#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

cryptocurrency | Breaking Cybersecurity News | The Hacker News

Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes

Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes

Jul 18, 2017
All it took was just 3 minutes and ' a simple trick ' for a hacker to steal more than $7 Million worth of Ethereum in a recent blow to the crypto currency market. The heist happened after an Israeli blockchain technology startup project for the trading of Ether, called CoinDash , launched an Initial Coin Offering (ICO), allowing investors to pay with Ethereum and send funds to token sale's smart contact address.. But within three minutes of the ICO launch, an unknown hacker stole more than $7 Million worth of Ether tokens by tricking CoinDash's investors into sending 43438.455 Ether to the wrong address owned by the attacker. How the Hacker did this? CoinDash's ICO posted an Ethereum address on its website for investors to pay with Ethereum and send funds. However, within a few minutes of the launch, CoinDash warned that its website had been hacked and the sending address was replaced by a fraudulent address, asking people not to send Ethereum to the pos
Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

Largest Cryptocurrency Exchange Hacked! Over $1 Million Worth Bitcoin and Ether Stolen

Jul 05, 2017
One of the world's largest Bitcoin and Ether cryptocurrencies exchanges Bithumb has recently been hacked, resulting in loss of more than $1 Million in cryptocurrencies after a number of its user accounts compromised. Bithumb is South Korea's largest cryptocurrency exchange with 20% of global ether trades, and roughly 10% of the global bitcoin trade is exchanged for South Korea's currency, the Won. Bithumb is currently the fourth largest Bitcoin exchange and the biggest Ethereum exchange in the world. Last week, a cyber attack on the cryptocurrency exchange giant resulted in a number of user accounts being compromised, and billions of South Korean Won were stolen from customers accounts. Around 10 Million Won worth of bitcoins were allegedly stolen from a single victim's account, according to the Kyunghyang Shinmun, a major local newspaper. A survey of users who lost cryptocurrencies in the cyber attack reveals " it is estimated that hundreds of mill
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems

Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems

Jun 10, 2017
Remember SambaCry ? Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the SambaCry vulnerability (CVE-2017-7494) and how it works, you can read our previous article . At that time, nearly 485,000 Samba-enabled computers were found to be exposed on the Internet, and researchers predicted that the SambaCry-based attacks also have potential to spread just like WannaCry ransomware widely. The prediction came out to be quite accurate, as honeypots set up by the team of researchers from Kaspersky Lab have captured a malware campaign that is exploiting SambaCry vulnerability to infect Linux computers with cryptocurrency mining software. Another security researcher, Omri Ben Bassat‏, independently discovered  the same campaign and named it "EternalMiner
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit

Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit

May 16, 2017
A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks. According to Kafeine, a security researcher at Proofpoint , another group of cyber criminals was using the same EternalBlue exploit , created by the NSA and dumped last month by the Shadow Brokers, to infect hundreds of thousands of computers worldwide with a cryptocurrency mining malware called ' Adylkuzz .' This malicious campaign went unnoticed for weeks because unlike WannaCry , this malware does not install ransomware or notify victims, but instead, it quietly infects unpatched computers with malware that only mine ' Monero ,' a Bitcoin-like cryptocurrency. This Malware Saves Computers From Getting Hacked By WannaCry The Researcher believes Adylkuzz malware attack could be larger in scale than WannaCry ransomware attack because it has been designed to blo
An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies

An Army of Thousands of Hacked Servers Found Mining Cryptocurrencies

May 05, 2017
A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month. Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy money-making solution. Dubbed BondNet, the botnet was first spotted in December 2016 by GuardiCore researchers, who traced back the botnet malware developer, using online handle Bond007.01, to China. According to the GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies — primarily Monero, but also ByteCoin, RieCoin, and ZCash — but they warn that the hacker could easily take full control of compromised servers for malicious purposes, like mounting Mirai-style DDoS attacks. BondNet Attacks only Windows Server Machines Since mining cryptocurrencies require large amounts of CPU/GPU power, the botnet master goes after Windows Server machin
A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

Feb 18, 2017
Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But this time a typo in the Zerocoin source code costs the company more than $585,000 in losses. Zerocoin cryptocurrency protocol is designed to add true cryptographic anonymity to Zcoin transactions that take full advantage of "Zero-Knowledge proofs" to ensure the complete financial privacy of users. Zcoin announced Friday that " a typographical error on a single additional character " in the Zerocoin source code helped an attacker to steal 370,000 Zerocoin, which is over $585,000 at today's price. "We estimate the attacker has created about 370,000 Zcoins which has been almost completely sold except for about 20,000+ Zcoin and absorbed on
Malicious Cryptocurrency Mining tool turns Computers into Zcash Mining Machines

Malicious Cryptocurrency Mining tool turns Computers into Zcash Mining Machines

Dec 13, 2016
Since its launch over a month ago, new virtual currency Zcash (ZEC) has become a significant way for cybercrooks to make money by infecting computers with software mining program. Launched in late October, Zcash (ZEC) is a new cryptocurrency currency that claims to be more anonymous than Bitcoin, as the sender, recipient and value of transactions can be hidden. With this premise, Zcash attracted significant interest from academics, investors, miners, and cyber criminals. Within the first few hours of its launch, 1 ZEC reached $30,000, a relatively high value any cryptocurrency ever had. At the time of writing, 1 ZEC is worth 0.06 BTC or around $49. However, according to a blog post published on Monday by Kaspersky Lab, cyber criminals have already started deploying malware that installs on and infects the computers of unsuspecting users and then uses their resources to mine Zcash for the hacker's profit. You Might have Zcash Mining Malware on Your PC! The actual s
DDoSCoin — New Crypto-Currency Pays Users for Participating in DDoS Attacks

DDoSCoin — New Crypto-Currency Pays Users for Participating in DDoS Attacks

Aug 14, 2016
It's 2016, and now, you can earn some dollars by contributing into well-organized DDoS attack scheme. Do you know while mining Bitcoins you are actually contributing a significant computational power to keep the Bitcoin network running? In Bitcoins, the miners actually build and maintain massive public ledger containing a record of every Bitcoin transaction in history. When one user tries to send Bitcoins to another user, the miners validate the transfer by checking the ledger to make sure the sender is not transferring money he/she does not have, adding the transaction to the ledger and then finally sealing it behind layers and layers of computational work to protect that ledger from getting compromised or hacked. So for this, miners are rewarded with Bitcoins. So, basically, you are contributing the massive amount of computing power that keeps the Bitcoin transactions running and makes you earn some cryptocurrency in return as an incentive. However, Bitcoin has long be
Bitcoin Price Drops 20% After $72 Million in Bitcoin Stolen from Bitfinex Exchange

Bitcoin Price Drops 20% After $72 Million in Bitcoin Stolen from Bitfinex Exchange

Aug 03, 2016
Yet another blow to Bitcoin: One of the world's most popular exchanges of the cryptocurrency has suffered a major hack, leading to a loss of around $72 Million worth of Bitcoins. Hong Kong-based Bitcoin exchange ' Bitfinex ' has posted a note on their website announcing the shutdown of its operation after discovering a security breach that allowed an attacker to steal some user funds. While the company did not mention a total amount lost in the breach, one of their employees — Bitfinex community director Zane Tackett — confirmed on Reddit that the total amount stolen was 119,756 bitcoins — worth up to $72 Million in cash. The cause of the security breach and the hacker behind the incident is still unclear, but the attackers appear to have mysteriously bypassed Bitfinex's mandated limits on withdrawals. "The theft is being reported to — and we are co-operating with — law enforcement," Bitfinex statement reads. "We will look at various options to
Corrupt Federal Agent charged in Silk Road theft accused of stealing another $700,000

Corrupt Federal Agent charged in Silk Road theft accused of stealing another $700,000

Jul 04, 2016
A former United States undercover agent who stole hundreds of thousands of dollars worth of Bitcoins during an investigation into the underground drug marketplace Silk Road is now suspected of stealing even more of the cryptocurrency from two other cases. Shaun Bridges is one of two former US agents who pleaded guilty last year and was sentenced in December to almost six years in prison for stealing over $800,000 in Bitcoin while investigating the Darknet marketplace. Bridges and his partner stole money from Silk Road accounts and framed someone else for it, which lead the Silk Road chief Ross Ulbricht to plan a murder. Ulbricht is now serving life in prison sentence . Ulbricht was convicted in February 2015 of running the underground black market . According to court filings unsealed on Thursday, Bridges is believed to have stolen additional funds from a Secret Service account on two different occasions months after he was initially charged. Bridges and 46-year-old fo
Hackers claim ISIS Militants linked to Paris Attacks had a Bitcoin Wallet worth $3 Million

Hackers claim ISIS Militants linked to Paris Attacks had a Bitcoin Wallet worth $3 Million

Nov 16, 2015
The world watched in horror as coordinate attacks in Paris Friday night killed more than 130 people and  left over 352 injured. Over 20 attackers have so far been part of the terrorist cell that planned the deadly Paris attacks, with seven suicide bombers dead, seven attackers under arrest and a total of six people on the run. Also Read:  NO, We Can't Blame Edward Snowden and Encryption for Terror Attacks . The attacks were carried out by Islamic State (ISIS) , who later claimed responsibility for targeting innocent people at 'soft' locations that lack police or military protection, including Bataclan concert venue where at least 89 people lost their lives. Following the bloody terror attacks, the hacktivist collective Anonymous declared war on the Islamic State ( IS, formerly ISIS/ISIL ) saying, " We will launch the biggest operation ever against you. " But the Question here is: From Where did the terrorist cell that planned the brutal terrorist attacks i
Silk Road Reloaded Switches from Tor to I2P Anonymous Network

Silk Road Reloaded Switches from Tor to I2P Anonymous Network

Jan 13, 2015
Multiple successors of the original Silk Road have come and all have been taken offline in recent years, but aside from selling illegal goods and services, they all have had one thing in common – they've all relied on the Tor network. A new version of the anonymous online black market Silk Road, has re-appeared on the dark web, but this time the website doesn't rely on the now infamous Tor network and neither it deals in only Bitcoins. The new version of the notorious online black market, dubbed " Silk Road Reload​ed ", launched Sunday on the little-known " I2P " anonymous network, dealing with a range of cryptocurrencies including the meme-inspired Dogecoin. In short, apart from the name, there is no connection between the original Silk Road website and the newly launched Silk Road Reloaded . Silk Road Reloaded is only accessible by downloading the special software called I2P (Invisible Internet Project) , or by configuring your systems
Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Malicious Chrome Extension Hijacks CryptoCurrencies and Wallets

Apr 25, 2014
Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently. The malicious Chrome browser extension dubbed as ' Cryptsy Dogecoin (DOGE) Live Ticker ' which is available on Chrome Web store for free downloads and developed by " TheTrollBox " account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions. HOW CHROME EXTENSION STEALS CRYPTOCURRENCY It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users' web activity and looks for those users who go to Cryptocurrency exchange sites s
Android Malware found on Google Play Store mines Cryptocurrencies

Android Malware found on Google Play Store mines Cryptocurrencies

Mar 28, 2014
Cyber criminals are more business-minded than you might expect. As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Security researchers at Lookout Mobile Security discovered that various apps uploaded to Google Play Store containing hidden Coinkrypt android malware, that can turn your mobile device into crypto-currency miners. As we know, coin mining is the key component for digital currencies, so the malware uses a botnet of infected Android Smartphones to mine for currency. Such malware does not steal data. Instead, they are capable of mining Bitcoin , Litecoin and Dogecoin using the victim's device. " Mining can be incredibly resource-intensive and, if allowed to run without any limits, could potentially damage hardware by causing it to overheat and even burn out. " researchers said. The Antivirus firm Trend Micro also spotted two apps named - ' Song
Cybersecurity Resources