Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of three security researchers who presented their research at a session at the 35c3 conference.”
The researchers demonstrated firmware, side-channel, microcontroller and supply-chain attacks that impact a range of wallets including Trezor One, Ledger Nano S, and Ledger Blue. Naturally, the manufacturers responded, claiming the research had holes and attacks were impractical and their hardware was safe to use. “The sad reality is there is just not a lot of security in cryptocurrency [development]. And that is painful to hear,” said one of the researchers.
Read more about the shortcomings of crypto wallet security on Threatpost.
According to the Cryptocurrency Anti-Money Laundering Report from Ciphertrace some $927 million has been stolen from cryptocurrency exchanges in the first three quarters of 2018 alone. That total will almost certainly have hit, if not smashed straight through, the $1 billion mark by now. So, who were the hackers behind the heists and how did they get away with it?
The how remains sadly predictable throughout the year; exploiting vulnerabilities in crypto wallet software and servers, social engineering / password compromises and insider theft. The who covers equally predictable territory with lone wolf criminal opportunists at the lower end of scale through to well-resourced nation-state actors at the other.
Read more about cryptocurrency theft in 2018 on Forbes.
Bitcoin, Ripple. Ethereum. Monero. BTC, XRP, ETH, and XMR. The names, the jargon, the stream of white papers that proclaim the infinite possibilities of the blockchain, the startups, token sales — also known as Initial Coin Offerings (ICOs) — all culminated in an explosion of interest in virtual currency at the end of 2017.
Unfortunately, the cryptocurrency market was rife with ICO fraud and exit scams last year, as well as with coin thefts from both wallets and exchanges. Little seems to have changed — except that attacks are becoming more novel and malware appears to be becoming a more prevalent threat.
Read about this year’s biggest cryptocurrency disasters and attacks on ZDNet.
Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment. The mass-scan campaign has been raging for at least a week, since December 3.
Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information. In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces.
Read more about the massive Ethereum hacking campaign on ZDNet.
A recently discovered malware dropper has the ability to use nearly a dozen decoy document file formats to drop various payloads, Palo Alto Networks security researchers warn. Dubbed CARROTBAT, the customized dropper is being used to deliver lures primarily pertaining to the Korean region, revolving around subjects such as crypto-currencies, crypto-currency exchanges, and political events.
To date, Palo Alto Networks identified 29 unique CARROTBAT samples, containing a total of 12 confirmed unique decoy documents. The dropper first emerged in March 2018, but most of its activity was observed over the past three months.
Read more about the CARROTBAT malware dropper on SecurityWeek.
Cryptojacking, the hijacking of PCs and systems for the purpose of stealing CPU power in order to covertly mine for cryptocurrency, is becoming a thorn in the side of individuals and businesses alike. One in three organizations have been targeted by cryptocurrency mining malware.
Researchers from Check Point said in a blog post that one form of cryptomining malware, known as KingMiner, first appeared in June this year and is now out in the wild as a new-and-improved variant. The malware generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. The miner is configured to use 75 percent of CPU capacity, but potentially due to coding errors, will actually utilize 100 percent of the CPU.
Read more about the newly discovered KingMiner malware on ZDNet.
Although the malicious code was discovered last week, researchers were able to determine its purpose recently, when they managed to decrypt and deobfuscate it.
A critical vulnerability in an Ethereum token made it possible for malicious actors to force cryptocurrency exchange desks to spend extremely high fees on transactions. Even worse, the attackers could abuse the bug for profit.
The flaw, discovered by a group of cryptocurrency researchers, resides in Ethereum-based cryptocurrency GasToken. It remains unclear precisely how many exchanges are potentially vulnerable to it, but the researchers have contacted a bulk of possibly affected platforms.
Read more about the critical vulnerability in GasToken on The Next Web.
A new, active campaign is using malware capable of dancing around traditional antivirus solutions in order to empty cryptocurrency wallets. The malware is being used in the DarkGate campaign, a previously undetected hacking operation uncovered this week by enSilo security researchers. According to the team, DarkGate is currently underway in Spain and France, targeting Microsoft Windows PCs by way of torrent files.
Torrent files are most commonly associated with pirated content, but the technology itself is not illegal. In this case, however, the infected .torrent files masquerade as pirated versions of popular television shows and films.
Read more about the malware used in the DarkGate campaign on ZDNet.
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first send a small amount of money to ‘verify their address’. The money in return never shows up and the attackers cash out.
Authenticity is a key factor in these scams. Accounts with verified status shown by a blue tick carry more of that. This week, criminals managed to compromise the official accounts of Google’s G Suite and Target and use these for Bitcoin giveaway scams.