Vulnerability Is Found in Constantinople

Constantinople Hard Fork Postponed

Ethereum’s (ETH) Constantinople hard fork faces a delay over a newly discovered security vulnerability allowing a reentrancy attack. The critical issue was detected by smart contract audit firm ChainSecurity and reported in a blog post Jan. 15. According to the company’s report, the Constantinople upgrade introduces cheaper gas cost (transaction fees) for some operations on the Ethereum network. As an unexpected side effect, this allegedly enables reentrancy attacks via the use of certain commands in ETH smart contracts. A reentrancy vulnerability allows a potential attacker to steal cryptocurrency from a…

Read More

Cryptopia goes offline after hack

Cryptopia

A New Zealand-based crypto-currency trading company went offline after it was hacked at the weekend. Cryptopia, based in Christchurch, announced on Twitter that on January 14, it suffered a security breach that resulted in significant losses. “Once identified, the exchange was put into maintenance while we assessed damages,” it added. The exchange has not disclosed the value of the losses, the tokens and currencies affected or any measures to refund users. But Whale Alert, which tracks large crypto transactions, reported that 19,391 ether (ETH) tokens worth nearly $2.44 million, and…

Read More

Two Thirds of Korean Crypto Exchanges Fail Government Security Check

crypto fail

Only a third of cryptocurrency exchanges inspected got a full pass in a recent government security audit. The Ministry of Science and ICT, the Korea Internet & Security Agency and the Ministry of Economy and Finance inspected a total of 21 crypto exchanges from September to December 2018, examining 85 different security aspects. Notably, only 7 of them – Upbit, Bithumb, Gopax, Korbit, Coinone, Hanbitco, and Huobi Korea – cleared all the tests, CoinDesk Korea reported Thursday. The remaining 14 exchanges are “vulnerable to hacking attacks at all times because…

Read More

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Ethereum Classic attack

The cryptocurrency exchange Coinbase suspended the trading of Ethereum Classic (ETC) after double-spend attacks worth $1.1 Million. The cryptocurrency exchange Coinbase has suspended the trading of Ethereum Classic (ETC) after double-spend attacks that consist in spending digital coins twice. Ethereum Classic (ETC) is the original unforked Ethereum blockchain, the attacks resulted in the loss of $1.1 million worth of the digital currency. 51% attack refers to an attack on a blockchain by a group of miners that controls over 50% of the network’s mining hashrate. “On 1/5/2019, Coinbase detected a…

Read More

Vulnerability on Ethereum enables malicious GAS Minting

GasToken

A newly discovered vulnerability on Ethereum allowing for malicious GasToken Minting was found. The development team already acknowledged the issue and informed most of the affected users on November 13, 2018, via private disclosure. The Attack Crypto exchanges usually allow the withdrawal of Ethereum to arbitrary addresses with no gas usage limit; since this executes a fall back function, attackers can use this to make exchanges pay for arbitrary computation, allowing them to force exchanges to burn their own Ethereum on high transaction costs. Moreover, this even gives attackers the…

Read More

Crypto-miner steals your password and disables antivirus

Linux.BtcMine.174

Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn’t have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora…

Read More

Google hacked to promote Bitcoin scam on Twitter

Google hacked

In the latest in a string of cryptocurrency-related hackings on Twitter, attackers have breached an official Google account to promote a Bitcoin giveaway scam to its over 800,000 followers. The official G Suite Twitter account just blasted the following message to hundreds of thousands of users: Hard Fork has yet to confirm for how long the tweet remained on G Suite’s feed, but it was no less than 11 minutes (as you can notie on the screenshot. (Update 19:52 UTC, November 13: Ernst Mulders, who provided the screenshot above, told…

Read More

Swiss report shows trojan malware attacking crypto exchanges

Trojan Dridex malware

A Swiss report has unearthed that a virus that mines Monero is responsible for one of the largest attacks on the Swiss crypto industry this year. Trojan malware that was once used for hacking into large-scale banks is now being used to attack crypto-asset exchanges. Swiss Researchers Uncover Cybersecurity Threat The news of the computer virus attacking Swiss crypto exchanges comes from Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI). Malware has long been used by cyber-criminals to break into major banking systems but has now evolved to attack…

Read More

Security system for IoT

OAS Blockchain Renaissance Project

The Dubai Silicon Oasis-based firm, Next Big Idea Technology (NBIT), a group of Harvard-graduate blockchain professionals, is all set to develop and launch the state-of-the-art security system for IoT and blockchain with plans to reach the global market through the Middle East and Africa as its starting point. Sang Soo Lee, the CEO of NBIT said, his firm, on the basis of US and Korean technology, has come up with an OAS Blockchain Renaissance Project that blockchain technology applies beyond cryptocurrency. He said, “It is unfortunate that the general population…

Read More

200,000 routers in Brazil were secretly hijacked to mine cryptocurrency

censys

Affected users have been unknowingly mining Monero. Brazil has been hit by an elaborate cryptocurrency mining attack that infected hundreds of thousands of routers across the country. The attack, which is still ongoing, affects MikroTik routers specifically. In this instance, over 200,000 machines have been affected, creating a massive XMR-mining botnet across Brazil. The perpetrators were able to infect devices with malicious code, surreptitiously running CoinHive in the background. For those unfamiliar, CoinHive is a popular Monero mining script which has become widely used to pool processing power to mine…

Read More

ClipboardWalletHijacker infected over 300,000 PCs

ClipboardWalletHijacker

A malware campaign spreading a clipboard hijacker has infected over 300,000 computers, according to Chinese security firm Qihoo 360 Total Security. The campaign has been raging for the past week and has spread a malware which Qihoo researchers have named ClipboardWalletHijacker. Malware replaces BTC & ETH addresses in the clipboard The malware’s purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware’s authors. ClipboardWalletHijacker’s end-plan is to hijack BTC and ETH transactions, so…

Read More

$90,000 worth of Monero with a simple Docker Hub trick

Monero mining

A series of malicious cryptojacking files that were stored on Docker Hub, a code repository site, have been downloaded more than 5 million times over the last year, helping a hacker infect countless computers that were used to mine about $90,000 worth of Monero, according to research from cybersecurity company Kromtech. Monero is a popular cryptocurrency that’s become known for its usage among cyber criminals. In a blog post published Tuesday, Kromtech discussed how the boobytrapped files had remained on Docker Hub for so long despite being noticed and reported…

Read More

Syscoin Github has been hacked

Syscoin hacked

Syscoin developers are reporting a malicious file that has been located within the new Syscoin 3.0.4.1 installer that has been available for download via the Syscoin Github as of the 9th of June 2018. The file came through a compromised Github account and seems to contain a Trojan Horse type virus. Since then, Syscoin have uploaded a full report which details what has happened and moreover, what users need to do to rectify the issue. If you think you may be affected by this, see the report from Syscoin here:…

Read More

South Korean exchange Coinrail hacked, $40 Million stolen

Coinrail hacked

South Korean cryptocurrency exchange Coinrail reported a hack on its website during the early morning hours of June 10, 2018. The thieves allegedly made off with over $40 million worth of altcoins and assorted tokens. Executives announced that roughly 30 percent of the tokens the exchange was housing have been taken, which amounted to nearly $20 million worth of NPXS (Pundi X) tokens, $14 million of Aston X, $6 million in tokens for Dent and over $1 million TRON. At press time, an investigation is underway, and law enforcement officials…

Read More

100,000 users infected again with malicious Chrome extensions

chrome extensions

Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google’s official Chrome Web Store. Over two months, seven extensions stole credentials and installed currency miners. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google’s security team removed five of the extensions on its own and removed two more after Radware reported them. In all, the malicious add-ons infected…

Read More