Category Archives: hacker

Auto Added by WPeMatico

Compromised Traffic Counter Features in New Kind of Exchange Hack

In a new type of hack, malicious code was injected into a website traffic analysis app called StatCounter in order to steal Bitcoins from Gate.io users. Gate.io currently has a daily trading volume in excess of USD 20 million, but was near USD 35 million before the information about this hack was published. That being said, it appears Gate.io and StatCounter have been fixed and are safe to use at this point.

StatCounter is one of the more popular website traffic analysis tools, with 2 million websites and 10 billion pages analyzed per month. Websites that use StatCounter place a snippet of java code on their web pages. Hackers exploited this piece of code and injected their own malicious code, placing all 2 million websites that use StatCounter at risk.

The malicious code checks for ‘myaccount/withdraw/BTC’ in the URL; if it finds this then it downloads another piece of malicious code from statconuter.com, which is spelled very similar to statcounter.com to avoid detection. The only website that has this URL out of all 2 million StatCounter websites is Gate.io, making it clear this hack was aimed at the exchange.

This second piece of code replaces the destination Bitcoin address chosen by Gate.io users with the Bitcoin address of the hacker at the moment they submit an external Bitcoin transfer. Further, the malicious code increases the send to the daily withdrawal limit for the user, depending on how much Bitcoin is in their account.

This made the losses from this hack very hard to track since as far as Gate.io was concerned, they sent the Bitcoin to an external address as usual; only the user would know that they did not receive their Bitcoins. As the hackers changed their Bitcoin address every time a user hit submit, there is no central Bitcoin address that can be viewed to see the total losses.

This is the latest evidence to show that hackers are becoming more sophisticated and creative, developing new ways to hack cryptocurrency exchanges.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: pixabay

The post Compromised Traffic Counter Features in New Kind of Exchange Hack appeared first on BitcoinNews.com.

Bitmain Sues Unknown Hacker Who Stole 617 Bitcoins via MANA Market Manipulation

Bitmain is suing ‘John Doe’, an unknown hacker who gained access to Bitmain’s Binance account on 22 April 2018. Ultimately 617 bitcoins worth USD 5.5 million were stolen from Bitmain, the largest cryptocurrency mining firm on the planet.

The scheme the hacker used to steal the bitcoins was unique. Instead of directly withdrawing cryptocurrency from Bitmain’s account, likely impossible due to some sort of 2FA requirement, the hacker manipulated the MANA market to steal Bitmain’s bitcoins. MANA is the native cryptocurrency of decentraland, and its trading volume of only USD 10 million per day on average makes it an easy target for market manipulation.

After the hacker gained access to Bitmain’s bitcoins and ether, they placed large buy orders for MANA. This caused a rally in daily trading volume from USD 10 million to over USD 100 million. Part of this price rise can be explained by other traders thinking this was a legitimate MANA rally and jumping in. Globally, MANA’s average price jumped from USD 0.12 to USD 0.23 during the hack, an impressive 90% rise. On Binance, the price rise was even more drastic, with a peak price of USD 0.34, a 180% increase.

The hacker likely had a large amount of MANA on hand before the hack, and they filled Bitmain’s overpriced MANA buy orders. Then the hacker placed orders to buy Mana at prices far below the market value and used the Bitmain wallet to match these orders. The combination of these mechanisms drained USD 5.5 million of bitcoin from Bitmain’s wallet in a single day, without directly withdrawing cryptocurrency from Bitmain’s wallet.

After the bitcoins were siphoned into the hackers wallet, the hacker proceeded to trade for other cryptocurrencies and withdraw funds. Some of these funds were withdrawn to Bittrex and other unnamed cryptocurrency exchanges. Essentially, the hacker mixed the coins to obfuscate the trail.

Bitmain is suing the hacker for unauthorized access, computer trespass in the 2nd degree, electronic data theft, the USD 5.5 million of stolen cryptocurrency, and attorney fees. A key part of this lawsuit will involve subpoenas to obtain information from Binance and Bittrex, in order to gain enough information to identify the hacker and proceed with the criminal case.

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Bitmain Sues Unknown Hacker Who Stole 617 Bitcoins via MANA Market Manipulation appeared first on BitcoinNews.com.

Sim Swapping Victims Sue T-Mobile and AT&T

The Silver Miller law firm, which has been on the forefront of cryptocurrency lawsuits including the class action lawsuit against YouTube regarding BitConnect, is suing the major cell service providers AT&T and T-Mobile over their roles in facilitating sim swapping.

In August 2018 it came to light that a crime ring led by Joel Ortiz had stolen USD 5 million in cryptocurrency from over 40 victims. BitcoinNews correctly speculated at the time that the mobile carriers may be liable for the damages since ultimately they were the ones who handed over control of victim’s sim cards to the hackers.

Silver Miller asserts that T-Mobile and AT&T had holes in their security protocols and did not properly train employees, resulting in employees giving control of sim cards to thieves. Once the hackers had control over a sim card they could access financial information, allowing them to drain cryptocurrency wallets, as well as credit cards and bank accounts.

One of the clients Silver Miller is representing lost USD 621,000, and that was after AT&T supposedly increased account security after an attempted hack on the client. There are 2 clients using T-Mobile who lost USD 400,000 and USD 250,000 respectively.

Essentially, a hacker can plea for assistance with customer support, tricking the customer support into not following proper identification protocols, resulting in the loss of a client’s life savings. Silver Miller is considering additional sim swapping lawsuits against Verizon, Sprint PCS, Cricket Wireless, Boost Mobile, Virgin Mobile, and Metro PCS. The goal is to restore the client’s life savings and improve the policies of cell phone carriers to prevent further sim swapping.

It could be argued that cryptocurrency thefts via sim swapping would not happen if the victims properly stored their cryptocurrency. Bitcoin private keys, especially for large amounts of money, should only be stored in core wallets and not on mobile wallets.

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Sim Swapping Victims Sue T-Mobile and AT&T appeared first on BitcoinNews.com.

Live Stream of 51% Attack Shows Fragile Nature of Many Altcoins

A hacker that operates under the pseudonym Geocold promised to conduct a live stream of a 51% attack on an altcoin, and on 13 October 2018, he made an attempt to 51% attack Bitcoin Private. He was successful at gaining a majority of hashing power, and the only reason he didn’t complete the attack was the live stream platforms he was using, Twitch and stream.me, both shutdown his stream.

A 51% attack is one of the greatest weaknesses of cryptocurrency, and it arises out of the inherently decentralized nature of proof of work (PoW) cryptocurrencies. If a miner has greater than 50% of the network hash rate they can mine blocks faster than the rest of the network combined, giving them the ability to fork the blockchain. This can be used to perform a double spend attack, where a hacker sends a transaction to someone on the original chain, and then creates a longer chain where the transaction doesn’t exist, making the transaction disappear.

Bitcoin and Ethereum have far too much hashing power for any real possibility of a 51% attack, however, many smaller cryptos have small enough hash rates where 51% attacks are a real threat. Some cryptos, like Bitcoin Private, have such small hash rates that a 51% attack is very easy. A study found that less than USD 1,000 is needed to 51% attack many cryptos, just by renting hash power from a cloud mining service.

Bitcoin Gold and Verge have already experienced 51% attacks, and the results are crippling. Beyond the money stolen during a double spend, a 51% attack decimates any reputation and trustworthiness held by that crypto. If a crypto is 51% attacked it is usually removed from all exchanges and users dump all their coins.

In this case, Geocold originally said he was going to 51% attack Einsteinium, a crypto with a USD 20 million market cap. However, he gave a week of advanced warning and the Einsteinium community increased the network hash rate by 15 fold, making a 51% attack too costly. Geocold then began live streaming the first stages of a 51% attack on Bitcoin Private, a crypto with a USD 51 million market cap.

With only USD 200 of hash power rented from a cloud mining service, Geocold obtained 62.5% of the Bitcoin Private network hash rate and mined a single block. Other hackers found Geocold’s IP address and knocked him off the Bitcoin Private mining pool before he could fork, and by the time he got his hash power back online, his Twitch live streaming account was banned.

In the 2nd phase of the attack Geocold was successful in mining numerous blocks and was about to fork the blockchain which would have been devastating for Bitcoin Private, but his live streaming account on stream.me was banned. He decided to stop the attack, and plans to do a 51% attack in the future on an altcoin and simply post the video on YouTube once it’s already done.

This incident reveals that crypto users need to be very wary when playing around with altcoins since it takes just one bad actor to 51% attack an altcoin, which would collapse its price. Crypto users should stick to major cryptos like Bitcoin and Ethereum, which are secure. There may be over 2,000 cryptos listed on CoinMarketCap, but far less than that are actually secure in the face of a 51% attack.

Follow BitcoinNews.com on Twitter: @BitcoinNewsCom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Live Stream of 51% Attack Shows Fragile Nature of Many Altcoins appeared first on BitcoinNews.com.

Crypto Investor Sues AT&T for $224M After Phone Hack Losses

A cryptocurrency investor in the US has filed a lawsuit against his cell phone service provider AT&T on the grounds of gross security negligence that lead to his personal loss of USD 24 million in crypto.

The plaintiff, California resident Michael Terpin, filed a 69-page complaint with the US District Court in Los Angeles on Wednesday alleging that AT&T not only violated its statutory duties and Privacy Policy commitments but went so far as to willingly cooperate with the phone hacker. Terpin claimed that he was victim to digital identity theft two times in seven months when his digital assets were taken via his cell phone number.

Suspicious circumstances were cited by Terpin regarding the actions of at least one AT&T employee. He alleged that ”insider cooperation with the hacker” took place after a store employee offered out his phone number without verifying the person’s identity or requesting any of his private information. Terpin’s complaint details that his number was then used to break into his cryptocurrency accounts and compares the incident to a hotel providing a thief with a fake ID the key to a room and the safe to steal from the rightful owner.

The legal complaint seeks from AT&T USD 200 million in punitive damage and USD 24 million in compensatory damages.

AT&T responded to the accusations, providing CNBC with a statement reading: “We dispute these allegations and look forward to presenting our case in court.”

Terpin may well have been considered a profitable target by potential thieves due to his work in the cryptocurrency industry. In 2013, he co-founded Bitcoin angel investor group BitAngels, as well as the BitAngels/Dapps Fund.

The cryptocurrency community has recently placed a significant focus on increased security as imperative for increasing adoption levels and seeing market prices recover from a relatively poor performance this year, although in this instance it appears to be only AT&T at fault.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Crypto Investor Sues AT&T for $224M After Phone Hack Losses appeared first on BitcoinNews.com.

Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs

Cryptocurrency hedge fund manager Spencer Bogart has weighed in on Bitcoin price speculation, saying he is waiting for any positive trigger to push the price of Bitcoin up.Featuring on CNBC’s Fast Money, Bogart shared that he has been encouraged by Bitcoin’s recent upward trend, believing that this will continue. He added that he thinks the pullback momentum has passed and he is now waiting for any catalyst to send it to new price highs. Bogart cited several possibilities for this including the current global currency and trade wars.

Foreseeing the US Securities and Exchange Commission’s (SEC) rejection of the Bitcoin exchange-traded fund (ETF), he noted that 2019 may be a more realistic time frame for this to happen. Despite this, Bogart sees several other vehicles already available for retail and institutional investors to enter the market, pointing out Coinbase’s exposure of retail companies, and firms such as Bitwise Asset Management’s outreach to institutional investors.

While naysayers may query specific price forecasts, predicting market swings is essential for investors looking to maximize profits.

Bitcoin has not surpassed USD 8,000 since May this year before it fell back to approximately USD 6,000. While many pundits have shared their expectations and predictions during this most recent upswing, Bitcoin’s valuation is still far from its top price of nearly USD 20,000 in December last year.

Calls for increased security

With many spectators such as Bogart sharing their price rise expectations, another rally is suspected to attract such bad actors as it did in 2017 when the number of hacks on cryptocurrency exchanges and sited increased sharply. While this is not surprising as the potential profits increase substantially for attackers, there has been a call for all investors to prioritize their security.

There is nothing to stop hackers from trying, but so long as investors and cryptocurrency service providers practice due diligence the majority of such attacks can be prevented, and it is indeed important to do so for the reputation of the industry.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Spencer Bogart: Bitcoin Waiting for Trigger to Hit New Highs appeared first on BitcoinNews.com.

Samsung Claims Smartphones Provide Best Security for Crypto

Multinational tech conglomerate Samsung has argued that smartphones can provide the best security for cryptocurrency holdings because of the combined efficiency of apps and the presence of the trusted execution environment (TEE).

Cryptocurrency wallet apps like Blockchain and Jaxx are a convenient and popular way to transfer, send and store assets on a smartphone. What Joel Snyder, a senior IT consultant and a contributor to Samsung Insights pointed out, is that the TEE under which the majority of smartphones operate offers a nearly impenetrable barrier for hackers.

Because the TEE is completely independent of an individual’s device with its own separate memory and storage, potential hackers and even operating systems such as Android cannot penetrate and alter or access the data. This prevents passwords and private keys of wallets from being accessed.

Laptops and such devices that utilize conventional data storage units such as an SSD are more vulnerable to risk due to their persistent nature that gives an opportunity for hackers to enter and steal data, cryptocurrency account information included.

Snyder for Samsung noted that while ”a naive wallet developer” might fail to employ the advantages of the TEE and store keys on the phone’s internal storage, the combination of the TEE and an effective wallet offer the most secure place for your cryptocurrency holdings.

What else the TEE can offer

A research effort conducted by Cornell University in December 2016 first offered the concept of Bitcoin scaling via the TEE. The team developed a technology called Teechan which they built on top several TEEs including the Software Guard Extensions of Intel.

The results were promising. Transactions were able to be processed off-chain, then fixed into larger transactions to be established on the blockchain. Significant progress has been seen, with over 2,480 transactions per second recorded as successfully processed.

 

Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom

Telegram Alerts from BitcoinNews.com at https://t.me/bconews

Image Courtesy: Pixabay

The post Samsung Claims Smartphones Provide Best Security for Crypto appeared first on BitcoinNews.com.