Security News

Cryptocurrency bridge Nomad sent a message to the looters who drained nearly $200 million in tokens from its coffers earlier this week: return at least 90 percent of the ill-gotten gains, keep 10 percent as a bounty for discovering the security flaw, and Nomad will consider this a "White-hat" hack, as opposed to plain old theft, and not take legal action. Update: Nomad Bridge Hack Bounty(see below for details)Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 https://t.

DOUG. A critical Samba bug, yet another crypto theft, and Happy SysAdmin Day. Moving on to something not so great: a memory mismanagement bug in GnuTLS. DUCK. Yes, I thought this was worth writing up on Naked Security, because when people think of open-source cryptography, they tend to think of OpenSSL. Because that's the one that everybody's heard of, and it's the one that's probably had the most publicity in recent years over bugs, because of Heartbleed.

From what we can tell, and details are still light, somewhere between $4.5 million and $8 million in coins - including stablecoins USDC and USDT, and Solana's SOL - were taken from roughly 8,000 Slope and Phantom mobile app wallets. Phantom also makes a Solana-focused mobile wallet for Android and iOS. Coins were drained from some of its users' mobile wallets, though the majority of stolen funds were pulled from Slope wallets.

Hackers steal almost $200 million from crypto firm Nomad. U.S. crypto firm Nomad has been the victim of a digital theft that saw hackers make off with $190 million of cryptocurrencies owned by users of the service. On August 1, Nomad confirmed the theft in a tweet that said: "We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them."

One of the four encryption algorithms the US National Institute of Standards and Technology recommended as likely to resist decryption by quantum computers has has holes kicked in it by researchers using a single core of an Intel Xeon CPU, released in 2013. "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively. A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core," wrote Castryck and Decru, of Katholieke Universiteit Leuven in a a preliminary article [PDF] announcing their discovery.

Cryptocurrency bridge service Nomad, which describes itself as "An optimistic interoperability protocol that enables secure cross-chain communication," has been drained of tokens notionally worth $190.7 million if exchanged for US dollars. Nomad allows cryptocurrency holders to trade their tokens across different blockchains, the distributed public ledgers used to track crypto assets.

According to the US state's Department of Financial Services on Monday, Robinhood Crypto didn't hire sufficient staff and didn't invest in other resources for its anti-money-laundering and cybersecurity compliance programs. "As its business grew, Robinhood Crypto failed to invest the proper resources and attention to develop and maintain a culture of compliance - a failure that resulted in significant violations of the Department's anti-money laundering and cybersecurity regulations," New York's Superintendent of Financial Services Adrienne Harris said.

Forsage, an alleged crypto Ponzi scheme purporting to be a decentralized smart contract platform, bilked millions of investors worldwide out of more than $300 million, according to America's securities watchdog. These transactions totaled more than $300 million, according to the SEC. However, like any other pyramid scheme, the primary way that investors made money from Forsage was to recruit other investors, according to the watchdog.

IBM has started offering quantum-resistant crypto - using the quantum-resistant crypto recommended by the US National Institute of Standards and Technology. China is felt to be stealing data today, safe in the knowledge its future quantum computers will be able to decrypt it in the near future.

The US government is reportedly investigating Kraken, a massive cryptocurrency exchange suspected of violating sanctions against Iran, and is expected to slap the crypto behemoth with a fine in the near future. Allowing users in Iran to buy and sell tokens would put Kraken in violation of the sanctions, which has drawn the attention of federal investigators, the Times reported, citing five people affiliated with the company or with knowledge of the inquiry.