Category: Security

Categories
Crypto News Hackers Security

Security Firm Discovers Hackers Use Google and Microsoft to Steal Crypto

Online security company NetSkope has discovered a new crypto phishing scam that utilises Google and Microsoft Azure to trick users into handing over their information. The tactic involves using SEO techniques to distribute links to copycat pages.

https://africabusinesscommunities.com/tech/tech-news/netskope-extends-its-newedge-infrastructure-in-south-africa/
NetSkope has made a new phishing scheme discovery.

Other Big Names Not Immune

It’s been discovered that hackers have improved their strategies and are utilising specific SEO techniques to increase interaction with phishing sites for imposter wallet apps and exchanges impersonating notable names such as MetaMask and CoinBase.

These phishing sites are often built on Google Sites or Microsoft Azure and can take a user’s info in two ways. They will either acquire the private seeds of the user’s wallet by prompting data importation, or will pilfer info from the accounts of the exchanges being impersonated using error messages:

In this campaign, we found that the attackers are abusing Google Sites and Azure Web App to host the pages, likely due to cost, ease-of-use, and to slightly increase the victim’s trust.

NetSkope blog post

NetSkope has strongly recommended that “users never enter credentials after clicking on a link” and instead navigate directly to the site they wish to use, and that organisations should employ secure web gateways that can block these types of attacks.

Security Firms Have Their Work Cut Out

With crypto theft an ongoing concern on the radars of most investors and regulators, luckily security firms are keeping a watchful eye out. At the beginning of April, global cybersecurity firm ESET uncovered a criminal plot to steal users’ digital assets via apps impersonating popular cryptocurrency wallets. The plot involved more than 40 copycat crypto wallet sites intended to promote downloads of malicious apps.

Earlier in the year, blockchain security firm CertiK identified a US$10 million rug pull on Arbix Finance. The firm warned users who had engaged with the protocol to avoid it, along with its ARBX token. CertiK allegedly found several red flags in Arbix via its Skytrace tool, which analyses fraud risk.

Categories
Crypto Exchange Hackers Security

‘World’s Most Secure Exchange’ ZB.com Hacked for $5 Million

Formerly China-based ZB.com, which touts itself as the world’s most secure digital asset exchange, has had US$4.8 million pilfered from its hot wallet in a suspected hack:

Blockchain security firm PeckShield disclosed the suspected hack on August 3, identifying that large volumes of more than 20 different digital assets had been transferred out of the exchange’s hot wallet to another address. Most of the transferred assets have since been sold for ETH.

In response to the incident, ZB.com suspended customer withdrawals for what it describes as “temporary maintenance”, explaining in a statement:

Due to the sudden failure of some core applications, it still takes time to troubleshoot the problem. Deposit and withdrawal services are now suspended. Please do not deposit any digital currency before recovery. 

ZB.com statement

Wide Range of Digital Assets Taken

Among the 21 digital assets stolen in this suspected hack were over US$800,000 in Tether (USDT), almost US$300,000 in MATIC and over US$200,000 in IMX.

After being funnelled out of ZB.com’s hot wallet, the majority of the funds were subsequently sent to a number of decentralised exchanges by the hacker and sold for 2,224 ETH, currently valued at US$3.6 million. Another wallet PeckShield believes is also controlled by the hacker still holds just over US$1 million worth of stolen assets, which haven’t yet been sold.

Exchange Has Long History in Crypto

ZB.com is one of the oldest crypto exchanges currently operating, having been founded in China as CHBTC.com in 2013. Following China’s crackdown on crypto in 2017, the exchange ceased its activities inside China, rebranded as ZB.com and moved its headquarters to Switzerland. 

Despite this recent hack, ZB.com continues to flaunt its supposed status as the world’s most secure crypto exchange on its Twitter bio:

In the past year, exchange hacks have become increasingly frequent. In December 2021, US-based exchange BitMart was hacked for almost US$200 million, and in January Liechtenstein-based exchange LCX had one of its hot wallets hacked, losing almost US$8 million.

Categories
Crypto News Cryptocurrency Law Regulation Security

Tough Week for Robinhood: 25% of Staff Cut and a $30 Million Fine for Money Laundering Violations

California-based crypto trading platform Robinhood has been fined US$30 million by a New York regulator for failing in its anti-money-laundering obligations.

To make matters worse, the company has also been forced to lay off 25 percent of its staff after performance failed to match expectations.

Additional Cybersecurity and Consumer Protection Violations

The New York State Department of Financial Services (NYDFS) has issued details of the penalties. Additional to its anti-money-laundering failure, Robinhood is to be penalised for cybersecurity and consumer protection violations.

The platform’s cybersecurity program was found to lack sufficient resources to address risk. Its crypto division had also failed to transition from a manual transaction monitoring system to one more adequate for its user size and transaction volume, in a timely manner.

NYDFS Superintendent Adrienne Harris has spoken publicly about Robinhood’s shortcomings:

As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance – a failure that resulted in significant violations of the department’s anti-money laundering and cybersecurity regulations.

Adrienne Harris, NYDFS Superintendent

Unfortunately for Robinhood, the bad news does not stop there. On August 2, the company released a message from Vlad Tenev, its CEO and co-founder, announcing that the company would be forced to cut almost a quarter of its staff.

Ironically, considering Robinhood’s cybersecurity program was found to be inadequately staffed, overhiring in 2021 in anticipation of growing retail engagement with stock and crypto markets was blamed for the layoffs. Performance failed to match expectations, and Robinhood is bracing for approximately US$30-40 million in cash restructuring charges from employee benefits costs and severance.

One Ordinary Year Follows Another

Last year saw Robinhood also make the news multiple times for all the wrong reasons. In July, the crypto trading app was fined US$70 million for misleading its customers.

Then in October, Robinhood experienced a 78 percent decline in its Q3 crypto revenue. User growth in investment apps had skyrocketed as retail investors piled into stocks and crypto in the wake of the March 2020 Covid-19 financial meltdown. As a result, memecoins were receiving a lot of attention and Robinhood’s exposure to DOGE was blamed for the drop.

Categories
Crime Hackers Mining Scams Security

‘Cryptojacking’ in Financial Sector Soars 269% in 2022, Security Firm Report

A report from cybersecurity company SonicWall shows financial firms are now the main victims of so-called ‘cryptojacking’ attacks, following a 269 percent increase in the frequency of cyber-related exploits targeting the finance sector in the first half of 2022.

Cryptojacking refers to a cyber attack where a hacker uses malware to surreptitiously install crypto mining software on a victim’s computer, commandeering the computer’s resources to fraudulently mine crypto. It results in significantly degraded computer performance and high electricity costs for the victim.

Finance and Retail Sectors are Major Targets

In previous years, healthcare and education sectors had been the primary victims of cryptojacking, but that changed recently after what the report’s authors described as a “dramatic reshuffling” in 2022. 

Global cryptojacking volume increased 30 percent compared to the first half of 2021. The financial sector has borne the brunt of the massive increase and it now suffers over five times more cryptojacking attacks than the second-placed retail industry, which itself saw a 63 percent increase in attacks year-to-date.

Last year, partly in response to the number of cyberattacks against domestic businesses, the Australian federal government introduced controversial, far-reaching legislation to increase its powers in the event of a high-risk security attack.

Cryptojacking Increase Related to Fall in Ransomware Attacks

The report argues the huge growth in cryptojacking can be partly attributed to a shift away from ransomware attacks by scammers.

Unlike ransomware, which announces its presence and relies heavily on communication with victims, cryptojacking can succeed without the victim ever being aware of it.

2022 SonicWall Cyber Threat Report

“And for some cybercriminals feeling the heat, the lower risk is worth sacrificing a potentially higher payday.”

As mainstream adoption of crypto has grown, organised criminals have increasingly used the new technology to ply their illicit trade. A 2021 report from Chainalysis estimated US$33 billion had been laundered through crypto in the past five years.

Categories
Oxen Security

Australian-Based Encrypted Messaging dApp releases P2P Calls

Having surpassed the 1 million downloads milestone earlier this year, the decentralised private messaging App ‘Session’ has now released a new feature enabling private peer-to-peer phone calls.

In late 2021, the closed beta was released for Session calls. After a six-month closed beta period where beta testers were able to provide essential feedback, Session calls have entered an open beta – meaning anyone can now access the ability to make calls on Session.

Some important notes on Session calls:

  • Calls are only available for one-on-one chats
  • Calls must be enabled in settings
  • Calls can only be made to people in your contacts list
  • Calls are P2P



How to enable calls?

Android:

  1. Open your app settings by tapping on your profile picture in the top left corner
  2. Tap Privacy
  3. Enable the Voice and video calls option at the bottom of the menu

iOS:

  1. Open your app settings by tapping on your profile picture in the top left corner
  2. Tap Privacy
  3. Enable the Voice and video calls option at the bottom of the menu

Desktop:

  1. Open settings by pressing the cog on the left of the screen
  2. Click privacy
  3. Toggle the Voice and video calls switch

Beta Notes

As this release is still a beta release, an active search for any bugs or issues with the release is ongoing.

Looking forward, onion-routed calls are coming and they are dependent on Lokinet integration with Session; however, it must be first ensured that current P2P calls implementation is robust and secure. Session’s onion-routed calls will be a first of its kind in a consumer grade communication application, let alone a decentralised application.

Session is anonymous — with no phone numbers, emails, or any other identifying information being needed to create an account. Within the space of a few minutes, you can download the app, sign up, and start having conversations in full privacy. This means that just like our messaging service, this technology was applied to calls.

Session is now one of the easiest, most secure, most private ways to conduct a phone call — and all without a phone number.

Useful Links:

Session calls beta release: https://getsession.org/blog/calls-beta-release

Why you should care about private calls: https://getsession.org/blog/why-you-should-care-about-private-calls

Session’s underlying network: https://getsession.org/blog/session-decentralised-network

How to make a call: https://www.youtube.com/watch?v=Lr6pBKkqNsM&t=3s

Session beginners guide: https://www.youtube.com/watch?v=sLswL34hM-s

Categories
Crypto News Hackers Reddit Scams Security Social media

Redditor Issues Warning After Phone’s Predictive Text Guessed His Seed Phrase

An IT professional from Germany has warned fellow Reddit users after discovering that his mobile phone’s predictive text feature enabled it to correctly predict his entire recovery seed phrase after typing in the first word.

Complete list of 2048 BIP-39 Seed Recovery Phrase Words
Example of BIP-39 recovery seed phrase list. Source: Bitcoin Safety

Guessing Seed Phrases: Impossible?

Seed phrases, a random selection of 2048 words originating from Bitcoin Enhancement Protocol (BIP) 39, enable users to back up or recover access to their crypto holdings. The prospect of correctly guessing the correct 12- or 24-word seed phrase is virtually impossible, even with quantum computing. To give a sense of how low the probability is, one Reddit user ran the numbers.

Imagine then the surprise of Andre, also known as u/Divinux on Reddit, when he noticed that his phone accurately guessed the 12–24 word seed phrase, in the right order. “First, I was stunned. The first couple of words could be a coincidence, right?” he said, adding:

This makes it simple to assault, get your fingers on a telephone, begin any chat app, and begin typing any phrases off the BIP39 record, and see what the telephone suggests.

u/Divinux on Reddit

However, being IT literate and recognising the risk, he decided it would be best to put word out to the community.

Different Keyboards, Different Results

To properly assess the risk, Andre decided to evaluate how a range of different keyboards performed. His findings revealed that Google’s GBoard was the least vulnerable, since it did not predict every word in the correct order. However, both Microsoft and Samsung’s keyboards were able to predict the seed phrase word-for-word by default.

He then proceeded to issue a warning to fellow crypto enthusiasts:

Not your keys not your coins, do your own research, don’t FOMO, never invest more than you are willing to lose, always double-check the address you are sending to, always send a small amount beforehand and disable your PMs in settings.

u/Divinux on Reddit

Perhaps more pertinently, he concluded that users should “do [themselves] a solid [favour] and prevent that [predictive text guessing the seed phrase] from happening by clearing [their] predictive type cache”. Others however, such as u/babaossa77, thought even that didn’t go far enough: “If you typed your seed phrase into your mobile phone I’d already consider that seed as unsafe and wouldn’t use it for any bigger funds, even after clearing the cache.”

Just two weeks ago, MetaMask issued a phishing attack notice to its users, suggesting that when it comes to security, it’s ultimately a matter of degree since one can never be truly immune to the risk of a breach.

Categories
Bitcoin Crypto News Security

Michael Saylor Explains Bitcoin is Classed as Property, Every Other Crypto is a Security

MicroStrategy CEO and avid Bitcoin advocate Michael Saylor says Bitcoin is the best property money can buy.

Saylor is not afraid of Bitcoin’s volatility. He says that positioning MicroStrategy as an asset-rich company by investing in Bitcoin, for the same reason you would invest in property, will allow for stock value to appreciate over time.

He likens the monetary inflation rate as the wind against the corporate boat’s sails. Rowing against it won’t get you forward, whereas investing in Bitcoin is a vehicle to outperform inflation and get ahead of poor interest rates effortlessly. It’s like sailing with the wind, instead of going against it.

Buying Bitcoin as “digital property” is an easy way to make money, Saylor says. Today, MicroStrategy holds US$5 billion worth of Bitcoin (124,000 BTC) and continues to buy the dip.

Bitcoin as a Store of Value

“Bitcoin is digital gold,” Saylor has been known to say. In the race against inflation and negative interest rates, he maintains Bitcoin is the best appreciating asset to invest in to grow profits and secure financial gains for company shareholders.

Saylor explains that the way he looked at investing for companies had to change because cash was no longer holding up its value over time; in fact it was going backwards, depreciating year on year due to money printing accelerating inflation rates faster than ever before.

For MicroStrategy, the first treasury investment in Bitcoin was purely a matter of keeping money on the balance sheet as a way of holding capital. “It was better to take a risk,” Saylor says, than do nothing.

It paid off. MicroStrategy’s stock rose to its all-time high, beating previous 10-year levels. Not only that, the convertible bond MicroStrategy sold was the best performing bond of any company sold last year. It was a “screaming home run”, says Saylor, who has become one of the world’s biggest champions of Bitcoin.

The MicroStrategy Backstory

MicroStrategy builds, sells, and markets enterprise business intelligence software. The company’s investment strategy is now focused on buying and holding Bitcoin, “like you would buy and hold property”, Saylor explains.

If the money supply is expanding at 10 percent a year … if your top line and your cashflows don’t grow more than 10 percent a year, your stock will tank … so if you want your stock to be a store of value you have to grow your cashflow per share greater than the rate of the monetary inflation.

Michael Saylor, CEO, MicroStrategy

Instead of throwing more money and capital into the core business for it to grow, Saylor’s plan is simply to invest heavily in the “cash cow”, Bitcoin, to ensure the continued financial growth of the company.

Follow Michael Saylor on Twitter @saylor.

Categories
Crypto Exchange Crypto News Regulation Security

Crypto Advertising Crackdowns Kicking in Around the World Again

As quickly as cryptocurrency is increasing its pace of adoption, so too is regulation pertaining to its promotion. Spain, Singapore, and the UK are the latest jurisdictions to have made changes to their advertising regulations.

Spain Releases New Rules for Crypto Influencer Posts

Spanish regulators are advocating to control the way crypto is marketed, focusing specifically on restrictions on influencers’ promotions. The Comisión Nacional del Mercado de Valores (CNMV), the governmental organisation responsible for the financial regulation of Spanish securities markets, issued a release on January 17 outlining its new rules.

The CNMV now stipulates that promoting crypto assets must include the following disclaimer: “Investments in crypto assets are not regulated. They may not be appropriate for retail investors and the full amount invested may be lost.”

Influencers or outlets with more than 100,000 followers must also now notify the CNMV on the content of promotions related to crypto with a minimum of 10 days’ notice. Spain’s new rules come into effect next month, and non-compliance may result in fines.

Crypto.com billboard in Singapore’s Orchard Plaza. Source: bloomberg.com

Although this is the first strict regulation for the EU, several other countries have also moved to control how crypto firms and agencies advertise their services. The UK recently banned two ads from Crypto.com because they were deemed to be misleading by the UK’s advertising regulator, the Advertising Standards Authority (ASA). The ASA determined that the Singapore-based exchange’s ads took advantage of consumers’ “inexperience” and failed to make it clear that crypto investments aren’t regulated in the UK.

Singapore Curbs Crypto Marketing

Singapore has also cracked down on crypto marketing to curtail a recent surge in retail trading of digital assets. According to guidelines issued by the Monetary Authority of Singapore, “the public should not be encouraged to engage in the trading of [digital payment tokens (DPT)].” The regulatory body advised service providers to only market their goods on their own websites, social media and apps, and that they should take care not to trivialise the risk of investing digital assets.

Singapore has also made the decision to ban all ATMs that deal in digital currencies, citing that their convenience and accessibility may mislead the public to trade crypto assets on impulse.

Common Themes? 

The recent cryptocurrency ad crackdown has mainly been fuelled by companies and influencers taking advantage of unwitting and inexperienced crypto customers. Regulation thus far had served to protect consumers against the risks still associated with the unregulated market.

Last year, Google reviewed its policy on advertising after lifting its ban in August, adding specific requirements to which advertisers had to adhere.

Categories
Bitcoin BSV Crypto News Crypto.com Hackers Security

Crypto.com Suspends Withdrawals Following ‘Unauthorised Activity’ on User Accounts

Crypto.com suspended withdrawals this week after a small number of users reporting suspicious activity on their accounts, claiming “all funds are safe” – but not before security firm Peckshield reported losses amounting to “about US$15 million”.

Several Customers Report ‘Thefts’

The Singapore-based exchange stopped withdrawals on January 17 in response to several “thefts” reported by customers. One of them was Dogecoin (DOGE) founder Billy Markus, who noticed a suspicious transaction pattern on Etherscan.

Several hours later, Crypto.com issued an update advising users were required to sign back into their accounts and reset their two-factor authentication (2FA).

However, crypto enthusiast and jeweller Ben Baller claimed his account had been breached to the tune of 4.28 ETH (about US$15,000). Baller tweeted he had used 2FA to sign back in, so it appears the perpetrators must have bypassed some of Crypto.com’s security features:

At around 16:00 UTC, Crypto.com CEO Kris Marszalek tweeted that final checks were being made prior to withdrawals being resumed within the following hour, reiterating that “all funds were safe”.

Not Your Keys, Not Your Coins

In July last year, exchanges suspended Bitcoin SV (BSV) following double-spending attacks registered on the coin’s network. Developers of the BSV network had identified a wallet address that was linked with a history of illegal activities, including ransomware. The attacker had tried to mask double-spending of coins by causing block re-organisation attacks, which usually occurs when miners work together to remove previously confirmed blocks from the blockchain.

And just last month, centralised US crypto exchange BitMart was hit by one of the most devastating hacks to date, draining a combination of cryptocurrencies. The losses were estimated to be around US$200 million by security firm PeckShield, who – as in this week’s Crypto.com case – picked it up as it was happening.

Categories
Crypto News Monero Security

Alert: Monero Multi-Sig Wallet Code May Be Compromised

Participants in the Monero have been exposed to “vulnerabilities” in the implementation of its multi-signature wallet. The vulnerabilities do not affect the temporary supporting multisigs, but rather the current wallet code implementing them, according to Monero developer binaryFate.

Following the Reddit thread, the vulnerabilities were first released through the vulnerability response process. Developers concluded that it would be best to inform the public for security purposes, which has been well received by the community.

Compromised Code Interferes with Multi-signature Creation and Signing

The Monero multi-sig wallet has the ability to form, sign and submit transactions as a group, with the number of signatures needed to sign a transaction varying depending on the type of wallet. The threat means that interference may be experienced with multisig wallet formation, and it may also affect transaction signing.

The compromise could result in funds stolen by one of the parties to the signing. While attending to a solution, Monero has urged its customers to remain calm, and to avoid multisig transactions where possible.

The team at Monero expects a solution within the next week and will provide customer feedback regarding the situation. Monero has however noted that if multisig parties trust each other, transactions can be performed successfully – funds are not at risk when they remain intact, and if the wallet creation is not abused, all is well with the transaction.

Monero Again in a Compromised Position

Monero regularly finds itself associated with scandal and fraud, with many making a negative connotation with the ecosystem. Earlier this year, Monero was implicated when German authorities arrested an Australian man who ran an illegal marketplace dubbed “The Ebay for criminals”. The man had received payments via cryptos with transactions worth 4650 Bitcoin and 12,000 Monero taking place.

In August, Monero was again implicated in a massive fraud case when its former lead maintainer, Riccardo Spagni, aka “Fluffy Pony”, was arrested in the US and extradited to South Africa to face charges of alleged fraud-linked offences between 2009 and 2011. “Fluffy Pony” has been accused of stealing approximately US$100,00 from his former employer by creating false invoices and redirecting payments to his personal bank accounts. If convicted, he faces 20 years in prison.