Hacker News

Category — NFT
FBI Alert: Crypto Scammers are Masquerading as NFT Developers

FBI Alert: Crypto Scammers are Masquerading as NFT Developers

Aug 07, 2023 Cyber Crime / Cryptocurrency
The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI  said  in an advisory last week. The replica websites urge potential targets to connect their cryptocurrency wallets and purchase the NFT, only for the threat actors to siphon the funds and NFTs to wallets under their control. "Contents stolen from victims' wallets are often processed through a ser...
Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

Apr 25, 2022
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that are stored in the browser's local storage," Israeli cybersecurity company Check Point said in a report shared with The Hacker News. "In other words, attackers could gain full control over the victim's wallets." Ever Surf  is a cryptocurrency wallet for the Everscale (formerly FreeTON) blockchain that also doubles up as a cross-platform messenger and allows users to access decentralized apps as well as send and receive non-fungible tokens (NFTs). It's said to have an  estimated  669,700 accounts across the world. By means of different attack vectors like malicious browser extensions or phishing links, the flaw makes it possible to obtain a wallet's encr...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

Apr 01, 2022
The North Korean state-backed hacking crew, otherwise known as the  Lazarus Group , has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host. Russian cybersecurity firm Kaspersky  said  it first encountered the rogue application in mid-December 2021. The infection scheme initiated by the app also results in the deployment of the installer for a legitimate application, which gets overwritten with a trojanized version in an effort to cover its tracks. That said, the initial access avenue is unclear, although it's suspected to be a case of social engineering. The spawned malware, which masquerades as Google's Chrome web browser, subsequ...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace

Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace

Feb 22, 2022
Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a  phishing attack  against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. NFTs , short for non-fungible tokens, are digital tokens that act like certificates of authenticity for, and in some cases represent ownership of, assets that range from expensive illustrations to collectibles and physical goods. The opportunistic social engineering scam  swindled the users  by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go. "By signing the transaction, an atomicMatch_ request would be sent to the attacker contract," Check Point researchers  explained . "From there, the atomicMatch_ would be forwarded to the OpenSea contract," leadi...
Expert Insights / Articles Videos
Cybersecurity Resources