Chinese Hackers Got Hold of $87 Million in Crypto

hacker attack in china

The most outrageous crime involving cryptocurrencies happened in the People’s Republic of China. Almost $87 million (600 million Chinese yuan) in Bitcoin and altcoins were taken by the criminals after a hacker attack. The police have already detained three people supposedly involved in the crime.

According to the local news outlet, the first victim of the theft with the family name Zhang reached out to the Xian police back in March. He said that somebody had broken into his computer and stolen almost $15 million of digital assets. Three months later, the police was able to spot a suspect, Zhou. Two months later, the prosecutors managed to detect the remaining 2 hackers, Zhang, living in the province of Jilin and Cui, a citizen of Beijing.

The police keep working on the case, however, they claim to have struggled a lot. According to one of the police officers:

Our bureau has not dealt with this kind of case before. It’s the first virtual currency-related case in Shaanxi.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Unit 42 Found Malware Which Threatens Israeli Fintech And Crypto Companies

Famous cybersecurity company Palo Alto Networks with its subsidiary Unit 42 found a malware which attacks two Israeli-based fintech companies, according to the recent blog post made by the company.

The report says that Unit 42 first bumped into the malware called Cardinal RAT in 2017, since then malicious software has been attacking two Israeli firms that engaged in crypto trading and developing forex. This malware is a Remote Access Trojan (RAT), by using it the culprit can remotely take control of the system.

The first version of Cardinal RAT has been recently updated, the newest version is using various obfuscation techniques to hinder analysis of the underlying code. The code of the most recent malware is:

SHA256 b742162197744a8caeb09f954213a3172ed699f8375f69c40b57b8c219c5e37c

The software itself gathers different information about victims, later remotely changes or updates its settings, gives commands and even uninstalls itself. The malware is so powerful that it can recover passwords and execute or download files without permission, it also cleans cookies from browsers.

The research team stated in the report that malicious malware Cardinal RAT has similar features with a JavaScript-based malware – EVILNUM. It is also used to attack against fintech organizations. Such malware families are very rare, thus developers and workers of fintech companies should be careful.

We remind you

The Hackers of the “51% Attack” on Ethereum Classic Returned Half of the Stolen Funds

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Most Dangerous Crypto Crimes: What About SIM Swappers?

Cyber attack and crypto crimes in every shape and form are quite abundant on the market of digital assets right now. They all have different goals and different levels of harm. The careful and thorough analysis of such attacks will make it possible to predict them and protect sites, platforms and companies from breaches and money losses.

However, there is a weird tendency going on among the analytical reports, which we will try to explain down below.

Two major cyber security companies Chainalysis and CipherTrace released their analytical statements at the end of last year. Both reports contained statistics on hacker attacks and crypto crimes and an outline of current trends.

The main focus of CipherTrace was different money laundering techniques, cryptocurrencies that are the easiest targets for crypto criminals that choose this path, AML regulations and other related info.

Whereas Chainalysis told its readers on the scale and profitability of such Ethereum scams as phishing and various Ponzi schemes.

Surprisingly, there seems to be nothing about the infamous SIM-swapping.

Just to remind you, SIM-swapping is a kind of a cyber attack aimed at money theft. Simply speaking, a hacker convinces the phone provider to “swap” the number of a victim to a new device. In such way, criminals get full access to the personal information of their victims, still their identity, and later money.

SIM-swapping scams have been involved in multiple scandals with the biggest cell-phone providers of America, the crimes involving this technique resulted in huge money thefts and loud arrests of witty hackers, yet very few reports actually mention it.

However, this still does not diminish the dominance of SIM-swapping over many other types of crypto crimes. In order to fight it, we not only need more coverage from the mass media and analytical firms, but also the cooperation from the cell phone companies to protect the users, their info and their money.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Banks in Canada Employ Hackers to Test Out Their Security Systems

One of the banks in Canada, Toronto-Dominion, chose an interesting technique of testing the proficiency of their security structure. The bank management hired real hackers and asked them to break into their system.

The initiative started out last year by the cyber threat management department. A whole team of cybersecurity experts was hired by the bank and is occasionally trying to hack accounts or networks on behalf of their employers.

We’re doing it exactly how our adversaries would do it … So if we find a weakness or something like that, we can close it or address it before a real attacker,” said a bank representative.

The creative idea was soon adopted by multiple large financial organizations all over the country.

Canadian banks hope that such measures will help in preventing hacker attacks on banks and exchanges that are getting more numerous, intricate and harder to battle by the day.

We remind you:

Two Groups of Professional Hackers Carry Out 60% of All Crypto Attacks

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Exchange Cryptopia Suffers from Another Hacker Attack

As we reported earlier, the cryptocurrency exchange Cryptopia, based in New Zealand, went through a major hacker attack, which resulted in significant money losses. We remind you:

Cryptopia Got Hacked, Crypto Exchange Is Suffering “Significant Losses”

However, it seems that the hard times are not over for Cryptopia. The hackers that robbed it earlier went quiet for two weeks just to lull everybody’s vigilance and prepare for a new attack.

According to the statistical data from the company Elementus, the cyber criminals got hold of 1675 ETH from 17 thousand different wallets. In monetary terms, this sum of money amounts to around 181 thousand dollars.

At first, it looked like Cryptopia was moving the assets of its users to protect them, but later on it turned out that those were the hackers moving the money to their cryptocurrency wallets.

Shockingly, some users are still unaware of the hacker attack and keep depositing money onto their wallets, in other words, into the pockets of the hackers.

The hacker has the private keys and can withdraw funds from any Cryptopia wallet at will,” claimed the Elementus team.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Two Groups of Professional Hackers Carry Out 60% of All Crypto Attacks

As it has been reported by the analytical company Chainalysis, more than a half of all cyber attack leading to crypto theft were conducted by only two groups of people. Altogether they stole around 1 billion dollars.

Despite the common misconception that a hacker should definitely be a nerdy, skinny guy in glasses, always shy and quiet, maybe even a sociopath, this actually couldn’t be further from truth. Most cyber criminals work in groups and all of their operations are meticulously thought-out and calculated.

Chainalysis pointed out two major crypto “gangs” and called them Alpha and Beta. These two organizations, however, the objectives of their attacks are quite different. While group Beta just aims to get more money and multiply their bank accounts, group Alpha is pursuing much darker things, such as sponsoring acts of terror and human trafficking.

Moreover, both of the organizations professionally hide their trails, using multiple wallet addresses, crypto mixers and difficult money laundering schemes. This makes it almost impossible to catch them and track down the stolen assets.

As for how to protect oneself from such attacks, Chainalysis suggested the following:

A working knowledge of how hackers move funds can equip legitimate participants to identify unusual spikes in transactions that may be tied to criminal activity. Cooperation between exchanges also goes a long way to help fight crime in this ecosystem. Neutral intermediaries between exchanges can play an important role in this effort.”

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Malware From The Pirate Bay May Hijack Website To Steal Crypto

The movies downloaded from The Pirate Bay bring a malware to the user’s computer. That was the conclusion reached by a security researcher, with the nickname  0xffff0800 in Twitter. He told that when he downloaded a movie ‘The Girl In The Spider’s Web’ from TPB, a .LNK shortcut with CozyBear malware got to his computer.

However, the Cozy Bear malware is just a decoy, the real thing that brings damages is Powershell commands. Once the malware reaches the computer, it carries out malicious actions, like disabling Windows Defender and installing viral extensions in Firefox and Chrome browsers. Moreover, it edits the appearance of the website on the user’s computer.

The movie is an application itself which links the computer to the external malicious servers.

Source: Bleeping Computer

Moreover, the newly installed viral extensions can modify the JavaScript code and add some advertisements to the main page, like it is shown below.

Source: Bleeping Computer

What is the most dangerous is that the malware can edit the appearance of the web page and add or change the information without the user’s awareness, this ability allows the malware to steal the crypto. For example, if the user open Wikipedia page on a compromised system, he/she is likely to see the message saying “Wikipedia now accepts donations in form of bitcoin” and a ‘DONATE’ sign. All the donations will go to the hacker.

Source: Bleeping Computer

In addition, the malware is able to change crypto wallet addresses provided on the pages. Unfortunately, you will not even notice how the hacker stole your money.

We remind you

YouTube Will Remove All Videos with Dangerous Pranks and Challenges

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/