Security News
According to court documents [PDF] filed Friday in federal New York City court, Ellis Pinsky agreed to pay Michael Terpin $22 million for his starring role in the SIM swap and Bitcoin heist. In a Rolling Stone interview over the summer, Pinsky - dubbed Baby Al Capone by the media - admitted he swiped millions in crypto-coins from Terpin via a SIM swap.
Feds also said the biz sucked at policing transactions for suspicious activity – as if! Bittrex will cough up $53 million after being accused of flouting US sanctions and breaking federal money...
MasterCard has named its effort Crypto Secure and says it "Allows to better assess the risk profile of crypto exchanges or other providers." Kelly told The Register that crypto exchanges are currently rated as similar risks to purveyors of gambling and prostitution - sectors known as "Risky and frisky" in the payments industry.
Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets. When visiting these sites from any device, the site automatically downloads a Windows batch file named Phantom Update 2022-10-08.bat [VirusTotal] from DropBox.
Cryptocurrency exchange Binance temporarily halted its blockchain network on Thursday in response to a cyberattack that led to the theft of two million BNB tokens, notionally exchangeable for $566 million in fiat currency. The shutdown, requiring the cooperation of 26 validators to close the decentralized system, occurred around 2200 UTC on October 6, as a result of the exploitation of the BSC Token Hub bridge, which connects the BNB Beacon Chain and the BNB Smart Chain so tokens from different blockchains can be exchanged.
Hackers have reportedly stolen 2 million Binance Coins, worth $566 million, from the Binance Bridge.Details are scant at the moment, but the attack appears to have started at 2:30 PM EST today, with the attacker's wallet receiving two transactions [1, 2], each consisting of 1,000,000 BNB. Soon after the hacker began spreading some of the funds across a variety of liquidity pools, attempting to transfer the BNB into other assets.
In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims. In July, the FBI warned of scam 'dApps' that impersonated cryptocurrency liquidity mining services but, in reality, stole a victim's crypto investments.
The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency. In August 2022, Lazarus was seen targeting IT workers with malicious job offers that impersonated Coinbase and targeted users with Windows malware or macOS malware.
Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. This Help Net Security video reveals how crypto giveaway scams have evolved into a profitable illicit market segment.
The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the Singapore-based cryptocurrency exchange firm Crypto.com.