A recent report contends that the Ledger app has failed to fix a major vulnerability that allows for a “Bitcoin Fork” attack. Mo Nokhbeh has claimed that Ledger’s wallet fails to properly isolate the apps responsible for authorizing the transactions of different assets. This creates a vulnerability where a user’s wallet can be fooled into authorizing a transaction for a less valuable asset — such as Litecoin (LTC), Bitcoin Cash (BCH) or any other Bitcoin fork coin — when in reality, a Bitcoin (BTC) transaction is being released. Nokhbeh told Cointelegraph: “This app should be isolated such that it only …

Crypto exchange Bitfinex is offering up to $400 million to anyone who can lead it to the hackers who stole over 120,000 Bitcoin (BTC) in August 2016. According to the company’s post on Aug. 4, it is even willing to reward the hackers themselves. The people behind the 2016 attack breached the security systems of Bitfinex and managed to complete around 2072 unauthorized transactions. The company clarified that this is its “latest effort” to recover these stolen funds. Bitfinex explained how the reward will work: “Those who put Bitfinex in contact with the hacker will receive 5% of the total …

Cybersecurity firm McAfee released a study showing the activities of NetWalker, a ransomware first known as Mailto that was initially discovered in August 2019. According to the report, the operators of NetWalker have collected over $25 million from ransom payments since March 2020. From March 1 to July 27, the group collected around 2,795 Bitcoin (BTC), purportedly making it one of the most profitable types of ransomware for cybercriminals. According to the report, the Bitcoin transactions received by the gang — where the amount is split among several different addresses — reflects that NetWalker is a "ransomware-as-a-service" malware. Such a …

A European cryptocurrency trading platform called 2gether was recently targeted by an unknown group of hackers. These bad actors stole over 1.183 million Euros ($1.39M) from the service’s investment accounts in a cyberattack on July 31. Ramon Ferraz Estrada, CEO of the crypto firm, revealed in a series of Twitter posts that the hack affected crypto investment accounts and exposed user passwords, though he noted that Euro accounts and wallets “are safe.” To compensate for the stolen funds, 2gether has offered customers its native 2GT token at a price equivalent to 5 cents each. The 2gether team will also attempt …

Multinational tech company Garmin may have paid some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. The news outlet reported that the existence of such a protocol means “Garmin must have paid the ransom to the …

Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry. Lemos told Cointelegraph that a crypto mining software is not necessarily malicious but rather opportunistic utilizing compute resources for monetary gain, "although you often find it paired with malicious software,” and it’s also …

In the US alone, over $55m has been stolen through SIM swapping attacks since 2018. NEM, a blockchain-based ecosystem, believes that decentralized apps could provide a meaningful solution to this problem. According to NEM, they’re working with a solution called “FIX Network”, which was established to help mobile subscribers secure private keys and transactions on SIM cards. The network leverages a blockchain-based protocol to support the security and privacy of mobile subscribers, NEM explains: “This unique architecture will allow mobile operators to deliver services such as digital identity management, cryptocurrency wallets, and personal data firewalls, all enabled by the safekeeping …

A new study indicates that hackers are actively relying on the Dogecoin (DOGE) blockchain to expand a malware payload named “Doki.” According to cybersecurity researchers at Intezer, Doki is a fully undetected backdoor that abuses the Dogecoin blockchain “in a unique way” in order to generate its C2 domain address and breach cloud servers. It is deployed through a botnet called Ngrok. These domain addresses are used by the malware to search for additional vulnerable cloud servers within the network of the victim. Intezer’s study explains further about the deployment of the attack: “The attacker controls which address the malware …

Following Ledger's confirmed data breach on June 17, competing hardware wallet manufacturer Trezor cheekily made their followers aware that they frequently purge their systems of all customer order data, including email addresses — apparently every 90 days. Trezor also added a coupon in its tweet that offers 10% discount in its shop, and the code is “DATAPRIVACY.” However, despite the measures announced in the tweet, people asked the company if their “database backups and logs” will be included in the sensitive data purge every 90 days. No response has been provided by Trezor as of press time. Ledger already notified …

Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July. In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website. While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25. The individual used an API key to access the marketing and e-commerce database the …

A group of hackers associated with the North Korean regime have kept their crypto extortion efforts alive in 2020. A group of North Korean hackers operating under the name “Lazarus” targeted several crypto exchanges last year, according to a report published by Chainalysis. One of the attacks involved the creation of a fake trading bot which was offered to employees of the DragonEx exchange. Findings show that in March 2019, the hackers stole approximately $7 million in various cryptocurrencies from the Singapore-based exchange. Cybersecurity vendor Cyfirma warned in June about a massive crypto phishing campaign that could be launched by …

Numerous unnecessary employees at Twitter allegedly have the ability to reset users’ accounts and modify their security settings. This is a problem that Jack Dorsey, chief executive officer, and the company’s board were warned about all the way back in 2015. According to Bloomberg, Twitter has over 1,500 workers with the abilities to reset accounts and review user breaches. This led to speculation that the hack on July 15 could have been prevented if timelier actions were taken. Security concerns addressed The report clarified that such credentials gave limited access to most of the workers involved in the social network’s …