Connect with us

Security

N.Korea Denies it Amassed $2 BLN Through Cyberattacks

sying.tien

Published

on

SEOUL (Reuters) – North Korea denied on Sunday allegations that it had obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges, and accused the United States for spreading rumors.

A United Nations report seen by Reuters last month said North Korea had used “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges, amassing $2 billion which it used to fund weapons of mass destruction programs.

“The United States and other hostile forces are now spreading ill-hearted rumors,” North Korea’s state-run KCNA news agency reported, citing a statement from the spokesperson for the National Coordination Committee of the DPRK for Anti-Money Laundering and Countering the Financing of Terrorism.

“Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the statement said.

Washington has made scant progress toward its goal of getting North Korea to give up its nuclear weapons program, despite three meetings between U.S. President Donald Trump and North Korean leader Kim Jong Un.

North Korea’s vice foreign minister said on Saturday that hopes for talks with Washington were fading, and criticized Mike Pompeo’s recent comments about “North Korea’s rogue behavior”.

Pyongyang has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries, as experts say such cyber activities generate hard currency for the regime.

The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to $81 million cyber heist at the Bangladesh central bank in 2016 and a 2014 attack on Sony’s Hollywood studio.

(Reporting by Ju-min Park; Editing by Raissa Kasolowsky)

Copyright 2019 Thomson Reuters.

Professional Trader, Social media scholar and a Crypto expert. If you have any comments, suggestions or questions feel free to contact me at [email protected] and i will get back to you shortly.

Exchanges

Smart Contract Hacking Costs Ex-Engineer $12M and His Freedom

sying.tien

Published

on

A former senior security engineer was sentenced to three years in prison for executing sophisticated hacks against two decentralized cryptocurrency exchanges, stealing over $12 million worth of digital assets.

Shakeeb Ahmed, 34, of New York, pleaded guilty to computer fraud charges related to the July 2022 hacks. He exploited vulnerabilities in the smart contracts governing the exchanges to artificially inflate fees and purchase crypto tokens at manipulated prices.

Damian Williams, the U.S. Attorney for the Southern District of New York, announced the sentencing and first-ever conviction for hacking a blockchain smart contract. “No matter how novel or sophisticated the hack, this office is committed to following the money and bringing hackers to justice,” Williams stated.

The Two Crypto Exchange Hacks In the first hack, Ahmed exploited a pricing flaw in an unnamed decentralized exchange. He inserted fake data to generate around $9 million in inflated fees, which he then withdrew as cryptocurrency. Ahmed later agreed to return most of the funds to avoid prosecution.

Weeks later, Ahmed struck again by hacking Nirvana Finance, a decentralized exchange for the ANA token. He used a flash loan to purchase ANA at an artificially low price through a smart contract exploit. Ahmed then immediately sold the ANA back to Nirvana at the higher market rate, netting $3.6 million – virtually all of Nirvana’s funds.

After the attacks, Ahmed searched online for information about the hacks, potential criminal liability, and how to flee the country to avoid charges.

Sophisticated Money Laundering Techniques To cover his tracks, Ahmed employed advanced crypto money laundering methods. These included swapping tokens, “bridging” funds between blockchains, converting to privacy coin Monero, using overseas exchanges, and leveraging “mixers” like Samourai Whirlpool.

In addition to his prison sentence, Ahmed was ordered to forfeit the $12.3 million in stolen cryptocurrency. He must also pay over $5 million in restitution to the victim exchanges.

Continue Reading

Altcoins

P2P NFT Trading Platform Faces Breach: Users Urged to Take Immediate Action

MNabilAli

Published

on

By

NFT Trader, a peer-to-peer (P2P) trading platform, recently experienced a security breach leading to the unauthorized transfer of significant NFT assets. The attacker, identified as 0x90…8fda, successfully made off with 37 Bored Ape Yacht Club (BAYC), 13 Mutant Ape Yacht Club (MAYC), 4 World of Women, and 6 VeeFriends NFTs, collectively valued at 1,080 ETH (approximately $2.4 million). Users are strongly advised to promptly revoke any authorization granted to the platform.

Initial reports, shared by Chinese crypto news reporter Colin Wu on social media, indicate that the pilfered NFTs were sent to the address 0x909F2159780e64143CF08f32dBBF56Ed19478fda (link to tweet). An on-chain message from the address holder, claiming the role of a “scavenger,” refutes allegations of hacking the P2P trading platform. Instead, they assert rescuing the NFTs with the intention of returning them.

Further information reveals that the alleged real hacker’s address is 0x3dc115307c7b79e9ff0afe4c1a0796c22e366a47b47ed2d82194bcd59bb4bd46.

NFT Trader has acknowledged the security incident and disclosed that the attack targeted old smart contracts. In response, the platform is advising users to remove delegations via Revoke.cash from the following addresses:

  • 0xc310e760778ecbca4c65b6c559874757a4c4ece0
  • 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af

Despite being relatively unknown among NFT traders, NFT Trader’s website identifies its CEO as John Pak, collaborating with co-founders Mattia Migliore and an individual using the pseudonym “Bruckzr” (link to tweet).

On social media, an NFT collector (@dingalingts) has urged traders to “revoke approval to their contract ASAP” for those who have engaged with NFT Trader previously. The stolen digital assets, which exceed $2 million in value, include 37 BAYC, 13 MAYC, 4 World of Women, and 6 VeeFriends.

Continue Reading

Bitcoin

How To Protect Yourself from Common Crypto Scams

MNabilAli

Published

on

By

With the recent failures of traditional banks, an increasing number of individuals are turning to cryptocurrencies in search of enhanced financial security. With the potential for financial gains, it is essential for individuals who are investing in cryptocurrencies to be aware of the various scams prevalent in the crypto world and take proactive measures to protect themselves. In this article, we will discuss practical steps you can take to safeguard your investments and avoid common crypto scams.

Avoiding Investment Opportunity Scams

For crypto enthusiasts interested in venturing into investments, it is imperative to be informed and exercise caution, as investment scams can take on numerous disguises. Many scammers will approach individuals, presenting enticing investment opportunities promising significant returns.

When considering investment opportunities, it is crucial to be wary of websites that guarantee zero risks, promise exorbitant profits, or contain misspelled words and suspicious links. If you choose to explore investment possibilities, remember to only invest funds that you can afford to lose.

Guarding Against Social Media Scams

Scammers often exploit the presence of crypto users on social media platforms. They may reach out via private messages, offering investment opportunities, romantic relationships, or giveaways. Some of these crypto scammers may impersonate reputable crypto companies, influential figures in the cryptocurrency space, or even celebrities.

If you receive a message on social media from someone whom you suspect to be a crypto scammer, the best course of action is to ignore it. Check the profile for signs of fakeness, such as a low follower count or an unverified account, and report it.

It is also essential to be aware that certain crypto influencers can be hazardous, as they may promote unregulated forms of cryptocurrency and tokens that can result in financial losses for users.

Steering Clear of Rug Pulls

Rug pulls are another perilous form of crypto scam. In a rug pull scenario, developers promote their new crypto tokens, artificially inflating their prices to entice investors. Once the price plummets to zero, the developers vanish with investors’ funds, leaving them empty-handed.

The most effective way to avoid a rug pull is to refrain from investing in tokens developed by unknown or anonymous individuals. Exercise caution with tokens that lack locked liquidity, external audits, or offer unrealistically high yields to investors

Stay Vigilant Against Phishing Attacks

Phishing scams are the most prevalent and hazardous types of scams in the cryptocurrency world. These scams trick users into clicking on links that lead to fake websites, where they are prompted to enter their passwords. Once scammers obtain a user’s password, they can gain access to personal information, including crypto keys, account details, and assets.

To ensure users do not fall victim to phishing scams, it is crucial to access information directly from the official website. Refrain from clicking on unknown links in texts or emails, and only enter passwords on reliable and trusted sites.

Preventing Cryptojacking

Cryptojacking occurs when malicious actors utilize another person’s laptop, phone, tablet, or servers to mine cryptocurrencies without the victim’s knowledge. This typically happens when users click on malicious links in emails or texts, infecting their devices and allowing the perpetrators to mine cryptocurrencies using the victims’ computing power. While cryptojacking often goes unnoticed, victims may experience slower device performance, increased fan activity, or higher electricity bills.

To prevent cryptojacking on your devices, consider installing a reliable cybersecurity program or using browser extensions on platforms like Firefox, Chrome, or Opera that actively block mining activities. Also make sure to install browser extensions from a trusted place.

Trust Your Instincts

If an investment opportunity or offer sounds too good to be true, it probably is. Trust your instincts and exercise caution. Take your time to make informed decisions and never succumb to pressure tactics or fear of missing out (FOMO). Seek advice from trusted experts or consult with a financial professional before making any significant investment decisions.

Use Secure Exchanges

When trading or buying cryptocurrencies, use reputable and secure exchanges. Research the exchange’s reputation, security measures, and user reviews. Look for exchanges that employ advanced security features like cold storage, two-factor authentication, and withdrawal confirmations. Avoid sharing your personal information or login credentials with anyone and be cautious of fake exchange websites designed to steal your funds.

Final Thoughts

By educating yourself, conducting thorough research, securing your wallets, and staying vigilant against potential scams, you can significantly reduce the risk of falling victim to losing your investments. Good luck!.

Continue Reading

Popular