Security News

Bitcoin ATM maker General Bytes disclosed that unidentified threat actors stole cryptocurrency from hot wallets by exploiting a zero-day security flaw in its software. "The attacker was able to upload his own java application remotely via the master service interface used by terminals to upload videos and run it using 'batm' user privileges," the company said in an advisory published over the weekend.

Microsoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. Public keys can be shared with others to receive payments, while private keys should be kept secret and can be used to authorize transactions when you want to spend your cryptocurrency. Microsoft sleuth Albacore who first spotted the new Edge Crypto Wallet tweeted some screenshots and expressed his puzzlement about the possibility of it ending up as a new Microsoft Edge feature.

Meet the newest member of the crypto rogues' gallery: Ho Wan Kwok, aka Guo Wengui, aka Miles Guo, whom the US Department of Justice on Wednesday arrested over what investigators have described as a "Sprawling and complex scheme to solicit investments in various entities and programs through false statements and representations to hundreds of thousands of Kwok's online followers." One of Guo's operations was called Himalaya Exchange.

"The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud," Europol said in a statement. ChipMixer, the world's largest centralized crypto mixer service, is estimated to have laundered no less than $3.75 billion worth of digital assets to further a wide range of criminal schemes.

Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes, according to a public service announcement issued today by the Federal Bureau of Investigation. In cryptocurrency scams, the fraudsters will approach victims via dating platforms, messaging apps, or social media platforms to build trust and introduce them to an investment scheme that will eventually allow them to empty the targets' crypto wallets.

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. The cryptocurrency theft involved multiple tokens, including $8.75 million worth of DAI, $18.5 million in WBTC, $33.85 million in USDC, and $135.8 million in stETH. The attacker's ETH wallet used to store the stolen funds is being tracked, so it will be challenging for the perpetrator to move the stolen funds around and convert them to a usable form.

An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. Using a hardware wallet like Trezor adds protection from malware and compromised devices, as the wallet is not meant to be connected to your PC. When setting up a new Trezor wallet, users are given a 12 or 24-word recovery seed that can be used to recover a wallet if a device is stolen, lost, or malfunctions.

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites. It follows a client-side encryption beta program for these same enterprise and education users that Google launched late last year.

DOUG. Crypto company code captured, Twitter's pay-for-2FA play, and GoDaddy breached. DOUG. Well, let's bring things into the modern, and talk about GoDaddy.

Norwegian police have seized 60 million kroner worth of cryptocurrency stolen by the North Korean Lazarus hacking group last year from Axie Infinity's Ronin Bridge. The seized cryptocurrency was stolen from Sky Mavis, the publisher of the blockchain-based game Axie Infinity, which suffered losses of $620 million in March 2022 after an attacker manipulated the game's Ronin bridge to gain partial control of its validators and perform two unauthorized transactions.