A new report estimates that ransomware payments tallied at least $602 million in 2021 — but the actual total could be much higher. Blockchain analysis firm Chainalysis released new data on Feb. 10 about ransomware activity related to cryptocurrency in 2021. However it stated that the total value is likely to end up surpassing the $692 million taken in 2020. “In fact, despite these numbers, anecdotal evidence, plus the fact that ransomware revenue in the first half of 2021 exceeded that of the first half of 2020, suggests to us that 2021 will eventually be revealed to have been an …

It’s a shot in the arm for Google Cloud users at risk of cryptocurrency mining attacks. The Google Cybersecurity Action Team (GCAT) has created a threat detection service to shield “poorly configured” accounts that attackers use to mine cryptocurrency. In a blog post, Google Cloud announced the Virtual Machine Threat Detection (VMTD) release in its Security Command Center (SCC) area. A means of scanning compute engines in Google Cloud, the VMTD successfully detects threats, including crypto-mining malware used inside virtual machines. Crypto-mining malware attacks, sometimes called “cryptojacking,” are an ongoing nuisance in the industry. While browser-based cryptojacking activity spiked in …

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet. Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys. MetaMask, …

Onchain analyst claims that Crypto.com's loss in the latest security breach might have been worth more than the reported $15 million. Pseudonymous ErgoBTC, an on-chain analyst at Bitcoin (BTC) research firm OXT Research, claims that the Crypto.com security breach that was said to have resulted in the loss of 4.6K ETH ($15 million), may be worth up to $33 million. Adding another 444 BTC to the previously reported 4.6k ETH from yesterday's @cryptocom hack. Still no acknowledgement of loss, despite large outflows from the custodial wallet into ETH's Tornado Cash and a well known BTC tumbler (as detailed below). pic.twitter.com/GalJKM6bi9 …

The National Cyber-Forensics and Training Alliance (NCFTA), an American non-profit, onboarded its first crypto firm Binance to aid their ongoing battle against cybercrimes. Founded in 2002, the NCFTA partners with law enforcement and various business and academic entities to source threat intelligence to identify and mitigate cybercrime threats. By partnering with Binance, the world’s biggest crypto exchange in terms of trading volume, the NCFTA aims to tackle international cybersecurity investigations. According to Binance’s VP of Global Intelligence and Investigations, Tigran Gambaryan, the exchange aims to be the leading contributor in the fight against cybercrime, ransomware, and terrorism financing: “Joining the …

Decentralized finance, better known as DeFi, may not be “decentralized” enough as attackers exploited centralized weak points to drain users of billions of dollars in 2021, according to research from blockchain security firm CertiK. In a new report on the state of DeFi security in 2021, CertiK researchers said “centralization issues were the most common attack vector” within decentralized finance. The blockchain security firm cited 44 DeFi hacks totaling $1.3 billion in lost funds in 2021. That’s an increase of over $500 million compared with 2021. “This underscores the importance of decentralization and highlights the fact that many projects still …

NFT marketplace OpenSea has frozen 16 Bored Ape and Mutant Ape nonfungible tokens (NFT) after they were reportedly stolen yesterday from a New York art gallery operator. In total, one Clonex, seven Mutant Ape Yacht Club, and eight Bored Ape Yacht Club NFTs currently valued at about 615 ETH ($2.28 million) were stolen and are now not able to be traded on OpenSea. The toddkramer.eth account, which links to the Ross+Kramer Art Gallery in New York, fired off a series of tweets detailing the 16 NFTs that were stolen from his hot wallet and pleading with OpenSea and the NFT …

What is a crypto honeypot and why is it used? Smart contracts programs across a decentralized network of nodes can be executed on modern blockchains like Ethereum. Smart contracts are becoming more popular and valuable, making them a more appealing target for attackers. Several smart contracts have been targeted by hackers in recent years. However, a new trend appears to be gaining traction; namely, attackers are no longer looking for susceptible contracts but are adopting a more proactive strategy. Instead, they aim to trick their victims into falling into traps by sending out contracts that appear to be vulnerable but …

Global blockchain security firm CertiK has concluded an $80 million investment round backed by some of crypto’s biggest venture funds, putting the company on track to reach the lofty $1 billion valuation mark in the foreseeable future. The Series B2 investment round was led by Sequoia, a California-based venture fund, with additional participation from Tiger Global, Coatue Management and GL Ventures, CertiK announced Wednesday. In the startup world, Series B or B2 financing refers to the second round of funding for a business through either private equity or venture capital. CertiK has now raised over $140 million over the past …

Cryptocurrency exchange Coinbase will acquire cryptographic security company Unbound Security in a move that will also have the U.S. company launch a research facility in Israel. In a Tuesday blog post, Coinbase said it would be purchasing Unbound to gain access to its cryptographic security experts as well as establish a presence in Israel. The exchange cited Unbound’s work in multi-party computation to provide users with the “virtually impenetrable nature of cold, offline storage, with the frictionless convenience of hot, online wallets.” “We’ve long recognized Israel as a hot bed of strong technology and cryptography talent, and are excited to …

Cross-chain liquidity protocol THORChain has fully recovered from two summer exploits that compromised millions of dollars in user funds after the company announced Thursday that it had received passing grades in a new security audit. The simultaneous audits, which were carried out by cybersecurity companies Trail and Bits and Halborn, allowed THORChain to implement a five-step recovery plan. THORChain’s contributors now say the protocol is fully operational after a restart brought all the major cryptocurrency integrations and cross-chain trading features back online. In addition to the audit, THORChain announced that it has commissioned Immunefi, a leading bug bounty platform for …

Australia’s top cyber spies are set to gain greater powers in the event of ransomware or other cyber attacks on critical infrastructure. The Australian Signals Directorate (ASD), a government agency in charge of cyber warfare and information security, would be able to take over control of critical infrastructure — including energy, communications and banking systems — under new legislation introduced into Parliament. The legislation even includes health care and grocery businesses under the definition of critical infrastructure and imposes new positive security obligations. For ASD operatives to provide assistance, operators from the affected infrastructure would have to report a serious …