Security News

Another week, another big economy restricting cryptocurrency. In the tweet below, Wimboh Santoso, commissioner of Indonesia's financial services authority the Otoritas Jasa Keuangan, states that the agency has prohibited financial service institutions from using, marketing, and/or facilitating crypto asset trading.

Ozzy Osbourne and his famously enterprising wife and manager Sharon decided to launch a new non-fungible token collection called CryptoBatz, but the rollout was clouded by scammers who used an abandoned vanity Discord URL to drain users' crypto wallets out of at least $150,000 worth of Ethereum. A tweak to the CryptoBatz vanity URL by the company behind the project, Sutter Systems, mistakenly left the old URL active, along with old tweets referencing the abandoned URL. Soon scammers set up a dummy Discord server with the old URL and started targeting users and draining their crypto wallets, according to Malwarebytes Labs.

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.

Details of how the crooks pulled off the attack aren't given in the report, which says simply that "Transactions were being approved without the 2FA authentication control being inputted by the user." What the report doesn't explain, or even mention, is whether 2FA codes were entered by someone - albeit not by customers themselves - in order to authorise the fraudulent withdrawals, or whether the 2FA part of the authentication process was somehow bypassed entirely.

In spite of customers having reported losses over the weekend, Crypto.com's Thursday statement said that the heist happened on Monday at about 12:46 a.m. UTC. That's when the exchange's risk monitoring systems picked up on unauthorized transactions coming out of 483 accounts and being approved without users' 2FA authentication. The exchange fully restored the affected accounts, revoked all 2FA tokens and added additional security hardening measures, requiring all customers to re-login and set up their 2FA token.

Crypto.com on Thursday said in a roundabout way that an unidentified person stole or attempted to steal as much as $34m in cryptocurrency from customer accounts. In an update on the cyberattack reported earlier this week, the Singapore-based firm said it "Learned that a small number of users had unauthorized crypto withdrawals on their accounts."

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Crypto.com CEO: 400 customer accounts hit.

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts.Crypto.com CEO: 400 customer accounts hit.

A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.

Crypto.com, a Singapore-based cryptocurrency exchange, has denied reports that the firm lost nearly $15m in Ethereum in a possible network intrusion over the weekend. According to blockchain biz PeckShield, Crypto.com lost about $14.3m or 4,600 ETH, based on its analysis of public blockchain addresses.