Blockchain | Breaking Cybersecurity News | The Hacker News

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023." The Mumbai-based company said the attack stemmed from a mismatch between the information that was displayed on Liminal's interface and what was actually signed. It said the payload was replaced to transfer wallet control to an attacker. Crypto custody firm Liminal is one of the six signatories on the wallet and is responsible for transaction verifications. "Our preliminary investigations show that one of the self custody multi-sig smart contract wallets created outside of the Liminal ecosystem has been compromised

Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams. "Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News. The British blockchain analytics firm said that the marketplace is part of HuiOne Group, a Cambodian conglomerate with links to Cambodia's ruling Hun family and that another HuiOne business, HuiOne International Payments, is actively involved in laundering scam proceeds globally. According to its website , HuiOne's financial services arm is said to have 500,000 registered users. It also touts Alipay, Huawei, PayGo Wallet, UnionPay, and Yes Seatel as its customers. Southeast Asian countries like Burma, Cambodia, Laos, Malaysia, Myanmar, and the Philippines have become

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro

Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit , an all-in-one development toolkit for Algorand, enables developers to build blockchain applications in pure Python. This article will walk you through the benefits of building blockchain applications, why Python is an ideal choice for dApp development, how to set up your blockchain development environment, and how to start building secure blockchain applications in native Python.  Why build blockchain applications?  Blockchain application development goes far beyond creating a decentralized database and peer-to-peer transactions. It unlocks a new level of trust, security, and efficiency for various applications. Guarantee tamper-proof records: Blockchain creates an immutable and transparent ledge

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been offered to the Conti and LockBit ransomware syndicates that then used the crypter to disguise the file-encrypting malware and launch successful attacks. "And at the end of 2021, members of the [Conti] group infected the computer networks of enterprises in the Netherlands and Belgium with hidden malware," according to a translated version of the statement released by the agency. As part of the investigation, authorities conducted searches in Kyiv and Kharkiv, and seized computer equipment, mobile phones, and notebooks. If found guilty, the defendant is expected to face up to 15 years

A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware," the Microsoft Threat Intelligence team said in a new analysis. It also characterized the threat actor as using a combination of tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to meet its strategic objectives. The adversary, hitherto tracked by Redmond under the emerging cluster moniker Storm-1789, is assessed to be a state-aligned group that originally exhibited strong t

The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme to launder funds to the tune of at least $73 million tied to an international crypto investment scam," Deputy Attorney General Lisa Monaco  said . Prosecutors have accused Li, Zhang, and their co-conspirators of managing an international syndicate that laundered the funds obtained via cryptocurrency investment scams. As part of the fraudulent operation, victims are said to have been tricked into transferring millions of dollars to U.S. bank accounts that were opened in the name of various shell companies. "A network of money launderers then facilitated the transfer of those

A Dutch court on Tuesday sentenced one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service to 5 years and 4 months in prison. While the name of the defendant was  redacted in the verdict , it's known that Alexey Pertsev, a 31-year-old Russian national, had been  awaiting trial  in the Netherlands on money laundering charges. Pertsev, one of the developers of Tornado Cash, was  arrested  in Amsterdam in August 2022 days after the U.S. Treasury Department  sanctioned  the service for allowing malicious actors such as the Lazarus Group to launder and cash out their proceeds. In addition to the imprisonment, the defendant is expected to forfeit cryptocurrency assets worth €1.9 million (~$2.05 million) and a Porsche car that had been previously seized. "The defendant declared that it was never his intention to break the law or to facilitate criminal activities," a summary of the ruling  said . "With Tornado Cash, he wanted to offer a l

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market. The  findings  come from Elliptic in collaboration with researchers from the MIT-IBM Watson AI Lab. The 26 GB dataset, dubbed  Elliptic2 , is a "large graph dataset containing 122K labeled subgraphs of Bitcoin clusters within a background graph consisting of 49M node clusters and 196M edge transactions," the co-authors  said  in a paper shared with The Hacker News. Elliptic2 builds on the  Elliptic Data Set  (aka Elliptic1), a transaction graph that was made public in July 2019 with the goal of  combating financial crime  using graph convolutional neural networks ( GCNs ). The idea, in a nutshell, is to uncover unlawful activity and money laundering patterns by taking advanta

Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., along with Europol's European Cybercrime Centre (EC3),  said  in a joint alert. "In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines." The double-extortion group has been observed using a C++ variant of the locker in the early stages, before shifting to a Rust-based code as of August 2023. It's worth noting that the e-crime actor is  completely different  from the Akira ransomware family that was active in 2017. Initial access to target networks is facilitated by means o

A former security engineer has been  sentenced  to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question,  pled guilty  to one count of computer fraud in December 2023  following his arrest  in July. "At the time of both attacks, Ahmed, a U.S. citizen, was a senior security engineer for an international technology company whose resume reflected skills in, among other things, reverse engineering smart contracts and blockchain audits, which are some of the specialized skills Ahmed used to execute the hacks," the U.S. Department of Justice (DoJ) noted at the time. While the name of the company was not disclosed, he was residing in Manhattan, New York, and  working for Amazon  before he was apprehended. Court documents show that Ahmed exploited a security flaw in an unnamed cryptocurrency exchange's smart contracts to insert "

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC (AWEX), and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey (TOEP). In all, the designations cover thirteen entities and two individuals operating in the Russian financial services and technology sectors. "Many of the individuals and entities designated today facilitated transactions or offered other services that helped OFAC-designated entities evade sanctions," the Treasury  said , adding the action seeks to "target companies servicing Russia's core financial infrastructure and curtail Russia's use of the international financial system to further its war against Ukraine." Bitpapa, which offers virtual currency excha

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of Russia-based Company Group Structura LLC (Structura), have been accused of providing services to the Russian government in connection to a "foreign malign influence campaign." The disinformation campaign is tracked by the broader cybersecurity community under the name  Doppelganger , which is known to target audiences in Europe and the U.S. using inauthentic news sites and social media accounts. "SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of servic

A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 million) in illicit profits. The person, described as the "mastermind" behind the operation, was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following "months of intensive collaboration." "A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs," Europol  said , adding it shared the intelligence with the Ukrainian authorities. The Cyber Police of Ukraine, in a separate announcement, said the suspect "infected the servers of a well-known American company with a miner virus" at least since 2021, using custom brute-force tools to infiltrate 1,500 accounts of the firm. "Using the compromised accounts, the hacker gained access to the management of the service," the a

Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin  said . A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "scam-as-a-service" offering by charging a percentage of the stolen amount,  typically 20% or 30% , from its collaborators in return for providing wallet-draining scripts and other services. In late November 2023, a similar wallet-draining service known as Inferno Drainer announced that it was  shutting down its operations  for good after helping scammers plunder over $70 million worth of crypto from 103,676 victims sinc

Crypto hardware wallet maker Ledger published a new version of its " @ledgerhq/connect-kit " npm module after unidentified threat actors pushed malicious code that led to the theft of  more than $600,000  in virtual assets. The  compromise  was the result of a former employee falling victim to a phishing attack, the company said in a statement. This allowed the attackers to gain access to Ledger's npm account and upload three malicious versions of the module – 1.1.5, 1.1.6, and 1.1.7 — and propagate  crypto drainer malware  to  other applications  that are dependent on the module, resulting in a software supply chain breach. "The malicious code used a rogue WalletConnect project to reroute funds to a hacker wallet," Ledger  said . Connect Kit , as the name implies, makes it possible to connect DApps (short decentralized applications) to Ledger's hardware wallets. According to security firm Sonatype, version 1.1.7 directly embedded a wallet-draining pa