Two cryptocurrency exchange portals, DragonEx and CoinBene, have disclosed hacks this week and have both gone into maintenance mode to investigate and improve their infrastructure. DragonEx is believed to have lost over $1 million worth of cryptocurrency, while CoinBebe's losses are estimated at over $45 million, according to industry observers
What happened with Canadian crypto exchange QuadrigaCX would not have happened if it had been licensed under the Bermuda Monetary Authority, because it has rules regarding the custody of master keys and making sure they're not held by a particular individual.
"Ernst and Young (EY), the court-appointed monitor for collapsed Canadian crypto exchange QuadrigaCX, has proposed transitioning the company from a restructuring process to bankruptcy proceedings."
"The US Federal Reserve has launched a project to find a common way of classifying and modelling cyber risk, amid continued fears over banks' collective readiness to meet the existential threat it poses to the financial system."
A "privacy "poisoning" the cyber attack involves loading private data, such as names, addresses and credit card numbers, or illegal material, such as child pornography, into a blockchain, therefore putting the network in conflict with local laws, making the affected chain and its data useless.
Blockchain technologies are revolutionary in many ways, but the simple fact that blockchain is different need not require a wholly new security paradigm.
The US Drug Enforcement Administration demanded a suspected drug dealer's passwords from LastPass (an encrypted vault for storing passwords). LastPass told them to take a hike although it did hand over IP addresses used by the suspect and information about the account's creation and usage.
Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used.
Binance decided against responding to the hack with a rollback: i.e. aiming to incentivize miners to form a consensus to wield 51% of the network's hashing power to reorganize the blockchain's transactions after the loss.
"Bitfinex was able to raise $1B in 10 days, in a private sale. Private companies made investments for > $100M each, and a legion of inside and outside users made investments for > $1M each."
Binance, one of the world's largest cryptocurrency exchanges, said hackers withdrew 7,000 Bitcoins worth about $40 million via a single transaction in a "large scale security breach," the latest in a long line of thefts in the digital currency space.
More than half of the full nodes in the bitcoin network are still running client software vulnerable to an inflation bug that could allow miners to inflate the total bitcoin supply beyond the 21 million BTC.
CipherTrace found that losses due to cryptocurrency thefts, scams and fraud tally more than $1.2 billion in A1 2019. This includes $356 million stolen from exchanges and the loss of $850 million by major exchange Bitfinex
SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.
Hackers have breached over 50,000 servers across the world to mine cryptocurrency using unusually sophisticated tools, according to Guardicore Labs. The large-scale "Nansh0u campaign" malware effort has been ongoing since February, mostly targeting firms in the healthcare, telecoms, media and IT sectors.
The root cause of last Sunday's Google outage was a configuration change for a small group of servers in one region being wrongly applied to a larger number of servers across several neighboring regions.
Canada's largest credit union and one of the world's biggest banks, announced a security breach caused by a former employee. The bank said a bank employee had taken the data of 2.7 million home users and 173,000 businesses and associated contacts from its database, without authorization.