Security News

The U.S. Department of Justice has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. The DoJ did not disclose where the rest of the payments originated from.

A crook who created a business called My Big Coin to cheat victims out of more than $6 million has been found guilty by a jury. Randall Crater, 51, of East Hampton, New York was this week convicted [PDF] of four counts of wire fraud and three counts of money laundering.

The FBI has warned cryptocurrency owners and would-be owners about a scam involving phony liquidity mining that the bureau says has cost victims more than $70 million in combined losses since 2019. Liquidity mining is an investment strategy that appears to reward investors for contributing some of their crypto assets to a pool, which provides traders the liquidity necessary to conduct transactions.

A now-former Coinbase manager, his brother, and a friend were today charged with wire fraud conspiracy and wire fraud in connection with the first-ever cryptocurrency insider trading scheme in the US. Ishan Wahi, a 32-year-old ex-product manager at Coinbase Global who lives in Seattle, Washington, and his 26-year-old brother Nikhil Wahi, also from Seattle, were arrested Thursday morning. The US Department of Justice and FBI allege the three men pulled off a $1.5 million insider trading scheme by using confidential Coinbase information about which crypto-assets were scheduled to be listed on Coinbase's exchanges.

The U.S. Department of Justice has charged a former Coinbase manager and two co-conspirators with wire fraud conspiracy and scheme to commit insider trading in cryptocurrency assets. Defendant Ishan Wahi, who worked as a product manager for the company, is accused of abusing his position and insider knowledge to make cryptocurrency investments that were almost guaranteed to rise in price.

The Monetary Authority of Singapore said on Tuesday that its cryptocurrency regulations will add measures to protect consumers, in addition to ongoing work to contain money laundering and terrorist funding. Singapore's anti-crypto rhetoric has increased in recent weeks, after Terraform Labs' "UST" stablecoin collapsed and helped to spark market uncertainty that has sent the price of many crypto assets tumbling.

Threat actors have defrauded 244 U.S. investors of about $42 million through fake cryptocurrency apps that exploit people's legitimate investments in digital currency, the FBI has revealed. The agency observed a number of cybercriminal campaigns that duped people into downloading malicious apps through which threat actors extorted money from victims, the FBI said in a Private Industry Notification published Monday.

A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx. Microsoft GitHub-owned NPM hosts hundreds of thousands of JavaScript packages for developers.

Heartbleed can probably be considered a prime early example of what Naked Security jokingly refer to as the BWAIN process, short for Bug With An Impressive Name. We don't think these latest bugs reach that level of exploitability or immediate danger.

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.