On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service.

A post on darknet market "Dread" advertising the hacked KYC documents' sale

A cybersecurity expert who contacted CCN and chose to remain anonymous has detailed that after contacting the individual posing as a buyer, he was able to get three free samples out of him as proof that the leaked documents are legitimate.

As proof, the cybersecurity expert got pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at. In these pictures, their faces are visible, as well as their identity cards or drivers’ licenses.

CCN had access to these images, which appear to be legitimate. Although the sample was small, the vendor selling the hacked data claims it has documents from people in every country cryptocurrency exchanges serve.

An exchange the security expert allegedly had with Binance via email, which couldn’t be independently verified, seems to show the latter found “some inconsistencies” between the data it was presented with and the “samples provided” – presumably the KYC images.

The exchange’s spokesperson allegedly further noted they have their “theories in regards to how this information may have been obtained,” detailing that no signs of unauthorized access to their system had been found. CCN has reached out to Binance to clarify the situation but hasn’t heard back at the present time.

Binance is notably an exchange praised in the cryptocurrency community for its security practices. Recently, It foiled the plans of the Cryptopia hacker by freezing the stolen cryptocurrency, and last year thwarted a large-scale attack that saw Syscoin (SYS) surge on its platform.

Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.

This post credited to CCN. Image source: CCN

Taiwanese man suspected of stealing electricity worth over $3 million to mine Bitcoin (BTC) and Ethereum (ETH) has been arrested, according to a report from local news channel EBC Dongsen News Dec. 26.

The suspect, whose surname has been given as Yang, has been accused of allegedly stealing the electricity to successfully mine cryptocurrencies worth over 100 million yuan (around $14.5 million). Yang is purported to have used a minimum of 17 various business premises to open toy shops or internet cafes there as a facade for his alleged crypto mining activities.

The report claims Yang hired electricians to rewire the premises in such a way as to evade electricity metering and detection of the stolen power. State-owned utility provider the Taiwan Power Company is reported to have first noticed irregularities in the power supply, prompting a police investigation. In addition to Yang, a suspected accomplice has also been reportedly identified.

Wang Zhicheng, deputy head of the fourth brigade of Taiwan’s Criminal Investigation Bureau, is quoted by EBC Dongsen News as saying that:

“The [suspects] recruited electricians who managed to break into the sealed meters in order to add in private lines to use electricity for free before that usage reaches the meters.”

Suspected power theft to fuel crypto mining operations is not unprecedented; this October, a man in China’s northern Shanxi province  was sentenced to three and a half years in jail for allegedly stealing power from a train station to fuel his Bitcoin mining operations.

Also in China — this time in the country’s Anhui province — a separate suspect was arrested for attempting to steal electricity to fund his reportedly “unprofitable” mining operations.

This post credited to cointelegraph Image source: Cointelegraph

China-based Bitcoin (BTCmining giant Bitmain has sued an anonymous hackerfor the alleged theft of cryptocurrency worth $5.5 million from Bitmain’s account on Binance in April, according to a lawsuit filed with the U.S. District Court for the Western District of Washington at Seattle on Nov. 7.

As stated in the court document, an unknown hacker, referred to as “John Doe” in the case, managed to take over Bitmain’s Binance account and used stored Bitcoin to manipulate the price of altcoin Decentraland (MANA) and then steal the profits.

Bitmain says in the court document that the amount of the company’s losses “exceeds” $5.5 million in “Bitcoin and other digital assets,” and specifying that the defendant was able to steal “approximately 617 BTC.” The document cites that the unauthorized action took place on April 22, when Bitcoin was trading at around $8,935.

The document also explains that as a part of the “scam,” the unknown hacker used two of their own accounts on now-second largest crypto exchange Binance, as well as on Bittrex, with around 2.3 million MANA already acquired on Bittrex. “John Doe” reportedly placed purchase orders from Bitmain’s digital wallet offering to buy MANA “and other digital assets” with Bitmain’s bitcoins at a price that was “far above the going market rate.” The defendant also allegedly further artificially inflated MANA’s price by using Bitmain’s BTC to buy Ethereum (ETH), which was then used to buy MANA.

According to the lawsuit, the hacker further carried out a number of orchestrated trades in the reverse direction between BTC and MANA from Bitmain’s wallet and their own, eventually reportedly completing the theft by transferring BTC from their Bitmain account “ultimately into a digital wallet on the Bittrex cryptocurrency trading platform.”

In Mid-October, Cointelegraph reported that losses caused by hacks of crypto exchanges in the first nine months of 2018 have exceeded the numbers for the whole year of 2017 by 250 percent, with $927 million stolen.

This post credited to Cointelegraph  Image source: Cointelegraph

According to several local sources, Coincheck, a major Japanese crypto exchange, is unsure of reopening its exchange after suffering a $500 million hack in January.

MineCC, a cryptocurrency miner and analyst based in Japan, reported that Coincheck president Oki Matsumoto said:

“I do not know the prospectus of reopening.”

Factors Behind the Delay

Nine months ago, Coincheck suffered the largest security breach in the history of the cryptocurrency market, losing more than $500 million in XEM, the native currency of the NEM blockchain, to an unknown group of hackers.

Unable to compensate all of the investors affected by the hack, Coincheck reached a deal with Monex, a publicly listed company in Tokyo, to obtain sufficient funds to refund its investors.

The investigation into Coincheck involved law enforcement, local intelligence agencies, and the Japanese government in an attempt to salvage any portion of the stolen funds to compensate investors on the platform.

Subsequent to the incident, Coincheck lost its license to operate as a cryptocurrency exchange in Japan and was requested by the government to reapply, as a new executive took over the platform.

Until the Japanese Financial Services Agency (FSA), the country’s main financial watchdog, grants a license to Coincheck to operate as a fully regulated and compliant exchange, the platform will not be able to accomodate new users and open its exchange to the public.

This week, Monex disclosed that throughout July and August, the platform has allowed existing investors to sell their holdings in cryptocurrency on the exchange. While the exchange recorded a 66 percent drop in its revenue, the company has been able to record some revenues from existing investors on the platform.

“Since service suspension in January 2018, Coincheck only allowed existing customers to sell their cryptocurrency. This limited revenue stream resulted in segment loss of ¥ 0.6 B [around $5.3 million]. Coincheck has improved in governance, internal control and internal audit, aiming for full service resumption.”

The probability of Coincheck obtaining the approval from the FSA in the short-term remains significantly low, given the magnitude of the security breach and the number of investors that were affected by the hack.

Moreover, the FSA emphasized that it intends to implement stricter regulatory frameworks in regards to the security and internal management systems employed by trading platforms, and the Coincheck hack was the catalyst behind the decision of the FSA to stricten existing regulations surrounding the crypto market.

New Management, New Team

Coincheck will still be able to reopen if it can demonstrate to the FSA that the exchange has conducted a complete overhaul of its previous internal management system and security measures.

More importantly, given that the exchange was hacked due to a lack of security specialists working to secure the exchange, the firm will have to provide sufficient evidence to ensure that a similar issue will not resurface in the years to come.

This post credited to ccn Image from Shutterstock.

Hacker group “Lazarus,” reportedly funded by North Korea, has stolen a staggering $571 million in cryptocurrencies since early 2017, a study conducted by cybercrime company Group-IB reveals. Key takeaways from the study were published Tuesday, Oct. 16, alongside the full annual report, entitled “Hi-Tech Crime Trends.”

The report, dedicated to hacks in 2017 and 2018, identifies the allegedly state-sponsored hacker group Lazarus as responsible for $571 million of the $882 million total in crypto that was stolen from online exchanges during the studied time period; almost 65 percent of the total sum.

Out of fourteen separate exchange breaches, five have been attributed to the group, among them the industry record-breaking $532 million NEM hack of Japan’s Coincheck this January.

Crypto exchange hacks since early 2017

Crypto exchange hacks since early 2017. Source: group-ib.com

The report states that hackers target cryptocurrency exchanges using mostly “traditional” methods, including spear phishing, social engineering, and malware:

“After the local network is successfully compromised [through downloaded malware], the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”

The report, which also includes a cybercrime forecast, predicts the number of attacks on exchanges to increase in future, as an alternative to traditional targets such as banks.

Group-IB further indicates that Initial Coin Offering (ICO) platforms are prime targets for hackers, revealing that 10 percent of total funds raised from token sales in 2017–2018 were stolen. A majority of illicit activity targeting ICOs was reportedly conducted through phishing methods, with Group-IB estimating that large phishing groups have the capacity to steal around $1 million a month.

Additionally, Group-IB suggests that mining pools could prove an easy target for 51 percent attacks by state-sponsored hackers. Attempts at such attacks, albeit with limited success, are said to already be on the rise.
U.S. experts have previously alleged that North Korea is “increasingly” turning to crypto as a tactic to circumvent sanctions, claiming that the country’s government is hiring people to “launder” cryptocurrencies via multiple wallets and exchanges, as well as so-called mixing services, with the aim of obtaining sanction-free U.S. dollars.

It has been discovered that fake Adobe Flash updates are being used to surreptitiously install cryptocurrency mining malware on computers and networks, creating severe losses in time, system performance, and power consumption for affected users.

Cryptojacking Breaks New Ground

While fake Flash updates that push malware have traditionally been easy to spot and avoid, a new campaign has employed new tricks that stealthily download cryptocurrency miners on Windows systems.

Writing in a post exposing the scheme, Unit 42 threat intelligence analyst Brad Duncan said:

“As early as August 2018, some samples impersonating Flash updates have borrowed pop-up notifications from the official Adobe installer. These fake Flash updates install unwanted programs like an XMRig cryptocurrency miner, but this malware can also update a victim’s Flash Player to the latest version.”

The implication of this unpleasant scenario is that a potential victim may not notice anything out of the ordinary while an XMRig cryptocurrency miner or other unwanted program is quietly running in the background of the victim’s Windows computer. This miner software could potentially slow down the processor of the victim’s computer, damage the hard drive, or extract confidential data and transmit it onto other digital platforms without the victim’s consent.

Technical Details of Fake Adobe Update Cryptojacking Malware

Duncan explained that it was not very clear how potential victims were arriving at the URLs delivering the fake Flash updates; however, network traffic during the infection process has been primarily related to fraudulent Flash updates. Interestingly, the infected Windows server generates an HTTP POST request to [osdsoft[.]com], a domain affiliated with updaters or installers pushing cryptocurrency miners.

He said while the research team searched for certain particular fake Flash updates, it observed some Windows executables file with names starting with Adobe Flash Player from non-Adobe, cloud-based web servers. These downloads usually had the string “flashplayer_down.php?clickid=” in the URL. The teams also found 113 examples of malware meeting these criteria since March 2018 in AutoFocus. 77 of these malware samples are identified with a CoinMiner tag in AutoFocus. The remaining 36 samples share other tags with those 77 CoinMiner-related executables.

Duncan encouraged Windows users to be more cautious about the kind of Adobe Flash updates that they try to install, stating that while the Adobe pop-up and update features make the fake installer seem more legitimate, potential victims will still receive warning signs about running downloaded files on their Windows computer.

In his words:

“Organizations with decent web filtering and educated users have a much lower risk of infection by these fake updates.”

CCN recently reported that a report from McAfee labs showed that cryptojacking surged 86 percent in the second quarter of 2018, and is up 459 percent in 2018 so far over the whole of 2017.

This post credited to ccn  Image from Shutterstock

Local Crypto Hacks Spark Action

Over the relatively short course of the history of cryptocurrencies and blockchain technologies, Japan-based crypto exchanges have been rather susceptible to hacks in comparison to their European and American coJapan’s FSA Suspens Two Crypto Exchanges, Coincheck to Start Reimbursing Customers Next Weekunterparts.

Seeing this, leading startups within the Asian country have sought to mitigate the risk of hacks, cases of money laundering, and other regulatory concerns by establishing a self-regulating consortium. This group of exchanges and top crypto-focused firms has been named the Japan Virtual Exchange Association, or JVCEA for short.

In late July of this year, as reported by Ethereum World News, the group sought to crack down on leverage trading, as the body believed that the widespread availability of high margin trades proved too much of a risk for consumers. As such, the JVCEA put a 4x leverage cap on trading platforms, which is a far cry from the previous 25x limit.

Most recently, as confirmed by The Japan Times’ insider sources, the group of platform operators intends to tighten the management and security of consumer-owned cryptocurrency holdings. More specifically, those familiar with the matter noted that the JVCEA will “set a ceiling” on the amount of crypto that can be held through exchange-operated hot wallets, which are perpetually connected to the internet. The exact “ceiling” that will likely be set in place is said to be around 10 to 20 percent of customer-owned crypto.

This revised rule, which is set to be drawn up over the next few weeks, will likely be an act of protection that consumers are waiting for, as this limit should mitigate a majority of the risk associated with devastating, industry-altering hacks.

Once developed, the new and improved rule will be pushed through the Japanese Financial Services Agency (FSA), who will be required to certify it in accordance with local payment services regulations and policies.

The Zaif Hack Case Develops 

This move was likely catalyzed by the recent hack of Zaif, which saw the Tech Cureau Corp subsidiary lose approximately seven billion Yen worth of cryptocurrencies, as reported byEthereum World News previously. For those who haven’t been kept in the loop about the situation, on September 14th, it was revealed that the Osaka-based Zaif had its wallet accessed by unauthorized individuals, triggering a shutdown of the platform’s deposit and withdrawal services.

After an internal investigation, it was revealed that thousands of Bitcoin (BTC) and Bitcoin Cash (BCH) were stolen, along with millions of Monacoin (MONA), a popular cryptocurrency in the Asian market. In all, the total value of the assets stolen amounted to the equivalent of $59M USD, with one-third of that value being company-owned and the rest being customer cryptocurrencies.

Zaif has since sought the help of Fisco Digital Asset Group, who has reportedly given the recently-hacked firm over five billion yen in exchange for a majority shareholder position. While Zaif’s internal structure has since been revamped, with the firm’s shareholder booting out the exchange’s former executives, the case is still a hot topic with local regulators.

The FSA, Japan’s equivalent of the SEC, revealed that it is still seeking details on the case, as the lack of details and in-depth explanation is worrying, reports Reuters. It is likely that Zaif will still be subject to multiple investigations over the next few months, but many believe that the purportedly proposed regulations will put an end to security breaches in this industry.


This post credited to Ethereumworld News  Image source: Unsplash