Security News

TeamTNT hijacking servers to run Bitcoin encryption solvers
2022-09-18 14:07

The recent attacks bear various signatures linked to TeamTNT and rely on tools previously deployed by the gang, indicating that the threat actor is likely making a comeback. The researchers observed three attack types being used in the allegedly new TeamTNT attacks, with the most interesting one being to use the computational power of hijacked servers to run Bitcoin encryption solvers.

Bitcoin ATMs leeched by attackers who created fake admin accounts
2022-08-23 18:35

You wouldn't know it from visiting the company's main website, but General Bytes, a Czech company that sells Bitcoin ATMs, is urging its users to patch a critical money-draining bug in its server software. Not all countries have taken kindly to cryptocurrency ATMs - the UK regulator, for example, warned in March 2022 that none of the ATMs operating in the country at the time were officially registered, and said that it would be "Contacting the operators instructing that the machines be shut down".

Hackers Stole Crypto from Bitcoin ATMs by Exploiting Zero-Day Vulnerability
2022-08-22 05:54

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".

Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug
2022-08-20 19:17

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies.

New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains
2022-08-08 13:55

A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names to conceal its command-and-control infrastructure. Orchard is said to have undergone three revisions since February 2021, with the botnet primarily used to deploy additional payloads onto a victim's machine and execute commands received from the C2 server.

Dutch University retrieves Bitcoin ransomware payment and makes a profit
2022-07-05 07:46

The Netherlands' Maastricht University has managed to recoup the Bitcoin ransom it paid to ransomware scum in 2019 - and has made a tidy profit on the deal. The University explained that in 2019 it suffered a ransomware attack that prevented staff and students from accessing research data, email, or library resources.

DARPA study challenges assumptions about distributed ledger (and Bitcoin) security
2022-06-22 13:30

The finding is part of a study [PDF] conducted by IT security researchers at Trail of Bits and commissioned by the Defense Advanced Research Projects Agency that points to several ways in which the immutability of blockchain - the distributed ledger on which Bitcoin and other cryptocurrencies rely - can be called into question. "Of Bitcoin's nodes, 21 percent were running an old version of the Bitcoin Core client that is known to be vulnerable in June of 2021," the study said.

US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
2022-05-16 22:45

US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country. It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US. Under the United States' International Emergency Economic Powers Act, it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia.

US sanctions Bitcoin laundering service used by North Korean hackers
2022-05-06 15:17

The U.S. Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge. In the wake of the attack, Sky Mavis revealed that hackers breached the Ronin bridge on March 23 to steal 173,600 Ethereum and 25.5M USDC tokens in two transactions worth $617 million at the time, the largest cryptocurrency hack in history.

De-anonymizing Bitcoin
2022-04-11 11:04

Y Greenberg wrote a long article - an excerpt from his new book - on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoin's arrival, academic security researchers - and then companies like Chainalysis - began to tear gaping holes in the masks separating Bitcoin users' addresses and their real-world identities.