ReportWire

Tag: zachxbt

  • Kronos Research Halts Operations After Losing $26 Million In Security Breach

    Kronos Research Halts Operations After Losing $26 Million In Security Breach

    [ad_1]

    Kronos Research, a Taipei-based market maker, trading firm, and venture capital fund, witnessed the withdrawal of significant amounts of crypto assets due to a breach of its security system

    Kronos Breach: Investigation Underway

    On Sunday, November 19, Kronos Research disclosed – via a post on X (formerly Twitter) – a security incident that involved unauthorized access to its API keys. Consequently, the company lost a significant amount of crypto funds and has halted all trading operations in a bid to launch a full investigation into the incident.

    A map of funds outflow by on-chain sleuth ZachXBT summed Kronos’ losses to over $25 million in Ether. In a follow-up post on X, the company also confirmed that the losses are about $26 million in crypto assets.

    Funds outflow from Kronos Wallet | Source: X/ZachXBT

    In its initial announcement, Kronos revealed that the potential losses are not a significant portion of its equity. Meanwhile, the trading firm said in its latest update that all losses will be covered internally, and no partners will be affected.

    Although Kronos has yet to provide an update on its resumption process, the company did say that it aims to resume trading as soon as possible.

    This $26 million attack on Kronos Research represents the third most significant crypto theft in November 2023. Before this latest incident, data from blockchain security firm Certik revealed that about $173 million had been lost to crypto attacks in November, with Poloniex’s $113 million hack being the most notable yet.

    How Did This Hack Affect WOO X?

    Interestingly, Kronos is not the only one affected by this security incident, as WOO X is another cryptocurrency entity that has had to pause its operations momentarily. WOO X is an exchange on which Kronos functions as the market maker for its spot and perpetual futures markets.

    In an address on the X platform, WOO X acknowledged Kronos’ security situation and announced a temporary pause on all trading to protect users’ positions from a lack of liquidity. The exchange, however, emphasized that all customer funds are safe.

    As of this writing, WOO X has resumed trading in both the spot and perpetual futures markets. Meanwhile, the exchange claims that clients can now make withdrawals for all assets.

    Nevertheless, the trading platform has faced some backlash from the online crypto community, with some people pointing to its unclear relationship with Kronos.

    Kronos

    Cryptocurrency total market cap on the daily timeframe | Source: TOTAL chart on TradingView

    Featured image from iStock, chart from TradingView

    [ad_2]

    Opeyemi Sule

    Source link

  • Ledger Wallet Users Lose Nearly $800,000 To Fake App On Microsoft’s App Store | Bitcoinist.com

    Ledger Wallet Users Lose Nearly $800,000 To Fake App On Microsoft’s App Store | Bitcoinist.com

    [ad_1]

    According to on-chain sleuth ZachXBT, around $800,000 in crypto assets has been carted away from users who installed a fake Ledger Live application on Microsoft’s app store.

    Ledger Live Users Lose $600,000 In Bitcoin: Report

    In a November 5 post on the X (formerly Twitter) platform, ZachXBT raised an alarm on the suspicious application, “Ledger Live Web3”, which is conning users into thinking they are installing the original “Ledger Live” app. The original Ledger Live is a user interface app that allows hardware wallet users to store their crypto assets offline.

    According to on-chain data, roughly 16,800 BTC (worth approximately $588,000) has been received by the exploiter across 38 different transactions using the wallet address “bc1q…y64q”. The first set of funds (an estimated total of $87,600) were transferred to the scammer’s address on October 24, 2023.

    As of this writing, only about $115,760 – across two transactions – has been moved out of the scammer’s wallet address. Meanwhile, the current balance of the address still stands at more than 13.5 BTC (worth roughly $476,012).

    In a follow-up post on X, ZachXBT revealed that the scammer also used an ETH/BSC address to receive funds from the fake Ledger app. Based on the update, the exploiter has collected approximately $180,000 using this address, bringing their total loot to $768,000.

    The on-chain investigator also noted that Microsoft may have finally removed the fake Ledger Live app from their app store. Meanwhile, the fake app’s dedicated page on Microsoft’s official website is no longer accessible.

    It is worth noting that this is not the first time that a fake Ledger Live app has made its way into Microsoft’s app store. Ledger’s support account on X has had to warn its users about a fake app on two separate occasions in the space of a year.

    October Saw A Notable Decline In Crypto Scams

    In the month of October, the crypto space experienced a significant downturn in terms of theft, hitting its lowest point of 2023. According to CertiK’s findings, a total of 38 incidents, including from hacks, exploits, and scams, contributed to losses amounting to $32.2 million.

    When considering the 10-month total of $1.4 billion, the losses incurred in October appear notably smaller, accounting for approximately a quarter of the running monthly average. While this decline in security incidents is a positive development, users are still cautioned about the existence of security threats even in the most unexpected places, as shown in this Ledger case.

    As digital assets continue to flourish, this harsh reality serves as a stark reminder of the need for vigilant cybersecurity measures to safeguard the investments of crypto enthusiasts worldwide.

    Bitcoin price breaks above $35,000 again on the daily timeframe | Source: BTCUSDT chart on TradingView

    Featured image from iStock, chart from TradingView

    [ad_2]

    Opeyemi Sule

    Source link

  • LastPass Hack Drains $4.4 Million From Users, Urgent Asset Migration Advised

    LastPass Hack Drains $4.4 Million From Users, Urgent Asset Migration Advised

    [ad_1]

    Users of the LastPass password manager application have now lost $4.4 million worth of crypto assets in a single day. This development comes a year after LastPass shared that hackers had gained access to its cloud storage keys and dual storage container decryption keys.

    LastPass Users Urged To Move Crypto Assets As 25 Fall Victim To Hack

    This latest asset loss by LastPass users was revealed by on-chain investigator ZachXBT via an X post on October 27. 

    Through a combined probe with a fellow investigator with X handle @tayvano_, it was discovered that approximately $4.4 million in digital assets were stolen from 85 distinct wallets belonging to 25 LastPass users.

    In a cautionary note in the same post, ZachXBT also warned all LastPass users to transfer their crypto assets to new wallet addresses in order to avoid future losses.

    For context, LastPass offers a password management service, helping users store the seed phrase in their crypto wallet. A seed phrase represents a set of words unique to each wallet, which grants access to the assets stored in the said wallet. 

    On August 8, 2022, a hacker gained access to the corporate laptop of a LastPass software engineer, allowing the bad actor to infiltrate the company’s system, stealing some source code, confidential technical documentation, and internal system secrets. 

    Using this data, the hacker extracted 14 of LastPass’s 200 source code repositories. 

    Over the next few days, the hacker initiated a larger attack, obtaining a copy of the LastPass customer database, which held information such as unencrypted account information, along with associated metadata and settings like multi-factor authentication options. 

    On August 25, 2022, the company’s CEO Karim Toubba claimed the hack had been contained and stated that the data comprised had occurred in its development section, which does not contain any personal user data.

    However, in a series of tweets in August 2023,  @tayvano_ claimed that over 1200 BTC, valued at $32 million, had been stolen from wallets linked to LastPass users in the last year following the security breach. 

    Such reports, in addition to the latest theft incident, have contributed to heightening calls for users to ditch wallet addresses linked to the password management services. 

    Crypto Hacks In 2023

    According to a July report by blockchain security firm Peckshield, crypto hacks still account for one of the major causes of asset loss in 2023.

    Peckshield stated that in H1 2023 alone, over 395 hacks occurred in the crypto space, culminating in losses valued at about $479.9 million. While these figures represent a massive decline from the $2.43 billion recorded in H1 2022, it can still be considered quite significant in terms of investors’ interest.

    At the time of writing, the total crypto market is valued at $1.26 trillion, with a 0.22% gain in the last day, based on data from CoinMarketCap.

    Total crypto market valued at $1.238 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

    Featured image from iStock, chart from Tradingview

    [ad_2]

    Semilore Faleti

    Source link