1. Home
  2. steal

steal

Bank Executive Embezzles $1,528,321, Steals Customers’ Personal Information To Deploy False and Fictitious Loans: DOJ

Bank Executive Embezzles ,528,321, Steals Customers’ Personal Information To Deploy False and Fictitious Loans: DOJ

A former bank executive is facing decades behind bars for abusing her position to embezzle more than a million dollars. The U.S. Attorney’s Office for the Western District of Missouri says Stacia Wilson has pleaded guilty to one count of bank fraud. Wilson, who worked as vice president at St. Clair County State Bank in […]

The post Bank Executive Embezzles $1,528,321, Steals Customers’ Personal Information To Deploy False and Fictitious Loans: DOJ appeared first on The Daily Hodl.

Microstrategy’s Bitcoin Yield Hits 3,177 BTC Last Week—Saylor Calls It a $300M ‘Gift to Shareholders’

Cypher core contributor admits to stealing $260K and gambling it away

The contributor, “hoak,” said their actions were due to a “crippling gambling addiction” and “psychological factors that went by unchecked.”

An anonymous core contributor to the Solana exchange Cypher Protocol has confessed to stealing and gambling away around $260,000 worth of the project’s cryptocurrency recovered from a $1 million exploit last year.

“The allegations are true, I took the funds and gambled them away. I didn’t run away with it, nor did anyone else,” the contributor, who goes by “hoak” wrote in a public statement they shared in a May 14 X post.

Anonymous Cypher contributor “Barrett” had earlier posted a document to X alleging that a wallet owned by hoak made 36 transactions withdrawing various amounts of Ether (ETH), Bonk (BONK), Wrapped Solana (wSOL) and other cryptocurrencies from Cypher’s redemption contract — totaling around $260,000.

Read more

Microstrategy’s Bitcoin Yield Hits 3,177 BTC Last Week—Saylor Calls It a $300M ‘Gift to Shareholders’

USB keystroke injectors still a threat to crypto users

USB keystroke injection devices like the Diabolic Drive still pose a threat to unsuspecting users by installing malware to take over systems.

The Diabolic Drive’s name sounds as ominous as its potential payload. The recently developed USB wireless keystroke injection tool is intended to stress test networks, but could it potentially be used as a means to steal cryptocurrency from unwitting users?

The new gadget is set to be used by cybersecurity experts to test networks and business infrastructure against threats. As recent reviews highlight, the 64GB drive is Wi-Fi enabled once plugged into a system, allowing a user to access the connected device remotely.

According to a hardware review by Geeky-gadgets, the Diabolic Drive can fire a payload of a hypothetical malicious script remotely and can even be pre-programmed to execute commands as soon as it is plugged into a device.

Consider the scenario. You attend your favourite cryptocurrency conference and receive a nifty new USB as a gift from promoters on the floor. Plugging the device in after you open your laptop, the device has already begun injecting malware onto the system that will allow an attacker to steal your cryptocurrency holdings from your go-to wallet browser extension.

It’s a nightmare hypothetical scenario that still warrants some exploring of the “what if’s”. Cointelegraph reached out to a handful of cybersecurity firms to unpack the threat of a USB injection tool and the potential for attackers to steal your coins.

Zeki Turedi, CrowdStrike’s field CTO for Europe, said that USB keystroke and wireless keyboard/HID devices have been part of a penetration tester’s arsenal for many years:

“They simply allow, once the device has been plugged in, to run commands wirelessly or automatically into a victim’s machine. These devices themselves are not exactly malicious - it is the keystrokes that come after this that potentially could be.”

Turedi said that a device could then download malicious software giving an attacker control of the system. From there, the possibilities are endless, including the ability to “steal a victim's crypto funds”.

A member of CertiK’s security team also told Cointelegraph that the Diabolic Drive could be used to steal cryptocurrency, while conceding that most devices would require physical access as well.

Related: How the IRS seized $10B worth of crypto using blockchain analytics

CertiK also noted that while hardware-based attacks were less prevalent in general, they were more likely to target individuals or entities with significant cryptocurrency holdings, due to their high value:

“The physical access these attacks require makes large crypto investors especially attractive targets for criminals.”

Turedi also noted that hardware-based attacks are still common for the cybersecurity industry to see and are most prevalent in supply chain contexts:

“A supply chain attack is a type of cyber event that targets a trusted third-party vendor who offers services or software vital to the supply chain. Hardware supply chain attacks compromise physical components for the same purpose.”

As for the simplest solution to avoid falling prey to a malicious, incognito USB compromising your system? CrowdStrike recommend using Next Generation Antivirus (NGAV) software that is able to detect and control what type of USB’s can interact with a system:

“Most of the keystroke tools appear to be a standard keyboard - this is why they are so difficult to block and why it is vital security teams deploy NGAV software.

CertiK takes it back to basics. Update your antivirus and operating systems and avoid plugging in USB devices or cables that you don’t fully trust or received unexpectedly:

“This applies even if the USB device seems to be from a reliable source or looks innocuous.”

More secure systems and networks might require “air-gapping”, where a user keeps a computer or device disconnected from the internet and local networks.

As Cointelegraph recently explored, rug pulls still remain a lucrative means for scam artists to prey on unsuspecting cryptocurrency users. Over $45 million was stolen in May 2023 through rug pulls and exit scams. 

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Microstrategy’s Bitcoin Yield Hits 3,177 BTC Last Week—Saylor Calls It a $300M ‘Gift to Shareholders’

Robocallers have upped their scam game and they’re after your crypto

Sophisticated malicious outfits are keeping up with current trends, turning their sights on crypto users following the bankruptcy of FTX.

Professional scam organizations are targeting cryptocurrency users following the collapse of FTX, initiating millions of automated calls and text messages in an attempt to swindle information and funds.

Clayton LiaBraaten, senior executive adviser at Truecaller — an app that helps identify scam callers and messages — spoke to Cointelegraph,  scammers often closely follow crypto news to better prey on their victims:

“Fraudsters love volatility and current events. Anytime they can try to surf the contours of something very disruptive in the marketplace they have a great deal of success.”

LiaBraaten said that Truecaller also saw an increase in scam communications relating to Bitcoin (BTC) and other cryptocurrencies when the market started to become volatile earlier in 2022.

He added “agents” ultimately looking to steal funds launch millions of automated “robocalls“ and texts trying to latch onto people's “fear, curiosity, and sometimes generosity.”

Phone numbers can be obtained in a variety of ways, including through data breaches that have leaked millions of numbers, or vitools that scrape social media platforms for information.

An imposter scam is most commonly seen by Truecaller, where a malicious actor will pretend to represent a support desk or similar entity from a major crypto exchange or business. Scammers will also publish their phone numbers on fake imitation websites, attempting to legitimize themselves.

Younger adults are more often targeted by fraudsters as “there’s so much information available about them because they put so much out there on social media,” according to LiaBraaten.

“They use the same handle for their Bitcoin forum as they do their TikTok and across all these social media platforms [...] It's very easy to build a data graph on these individuals and then begin targeting them. There's just so much material to social engineer against with the younger generations.”

The abundance of information people put online allows scammers to send messages or calls that are in context to their intended targets, maki the malicious communications more convincing.

“They're great psychologists and social engineers so they will try as hard as they can to bring something contextually relevant,” LiaBraaten said.

The initial call or text isn’t necessarily going to result in financial fraud LiaBraaten says, with agents first attempting to acquire or confirm information about their target in a bid to create trust.

“They’re building more and more details about the persona and when they gather enough information, then yes, they're going to try to access your crypto wallet.”

“There's a lot of folks who don't really understand cryptocurrency,” LiaBraaten said. “They go after vulnerable people, so it's unlikely that very savvy cryptocurrency aficionados are going to fall prey to this, because they're pretty sharp about what they're doing and very guarded.”

Related: Sam Bankman-Fried deepfake attempts to scam investors impacted by FTX

Regardless of a person’s ability to detect a scam, he said anyone who calls or messages asking for personal information or passwords should not be engaged with and only official channels should be used.

“One of the worst things that you can do is stay on the phone with these guys because it is their mission to relieve you of your cryptocurrency. It just takes a vulnerable moment, one minute of second-guessing yourself, and then they're off to the races.”

In February, Binance CEO Changpeng “CZ” Zhao raised the alarm over a “massive” SMS phishing scam targeting Binance customers.

The scam involved sending users a text message with a link to cancel withdrawals, leading users to a fake website designed to harvest their login credentials.

Microstrategy’s Bitcoin Yield Hits 3,177 BTC Last Week—Saylor Calls It a $300M ‘Gift to Shareholders’

Man Sentenced to 8 Years in Prison for Stealing Nearly $7 Million of Crypto in Israel

Man Sentenced to 8 Years in Prison for Stealing Nearly  Million of Crypto in IsraelAfek Zard, a resident of Israel, has been sentenced to eight years in prison for embezzling a large sum of cryptocurrency that belonged to a friend of his. The man, who refused to cooperate with the investigation, will have to pay a hefty fine as well. Israeli Resident Sentenced for Cryptocurrency Theft The 27-year-old Zard […]

Microstrategy’s Bitcoin Yield Hits 3,177 BTC Last Week—Saylor Calls It a $300M ‘Gift to Shareholders’