Security News

The IRS has been granted a court order to collect records from a bank the agency said will help it identify US taxpayers who failed to report taxable income from crypto trades. Uncle Sam yesterday said it's specifically going after records from New York-based bank M.Y. Safra, which partnered with SFOX - a cryptocurrency prime broker - to offer the latter's customers access to cash-deposit bank accounts.

Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. The packages in question were published from the npm account of a dYdX staff member and found to contain illicit code that would run info stealers on a system when installed.

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script on the victim's machine, which, in turn, fetched a second shell script.

The mainstream emergence of cryptocurrency, coupled with its popularity among cybercriminals, has created a potentially dangerous environment for those with significant crypto holdings. In this Help Net Security video, Nick Percoco, Chief Security Officer at Kraken, explains why it's important for crypto holders to think about personal security as an ongoing, holistic process, and offers tips on how to safeguard crypto assets.

In what's the latest crypto heist to target the decentralized finance space, hackers have stolen digital assets worth around $160 million from crypto trading firm Wintermute. The hack involved a series of unauthorized transactions that transferred USD Coin, Binance USD, Tether USD, Wrapped ETH, and 66 other cryptocurrencies to the attacker's wallet.

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine. CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an "Ongoing hack" affecting its decentralized finance operations, while its centralized finance and over-the-counter trading operations were unaffected.

Digital assets trading firm Wintermute has been hacked and lost $162.2 million in DeFi operations, the company CEO, Evgeny Gaevoy, announced earlier today. Wintermute provides liquidity to over 50 cryptocurrency exchanges and trading platforms, including Binance, Coinbase, Kraken, and Bitfinex.

Group-IB has noted a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in the first half of 2022. Crypto giveaway scams have evolved into an illicit market segment with multiple services that aim to facilitate fraudulent operations.

The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. The arrest occurred in the early morning of September 6, 2022, with the police seizing devices and "Data carriers" to aid the ongoing investigations.

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.