Category Archives: hack

Auto Added by WPeMatico

Binance Cautions Against Using Firefox Due to Coinbase Vulnerabilities

Binance Cautions Against Using Firefox Due to Coinbase Vulnerabilities

The Firefox vulnerability that BitcoinNews.com reported on last week has led to crypto exchange Binance’s vocal CEO, Changpeng Zhao, calling on his significant following to stop using the web browser.

And don’t use Firefox (or at least upgrade it to the latest one). Stay #SAFU. https://t.co/FoP5XLU3wd

— CZ Binance (@cz_binance) June 21, 2019

His Twitter post was pretty straightforward, and did at least tell those who insisted to use Firefox to use the latest version. He didn’t disclose if the exchange was also targeted by the malware, but his concerns seem pretty clear from the announcement. If hackers had targeted Coinbase, it would make sense they would also do the same for Binance, as the exchange has one of the largest userbases globally, and records some of the highest trading volumes for Bitcoin and other digital assets.

The first responsers to Zhao’s post actually recommend Brave browser, which is a crypto-specific one based on Mozilla (also a relation to Firefox).

The Zero Day vulnerability, on Firefox versions without the patch, would allow an attacker to crash the browser and execute code, including installing a backdoor via a trojan horse. It is estimated that is has been around for at least two weeks before discovered, although it is also noteworthy that no Coinbase users have been reported as victims, just their own employees.

This probably was because none of the code was in fact created by a malicious hacker, although those with bad intentions would definitely want to exploit the vulnerability.

Coinbase Chief Security Officer Philip Martin has confirmed that the exchange was not the sole target, and were pleased to report absolutely no financial losses as a result of this vulnerability.

Although Firefox issued the patch on version 67.0.3, there has been one more new version released since, 67.0.4. Users are recommended to always update to the latest stable version via authorized sources.

 

BitcoinNews.com is committed to unbiased news and upholding journalistic codes of ethics. For more information please read our Editorial Policy here.

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Image Courtesy: Pixabay

The post Binance Cautions Against Using Firefox Due to Coinbase Vulnerabilities appeared first on BitcoinNews.com.

Investment Heavyweights Add Investment Spark to Digital Security Firm Fireblocks

Investment Heavyweights Add Investment Spark to Digital Security Firm Fireblocks

Fireblocks, a platform which secures and protects digital assets in transit, is getting some serious backing for its latest project from the proprietary investment arm of Fidelity International.

The USD 16 million in Series A funding from investment heavyweights including Cyberstarts, Tenaya Capital, and Eight Road will now enable Fireblocks to seek further backing and further increase its development.

The company is certainly a friend of the industry enabling users to safeguard themselves from digital hacks and being compromised online. Their platform now offers users increased security using industry standard protection. Exchanges are increasingly looking at companies such as this to protect the transmission of storage of digital assets.

The platform also allows the use of several layers of security including passwords, biometrics, and two-factor identification, which have all now become industry standard. Co-Founder Michael Shailov stated that his main aim is to eliminate cybercrime and protect clients from such events as “clearly sophisticated hacking by true professionals, including nation-states“.  Even governments around the globe are now considering blockchain as part of their anti-hacking protection. Shailov explained that transfer speed is becoming more important as a means of protecting users:

“There was a need to take assets, either native to the blockchain or tokenized assets or securities, and move, trade, sell them in a reasonably fast time frame… Keeping assets locked down in cold storage like a traditional custodian is antithetical in the way [investment firms dealing in crypto] operate.”

The company has grown quickly from its startup this year with hundreds of millions of dollars’ worth of crypto transfers already successfully protected, with a network linked to 15 exchanges and 180 cryptocurrencies, including tokens and stablecoins.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Image Courtesy: Pixabay

The post Investment Heavyweights Add Investment Spark to Digital Security Firm Fireblocks appeared first on BitcoinNews.com.

Faulty Bitcoin ATM in London Spews Cash Bills

Faulty Bitcoin ATM in London Spews Cash Bills

A video footage has emerged online of what is claimed to be a Bitcoin ATM in Bond Street, London, “spitting out tons of money”.

Bond Street Bitcoin ATM spitting out tons of money! from Bitcoin

The 20-second video, shared by redditor skypirateX on Reddit less than a day ago, shows a security guard attempting to cordon off an area with two Bitcoin machines. A pound sterling symbol on the side of a cash machine beside the Bitcoin ATM seems to verify the location.

The security guard is heard asking a gathering crowd to “please move on, now”, while in the background, the Bitcoin ATM is seen spurting out scores of UK pound sterling bills. An open bag containing cash bills is seen on the ground, with more bills strewn about, as a second man attempts to kick the stray bills towards the collecting pile.

Commentors on Reddit have referenced “jackpotting”, which is a term used by hackers for the successful cracking of an ATM. Redditor paddywhack points out:

“Real answer? Many large ATM manufacturers (eg Diebold, NCR) don’t encrypt traffic end-to-end, especially on older models. If you have access to the physical network (or access to the back of the ATM unit) you can install a hub and use Wireshark to intercept the back and forth communication. Watch how when you type your pin that it’s transmitted in plaintext.. yikes. Then capture the ensuing response that tells the ATM you can withdraw money. Then POST that response back to the ATM and dispense free money. Ideally using someone else’s account info and not your own.”

Whatever the case, it would appear that this particular Bitcoin ATM isn’t new to scandal. Just a month ago the same machine appeared to be in the midst of a remote access operation:

Bitcoin ATM in Bond St Station in London – some weird remote access happening with logs on the screen. What’s going on? from Bitcoin

 

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Faulty Bitcoin ATM in London Spews Cash Bills appeared first on BitcoinNews.com.

Hacker Operates Bitcoin Core on Nintendo Switch

Hacker Operates Bitcoin Core on Nintendo Switch

A Bitcoin enthusiast known as Cypherm0nk has shared an image of Twitter of an apparently successful operation of the Bitcoin Core client on the Nintendo Switch device.

From the image shared, it appears that the latest version of Bitcoin Core (0.18.0) is currently operating over a Linux Ubuntu operating system, booted up from the hacked video game console.

Running Bitcoin pic.twitter.com/fXx0npWKmx

— Vivek (@Cypherm0nk) June 4, 2019

The user has also promised to show a slide deck and walkthrough on Medium, and after getting a steady stream of fans, including one who asked how effective it would be for usability, Cypherm0nk replied:

“Still #reckless – Docked mode / ssh is ideal but command line and most GUI’s can be navigated via touchscreen on the go.”

Another user noted the message “running bitcoin” as a reference to one of the earliest Bitcoin pioneers who Tweeted what is recognized as the first instance of Bitcoin software running, Hal Finney. They said: “Shout out to @halfin who’s probably running bitcoin in heaven right now. God Bless Him!”

Not long after Nintendo launched its Switch console, hackers found out that it could be hacked into a functional Linux tablet. With Linux installed, the hackers are able to run a variety of computer code compatible with the operating system.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Hacker Operates Bitcoin Core on Nintendo Switch appeared first on BitcoinNews.com.

US Crypto Users Hit by Sim Jacking Flurry

US Crypto Users Hit by Sim Jacking Flurry

Over the past week, the US cryptocurrency community has been reeling from a recent wave of sustained SIM swapping attacks.

The attacks were limited to the US alone and seemed to have targeted T-Mobile and AT&T customers.

SIM swapping/jacking is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. Effectively the perpetrator uses various techniques (usually social engineering) to transfers a victim’s phone number to their own SIM card.

My personal identity was hacked last week. The attacker was able to steal $100k+ in a sweep of my Coinbase account. I’m equal parts embarrassed, hurt, and deeply remorseful.

In an effort to raise awareness about the attack, I wrote about it here: https://t.co/ZnbB0AN6Gd

— Sean Coonce (@cooncesean) May 20, 2019

Attackers saw the rise in cryptocurrency as an opportunity to broaden their activities and make some serious money, although such events have been occurring for the past ten years. The number of attacks rocketed in 2017 as crypto took off. 2018 registered a number of SIM swap attacks in the US, but these numbers appear to a have reduced after police intervention. Caleb Tuttle, a detective with the Santa Clara County District Attorney’s office explained how the attacks work:

“The first is when the attacker bribes or blackmails a mobile store employee into assisting in the crime. The second involves current and/or former mobile store employees who knowingly abuse their access to customer data and the mobile company’s network. Finally, crooked store employees may trick unwitting associates at other stores into swapping a target’s existing SIM card with a new one.”

I’ve been hearing about another spate of SIM-jackings involving @TMobile, possibly involving bypassed PINs, which hint at insiders or weak processes.

The traditional telecom companies won’t clean up their act without a class action lawsuit and heavy fines. Switch to @googlefi. https://t.co/wp60qvyn7i

— Emin Gün Sirer (@el33th4xor) June 2, 2019

However on an encouraging note for cryptocurrency users, it has been reported that SIM swappers are usually caught, as phone providers usually pick-up the excessive log-ins associated with the activity.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post US Crypto Users Hit by Sim Jacking Flurry appeared first on BitcoinNews.com.

North Korea Crypto Hacks Motivated by US Sanctions

North Korea Crypto Hacks Motivated by US Sanctions

US intelligence have apparently blamed economic sanctions enforced by the US on North Korea as the primary motivations behind the cryptocurrency-related cybercrimes blamed on North Korean hackers, as reported by local English daily Korea Herald.

Authorities from the Federal Bureau of Intelligence (FBI) reportedly said on Voice of America that the cryptojacking and exchange hacks have been carried out by North Korea to circumvent the sanctions that prevent the country from developing its economy properly. They were at a conference hosted by Aspen Institute, a civil liberties think tank, and blamed North Korean hackers for the hacking of Sony Pictures Entertainment in 2014, the Bangladesh bank robbery in 2016 and the WannaCry ransomware events of 2017.

FBI cyber readiness, outreach and intelligence branch deputy assistant director, Tonya Ugoretz, was quoted:

“Sanctions are having an economic impact, so cyber operations are a means to make money, whether it’s through cryptocurrency mining or bank theft.”

Erin Joe, director of the Cyber Threat Intelligence Integration Center under the US Director of National Intelligence, revealed that US intelligence bodies were cooperating to prevent Borth Korea crypto hacks, which were considered a new type of crime:

“There is a huge effort in the FBI, and also several other entities across government, looking at ways to stop malicious activity (surrounding) cryptocurrency… “It’s relatively a new thing, and it comes with a variety of issues that we need to learn more about and figure out so we can stop malicious behavior related to cryptocurrency and currency going to places where it should not or it’s not supposed to.”

The conference, themed ‘The Challenge of Deterrence in Cyberspace’, had also brought to discussion cyber threats from traditional political opponents of the US, including China, Iran and Russia.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post North Korea Crypto Hacks Motivated by US Sanctions appeared first on BitcoinNews.com.

Charlie Shrem: Mt Gox Created “Token as Debt”, Not Bitfinex

Charlie Shrem: Mt Gox Created

Bitcoin advocate and founding member of the Bitcoin Foundation, Charlie Shrem, has blamed defunct Bitcoin exchange Mt Gox as the instigator of “token as debt”, instead of Bitfinex, the exchange that issued tokens as debt to its customers following its own hack.

In a discussion of Bitcoin related scandals with Bitcoin miner J Maurice on the “Untold Stories” podcast hosted by Shrem, Mt Gox was supposedly able to acquire up to “70-80% market share of all Bitcoin trading globally” due to its popularity, a share which was huge for one centralized exchange to have.

It all fell apart when the exchange was allegedly hacked, resulting in the theft of 850,000 Bitcoins, a case that reverberated within Japan, where the exchange was based, and which until today is still the subject of an ongoing court case with its former owner and former customers.

Shrem pointed out that there were only two options to get Bitcoin on the exchange, the actual Bitcoin itself and the “Mt Gox Bitcoin” which he said “were these fake Bitcoins that you could trade in Mt Gox’s system”. According to him it was “essentially Bitcoin which couldn’t be removed from Mt.Gox before it imploded”.

It was this that ultimately created its own token as debt, even before Bitfinex made that claim. It was noted before:

“Mt Gox had this feature where you could internally transfer Bitcoins between Mt.Gox accounts and Josh Jones (a creditor at Mt Gox) had created this system on top of that so that you can send your balance to his accounts and then that would be your os that will be your Bitcoin builder exchange balance, you would have Gox BTC at that time which you could trade for real BTC.”

On 2 August 2016, Bitfinex suffered a hack that cost them of 119,756 Bitcoins. Them issued “Recovery Rights Tokens” as debt to customers, traded as BFX tokens. It claims to have paid off those debts in full less than a year later.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Charlie Shrem: Mt Gox Created “Token as Debt”, Not Bitfinex appeared first on BitcoinNews.com.

Baltimore Resists Bitcoin Ransom to Enter Second Week of Lockdown

Baltimore Resists Bitcoin Ransom to Enter Second Week of Lockdown

Baltimore City continues to resist the demands of hackers who have managed to infiltrate and lock its government systems, ensuring that the city has essentially remained in lockdown mode since 7 May 2019.

The ransomware attack has shut down systems essential for completing home sales, halting property deals in Baltimore during one of the busiest times of the year. https://t.co/znfzgXyJvJ

— The Baltimore Sun (@baltimoresun) May 14, 2019

The “Robbinhood” ransomware attack has placed the local government under siege for two weeks now, forcing it to return to an analog age for most aspects of daily life. Real estate purchases, for example, cannot be carried out because records are simply inaccessible and new ones cannot be filed.

Its incoming mayor, Bernard Young, who will be replacing ousted ex-mayor Catherine Pugh, has remained steadfast and refused to pay the BTC 13 (now worth USD 104,000) that was demanded by the hackers. So far, law enforcement and its online tax portal for property are affected, but city departments are seeking workarounds.

Critics are saying that the refusal to pay could incur even more costs later on, but Baltimore, whose population is at 600,000 people, has already lost money, including some USD 2 million spent this year for upgrading storage. Those new systems have now been irreparably damaged.

The ransomware hackers apparently released some names and passwords from the hack on Twitter, teasing the FBI with a message: “We’ve watching [sic] you for days and we’ve worked on your systems to gain full access to your company and bypass all of your protections.”

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Baltimore Resists Bitcoin Ransom to Enter Second Week of Lockdown appeared first on BitcoinNews.com.

Bithumb Resumes Post-Hack Operations

South Korea cryptocurrency exchange has announced today on a blog post that it will resume partial operations following a hack in March, in two days’ time on 17 May, this Friday.

The exchange will begin operations with only three cryptocurrencies for the time being, allowing trading for Ripple (XRP), Bitcoin Cash (BCH) and EOS. This was intended to “minimize the inconvenience to members until the resumption of deposits and withdrawals“.

In the blog post, it stated [translated]:

“At the moment when the security enhancement that we anticipate will be completed, deposit and withdrawal will resume in about a month. We will proceed with the resuming sequentially considering the price difference and service stability.”

In March, the exchange was infiltrated by hackers who successfully made away with EOS 3 million, which was at the time worth USD 13 million. Primitive Ventures’s Dovey Wan had revealed then that the exchange’s hot wallet was compromised, allowing hackers to siphon off EOS and transfer them out to other exchanges such as. Binance CEO Changpeng Zhao had announced at the time that his exchange had not received any of the stolen funds. His own exchange was to be the subject of a hack earlier in May, losing USD 40 million in Bitcoin, but was fully covered by its own security funds.

Bithumb has been working with the KISA, Cyber Police Agency and other security companies, as well as with other exchanges, to track the stolen funds.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Bithumb Resumes Post-Hack Operations appeared first on BitcoinNews.com.

Binance Withdrawals, Deposits to Resume Tomorrow Following Hack

Binance Withdrawals, Deposits to Resume Tomorrow Following Hack

Hacked cryptocurrency exchange Binance plans to have deposit and withdrawal services up and running again by tomorrow, CEO Changpeng Zhao revealed.

In a company blog update, Zhao claimed the team had made ”significant overhauls” to the system, adding or restructuring the architecture of the exchange’s advanced security features. Upgrading the system requires a trading halt, he noted, with the exact time of withdrawals and deposits resuming to be shared at a later stage, although it is expected to be some time tomorrow.

Despite deposits and withdrawals currently marked as ‘Suspended’, one Binance user claimed they were able to make deposits to addresses that they already had on file.

In case you weren’t aware, we have been able to deposit on @binance this entire time! They “suspended deposits”, which means they disabled the deposit button on the site.

If you know the address, it’s fine. I made several deposits to the addresses that I already have on file.

— Jesse Feinberg (Darth Crypto) (@ToolFreeCrypto) May 12, 2019

The security breach occurred last week, the exchange losing around BTC 7,000 from its hot wallet to hackers who were able to access both user API keys and the two-factor authentification codes that were required to withdraw the Bitcoin. It is thought they gained access to these private keys through a combination of phishing and malware infection.

Zhao has said he is wary of sharing too much information regarding the changes to Binance’s security measures as it would ”[weaken] our security response strategy”.

Binance is the world’s fifth largest exchange by trading volume.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: Pixabay

The post Binance Withdrawals, Deposits to Resume Tomorrow Following Hack appeared first on BitcoinNews.com.