Category: Crypto Wallets

Categories
Crypto News Crypto Wallets DeFi Ethereum Hackers

Journalist Reveals How She Identified 2016 DAO Hacker Who Stole 3.6 Million ETH

American crypto journalist Laura Shin, backed by research from blockchain surveillance firm Chainalysis, claims to know the identity of the hacker who drained millions of dollars’ worth of ETH from The DAO in June 2016.

Shin accuses Austrian programmer and former TenX CEO Toby Hoenisch of masterminding the US$60 million hack that precipitated the loss of 3.6 million ETH, worth close to US$10 billion on today’s exchange rate.

Hoenisch Denies the Allegations

Hoenisch has already denied Shin’s allegations, reportedly telling the former Forbes senior editor that her “statement and conclusion [are] factually inaccurate”.

The DAO was one of the world’s first decentralised autonomous organisations, serving as an open-source venture fund platform for crypto projects. It had raised 12.7 million ETH, worth around US$150 million at the time, from crowdfunding.

When it was hacked in 2016, nearly a third of The DAO’s funds were drained. Shin and Chainalysis tracked the movement of the stolen funds, which she says led her to Hoenisch.

“We identify the apparent hacker – he denies it – by following a complicated trail of crypto transactions and using a previously undisclosed privacy-cracking forensics tool,” Shin writes, revealing the tool as having been supplied by Chainalysis.

How the Hack Was Engineered

Shin says that whoever hacked The DAO swapped the stolen ETH for BTC and then sent the latter to a Wasabi wallet, which was used to scramble BTC transactions in a process called “mixing”. But Chainalysis was able to “de-mix” the transactions and trace them to four different exchanges.

Evidence revealed someone had exchanged the BTC for the privacy coin Grin, which was withdrawn to a non-custodial Grin node called “grin.toby.ai”. The name “toby.ai” had been used by Hoenisch on various social media accounts and was one of his email addresses, Shin wrote. The IP address hosting that node also hosted another node called “TenX” – the name of Hoenisch’s former company.

According to Shin, Hoenisch was aware of The DAO’s code and had written blog posts warning of potential hacks. Shin breaks down the 2016 exploit in forensic detail in her new book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, published this week.

In December, BadgerDAO became the latest DeFi protocol to be hit by hackers, who siphoned US$120 million worth of cryptocurrencies.

Categories
Crime Crypto News Crypto Wallets Google Hackers

Alert: New Malware ‘Mars Stealer’ Targets 2FAs and Crypto Hot Wallets   

A new information-stealing malware has been spotted in the wild targeting over 40 crypto hot wallets, browsers, and 2-factor authentication (2FA) plug-ins. Named ‘Mars Stealer’, it is an improved version of the older Oski malware that shut down in 2020 after customer support and the Telegram went dark.

The new malware has recently been spotted circulating on Russian-speaking hacking forums where people can purchase it for between US$140 and $160.

Screenshot of the forum. Source: 3xp0rt.com

How ‘Mars Stealer’ Malware Works

According to @3xp0rt, the security researcher who got his/her hands on the malware to conduct technical analysis on it, the Mars Stealer collects information in the memory of a device. With the ability to target 37 browsers and various crypto wallets, including Bitcoin core wallets and all their derivatives as well as Ethereum, Exodus, Binance and more, the threat is widespread:

Wallets targeted by Mars Stealer. Source: 3xp0rt.com

When targeting wallets it stores sensitive data found in wallet.dat which contains the wallet address, the private key to access the address, and other sensitive data. Mars Stealer also targets 2FA apps and more than 40 crypto extensions on Chromium-based browsers, including Google Chrome, Firefox and Brave, but not Opera.

Malware That ‘Speaks’ Only Russian

The malware also contains a function that allows it to remove itself after it has successfully executed or when the operator decides it is time. One of the quirky aspects, though, is that after infecting a system it will check the device language. If the device’s language ID matches that of Russia, Belarus, Kazakhstan, Azerbaijan, Uzbekistan or Kazakhstan, the program will exit without performing any malicious acts, which is apparently common in many Russian-based malware.

Language checks for target exclusion
Source: 3xp0rt.com*

How to Protect Yourself 

Mars Stealer can be spread through many different channels such as file-hosting websites, torrent clients or any other shady downloaders. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilise 2FA are warned to be cautious against clicking dubious links or downloads:

This comes after BHUNT malware also became more prominent during the past few weeks and Babadeda malware was spread in crypto discord channels last November.

Categories
Crypto News Crypto Wallets Ethereum

Syndicate Launches ‘Web 3 Investment Clubs’ That Turn ETH Wallets into DAOs

Instant decentralised autonomous organisation (DAO) creator Syndicate has launched a tool to establish online investing clubs. In doing so, the company has enabled turning Ethereum wallets into investing DAOs for “just the cost of gas”.

DAOs are the newest topic of talk in the cryptosphere, garnering a lot of attention for some of the outrageous purchases some have tried to make. Recently, BlockbusterDAO announced its intention to buy Blockbuster Video and turn the iconic brand into a streaming service.

Joining BlockbusterDAO is another group of crypto investors trying to purchase a Caribbean island called Little Whale Cay via crowdfunding for a price tag of US$35 million.

Syndicate has introduced “Web3 Investment Clubs”, the company’s first mainstream crypto-native investing tool, built on the Syndicate Protocol. The public beta version of the initiative, launched on January 25, transforms any Ethereum wallet into an investing DAO within seconds for the cost of gas fees.

Syndicate’s Web3 Investment Clubs run natively on Ethereum using an ERC-20 infrastructure, allowing the clubs to take advantage of Web3 tools. The clubs can invest in tokens and NFTs, as well as off-chain start-ups and assets.

Since investment clubs are member-driven, almost any community can create a club, given they follow certain guidelines such as having up to a maximum of 99 private invite-only members, with all of them participating in decision-making.

How to Start a Web3 Investment Club

To start a club, founders need to connect a wallet such as MetaMask to the Syndicate network. Thereafter, deposits are collected in the wallet and any excess assets available in the wallet are made visible to members of the club. Once the investment club founder chooses a name, the platform assigns a token symbol to a club.

The next step is for the founder to enter how much USDC – the only crypto the platform supports at the moment – the club aims to raise. The amount entered will in turn be paid out to members in the club’s token on a 1:1 basis.

The club founder will then determine how long deposits will be accepted, allowing time for others to join the club. Founders determine how many members can join the investment club, 99 being the maximum. Finally, after accepting the terms of service, the founder is able to launch the club.

Categories
Blockchain Crypto News Crypto Wallets Ethereum NFTs Social media

Ethereum Users Can Now Chat with Each Other by Connecting Their Wallets

Blockscan, the team behind the Etherscan blockchain explorer, has released Blockscan Chat in beta, an Ethereum-based wallet-to-wallet instant messaging service.

As well as enabling users to engage in instantaneous wallet-to-wallet chat, Blockscan will allow them to:

  • access chats from multiple devices;
  • block spam or unwanted addresses; and
  • be notified on the block explorer when a message has been received.

Negotiating Power with White-Hat Hackers

Above all else, the new feature may prove itself invaluable for dealing with white-hat hackers, who tend to leave messages embedded in Ethereum transactions in order to communicate with individuals and exploited crypto platforms.

It would have proved particularly useful in last week’s ongoing Multichain exploit, in which an assumed white-hat hacker returned 322 ETH (about US$770,000) but kept a hefty finder’s fee, not to mention last year’s US$610 million Poly Network hack. In both cases, anonymous discussions via Ethereum transactions formed part of negotiations between culprit and victims.

Blockscan Also Has NFT Applications

Apart from pleading with hackers to return funds for a bounty, the service could also prove useful in negotiating NFT purchases between buyers and sellers. If the transaction were to be conducted by a decentralised exchange, both parties could reduce the fees associated with NFT platforms such as OpenSea.

In related news, Unstoppable Domains – a US-based company that provides blockchain-based domain names – announced a fortnight ago that Ethereum and Polygon NFT domains can now be used for single logins. The service allows users to sign in to their favourite apps with an NFT portable name, thus eliminating the need to provide any additional information.

Categories
Bitcoin Crypto Hardware Wallets Crypto News Crypto Wallets Hackers Theta

Hacker Helps Recover $2 Million in THETA from Trezor Wallet

Hacks don’t typically have a happy ending. Fortunately, for one New York-based crypto investor who forgot the PIN to his Trezor One hardwallet, a hacker was able to help him recover over US$2 million in THETA.

The Story

In 2018, Dan Reich and his friend Jesse decided to make a concentrated bet on a new crypto. They both cashed out around US$25,000 in BTC and and bought US$50,000 in THETA at a time when it was trading at just 21 cents.

Jesse was going to custody the THETA and things were going swimmingly, until word spread of China cracking down on exchanges. This prompted them to transfer their THETA to a safer alternative, a Trezor One hardware wallet.

Dan Reich (right) with his friend Jesse. Source: Danreich.com

Then came the infamous crypto winter, which saw their investment annihilated. Dan wanted out but Jesse had forgotten the PIN to the Trezor One, which would self-destruct if they guessed the PIN incorrectly too many times. He had also somehow misplaced the piece of paper with the 24-word seed phrase that could have otherwise restored his wallet.

After writing off the investment, the pair then watched their investment recover and soar, eventually to over US$1 million and, at one point, touching US$3 million. After contacting a range of international experts, they settled on a reputable hacker, Joe “Kingpin” Grand, who claimed he could assist.

Kingpin to the Rescue

Kingpin spent the better part of 12 weeks trying to hack the Trezor One and, remarkably, found a way to recover the lost PIN.

Kingpin’s Trezor One hack circuit. Source: Danreich.com

According to Grand, the key to his success related to the hardware wallet’s firmware update that temporarily moved the PIN and key to RAM, only to later move them back to flash once the firmware was installed. For the particular firmware on Reich’s wallet, the information about the PIN was stored in flash.

After using a technique altering the voltage of the chip, known as a “fault injection attack”, Grand surpassed the security of the microcontrollers and obtained the PIN needed to access the wallet and the funds. Grand explained:

We are basically causing misbehaviour on the silicon chip inside the device in order to defeat security. And what ended up happening is that I was sitting here watching the computer screen and saw that I was able to defeat the security, the private information, the recovery seed, and the pin that I was going after popped up on the screen.

Joe “Kingpin” Grand, hacker

No doubt proud of his effort, Kingpin later created a video in which he provided a full account of how he managed the feat:

For its part, Trezor expressed relief for Grand having been able to access the funds but noted that the vulnerability identified had already been fixed:

What’s the lesson here? Remember your 4-digit PIN (make it hard to forget), write down your seed phrase and put it somewhere safe, and also keep your hardware’s firmware updated. If you happen to be one of those unfortunate souls who have lost their crypto, it could be worse – you could be the guy who is still looking for his 7,500 BTC.

For Australians keen to up their crypto security game, Crypto News Australia recommends Coinstop as its preferred hardware wallet provider. Users can get A$5 off their order with the code CRYPTONEWS.

Categories
Crime Crypto News Crypto Wallets Hackers

Warning: New ‘BHUNT’ Malware Targets Crypto Wallets and Passwords

Research done by cybersecurity company Bitdefender has found a new kind of “cryptocurrency stealer” called BHUNT, a form of malware that infiltrates wallet files and other sensitive information in the browser to access a personal wallet and transfer funds to the attackers’ wallet(s).

In a recent whitepaper, Bitdefender’s senior security researcher Janos Gergo Szeles details how BHUNT works. Similar to CryptBot, Redline Stealer and WeSteal, the malware slips in with downloads of cracked or unsecured software in order to gain access to a wallet’s seed or configuration file.

Seven Different Wallets Affected

The document states that BHUNT can exfiltrate contents from Exodus, Electrum, Atomic, Jaxx, Ethereum, Bitcoin and Litecoin wallets along with passwords stored in the browser and phrases used to recover accounts. With information such as this, a hacker can then easily access and transfer crypto straight out of a target’s wallet.

While the malware primarily focuses on stealing information related to cryptocurrency wallets, it can also harvest passwords and cookies stored in browser caches,

Janos Gergo Szeles,  senior software engineer, Bitdefender

Hackers and the like have even started targeting Discord servers of crypto and NFT communities to let loose ‘Babadeda’ malware disguised as a legitimate app.

Prevention Better Than Cure

At the moment countries with the highest infection rates include Australia, Egypt, Germany, India, Indonesia, Japan, Malaysia, Norway, Singapore, South Africa, Spain and the US.

As the virus spreads, users should be aware that they could compromise their private information as well as their crypto wallets. By downloading software from unknown vendors, people can potentially expose themselves to malware. This is why it’s important to keep security software up to date to block the installation of unwanted software.


The most effective way to defend against this threat is to avoid installing software from untrusted sources and to keep security solutions up to date.

Janos Gergo Szeles,  senior software engineer, Bitdefender
Categories
Crypto News Crypto Wallets Hackers NFTs Tokens

Lympo NFT Platform Hacked for $18.7 Million, LMT Token Down 99%

Animoca Brands subsidiary Lympo has suffered a breach that cost the minter of sports non-fungible tokens (NFTs) close to US$19 million worth of its native token, LMT.

Hackers broke into Lympo’s systems on January 10 and drained 165.2 million LMT, worth US$18.7 million at the time. Since then, the value of the token has plunged 92 percent, though blockchain security company PeckShield claims it could be more than 99 percent:

According to a post from the Lympo team, 10 different project wallets were compromised in the attack. Most of the stolen tokens were sent to a single address, exchanged for Ether on Uniswap and SushiSwap, then diverted elsewhere.

Liquidity Removed to ‘Minimise Price Disruption’

In a later tweet, the team also stated that it had removed liquidity LMT from liquidity pools to “minimise disruption to token prices”:

Removing liquidity from pools means traders will be unable to buy or sell any significant amount of the tokens without experiencing a dramatic loss of value on their trade.

Lympo advised traders that most of the LMT reserve sits in so-called cold wallets that are disconnected from the internet. These were unaffected by the attack.

We are investigating the incident and how we can make up for it for our community. At this point, we recommend not buying or selling additional LMT tokens.

Lympo post on Twitter

Second Hot Wallet Hack in a Week

Lympo is a subsidiary of Animoca Brands, a Hong Kong-based game software and venture capital company. According to Animoca CEO Yat Siu, “We are working with Lympo to assist them on a recovery plan, but we don’t have any specific mechanisms.”

This was the second hot wallet hack in a week, with crypto exchange LCX losing nearly US$8 million on January 8. Both incidents follow the US$200 million BitMart hack in early December.

Categories
Crypto Exchange Crypto News Crypto Wallets Cryptocurrencies Hackers

Crypto Exchange LCX Hot Wallet Hacked for $7.94 Million

Liechtenstein-based crypto exchange LCX has had one of its hot wallets compromised, the hacker getting away with almost US$8 million in various cryptocurrencies.

First Big Hack of the Year

On January 9, the LCX team and crypto-security firm PeckShield detected a breach of one of the LCX hot wallets. On further inspection, it was established that the theft had taken place on January 8 between 11:23pm and 11:37pm CET.

Only LCX Hot Wallet Compromised

According to the LCX update, the hacker got away with an estimated US$7.94 million in Ethereum (ETH), USDC, Sand Token (SAND), LCX Token (LCX), and various others. The exchange did, however, manage to freeze US$700,000 and commented that none of its users or other LCX wallets were impacted.

Coins stolen by the LCX hacker. Source: Etherscan

The assets were moved to the hacker’s ETH wallet address (0x165402279F2C081C54B00f0E08812F3fd4560A05), which has since been flagged. In the meantime, the platform has paused all deposits and withdrawals, and the incident has been reported to several Liechtenstein authorities. It hasn’t yet been revealed how the hacker got access to the hot wallet.

Hopes for a More Secure DeFi in 2022

This latest hack follows on the heels of the US$200 million BitMart hack that took place in early December and the $450 million Bilaxy hack just before that.

Last year was a rough one for the DeFi ecosystem, having sustained an estimated US$10.2 billion in losses from hacks, bugs, fraud, exploitations and other malevolent activities, according to a report by IMMUNEFI. This represented a 137 percent increase on the losses suffered in 2020.

Categories
Accointing Crypto News Crypto Trackers Crypto Wallets Cryptocurrencies Cryptocurrency Tax

Accointing Launches Crypto Trading Tax Optimiser Tool

Swiss crypto tracking and tax assistance platform Accointing has released a new Trading Tax Optimiser (TTO) tool to help traders stay on top of the taxes they are liable pay for their trades.

For any sort of trader, it’s important to keep track of trades in order to file for taxes. Traders who don’t make proper preparation can be confronted by huge tax bills that can potentially eat away at profits. Accointing can assist users with organising and keeping track of their crypto data:

How the TTO Tool Works

Some crypto traders don’t really pay attention to the potential tax consequences of their trades until it’s too late. It can easily be the case that if a trader had sold a different coin from a different wallet using the same strategy, they could have reduced their tax bill substantially.

To fill this gap, Accointing’s TTO tool can help determine tax consequences before making a trade to help reduce tax deductibles. Before a trade is made, users can take a look at their dashboard to see the tax implications of the particular coin they want to sell.

The difference in tax rates for selling the same coin held in different wallets can be significant. By displaying the tax implications of selling different coins in a portfolio and which coins attract the lowest taxes, users can manage their deductibles and potentially save thousands of dollars.

Getting Ready for Tax Time

According to Accointing’s business developer, in the US the highest marginal tax rate at the federal level is 37 per cent if you sell one coin, but selling the same coin from a different wallet for the same price can result in a tax rate as low as 15 per cent. The platform allows users to see these implications before making a trade, which could cost them more at tax time. Accointing also has a solution for Australian users to help them at tax time.

By planning ahead, the tool can show users how their tax situation will develop by tracking positions across all wallets. And since all the data is stored on the platform, when it comes around to tax filing time users can simply print their tax report.

In October last year, Melbourne’s RMIT University urged the Australian government to reform crypto capital gains tax. Here are some additional tax tips for Australian traders published by the Australian Tax Office (ATO).

Categories
Banking Bitcoin Crime Crypto News Crypto Wallets Ransomware

FBI Seizes $154 Million in Bitcoin Stolen from Sony by Rogue Employee

US law enforcement has taken legal action to seize and return over US$154 million embezzled from Sony Life Insurance Company Ltd by an employee in a textbook business email compromise (BEC) attack.

Rei Ishii, 32, a Tokyo-based employee of the Sony Corporation subsidiary, allegedly diverted the funds when Sony Life attempted to transfer them between its financial accounts.

Culprit Diverts Funds, Converts Them to Crypto

Ishii was alleged to have done this by falsifying transaction instructions, which caused the funds to be transferred to an account he controlled at a Californian bank. He later converted the stolen funds into more than 3879 bitcoins held in an offline cryptocurrency cold wallet.

In a crude attempt at blackmail, Ishii also tried to block his supervisor and several Sony Life executives from assisting in the investigation by emailing them a “ransom note” typed in English and Japanese:

If you accept the settlement, we will return the funds … [But] if you [file] criminal charges, it will be impossible to recover [them]. We might go down [for] this, but … you [will] be right there next to us. We strongly recommend to stop communicate (sic) with any third parties, including law enforcement.

Ransom note from Rei Ishii, accused embezzler and former employee of Sony Life Insurance Co Ltd

Earlier this month, following a joint investigation by the FBI and Japanese authorities, the 3879 bitcoins (worth more than US$150 million at the time) in Ishii’s cold wallet were seized after the FBI obtained the private key and transferred the ill-gotten crypto to its own bitcoin wallet.

Tokyo’s Metropolitan Police Department arrested Ishii on the same day and criminally charged him on suspicion of obtaining US$154 million dollars via fraudulent money transfers.

In a statement, Acting US Attorney Randy Grossman said:

This case is an example of amazing work by FBI agents and Japanese law enforcement, who teamed up to track this virtual cash. Criminals take note: You cannot rely on cryptocurrency to hide your ill-gotten gains from law enforcement.

Acting US Attorney Randy Grossman

Echoes of the REvil Ransomware Case

The case echoes charges filed by the US Department of Justice last month against a REvil ransomware affiliate responsible for the July attack against the Kaseya MSP platform. This case had ripple effects as far as Australia, with more than US$6 million seized from another REvil partner.