A ransomware group claims it hacked the Maryland Department of Transportation and is now selling sensitive, personal data on the dark web.
A ransomware group claims it hacked the Maryland Department of Transportation and is now selling sensitive, personal data on the dark web.
The website Daily Dark Web first reported the auction. The Rhysida ransomware group claims it has the full names, birth dates and home addresses of transportation agency employees. It shared images of a Maryland driver’s license, passport, Social Security card and other sensitive documents.
Part of the text reads, “Open your wallets and be ready to buy exclusive data.”
The auction for the data ends in less than a week and the starting price is 30 Bitcoin, which is worth more than $3 million.
In a statement to WTOP, Maryland Transit Administration spokesperson Veronica Battisti said, “The Maryland Transit Administration can confirm incident-related data loss at this point in our investigation.”
“At this time we are unable to disclose specific or additional details regarding what data has been lost because of the sensitivity of the ongoing investigation. If it is found that personal information has been taken, the affected individuals will be notified by the State in accordance with State law and we will take appropriate actions and provide guidance on recommended actions,” Battisti said in a statement to WTOP.
The state’s information technology department is working with third-party cyber experts to investigate the breach.
According to the Cybersecurity and Infrastructure Security Agency, Rhysida has been targeting the education, health care, manufacturing, information technology and government sectors since 2023.
Editor’s Note: The article has been updated to clarify that the investigation is ongoing as to whether personal information has been taken.
Get breaking news and daily headlines delivered to your email inbox by signing up here.
MOUNTAIN VIEW, Cal. — Google has sent out an updated warning to billions of Gmail users about a massive data breach.
They say around 2.5 billion users are urged to reset their passwords immediately. And to tighten security after the contact information of small and medium sized businesses was hacked. KXL Tech Expert Brian Westbrook says Gmail users should also be on guard for phishing attacks. He recommends when users do change their passwords, they make sure it’s unique. And also to retire your old Gmail password while using 2 factor authorization moving forward.
Hello, media consumers! Bryan welcomes The Ringer’s own Hollywood bureau chief, Alan Siegel. They both share some of their lukewarm takes on the media and the following subjects:
Donald Trump’s love affair with Hannibal Lecter (01:31)
The Donald Trump hack: documents sent to Politico emails (8:42)
A sports documentary check-in on Hard Knocks and Receiver (18:15)
The essence of cable news (28:01)
Australian B-girl Raygun breaks her silence (37:26)
Alan closes out with a few of his only-in-journalism words (43:22)
Plus, David Shoemaker Guesses the Strained-Pun Headline.
Host: Bryan Curtis Guest: Alan Siegel Producer: Brian H. Waters
The Trump campaign says its emails and documents were stolen by “foreign sources” who aimed to “sow chaos” and influence the 2024 presidential election, numerousmediaoutlets reported over the weekend.
On Saturday, Politico said it’s been receiving Trump campaign documents from an anonymous AOL email for months; going by only “Robert,” the apparent leaker included a 271-page vetting report that described Republican vice presidential nominee JD Vance’s publicly-known vulnerabilities, as well as a partial dossier on Florida Senator Marco Rubio. “Robert” claimed to possess Donald Trump’s “legal and court documents” as well as “internal campaign discussions,” per Politico.
“Any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies,” Trump campaign spokesperson Steven Cheung told reporters in response to the news. Cheung pointed to an August 9 report from Microsoft, which detailed a June phishing attack that targeted an unnamed, “high-ranking” campaign official using a former advisor’s compromised account.
According to Microsoft, hackers connected to the Islamic Revolutionary Guard Corps sent the spear-phishing email, which included a “fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain.” The group responsible is known by several names, including Mint Sandstorm and Charming Kitten, Microsoft said. Over the past several years, the same group has been blamed for targeting the World Health Organization, sending U.S. officials holiday greetings riddled with malware, and plenty of other attacks.
Microsoft said in its report this week that it’s tracked the rise of “significant influence activity by Iranian actors.” The company added that Iran-linked campaigns have stood out from Russian efforts “for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters.”
Crypto scammers successfully stole a whopping 1,155 wrapped Bitcoin using a technique that tricks users into malicious transactions.
According to blockchain security provider CertiK, a crypto user lost over $69.3 million in wrapped Bitcoin (WBTC) to an address-poisoning attack on May 3. At first, the attacker mirrored a 0.05 Ethereum (ETH) transfer before stealing the WBTC in the next transaction.
On-chain investigator ZachXBT and crypto security provider Cyvers corroborated the news. Cyvers CTO Meir Dolev said the case was “probably the highest value lost due to an address poisoning scam” to date.
In an address poisoning scam, victims are presented with a similar wallet address and deceived into transferring assets to an exploiter. The malicious address usually imitates the four to six characters at the beginning and end of an address.
Users fall prey to this method as the differences are sometimes hard to spot, especially since wallet addresses may exceed 40 alpha-numeric characters in some cases.
The incident has already eclipsed the proceeds from exploits and scams throughout the last month, which amounted to about $25.7 million in digital assets. CertiK also noted that April saw the lowest defi scam levels seen since 2021.
The Pretendo Network, an open-source Nintendo Network alternative, no longer requires a hacked Wii U console. With Nintendo’s servers for the obsolete console shutting down on Monday, the Pretendo Network shared a new workaround that provides (limited) access to its homebrew servers without jailbreaking your dusty old console.
An SSL (secure sockets layer) is a protocol that encrypts the connection between a device and its servers. The Wii U’s SSL exploit (branded as “SSSL”), discovered by the Pretendo Network’s shutterbug, lets you connect to the network with only a simple DNS change, which you can do on the stock firmware. “We’ve been holding on to this exploit for this day for quite some time, in case Nintendo decided to issue patches for it,” the network’s creators wrote in a blog post announcing the new workaround.
Not everything will work, though. The Pretendo Network team says third-party titles that use their own SSL libraries aren’t compatible. That includes Watch Dogs, the YouTube app and anything running an embedded browser (like TVii, the eShop and the Miiverse applet). However, the network creators stress that in-game Miiverse functionality still works.
The workaround requires a Wii U running at least firmware version 5.5.5. If yours has software lower than that, you should still be able to go online and install the latest update. Nintendo last pushed a Wii U firmware update in August 2022, when the current version (5.5.6) arrived.
Shutting down the Wii U and 3DS online servers doesn’t prevent Nintendo from providing new firmware updates to the consoles. Given Nintendo’s aversion to hacking its devices, the Mario maker could, at least in theory, update the 12-year-old Wii U to patch the DNS workaround.
Crypto exchange FixedFloat clarified that the recent hack wasn’t carried out by its employees rather, it was an external attack.
We reached out to the exchange for a detailed explanation of the hack, and the FixedFloat team clarified that it was caused by vulnerabilities and insufficient protection in its security structure. The attacker was able to bypass its defenses and gain access to some of its core service functions.
FixedFloat also emphasized that no user funds were impacted, as it’s a non-custodial exchange, and the impacted funds were its own assets. However, the hack has impacted the exchange’s ability to payout 30 outstanding orders. The team has promised to make these payments immediately after services are resumed.
The hack took place yesterday, where approximately $26 million was drained from the platform’s BTC and ETH wallet. Initially, several users and analysts on social media claimed that FixedFloat developers were behind this incident and it was a potential rug-pull. However, the exchange denied any claims of internal involvement in its comment to crypto.news.
The losses on Ethereum $4.8M, funds deposited to eXch. FixedFloat Wallet: 0x4E5B2e1dc63F6b91cb6Cd759936495434C7e972F Attacker Wallet: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085
FixedFloat was heavily criticized yesterday for not reporting the hack immediately. The team acknowledged the delay but said that its main focus was eliminating the vulnerabilities and minimizing the loss, and that publicly reporting the incident immediately would’ve made other threat actors aware of the security flaw.
The platform is expecting its full-fledged operations to resume in the coming days, and is expected to release a full report after the ongoing investigation has concluded.
Analysts at Scam Sniffer say bad actors stole $55 million worth of crypto and created over 11,000 phishing websites in January alone.
In an X thread on Feb. 9, Scam Sniffer revealed a trend observed in January, noting a rise in phishing attacks coinciding with heightened activity within crypto communities following a series of airdrops in the previous month.
🚨 ScamSniffer’s January Phishing Report 🚨
🧵 1/6
in January, over $55M was stolen in phishing scams across EVM chains. Top 7 victims lost $17M! pic.twitter.com/Fq0tulYkVB
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 9, 2024
According to the data, scammers created over 11,400 phishing websites in January, impersonating Manta Network, Frame, SatoshiVM, AltLayer, Dymension, zkSync, Pyth, OpenSea, Optimism, Blast, and others. Apparently, their efforts paid off as cybercriminals pilfered nearly $55 million worth of crypto across Ethereum Virtual Machine-based networks, with the top seven victims losing $17 million.
“The majority of the thefts occurred on the Ethereum mainnet, followed by Arbitrum, BNB, Optimism, and Polygon.”
Scam Sniffer
As per Scam Sniffer, a common method employed by hackers involved exploiting the ERC-20 Permit function, deceiving users into unwittingly transferring funds from their non-custodial wallets under the guise of legitimate operations.
Total crypto victims in January 2024 | Source: Dune
Additionally, perpetrators increasingly leveraged the increaseAllowance function, enabling them to manipulate token allowances granted to malicious smart contracts. Many people fell for scams because cybercriminals were actively posting fake comments on X pretending to be real projects like Optimism and zKSync, underscoring the persistent threat posed by fraudulent online presences.
As crypto.news previously reported, illicit crypto addresses received over $24 billion worth of crypto in 2023, down from an estimated $39.6 billion in 2022. According to Chainalysis data, there has been a transition in the types of assets involved in crypto crime, with stablecoins now constituting the majority of illicit transaction volume.
January 2024 saw a sixfold increase in the amount lost to web3 hackers who continue to exploit loopholes in smart contract codes employed by crypto and defi protocols.
Hackers carted away over $126 million from several attacks on decentralized finance platforms last month, according to AMLBot Co-Founder and CEO Slava Demchuk. Incidents primarily stemmed from a handful of vulnerabilities ranging from multi-sig wallet compromises to loan attack vectors, Demchuk added.
One of the largest hacks in January was on Orbit Bridge, a cross-chain protocol that lost north of $80 million to bad actors. Ozys, the South Korea-based company behind the service, suspects a former employee was involved in the attack.
However, the crypto fraud-detection expert noted that cybersecurity within the industry is improving year-on-year, as indicated by the decline in illegal digital asset activity.
Every year, the large amount of money stolen, sometimes reaching billions of dollars, can be surprising and worrying. But the main trend is clear – less than 1% of crypto activities involve illicit actions.
A Chainalysis report backs up this assertion. The company noted a 39% reduction in stolen wealth transactions via cryptocurrencies and blockchain networks.
Commenting on why these defi vulnerabilities persist even as global crypto adoption ascends and institutional demand has increased, Demchuk told crypto.news that blockchain’s decentralized nature adds a layer of complexity that requires constant improvement in security protocols by projects to mitigate and manage risks.
In some cases, he noted, projects fall short of industry-standard security measures, and in other scenarios, hackers have engineered novel strategies to bypass systems aimed at safeguarding users.
Enhanced security measures such as real-time transaction monitoring and increased collaborative efforts by global law enforcement are two key areas in tackling digital currency-related crime, per Demchuk.
AMLBot’s boss added that more communication between crypto exchanges, wallet providers, and blockchain developers should help to stem the issue by facilitating the timely sharing of threats and suspicious activity.
Eventually, this collaboration should lead to the establishment of a suitable infrastructure that accommodates the involvement of all stakeholders. Our belief is that the cryptocurrency industry will gradually attain comprehensive security over time.
South Korean crypto exchange Upbit suspended deposits and withdrawals for SSX tokens after the project’s team alarmed about a $10.2 million heist.
Upbit says in a Jan. 29 press release that it is suspending deposits and withdrawals of Somesing (SSX) token following a report that 730 million SSX tokens (over $10.2 million) were hacked and withdrawn to unknown wallets.
Upbit, in its announcement, stated that it flagged SSX tokens due to a change in the distribution volume of SSX tokens compared to the previously submitted distribution plan. The exchange intends to collaborate with the Somesing Foundation to investigate the incident and verify details related to the fund movement. As of press time, the method employed by the hackers to withdraw millions of dollars’ worth of SSX tokens remains unclear.
As crypto.news reported earlier, Somesing Foundation stressed that the incident is not associated with any member of the foundation and is believed to have been carried out by professional hacker(s) who specialize in hacking cryptocurrencies.
The platform team involved the police to investigate the incident. The Klaytn Foundation (Somesing operates on the organization’s blockchain) and Interpol partner Uppsala Security are also helping the karaoke platform find the hacker. Despite the incident, SSX is up 7% and is trading at $0.01488, as per CoinMarketCap.
The X account of the Ethereum staking protocol Rocket Pool was hacked on Jan. 17, with the exploiter asking users to migrate their assets via a malicious link.
Rocket Pool’s hijacker posted a message detailing smart contract vulnerabilities spotted by the supposed team. The post asked users to click on a link to migrate their assets to a version 2 contract to avoid losses.
WARNING!!!
Rocket Pool Twitter compromised!
The Rocket Pool Twitter account has been compromised! Do not click any links in tweets on that account!
The account that is compromised is [DO NOT CLICK] @Rocket_Pool.
The Rocket Pool team confirmed the incident on Discord, warning users to avoid interacting with any links posted by the account until further notice.
Any possible losses suffered or stolen cryptocurrencies were yet unknown at press time.
Rocket Pool team warns users via Discord
This year, the exploit is already one of several hacks following attacks on entities like CoinGecko. The cryptocurrency price aggregator reported a breach of its X account on Jan. 10.
The United States Securities and Exchange Commission (SEC) account was also compromised on Jan. 9, as hackers posted a false spot Bitcoin ETF approval announcement. SEC Chairman Gary Gensler said no further breaches were identified while Senators demanded clarity. Also, the FBI is reportedly involved in investigations concerning the SEC hack.
Days before the SEC’s security breach, the Twitter account of Polychain Capital CEO Olaf Carlson-Wee was infiltrated by hackers promoting a fake airdrop link. Breaches like these highlight a broader security concern in crypto, as stakeholders are targeted and some protocols are susceptible to attack vectors like sophisticated social engineering.
Moving into a bull run characterized by a defi resurgence and a wave of retail capital spurred by institutional adoption, crypto security may be a pain point for mass adoption.
A blockchain developer fell victim to a crypto scam after responding to a seemingly legitimate Upwork job.
Bad actors have turned to Upwork in an effort to lure blockchain developers into downloading malicious software, enabling them to drain cryptocurrencies from non-custodial wallets. As per a BleepingComputer report, scam recruiters are instructing victims via LinkedIn to download and debug code from two malicious npm packages, hosted on a GitHub repository.
One of the malicious npm packages on GitHub | Source: BleepingComputer
Once developers execute the packages, a malicious script gains access to their devices. In an interview with BleepingComputer, Antalya-based blockchain developer Murat Çeliktepe revealed losing over $500 from his MetaMask wallet in crypto after opening the npm packages, providing scammers with remote access to his device.
The incident extends beyond Çeliktepe, as the report notes other developers reporting similar encounters with the same recruiters on LinkedIn, highlighting the prevalence of scams targeting blockchain developers.
Scammers seem to continue targeting blockchain developers through job platforms like LinkedIn and Upwork, showcasing a persistent strategy. In an incident in 2022, North Korea-affiliated hackers managed to pilfer $600 million from the Axie Infinity blockchain game by sending a fake job offer in a malicious PDF file via LinkedIn to an engineer from Sky Mavis, a company behind the web3 game.
Multi-chain trading platform Thunder Terminal has suffered a hacker attack, saying a malicious actor gained access to a MongoDB connection.
In an X post on Dec. 27, Thunder Terminal acknowledged the breach, stating that the hacker gained access to a MongoDB connection URL.
This access allowed the intruder to retrieve session tokens and execute withdrawals on behalf of users.
The attack concluded at 12:20 AM UTC, Dec 27, after all session tokens and transaction signing access were revoked for security reasons, Thunder Terminal said.
Incident Report
At 12:11:47 AM UTC, suspicious withdrawals started getting sent through Thunder wallets.
A malicious actor got access to a MongoDB connection URL which they used to pull session tokens and execute withdrawals on behalf of users.
While Thunder Terminal assured users that no private keys or wallets were compromised, the team admitted that “less than 1% of wallets” were affected. The attack reportedly resulted in funds being stolen from at least 114 wallets.
“The exploit happened through withdrawal requests our server considered as authorized because of leaked session tokens. We do not store any private keys, so the attacker does not have access to any wallets. Desktop wallets were not affected.”
Thunder Terminal
As of press time, it is unclear, how exactly the hacker got access to the project’s database. Thunder Terminal suggests that the hack may be related to an incident involving New York-based MongoDB. In mid-December, MongoDB detected “suspicious activity” on its network, later confirming that hackers had infiltrated its systems “for some period of time before discovery.”
According to blockchain sleuth ZachXBT, the attack transferred 86.5 ETH (worth around $192,500) to Railgun, a privacy-aimed protocol that enables users to anonymously swap cryptocurrencies and make private transactions. The project also revealed that the hacker stole over 439 SOL (around $49,160).
Initially, Thunder Terminal said the attack was related to a compromise of its third-party provider. The team also said “funds are safe,” adding that “refunds will be handled shortly.”
Seems like a 3rd-party service we were using was compromised.
Investigating actively – please give us some time.
Funds are safe and refunds will be handled shortly.
However, shortly after this post, the hacker issued a blockchain-based statement, accusing the Thunder Team of lying and threatening to disclose all user data unless the project pays them 50 ETH in ransom.
Launched in late 2022, Thunder Terminal is a multi-chain trading platform with support for Ethereum, Solana, Avalanche, and other networks.
Explore the biggest crypto hacks of 2023 in our comprehensive review, including the roles of notorious hacking groups and their impact on the crypto industry.
Cryptocurrency hacks in 2023 have seen the industry lose over $1 billion, with the largest hacks occurring in the final quarters of the year. The recent bull market has marked the end of a prolonged crypto winter that started in 2022, driven by the Terra LUNA crash and the FTX collapse. However, this has also renewed hackers’ interest in the market, with more malicious threats targeting major defi protocols and crypto exchanges.
From the multi-million dollar heist at Mixin to the sophisticated phishing scams affecting individual investors, each hack provided a stark reminder of the ongoing battle between cybersecurity and cybercriminals in the digital age. So, what were the largest crypto hacks of 2023? Let’s find out.
Mixin breach ($200m): biggest crypto hack of 2023
September 2023 saw arguably the largest recent crypto hack, as the Mixin platform suffered a staggering loss of $200 million. This incident unfolded through a data breach of Mixin’s cloud service provider. The platform could not track down the attacker or recover the stolen funds. However, Mixin committed to compensating users for half of their lost holdings.
[Update] After statistical analysis, the affected assets in this incident were mainly ERC20-USDT, ETH, and BTC. Other assets were not affected. The specific compensation details are still under discussion. Please stay tuned for updates on the progress of this incident. In order… https://t.co/XHlNmJFbeZ
In March 2023, Euler Finance experienced a significant hack, losing nearly $200 million. The breach was initially identified by PeckShield, a blockchain security firm, which noticed unusual transaction activity on the platform. These transactions were later confirmed as the method through which $197 million in cryptocurrency was stolen.
However, in a rare occurrence, the stolen funds were unexpectedly returned to Euler Finance a few weeks after the hack. An apology note was included in one of the return transactions, as observed on Etherscan.
Poloniex hack (over $120m)
Popular crypto exchange Poloniex faced a security breach in November, leading to a loss exceeding $33 million, later revised to over $120 million. The unauthorized outflow of funds from its hot wallet affected multiple networks, including Ethereum (ETH) and Bitcoin (BTC). Justin Sun, the majority shareholder of Poloniex, reassured the community of the exchange’s financial stability and pledged full reimbursement for the lost assets.
To resolve the situation, Sun initially offered a $10 million bounty to the cryptocurrency hackers for returning a significant portion of the funds within a week and provided wallet addresses for potential reimbursement. However, as per the latest reports, the hackers did not respond. Poloniex continues its internal investigation and remains committed to compensating affected users.
HTX hack ($110 m)
Yet another exchange linked to Justin Sun experienced a major breach this year. HTX, formerly known as Huobi, experienced a significant security breach, leading to a net outflow of $250 million after resuming operations.
This outflow followed the November attack in which HTX lost around $110 million, according to Sun. The incident prompted a temporary suspension of withdrawals and deposits. Despite the substantial outflow, an HTX emphasized that user funds were safe.
MultiChain rug pull ($130m)
In July, MultiChain, a cross-chain protocol, reported suspicious withdrawals totaling $130 million, sparking concerns of a hack or rug pull. The series of transactions led to the Chinese authorities’ arrest of MultiChain’s CEO, Zhaojun, fueling speculation of insider involvement.
Zhaojun’s devices, including phones and hardware wallets, were confiscated. The incident led to MultiChain ceasing operations, as detailed in a post on social media. The closure of MultiChain followed these events, leaving many questions about the true nature of the incident.
Atomic Wallet hack ($100m)
In June, Atomic Wallet, a widely-used software crypto wallet, was hacked, leading to the loss of $100 million. The breach impacted over 5,000 user accounts, with some users experiencing partial thefts and others having their wallets completely emptied.
The initial suspicion pointed toward the Lazarus hacking group. The incident led to a class-action lawsuit from Russian investors against Atomic Wallet in August 2023. The latter claimed that the trace led to the Ukrainian group of hackers. However, there has been no proof of this statement since then.
The company’s response to the crypto hack and the legal repercussions are yet to be fully resolved.
CoinEx hack ($70m)
Crypto exchange CoinEx suffered a major security breach in September, resulting in the theft of $70 million. Crypto hackers accessed numerous private keys for user hot wallets, transferring substantial amounts of various cryptocurrencies, including nearly 5,000 ETH and 231 BTC.
Despite the significant loss, CoinEx’s cold wallets remained unaffected. The North Korean Lazarus group is suspected to be behind this attack.
KyberSwap hack ($47m)
The KyberSwap hack in November 2023 stands out for its complexity and the significant loss incurred. The multi-chain decentralized exchange aggregator fell victim to a smart contract reentrancy attack, leading to the theft of $47 million across various networks, including Ethereum, Polygon (MATIC), Arbitrum (ARB), and Optimism (OP).
This breach resulted in a drastic 90% drop in KyberSwap’s total value locked, falling from $84.9 million to just $8.28 million, showcasing the severe impact of smart contract vulnerabilities.
The hacker behind this attack made unusual demands, seeking total control over KyberSwap’s protocol, which included its governance mechanism and company assets. These demands, attached to a transaction on Etherscan, were unprecedented and highlighted a new level of boldness in crypto hacking.
The hacker sought to overhaul KyberSwap’s operational structure, including employee salaries and executive buyouts. This incident reflects the technical vulnerabilities of defi platforms and underscores the evolving challenges in securing defi ecosystems against increasingly sophisticated attacks.
Stake hack ($41m)
September was undoubtedly one of the costliest months this year, with the number of hacks exceeding all other months in 2023. Popular crypto gambling platform Stake also suffered a breach that month, leading to a theft of $41 million.
This hack specifically targeted users’ crypto hot wallets, and the assets stolen included Ethereum and Dai, among others. All funds were initially transferred to a single wallet, believed to belong to the hacker, and then dispersed to various other wallets. This dispersion tactic made tracking the stolen assets more challenging. The FBI’s investigation later confirmed the involvement of the North Korean Lazarus hacking group in this theft, although the stolen funds remain unrecovered.
North Korea’s Lazarus group: state-affiliated threat in crypto hacks
In 2023, the Lazarus Group, a North Korea-linked hacker organization, has been a prominent actor in the crypto hacking landscape. They have been responsible for over $300 million in crypto hacking incidents, accounting for approximately 17.6% of the total losses incurred in the crypto industry during the year. This contribution to the total losses highlights the group’s significant impact on the crypto space.
Historically, the Lazarus Group has been involved in some of the largest cyberattacks, dating back to their activities against Sony Pictures in 2014. Over the years, they have shifted their focus to crypto protocols, acquiring billions of dollars from these attacks. From 2021 to 2023, approximately $1.9 billion has been stolen from various crypto projects, showcasing the group’s persistence and evolving tactics.
In 2023, the Lazarus Group executed at least five attacks, including a notable $70 million theft from the Hong Kong-based crypto exchange CoinEx. Their strategy moved towards targeting centralized finance platforms and noncustodial crypto wallets, demonstrating keen adaptability to the changing landscape of the crypto industry.
Despite a global decline in the overall amount of money stolen in digital asset hacks, the threat posed by groups like Lazarus remains significant. Law enforcement agencies have been actively combating these activities by tracing stolen funds and disrupting crypto mixers, which obscure illicit funds’ origins. The U.S. Treasury Department has addressed these challenges by sanctioning popular mixing services like Tornado Cash and proposing stricter regulations for decentralized platforms.
Crypto hacks in 2024: prospects
The surge of crypto hacks in the latter half of 2023 reflects a concerning narrative for the industry heading into 2024. The upcoming year is poised to be a crucial time for crypto, with the expectations around the Bitcoin spot ETF launch in January and the Bitcoin halving event in April.
So, the industry is preparing for a busy 2024, and so will the hackers. Building industry-wide resilience would be the key to curbing these large-scale threats; otherwise, we might be in for a costlier new year.
FAQs
Can blockchain be hacked?
While blockchain technology is generally secure due to its decentralized and encrypted nature, it is not completely immune to hacking, especially through vulnerabilities in smart contracts or centralized points like exchanges.
Is Bitcoin hackable?
Bitcoin’s core blockchain protocol is highly secure, but Bitcoin exchanges and wallets can be vulnerable to hacking.
What is the world’s largest crypto exchange hack?
The world’s largest crypto exchange hack occurred at Coincheck in 2018. The company lost $534 million worth of NEM tokens.
What is the biggest hack in Bitcoin history?
The most significant Bitcoin hack was the Mt. Gox incident in 2014, where approximately 850,000 bitcoins were stolen, greatly impacting the Bitcoin community and market.
What are the latest crypto hacks?
Recent notable crypto hacks include the attacks on Ledger, HTX, KyberSwap, and Poloniex, with losses mounting over hundreds of millions.
In a bizarre turn of events, a US nuclear laboratory, the Idaho National Laboratory (INL), fell victim to a hack by a group self-identifying as “gay furry hackers.” The group, Sieged Security (SiegedSec), has an unusual demand: they want the lab to research the creation of real-life catgirls.
The Idaho Nuclear Laboratory Cyber Attack
The Idaho National Laboratory is not just any facility; it’s a pioneer in nuclear technology, operating since 1949. With over 6,000 employees, the INL has been instrumental in nuclear reactor research and development. The unexpected cyber intrusion by SiegedSec marks a significant security breach.
SiegedSec’s demands are out of the ordinary. They have threatened to release sensitive employee data unless the INL commits to researching catgirls. The data purportedly includes Social Security numbers, birthdates, addresses, and more. SiegedSec’s tactics include using playful language, such as multiple “meows” in their communications, highlighting their unique approach.
The group has a history of targeting government organizations for various causes, including human rights. Their recent activities include leaking NATO documents and attacking US state governments over anti-trans legislation.
The Nuclear Laboratory’s Response and Investigation
The Idaho National Laboratory confirmed the breach and is currently working with the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency. The investigation aims to understand the extent of the data impacted by the incident.
SiegedSec’s actions, while unusual, shed light on several issues. First, it highlights the vulnerability of even high-profile, secure facilities to cyber attacks. Second, the group’s unique demand for researching catgirls, while seemingly whimsical, echoes broader internet discussions about bio-engineering and human-animal hybrids. Lastly, it demonstrates the diverse motives and methods of hacktivist groups.
The Future of Catgirls and Cybersecurity
While the likelihood of the INL taking up research on catgirls is slim, the breach itself is a serious matter. It underscores the need for heightened cybersecurity measures in sensitive facilities. As for SiegedSec, their influence in the realm of hacktivism is notable, blurring the lines between political activism, internet culture, and cybersecurity.
While the demand for catgirls is likely a playful facade, the breach at the Idaho National Laboratory is a reminder of the ongoing cybersecurity challenges facing institutions today. The INL’s breach is a wake-up call for enhanced security protocols in an era where cyber threats can come from the most unexpected sources.
TheStandard.io suffers a $264,000 theft via a PAXG liquidity pool exploit on Arbitrum.
Defi stablecoin protocol TheStandard.io has been hacked for $264,000, according to reports from blockchain security analysts CertiK. The hacker allegedly conducted a low liquidity exploit of PAXG on Arbitrum.
A low liquidity exploit is a type of attack where a threat actor takes advantage of pools with low liquidity to manipulate asset prices for financial gain. In this case, the hacker exploited the PAXG liquidity pools to steal 8,500 USDC and 280,000 Euro. Following the attack, nearly €223,000 was used by the hacker to mint an Algebra position NFT.
TheStandard.io released a statement affirming to customers that all collateral in the smart vaults was safe. The platform also paused all new EUROs minting until the exploit is patched. The platform has also requested the attacker to come forward as a white hat and negotiate a deal.
To the Exploiter, Please reach out to us. We are a small project trying to build something good for the world. We don’t have deep pockets. Your best move would be for you to put on your white hat, and contact us via DM to figure out a deal. Option two is constant monitoring. https://t.co/qiBkicg1hL
Recently, cybercriminals have been increasingly targeting small defi and crypto projects for quick gains. In October alone, crypto scams and hacks have cost users over $32 million. TheStandard.io is actively investigating today’s exploit and also suspended the creation of any new vaults on the platform.
The Unibot team says funds lost due to the bug on the new router ‘will be compensated.’
Telegram trading crypto bot Unibot has suffered a token approval exploit, resulting in a loss of $642,000 worth of crypto.
In an X post on Tuesday, Oct. 31, the Unibot team acknowledged the attack, saying the hacker exploited the token approval mechanism in the new router. The team has paused the router “to contain the issue.”
We experienced a token approval exploit from our new router and have paused our router to contain the issue.
Any funds lost due to the bug on our new router will be compensated. Your keys and wallets are safe.
We will release a detailed response after investigations conclude.
According to reports, the exploiter stole over 356 Ethereum (ETH) worth around $642,000 at the time of writing. After the attack, the stolen funds have been moved to Tornado Cash, a sanctioned cryptocurrency mixing protocol on the Ethereum blockchain.
Shortly after the news broke, Unibot’s native token crashed by 25.5% down to $42.7, according to data from CoinGecko.
Telegram trading bots
Unibot is a Telegram bot that allows users to trade crypto right in the messenger by connecting their non-custodial wallets to Uniswap V3. The bot executes trades on behalf of a user with token pool contracts.
As crypto.news earlier reported, the other Telegram bot, Maestro, also fell victim to a security breach, resulting in the theft of more than 280 ETH, valued at approximately $500,000. In the aftermath, Maestro initiated a refund strategy. Users who lost tokens during the exploit reportedly received total compensation, with some even receiving more than their initial holdings.
Users of the LastPass password manager application have now lost $4.4 million worth of crypto assets in a single day. This development comes a year after LastPass shared that hackers had gained access to its cloud storage keys and dual storage container decryption keys.
LastPass Users Urged To Move Crypto Assets As 25 Fall Victim To Hack
This latest asset loss by LastPass users was revealed by on-chain investigator ZachXBT via an X post on October 27.
Through a combined probe with a fellow investigator with X handle @tayvano_, it was discovered that approximately $4.4 million in digital assets were stolen from 85 distinct wallets belonging to 25 LastPass users.
Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.
Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
In a cautionary note in the same post, ZachXBT also warned all LastPass users to transfer their crypto assets to new wallet addresses in order to avoid future losses.
For context, LastPass offers a password management service, helping users store the seed phrase in their crypto wallet. A seed phrase represents a set of words unique to each wallet, which grants access to the assets stored in the said wallet.
On August 8, 2022, a hacker gained access to the corporate laptop of a LastPass software engineer, allowing the bad actor to infiltrate the company’s system, stealing some source code, confidential technical documentation, and internal system secrets.
Using this data, the hacker extracted 14 of LastPass’s 200 source code repositories.
Over the next few days, the hacker initiated a larger attack, obtaining a copy of the LastPass customer database, which held information such as unencrypted account information, along with associated metadata and settings like multi-factor authentication options.
On August 25, 2022, the company’s CEO Karim Toubba claimed the hack had been contained and stated that the data comprised had occurred in its development section, which does not contain any personal user data.
However, in a series of tweets in August 2023, @tayvano_ claimed that over 1200 BTC, valued at $32 million, had been stolen from wallets linked to LastPass users in the last year following the security breach.
Such reports, in addition to the latest theft incident, have contributed to heightening calls for users to ditch wallet addresses linked to the password management services.
Crypto Hacks In 2023
According to a July report by blockchain security firm Peckshield, crypto hacks still account for one of the major causes of asset loss in 2023.
Peckshield stated that in H1 2023 alone, over 395 hacks occurred in the crypto space, culminating in losses valued at about $479.9 million. While these figures represent a massive decline from the $2.43 billion recorded in H1 2022, it can still be considered quite significant in terms of investors’ interest.
At the time of writing, the total crypto market is valued at $1.26 trillion, with a 0.22% gain in the last day, based on data from CoinMarketCap.
Sam Bankman-Fried takes the stand on FTX’s collapse
Sam “SBF” Bankman-Fried testified this week in his ongoing criminal trial in the Southern District of New York, denying any wrongdoing between FTX and Alameda Research while acknowledging making “big mistakes” during the companies’ explosive growth. Highlights of his testimony include denying directing his inner circle to make significant political donations in 2021, as well as claims that FTX’s terms of use covered transactions between Alameda and the crypto exchange. Additionally, Bankman-Fried testified that he requested additional hedging strategies for Alameda in 2021 and 2022, but they were never implemented. The trial is expected to conclude within the next few days.
‘Buy Bitcoin’ search queries on Google surge 826% in the UK
Google searches for “buy Bitcoin” have surged worldwide amid a major crypto rally, with searches in the United Kingdom growing by more than 800% in the last week. According to research from Cryptogambling.tv, the search term “buy Bitcoin” spiked a staggering 826% in the U.K. over the course of seven days. In the United States, data from Google Trends shows that searches for “should I buy Bitcoin now?” increased by more than 250%, while more niche searches, including “can I buy Bitcoin on Fidelity?” increased by over 3,100% in the last week. Zooming out further, the search term “is it a good time to buy Bitcoin?” saw a 110% gain worldwide over the last week.
US court issues mandate for Grayscale ruling, paving way for SEC to review spot Bitcoin ETF
The United States Court of Appeals has issued a mandate following a decision requiring Grayscale Investments’ application for a spot Bitcoin exchange-traded fund (ETF) to be reviewed by the Securities and Exchange Commission (SEC). In an Oct. 23 filing, the “formal mandate” of the court took effect, paving the way for the SEC to review its decision on Grayscale’s spot Bitcoin ETF. The mandate followed the court’s initial ruling on Aug. 29 and the SEC’s failure to present an appeal by Oct. 13. To date, the SEC has yet to approve a single spot crypto ETF for listing on U.S. exchanges but has given the green light to investment vehicles linked to Bitcoin and Ether futures.
Coinbase disputes SEC’s crypto authority in final bid to toss regulator’s suit
The U.S. Securities and Exchange Commission overstepped its authority when it classified Coinbase-listed cryptocurrencies as securities, the exchange has argued in its final bid to dismiss a lawsuit by the securities regulator. In an Oct. 24 filing in a New York District Court, Coinbase chastised the SEC, claiming its definition for what qualifies as a security was too wide, and contested that the cryptocurrencies the exchange lists are not under the regulator’s purview. The SEC sued Coinbase on June 6, claiming the exchange violated U.S. securities laws by listing several tokens it considers securities and not registering with the regulator.
Gemini sues Genesis over GBTC shares used as Earn collateral, now worth $1.6B
Cryptocurrency exchange Gemini filed a lawsuit against bankrupt crypto lender Genesis on Oct. 27. At issue is the fate of 62,086,586 shares of Grayscale Bitcoin Trust. They were used as collateral to secure loans made by 232,000 Gemini users to Genesis through the Gemini Earn Program. That collateral is currently worth close to $1.6 billion. According to the suit, Gemini has received $284.3 million from foreclosing on the collateral for the benefit of Earn users, but Genesis has disputed the action, preventing Gemini from distributing the proceeds. Genesis filed for bankruptcy in January. It had suspended withdrawals in November 2022, which impacted the Gemini Earn program.
Winners and Losers
At the end of the week, Bitcoin (BTC) is at $34,143, Ether (ETH) at $1,789 and XRP at $0.54. The total market cap is at $1.26 trillion, according to CoinMarketCap.
Among the biggest 100 cryptocurrencies, the top three altcoin gainers of the week are Pepe (PEPE) at 72.08%, Mina (MINA) at 55.47% and FLOKI (FLOKI) at 53.33%.
The top three altcoin losers of the week are Bitcoin SV (BSV) at -10.27%, Toncoin (TON) -3.14% and Trust Wallet Token (TWT) at -0.82%.
“I should say, I am not a lawyer, I am just trying to answer based on my recollection. […] At the time [at] FTX, certain customers thought accounts would be sent to Alameda.”
“Without prejudging any one asset, the vast majority of crypto assets likely meet the investment contract test, making them subject to the securities laws.”
Gary Gensler, chair of U.S. Securities and Exchange Commission
“I do not believe there has been a single serious conversation regarding a settlement between Ripple […] and the SEC. The SEC is pissed and embarrassed and wants $770M worth of flesh.”
“He [Sam Bankman-Fried] thought he was going to take that money, and […] he would out-trade the market and put the money back and end up as a half-a-trillionaire, but it never works like that.”
Bitcoin beats S&P 500 in October as $40K BTC price predictions flow in
Bitcoin surfed $34,000 at the end of the week as attention turned to BTC price performance against macro assets. Data from Cointelegraph Markets Pro and TradingView showed BTC/USD holding steady, preserving its early-week gains.
The largest cryptocurrency avoided significant volatility as the weekly and monthly closes — a key moment for the October uptrend — drew ever nearer.
“I think Bitcoin will hang around this range for some time,” popular pseudonymous trader Daan Crypto Trades told X subscribers in one of several posts on Oct. 27. “Roughly $33-35K is what I’m looking at as a range. Eyes on potential sweeps of any of these levels for a quick trade,” he wrote.
FUD of the Week
UK passes bill to enable authorities to seize Bitcoin used for crime
Lawmakers in the United Kingdom have passed legislation allowing authorities to seize and freeze cryptocurrencies like Bitcoin if used for illicit purposes. Introduced in September 2022, the passed legislation aims to expand authorities’ ability to crack down on the use of cryptocurrency in crimes like cybercrime, scams and drug trafficking. One of the provisions of the bill permits the recovery of crypto assets used in crimes without conviction, as some individuals may avoid conviction by remaining remote.
Scammers create Blockworks clone site to drain crypto wallets
Phishing scammers have cloned the websites of crypto media outlet Blockworks and Ethereum blockchain scanner Etherscan to trick unsuspecting readers into connecting their wallets to a crypto drainer. A fake Blockworks site displayed a fake “BREAKING” news report of a supposed multimillion-dollar “approvals exploit” on the decentralized exchange Uniswap and encouraged users to visit a fake Etherscan website to rescind approvals. The fake Uniswap news article was posted on Reddit across several popular subreddits.
Kraken to suspend trading for USDT, DAI, WBTC, WETH and WAXL in Canada
Kraken will suspend all transactions related to Tether, Dai, Wrapped Bitcoin, Wrapped Ether and Wrapped Axelar in Canada in November and December. The suspensions may not surprise many Canadian cryptocurrency users, as they come on the heels of several other notable exchanges taking similar actions throughout 2023. OKX ceased operations in Canada in June after Binance announced its intention to do so in May.
5,050 Bitcoin for $5 in 2009: Helsinki’s claim to crypto fame
Crypto entrepreneur faces a $243 million Bitcoin dilemma, with just two password attempts left and a reluctant decision on accepting Unciphered’s hacking expertise.
Over the years, the crypto industry has seen many stories of users buying thousands of Bitcoins over a decade ago, when it was worth merely $10-$13, only to lose access to their wallet today when the leading cryptocurrency is worth 3,000 times more. The story of Stefan Thomas, a Swiss crypto entrepreneur, follows a similar plot but has come across a rather surprising turning point.
Thomas holds 7,002 Bitcoins in an IronKey USB, which is a portable USB storage with secured encryption. These assets are worth more than $243 million today. However in a rather unfortunate scenario, Thomas has lost his password and only has two password attempts left before the USB drive erases the Bitcoin wallet keys. The only one that can help Thomas is Unciphered, a hacker group that has developed a technique to crack the passwords of IronKey S200 devices. The only problem is that Thomas doesn’t want their help.
In 2011, Stefan Thomas lost the password to an IronKey S200, an encrypted USB drive holding 7,002 bitcoins. IronKeys are designed to permanently erase their contents if someone tries ten incorrect password guesses, and Thomas has already tried eight wrong ones.
IronKeys are designed to permanently erase their contents after ten incorrect password guesses. Unciphered’s hackers have confirmed to the WIRED that they can bypass this limitation, giving them virtually infinite tries to guess the password. They’ve demonstrated their capabilities, unlocking an IronKey in what they dubbed “Project Everest.”
Despite Unciphered’s success and offer to help, Thomas has declined their assistance, remaining committed to two other teams he had engaged earlier. Unciphered has not disclosed the specifics of their cracking technique due to potential national security implications. They have managed to decrypt 2011-era IronKeys more than a thousand times, demonstrating a non-destructive, reliable method.
Despite their technological triumph, convincing Thomas to use their services has proven to be a challenge, leaving Unciphered with a powerful decryption tool but no agreement to unlock the high-value cryptocurrency treasure.
