1. Home
  2. Cybersecurity

Cybersecurity

FINRA Warns Member Firms of Metaverse Adoption Challenges

FINRA Warns Member Firms of Metaverse Adoption ChallengesThe Financial Industry Regulatory Authority has released a report highlighting the potential benefits and risks of the metaverse for the securities industry. The report emphasizes the importance of addressing challenges identified to ensure the responsible and ethical development of metaverse applications. Firms Must Weigh Challenges in Metaverse Adoption While the metaverse is said to provide […]

dYdX lays off 35% of staff shortly after major Consensys cuts

Radiant Capital hacker compromised developers’ devices — post-mortem 

Attackers of Radiant Capital compromised the devices of at least three core developers through a malware injection, the company confirmed.  

Radiant Capital has disclosed a post-mortem for the Oct. 16 attack that resulted in the theft of over $50 million in digital assets from the BNB Chain and Arbitrum networks. According to Radiant, the attacker compromised the devices of three of its long-standing developers. 

Hackers were able to compromise the devices through a “sophisticated malware injection” used to sign malicious transactions. 

“The devices were compromised in such a way that the front-end of Safe{Wallet} (f.k.a. Gnosis Safe) displayed legitimate transaction data while malicious transactions were signed and executed in the background,” the Radiant team explained in a blog post. 

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

Crypto-stealing malware discovered in Python Package Index — Checkmarx

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024.

Researchers at the Checkmarx cybersecurity firm sounded the alarm on a dangerous form of malware uploaded to the Python Package Index (PyPI) — a platform for Python developers to download and share code — that steals private keys, mnemonic phrases, and other sensitive user data.

According to the firm, the malware was automatically uploaded by a suspicious user in several different software packages meant to mimic decoding applications for popular wallets like MetaMask, Atomic, TronLink, Ronin, and other industry staples.

The malware was cleverly embedded within parts of the software packages. This allowed the malicious software to go largely undetected due to what appeared to be harmless code.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

US gov files complaints to seize assets from North Korean hackers

According to PeckShieldAlert, losses from crypto hacks and exploits accounted for over $120 million in losses during September 2024.

The United States government filed two legal complaints on October 4, 2024, to begin seizing more than $2.67 million in digital assets stolen by the North Korean Lazarus hacking group.

According to the legal filings, the US government seeks to recover approximately $1.7 million in Tether (USDT) stolen by the organization in the 2022 Deribit hack — which left the options exchange drained of $28 million.

Once the hackers successfully breached a Deribit hot wallet, they passed the funds through the Tornado Cash mixer and several Ethereum (ETH) addresses in an attempt to avoid detection.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

User loses $32 million spWETH in a sophisticated phishing attack

According to crypto security firm Scam Sniffer, 9,145 users were victims of phishing attacks during August 2024, losing funds as a result.

A wallet ending in "e57" fell prey to a sophisticated phishing attack on Sept. 27 that left the wallet drained of 12,083 Spark Wrapped Ethereum tokens (spWETH), valued at $32 million.

According to security firm CertiK, 10,000 spWETH, valued at approximately $26 million, was initially sent to a wallet beginning with "0x471c." A portion of these funds was subsequently transferred to 4 additional wallets.

1,750 Ether (ETH) was transferred to a wallet beginning with the characters "0x105c", 2,613 ETH was sent to a wallet starting with "0x278d", an additional 3,730 ETH to an address beginning with "0x408d", and, finally, approximately 1,865 ETH was transferred to an address beginning in "0xfaf2."

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

MoneyGram admits ‘cybersecurity issue’ behind several-day outage

MoneyGram’s services have been offline since Sept. 20, with the firm confirming the outage is due to a cybersecurity incident three days later.

Financial services firm MoneyGram has admitted its multiday outage is due to a “cybersecurity issue,” and it is working to restore its services with some success.

“MoneyGram recently identified a cybersecurity issue affecting certain of our systems,” the company said in a Sept. 23 X post.

It comes days after users reported that its services were down on Sept. 20, and hundreds have reported MoneyGram’s outage in the past 24 hours, according to service status information aggregator DownDetector.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

Indian Supreme Court recovers YouTube account from XRP scammers

XRP scammers hacked the Supreme Court of India’s YouTube account, and although it was recovered, it lost its subscriber base.

The Supreme Court of India regained control of its official YouTube account shortly after it was hijacked by cryptocurrency scammers selling fake XRP investments.

On Sept. 20, the Supreme Court of India’s YouTube account was used to broadcast a livestream video about fake XRP (XRP) investments featuring Ripple Labs CEO Brad Garlinghouse.

The hackers rebranded the channel to resemble Ripple and deleted all previously uploaded content, as shown in the screenshot below.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

BingX confirms the resumption of withdrawal services following hack

Monetary losses from the BingX hack were initially reported as totaling $26 million, but the figure has since swelled to $52 million.

BingX — a popular cryptocurrency exchange — has announced that withdrawal services on the platform will resume on Sept. 21, 2024, for certain digital assets.

According to the exchange's announcement, withdrawals for Tether's US dollar stablecoin (USDT), Circle's US dollar stablecoin (USDC), Bitcoin (BTC), Ethereum (ETH), Tron (TRX), and Solana (SOL) will resume first followed by withdrawal services for other tokens and digital assets over the next two weeks.

The exchange notified customers that deposit services would likewise resume in the next several weeks and told clients that withdrawal requests submitted before the disruption of withdrawal services have been canceled and must be resubmitted.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

Making crypto mainstream requires greater efforts to stop fraud

One of the greatest use-cases of blockchain technologies is the ability to improve security and counter malicious actors, but we need to get serious about it.

We find it easy to talk about the benefits of the digital economy, whether the internet or digital assets, but the costs are often overlooked. Whether the surge in human trafficking that has emerged on social media platforms or the rise of cybersecurity vulnerabilities, the expansion of the digital economy comes with new risks to manage.

The digital asset community is no different and, to scale and become sustainable, it must confront the prevalence of fraud. And, it’s not hard: already distributed ledger technologies are demonstrating their value by solving concrete use-cases. This week in Vienna, Austria, the Austrian National Bank — together with the Complexity Science Hub and other sponsors — are hosting a conference on advances in financial technology, with a wide array of presenters who have researched value-enhancing uses of blockchain technology.

Thanks to pioneering work by the Federal Trade Commission’s Consumer Sentinel, we now have basic statistics on the incidence of fraud, the perpetrators, and the countries that exhibit the greatest violations. Using these data on complaints, Michel Grosz and Devesh Raval from the FTC show that it is possible to identify countries with excess levels of fraud based on their level of exports and to whom they are exporting. We need this caliber of data and the processes to support its collection to make strides in countering fraud.

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts

US prosecutors oppose Mango Market exploiter’s motion for acquittal

Following the exploit, Eisenberg claimed he negotiated a settlement with Mango Markets' insurance fund to ensure users retained their money.

Prosecutors for the United States Southern District of New York (SDNY) filed a motion on Sept. 18 opposing Mango Markets exploiter Avraham Eisenberg's request for acquittal or a new trial.

According to the documents filed by SDNY attorneys, the jury correctly convicted Eisenberg by evaluating a "mountain of evidence" beginning with the prosecution's assertion that Mango perpetual swaps are subject to the Commodities Exchange Act.

The federal prosecutors stressed that Eisenberg's defense — arguing the fraud charges do not apply in the case because the defendant did not seek to manipulate the market price of the underlying asset — were materially incorrect and noted the jury instructions on price manipulation. Attorneys for the Southern District of New York asserted:

Read more

dYdX lays off 35% of staff shortly after major Consensys cuts