Connect with us

Security

Credits Coin is Hiring Hackers To Secure it’s Code

M. Ali

Published

on

Credits (CS), the open-source blockchain and cryptocurrency platform is offering $500K bounty for hackers and security experts to audit it’s platform. The bounty will be paid in USD and BTC/ETH/CS cryptocurrencies.

The Audit Scope Includes the following:
Network Node: blockchain software Github
Contract Executor: application for deployment and execution of smart contract methods Github
Wallet Desktop: desktop wallet application Github
CScrypto: library submodule for node repository Github

To apply for this bounty you will need to check: Credits Blog

About Credits (CS)

Credits (CS) describes itself as an open-source blockchain platform aimed at addressing security, decentralization, and scalability. The team aims to achieve up to 1 million transactions per second speed with 0.1s confirmation times and low fees around 0.001 USD. The platform is designed to develop Dapps and smart contracts. Credits smart contracts reportedly allow users to set cycles and create schedules.

Credits Price in USD For The Last 7 Days:

Daily cryptocurrency trader, miner, technology enthusiast and a full time IT consultant.

Continue Reading
Comments

Security

Hackers Targeted Coinbase Employees

M. Ali

Published

on

By

Coinbase revealed that its employees were targeted by sophisticated hack attacks leveraging two Firefox 0-day vulnerabilities, spear phishing, and social engineering.

The attacks started on June 17, where Coinbase’s employees received emails from Gregory Harris, a Research Grants Administrator at the University of Cambridge contained a web link that, when opened in Firefox, would install malware capable of taking over someone’s machine. The attacks were detected and blocked by Coinbase’s security team.

The attackers seems to be highly skilled and experienced in writing exploit codes as they used unpublished Firefox 0-days, they hacked two Cambridge university email accounts, created created a landing page with exploit code at the University of Cambridge official domain and they could bypass Coinbase spam filters.

Coinbase team reached out to Cambridge University to assist in securing their infrastructure and to collect more information about the attacker’s behavior.

Coinbase is a cryptocurrency exchange headquartered in San Francisco, California. Coinbase is considered to be the largest cryptocurrency exchange in USA.

A screen shot from the emails that coinbase stuff received. Image credits to Coinbase

Continue Reading

Security

Smominru Malware Hijacked Half-Million PCs to To Mine Monero

M. Ali

Published

on

By

Over half million Windows based PCs have been infected with Smominru malware that installs a custom version of XMRig is to mine Monero. This was revealed in a recent report that was published recently by Carbon Black Security.

Smominru also steals information from vulnerable targets ( including external IP addresses, internal IP addresses, domain information, usernames and passwords) and send it over to a command and control server (C&C or C2) owned by Smominru’s operators. Access to the hacked systems are being sold on Dark Web at a rate of $6.75 each.

Smominru operators are using different techniques to infect machines. They mainly rely on the use of the EternalBlue (CVE-2017-0144) exploit, but they’ve also deployed EsteemAudit (CVE-2017-0176), both aimed at taking over machines running unpatched Windows OS.

Smominru is not a new malware, it has been around for almost three years now. Last year, Smominru made around $2.3 million for it’s operators (source).

Continue Reading

Exchanges

Binance’s Users KYC Data Reportedly Leaked Online

M. Ali

Published

on

By

It seems that some of Binance exchange’s KYC (Know Your Customer) documents have been hacked and leaked online including selfies of individuals holding up a piece of paper with the word Binance and the date the image was taken, there are literally thousands of KYC identities on a telegram group Find Your Binance KYC.

Some examples of the leaked documents were shared online by a Reddit user, faces and IDs censored for privacy of personal info.

Binances CEO tweeted right after the alleged data was shared online, asking users not to FUD.

Binance exchange issued a statement about the KYC leak stating that Binance was approached by unidentified individual who demanded 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data.

KYC means “Know Your Customer”. It is a process by which some cryptocurrency exchanges obtain information about the identity and address of the customers. This process helps to ensure that exchanges services are not misused. The KYC is required by large exchanges like Binance.

Continue Reading

Trending