Kaspersky Detected a Crypto Exchange Hacker Attack Coming from North Korea

kaspersky labs detected a north korean hacker attack

According to the report, published by a popular antivirus company Kaspersky Labs, the hackers from North Korea have developed and spread malicious software called AppleJeus which affected the cryptocurrency exchange the name of which was not disclosed in the report.

As the Kaspersky experts claim, the software was meant to infect both Windows and Mac operating systems, moreover, the hackers are most probably planning to release the Linux version as well. Most probably, their aim was stealing all the crypto assets of the exchange.

A representatives of Kaspersky Labs commented on the incident by saying:

This should be a lesson to all of us and a wake-up call to businesses relying on third-party software.

We would like to remind you that the crypto exchange Bithumb also suffered from a massive hacker attack.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Malware From The Pirate Bay May Hijack Website To Steal Crypto

The movies downloaded from The Pirate Bay bring a malware to the user’s computer. That was the conclusion reached by a security researcher, with the nickname  0xffff0800 in Twitter. He told that when he downloaded a movie ‘The Girl In The Spider’s Web’ from TPB, a .LNK shortcut with CozyBear malware got to his computer.

However, the Cozy Bear malware is just a decoy, the real thing that brings damages is Powershell commands. Once the malware reaches the computer, it carries out malicious actions, like disabling Windows Defender and installing viral extensions in Firefox and Chrome browsers. Moreover, it edits the appearance of the website on the user’s computer.

The movie is an application itself which links the computer to the external malicious servers.

Source: Bleeping Computer

Moreover, the newly installed viral extensions can modify the JavaScript code and add some advertisements to the main page, like it is shown below.

Source: Bleeping Computer

What is the most dangerous is that the malware can edit the appearance of the web page and add or change the information without the user’s awareness, this ability allows the malware to steal the crypto. For example, if the user open Wikipedia page on a compromised system, he/she is likely to see the message saying “Wikipedia now accepts donations in form of bitcoin” and a ‘DONATE’ sign. All the donations will go to the hacker.

Source: Bleeping Computer

In addition, the malware is able to change crypto wallet addresses provided on the pages. Unfortunately, you will not even notice how the hacker stole your money.

We remind you

YouTube Will Remove All Videos with Dangerous Pranks and Challenges

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Cryptopia Got Hacked, Crypto Exchange Is Suffering “Significant Losses”

One of the best crypto exchanges of New Zealand, Cryptopia, was hacked. It announced this sad news via Twitter stating that it had experienced a security breach that ended in a “significant loss”. However, the company did not mention any figures of the loss.

Cryptopia has suspended all the activities on the trading platform for an indefinite period. In addition, it has notified the authorities of the country, and now it cooperates with the police and the country’s High Tech Crimes Unit in order to investigate the hacker attack.

“Staff then notified and involved the appropriate Government Agencies, including NZ police and High Tech Crimes Unit who are jointly and actively investigating the matter as a major crime and they are assisting us with advice,” the exchange stated.

This is the first cryptocurrency exchange theft in 2019, however, many customers of different crypto exchanges call into question the security of them, as there were so many incidents that had to teach exchanges how to deal with it. Some users even blame the exchanges, in particular Cryptopia, in a bear market “exit strategy”.

We remind you

The Hackers of the “51% Attack” on Ethereum Classic Returned Half of the Stolen Funds

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Hackers of the “51% Attack” on Ethereum Classic Returned Half of the Stolen Funds

The alleged organizer of the “51% Attack” on the ETC network transferred back $ 100,000 to Gate.io. bitcoin exchange. It was stated by its representatives on their Twitter account:

As a result of the attack, the users of the Hong Kong Stock Exchange had lost about 46,000 ETC. The representatives of the exchange were going to recover the money lost at their own expense.

However, last Saturday, Gate.io reported that an unknown hacker returned about half of the stolen funds. The company tried to contact the hacker. So far, the reasons he returned the funds have not been clarified since the hacker have not responded.

The representatives of the exchange guessed that if the organizer did not seek to profit, it could be a white hacker who wanted to remind people of the risks. Gate.io also noted that the current hashrate of the ETC network is not high enough, which means that the attack might happen again.

Now a successful transaction in the Ethereum Classic network on Gate.io requires about 4000 confirmations. The exchange is confident that this measure will enhance security and recommends other crypto platforms to stick to such measure to protect traders.

We remind you that despite the significant losses of the Gate.io users, the hackers used a simple hacking algorithm:

«Атака 51%» на Ethereum Classic: полный анализ взлома

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

“51% Attack” Hit Ethereum Classic: A Full Analysis Of The Process

As we have reported earlier, Ethereum Classic was hit by 51% attack, it means that hackers obtained more than 50% of network’s mining hashrate.

A Malicious “51% Attack” Hit Ethereum Classic, The Loss Allegedly Accounts For $460 000

Slowmist, Chinese-based blockchain journal, has released a full report on the attack. The earliest hit occured on January 5, the culprit hacked some exchanges, like Bitrue, Coinbase, Gate.io, however, this was noticed only two days later.

The first action was a transfer of more than 5000 ETC from Binance to the criminal’s address 0x24fdd25367e4a7ae25eef779652d5f1b336e31da. This amount of coins moved to a mining node, that created block 7254355. After that, the hacker deposited 4000 ETC to Bitrue exchange in block 7254430, yet, this transaction vanished from the Ethereum Classic chain. Another 9000 ETC was stolen in the same way. The Bitrue address 0x2c9a81a120d11a4c2db041d4ec377a4c6c401e69 no longer exists, and the official history is clear. Though, Bitrue managed to save some records:

The scheme of the hacker attack is simple:

  • make a deposit;
  • withdraw to a safe address;
  • to double coins – just move the coins to other addresses.

One of the biggests victims is Coinbase exchange. It was estimated that the loss from the attack accounts for $1 million. The above-mentioned report also provides the information about two attacker addresses which were blackmailed by Coinbase later. They are:

– 0x090a4a238db45d9348cb89a356ca5aba89c75256
0x07ebd5b21636f089311b1ae720e3c7df026dfd72

In Twitter, one of users (nickname: @OGBTC) claimed that he knew the culprit personally.

https://twitter.com/OGBTC/status/1082559086070136832

Another user (nickname: @sebseb7) indicated that it was he who knew the hacker.

The “51% Attack” is over for now. All we can do is to estimate the losses and to take measures so that it will not happen again.

The report also stated:

“[W]e recommend that all digital asset services platform block transfers from the above malicious wallet addresses. And strengthen the risk control, maintain a high degree of attention, and be alert to double spend attacks that may erupt at any time.”

We remind you:

The Dark Overlord Threatens To Reveal The Truth of 9/11 Attacks Unless Ransom in Bitcoin is Paid

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

A Malicious “51% Attack” Hit Ethereum Classic, The Loss Allegedly Accounts For $460 000

An operator of Ethereum Classic mining pool has confirmed that a 51% attack has hit ETC network on January 7. This attack refers to a malicious attack on blockchain when hackers obtained more than 50% of mining hashrate of network.

The hackers got the ability to reorganize blocks and even replace them on blockchain, moreover, the culprits are able to “double spend” coins, i.e. the same coins can be transferred several times.

The rumours that ETC has been experiencing a hacker attack originally appeared on CoinNess, Chinese journal on the 6th of January. The report says that SlowMist, Chinese blockchain security firm, was the first to notice the attack.

The article reads:

“The ETC community followed up on the development of the incident immediately and learned that there is a private mining pool…that achieves more than 50% of the total network hashrate at certain times.”

The spokesman of Ethereum Classic has responded in Twitter, saying the network “operated normally”.

However, in just a few hours, the representative asked all mining pools to “allow a significantly higher confirmation time on withdrawals and deposits (+400).”

Later, without any confirmation or comment, the official account of Ethereum Classic retweeted the report made by Chinese journal.

On January 7, the cryptocurrency exchange Coinbase has posted a report saying that they detected this attack on the 5th of January. Mark Nesbitt, Coinbase Security Engineer, who wrote that report, stated that since the disclosure of malicious attack, there had been 8 chain reorganizations worth approximately $460,000.

Ethereum Classic refuted to the report of Coinbase, claiming that the later did not “connect  with ETC personnel regarding the attack.”

While it is still unknown who was the first to detect the malicious attack and what are the consequences of it, we want to remind you

The Dark Overlord Threatens To Reveal The Truth of 9/11 Attacks Unless Ransom in Bitcoin is Paid

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Dark Overlord Threatens To Reveal The Truth of 9/11 Attacks Unless Ransom in Bitcoin is Paid

The Dark Overlord, a hacking group, famous for posting unreleased episode of TV series “Orange is the New Black” in April 2017, decided to resume its blackmailing, however, this time it is not just an entertainment company Netflix, but insurance companies which possess information about 9/11 attacks.

The hackers claimed that they had hacked several insurance firms, like Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties. These companies insured World Trade Centers in New York. It is still unclear what kind of information was stolen, but the culprits are trying to capitalize on conspiracy theories around the 9/11 attacks.

We’ll be providing many answers about 9.11 conspiracies through our 18.000 secret documents leak from @HiscoxComms and others #thedarkoverlord #911hacked#hacking #leak #cybercrime
            — thedarkoverlord (@tdo_h4ck3rs) December 31, 2018

One of the companies confirmed that the hackers had breached and stolen a few files related to the the September 11 attacks. The spokesman of the Hiscox Group wrote in email:

“The law firm’s systems are not connected to Hiscox’s IT infrastructure and Hiscox’s own systems were unaffected by this incident. One of the cases the law firm handled for Hiscox and other insurers related to litigation arising from the events of 9/11, and we believe that information relating to this was stolen during that breach.”

The hacking group sent a set of emails to that firms where it stated that the companies had to pay ransom in Bitcoin or The Dark Overlord unlocked different sets of files and the hidden truth of 9/11 attacks would be exposed.

They also mentioned that they offered to sell the information on the famous dark web hacker forum KickAss, as well as invited several Chinese and Russian terrorist groups to make purchase.

We remind you

Crypto Will Hardly Ever Sponsor Terrorist Attacks Like 9/11

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/