Sadly, a lot of the cryptocurrency news that we write about on Naked Security involves cybercriminals getting mixed up in things, often with depressing results. Well, we're delighted to bring you much happier news today of a cryptocurrency "Venture" with a lighter side, this time under the "Leadership" of a certain Mr. Goxx.
"Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering." As incident after incident of ransomware infection requires payments in cryptocurrency, there is little reason to doubt this is a crytpocurrency crackdown.
All those dubious excuses needed by traditional romance scammers to talk you into using wire transfer services to send money, or into buying them gift cards and sending through the redemption codes, are replaced by a sense of structure: there's a genuine app for this investment! The cryptorom scammers will even offer you an app if you have an iPhone, where Apple's "Walled garden" approach of requiring all consumer app downloads to come from the Apple App Store almost certainly persuades many victims that the cryptorom app must indeed have some sort of official authorisation or approval.
A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021.
Ukrainian police have reportedly arrested two members of a ransomware gang - and while some have fingered REvil, no firm details have been published by cops from multiple countries. A round of speculation was triggered when inter-EU law enforcement body Europol declared this morning that Ukrainian fuzz had arrested "Two prolific ransomware operators known for their extortionate demands," claimed to be up to €70m. One of the two suspects arrested on 28 September, according to the National Police of Ukraine, was a "Hacker".
The Security Service of Ukraine has taken down a network of six call centers in Lviv, used by a ring of scammers to defraud cryptocurrency investors worldwide. Fraudsters behind these illegal call centers used VoIP phone numbers to hide their locations while scamming thousands of foreign investors.
A malicious Firefox add-on named "Safepal Wallet" scammed users by emptying out their wallets and lived on the Mozilla add-ons site for seven months. Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin.
As part of its continued hardline against ransomware attacks, the U.S. Department of Treasury has prohibited anyone in the United States from conducting business with SUEX OTC, a Russian-linked currency exchange. The feds analyzed SUEX's transactions and found that the exchange facilitated transactions of illicit proceeds from at least eight ransomware variants, according to the release.
The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department said in a press release.
The US Treasury on Tuesday sanctioned virtual cryptocurrency exchange Suex OTC for handling financial transactions for ransomware operators, an intervention that's part of a broad US government effort to disrupt online extortion and related cyber-crime. According to the US Treasury, more than 40 per cent of the firm's known transaction history involves illicit entities, and that it handled payments from at least eight ransomware variants.