Code injected into Tornado Cash on January 1 puts user funds at risk

February 27, 2024 at 09:29AM Malicious JavaScript code in a Tornado Cash governance proposal has leaked deposit notes to a private server for almost two months, compromising fund transaction privacy and security. Security researcher Gas404 discovered the code and urged stakeholders to veto the proposal. The compromised protocol introduced the code and Tornado Cash urges … Read more

New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide

February 20, 2024 at 06:27AM North Korean-sponsored threat actors are conducting cyber espionage targeting the defense sector worldwide. The Lazarus Group is blamed for using social engineering to infiltrate the defense sector through a long-standing operation called Dream Job. Another incident involved an intrusion into a defense research center, executed by a North Korea-based threat … Read more

Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platform

February 14, 2024 at 11:22AM Hackers exploited a stolen private key to generate and steal 1.79 billion PLA tokens from PlayDapp, a blockchain platform for trading non-fungible tokens (NFTs) in games. PlayDapp took immediate measures, including offering a $1 million reward to recover the stolen assets. The attack, potentially by the “Lazarus Group,” resulted in … Read more

Hackers mint 1.7 billion crypto tokens from PlayDapp gaming platform

February 14, 2024 at 11:15AM Hackers used a stolen private key to mint and steal over 1.79 billion PLA tokens from the PlayDapp ecosystem. The unauthorized wallet minted 200 million PLA tokens initially, and when PlayDapp offered a reward for returning the stolen contracts and assets, the hackers minted an additional 1.59 billion PLA tokens. … Read more

Hackers steal $290 million in crypto from PlayDapp gaming platform

February 13, 2024 at 11:38AM Hackers exploited a stolen key to steal over $290 million in PLA tokens from the PlayDapp platform. PlayDapp immediately took action, transferring assets, offering a reward to the hacker, and eventually suspending trading. Elliptic reported the hackers’ movement of funds, and suspicions of the North Korean Lazarus Group’s involvement arose … Read more

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

February 5, 2024 at 12:04PM Belarusian and Cypriot national extradited to the U.S. due to alleged connections to cryptocurrency exchange BTC-e. Facing charges for money laundering and running unlicensed money services business. BTC-e accused of facilitating cybercrimes. DOJ charging individuals related to cryptocurrency thefts and cybercrime groups. Notable cases include SIM swapping attacks and digital … Read more

Web3 security firm CertiK’s X account hacked to push crypto drainer

January 5, 2024 at 12:24PM CertiK’s Twitter/X account was hijacked, redirecting 343,000 followers to a malicious website promoting a cryptocurrency wallet drainer. An investigation is underway following a social engineering attack, with rogue posts warning of vulnerabilities and leading to phishing and scams. Other high-profile accounts have faced similar breaches, underscoring the threat of cryptocurrency-related … Read more

Crypto wallet founder loses $125,000 to fake airdrop website

January 5, 2024 at 07:18AM Cryptocurrency startup Nest Wallet co-founder, Bill Lou, laments losing $125,000 in a phishing scam while trying to claim a crypto airdrop. Despite believing his own product could have prevented it, others questioned his claim. The incident highlights the rising trend of cryptocurrency scams, cautioning users to be vigilant. (49 words) … Read more

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

December 30, 2023 at 04:42AM Cybersecurity researchers are cautioning about a surge in phishing attacks targeting cryptocurrency wallets, utilizing a technique to drain multiple blockchain networks. Notably, a group called Angel Drainer offers a “scam-as-a-service” for a percentage of stolen assets. To combat this, users are advised to use hardware wallets, verify smart contracts, and … Read more

Blockchain dev’s wallet emptied in “job interview” using npm package

December 28, 2023 at 06:26AM Blockchain developer Murat Çeliktepe was targeted by a LinkedIn recruiter for a web development job. As part of the interview, he was asked to debug npm packages from a GitHub repository, leading to his MetaMask wallet being drained of over $500. This scam has also targeted other developers, highlighting the … Read more