Bitcoin News — Hacks

Mining Giant Bitmain Sues Unknown Hacker for Alleged Theft of $5.5 Million in Crypto

Posted by Helen Partz on

Bitman sues unknown hacker who allegedly stole $5.5 million worth of crypto by using Binance and Bittrex wallets for manipulation of MANA token.

China-based Bitcoin (BTC) mining giant Bitmain has sued an anonymous hacker for the alleged theft of cryptocurrency worth $5.5 million from Bitmain’s account on Binance in April, according to a lawsuit filed with the U.S. District Court for the Western District of Washington at Seattle on Nov. 7.

As stated in the court document, an unknown hacker, referred to as “John Doe” in the case, managed to take over Bitmain’s Binance account and used stored Bitcoin to manipulate the price of altcoin Decentraland (MANA) and then steal the profits.

Bitmain says in the court document that the amount of the company’s losses “exceeds” $5.5 million in “Bitcoin and other digital assets,” and specifying that the defendant was able to steal “approximately 617 BTC.” The document cites that the unauthorized action took place on April 22, when Bitcoin was trading at around $8,935.

The document also explains that as a part of the “scam,” the unknown hacker used two of their own accounts on now-second largest crypto exchange Binance, as well as on Bittrex, with around 2.3 million MANA already acquired on Bittrex. “John Doe” reportedly placed purchase orders from Bitmain’s digital wallet offering to buy MANA “and other digital assets” with Bitmain’s bitcoins at a price that was “far above the going market rate.” The defendant also allegedly further artificially inflated MANA’s price by using Bitmain’s BTC to buy Ethereum (ETH), which was then used to buy MANA.

According to the lawsuit, the hacker further carried out a number of orchestrated trades in the reverse direction between BTC and MANA from Bitmain’s wallet and their own, eventually reportedly completing the theft by transferring BTC from their Bitmain account “ultimately into a digital wallet on the Bittrex cryptocurrency trading platform.”

In Mid-October, Cointelegraph reported that losses caused by hacks of crypto exchanges in the first nine months of 2018 have exceeded the numbers for the whole year of 2017 by 250 percent, with $927 million stolen.

Read more →

U.S. Law Firm Files Claims Against AT&T, T-Mobile Over SIM Swap-Enabled Crypto Thefts

Posted by Marie Huillet on

U.S. crypto investor law firm Silver Miller has filed arbitration claims against telecoms giants AT&T and T-Mobile on behalf of crypto holders who suffered thefts due to “SIM-swaps.”

 

U.S. crypto investor law firm Silver Miller has filed arbitration claims against telecoms giants AT&T and T-Mobile for “SIM-swap”-related thefts, according to a press release published Nov. 8

SIM-swapping – also known as a ‘port-out scam’ – involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms  use automated messages or phone calls to handle customer authentication.

According to one of the (partially redacted) Silver Miller Statement of Claim documents – filed against AT&T on behalf of crypto holders who allegedly suffered thefts via sim-swapping – the Dallas-based telecoms “behemoth” had operating revenues of over $160 billion and assets of over $444 billion as of 2017.

The claim alleges that “as a result of AT&T’s failures,” Silver Miller’s client was robbed of crypto asset holdings worth over $621,000 in a SIM swap, even after AT&T had assured him it had heightened security on his account following an earlier attempted hack.

As Silver Miller contends, AT&T is well-aware of the “pervasive harm” posed by SIM-swaps, having issued “public advisories” in the past warning that the threat is “industry-wide” and assuring the public of its safeguards against the practice.

AT&T is accused of acting “as a co-conspirator to the theft or through abject negligence” by transferring the account holder’s cell phone number to the attacker, and “exhibiting bad faith through its conscious awareness of and deliberate indifference to the risk to Claimant’s Personal Information.”

As per Silver Miller, AT&T’s failures further included “improperly hiring, training, and supervising its employees,” and “failing to invest in adequate security protections.”

According to the press release, other cases filed by the firm against T-Mobile pertain to victims who lost  $400,000 and $250,000 respectively, in similar SIM-swap incidents.

This summer, Cointelegraph interviewed Michael Terpin, an American blockchain and long-time crypto investor, who has sued AT&T for negligence that allegedly resulted in the theft of over $24 million in crypto holdings.

Terpin, who co-founded BitAngels in 2013 and, more recently, blockchain PR firm Transform Group, emphasized that many “smaller” crypto tokens cannot be kept in cold storage, and that – particularly if staked – they must be kept in a native wallet. They are thus more vulnerable to negligence, or even alleged complicity by the gatekeepers of user identity data. He advised investors to use a “Google voice” number, as:

“[Y]ou have to have something that does not have a retail store where a $10-an-hour employee can be bribed to give up your information and your digital life.”

Read more →

Crypto Exchange Gate.io Removes StatCounter Service Following Report of Security Breach

Posted by Helen Partz on

Crypto exchange Gate.io has removed the StatCounter service following an ESET security breach report saying “users’ funds are safe.”

Crypto exchange Gate.io has removed web analytics tool StatCounter from their website following a breach report by cybersecurity firm ESET, according to an official blog post published today, Nov. 7.

The company has reported that they immediately removed StatCounter's traffic stats service after receiving a security notice by ESET about suspicious behavior. Gate.io claimed they subsequently scanned the website with 56 antivirus products, and “no one reported any suspicious behavior at that time.” However, the firm still changed its traffic tracker, also reporting that “users’ funds are safe.”

On Nov. 6, Slovakia-based cybersecurity firm ESET published a security report claiming that hackers had successfully breached major web analytics tool StatCounter, targeting Bitcoin (BTC) exchanges that use the traffic analytic service. According to ESET researcher Matthieu Faou, the attackers compromised the StatCounter platform — which is reportedly used by more than two million other websites — by modifying the JavaScript (JS) code on each page of the website.

The hackers managed to add a piece of malicious code containing “myaccount/withdraw/BTC,” which intends to replace the destination address of a Bitcoin transfers by crypto exchange users with an address belonging to the attackers.

Modified script at www.statcounter[.]com/counter/counter.js. Source: WeLiveSecurity

According to Faou, who is reportedly the first to detect the “supply-chain attack,” this Uniform Resource Identifier (URI) “myaccount/withdraw/BTC” has been solely valid on crypto exchange Gate.io, allegedly “the main target of this attack.”

Now-ranked the 38th top crypto trading platform by daily trade volume as of press time, the exchange is quite popular in China with a rank of 9,382 in terms of in-country traffic, while its global rank amounts to 33,365, according to SimilarWeb traffic data and analytics tool.

In the conclusion to his report, the ESET researcher stated that the recent security breach again demonstrates the fact that external “JavaScript code is under the control of a third party and can be modified at any time without notice.”

As reported by Cointelegraph earlier this year, JS has been one of the major tools of hackers implemented in cryptojacking. According to the analysis, JS-based browser add-ons and extensions are “extremely vulnerable to hacking attacks” and often used for hidden mining by deploying users computing resources. For example, in mid-October, researchers found a crypto-mining malware that hides itself behind a fake Adobe Flash update.

Read more →

Hackers Breach Popular Web Analytics Site to Target Crypto Exchange

Posted by Yogita Khatri on

Cryptocurrency exchange Gate.io was apparently the target of hackers who compromised a widely used web analytics platform.

Read more →

Hackers Behind Zaif Crypto Exchange Theft May Have Been Exposed

Posted by Yogita Khatri on

Cybersecurity experts from Mitsubishi Group say they may have identified data that could locate the hackers of the Zaif crypto exchange.

Read more →