Security News

The Federal Bureau of Investigation warns of a rise in 'Pig Butchering' cryptocurrency scams used to steal ever-increasing amounts of crypto from unsuspecting investors. Pig Butchering is a relatively new social engineering scam where fraudsters contact people on social media and build trust by engaging in long-term communication, establishing the idea of a fabricated friendship or romantic partnership.

The number of websites promoting cryptocurrency giveaway scams to lure gullible victims has increased by more than 300% in the first half of this year, targeting mostly English and Spanish speakers using celebrity deepfakes. Group-IB explains that the primary reason behind the sudden surge of cryptocurrency scams this year is the significant rise in the broader availability of tools that help in their making.

Federal investigators and private companies seized $30 million in cryptocurrency stolen in March by North Korean-linked APT gang Lazarus Group from a video game developer, the latest example of the growing skills of government and cybersecurity experts to track and recover such ill-gotten gains. Plante also said she expects more stolen cash to be clawed back from North Korean groups.

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can't the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don't have an ongoing relationship with the hardware and software providers that protect their funds­-nor do they have an incentive to update security on a regular basis.

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity, and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis, said.

The FBI has urged people to be cautious and heavily research a DeFi - decentralized finance - provider before putting your money into it, after more than a billion dollars was stolen from these providers in three months. The FBI wants folks to realize the risks, get professional financial advice if in doubt, and do their homework on the security and general practices of DeFi providers.

The U.S. Federal Bureau of Investigation is warning investors that cybercriminals are increasingly exploiting security vulnerabilities in Decentralized Finance platforms to steal cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors' cryptocurrency," the federal law enforcement agency said.

Dutch authorities on Friday announced the arrest of a software developer in Amsterdam who is alleged to be working for Tornado Cash, days after the U.S. sanctioned the decentralized crypto mixing service. Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev, citing confirmation from his wife.

Last October, California resident Jacob Pearlman downloaded an Android version of a cryptocurrency wallet app called Phantom from the Google Play app store. The free Phantom Wallet app that Pearlman downloaded early from Google Play was a fake.

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Attackers are sending out spoofed Coinbase emails to harvest personal credentials and use them to log into users' legitimate accounts in real-time.