Security News

Data breach of NFT marketplace OpenSea may expose customers to phishing attacks. The breach was caused by an employee at Customer.io, the email delivery vendor for OpenSea.

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. Rarible, an NFT marketplace that enables users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users.

The Department of Justice unveiled Tuesday that it has seized three domains to affectively shut down the RaidForums website, a major English-language online marketplace for cybercriminals to buy and sell databases stolen from organizations in ransomware and other cyber-attacks. The seizure of RaidForum's domains means that members can no longer use the site to traffic stolen data, according to the feds.

The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest dark web marketplace as part of a coordinated operation in partnership with U.S. officials. The sanctions are part of an "International effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department said in a statement.

German authorities have taken down the Hydra marketplace - a popular destination on the Dark Web for trading in illicit goods and services, including cyberattack tools and stolen data. "The illegal marketplace was a Russian-language Darknet platform that had been accessible via the Tor network since at least 2015," according to a Tuesday statement from Frankfurt's public prosecutor and Germany's Federal Criminal Police Office.

A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. "Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts," the U.S. Justice Department said in a statement.

A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims. Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed.

Malicious actors took advantage of a smart contract upgrade process in the OpenSea NFT marketplace to carry out a phishing attack against 17 of its users that resulted in the theft of virtual assets worth about $1.7 million. The opportunistic social engineering scam swindled the users by using the same email from OpenSea notifying users about the upgrade, with the copycat email redirecting the victims to a lookalike webpage, prompting them to sign a seemingly legitimate transaction, only to steal all the NFTs in one go.

A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. Ferum Shop, active since October 2013, made as much as $256 million in Bitcoin from stolen card sales, accounting for nearly 17% of the stolen credit card market.

UniCC, the biggest dark web marketplace of stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic.