A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …

Popular comedic writer and actor Bill Murray had his Ethereum wallet hacked for around 110 Wrapped ETH (wETH) worth $172,000 late last week. The auction for the The Bill Murray 1,000 NFT drop was just coming to a close on Thursday Sept. 1, having generated a total of 119.2 wETH worth of sales as part of a charity fundraiser for Chive Charities. However hackers were reportedly watching Murray’s wallet all day, and pounced to swipe nearly all of the funds as the sale came to a close. While it is not 100% certain how the hackers gained access to Murray’s …

In an ironic twist, Rug Pull Finder (RPF), a nonfungible token (NFT) watchdog focused on identifying Web3-based fraud has fallen victim to a smart contract exploit of its own. According to the NFT investigator’s post on Twitter on Sept. 2, two people exploited a technical flaw in the project during the free mint stage — pilfering 450 NFTs out of a possible 1,221 which were intended to be limited to one per wallet. As discussed on our Twitter space's earlier today - We messed up. We messed up big. Our contract had a flaw that allowed 2 people to scoop …

An attacker gained access to PwC Venezuela’s Twitter account and has been actively posting cryptocurrency phishing links for the last 8 hours at the time of the writing. Considering that all the tweets posted by the hacker remain active, it is evident that PwC officials are yet to realize the compromise. Investors clicking on the links remain at risk of being defrauded by the hacker. If not mitigated promptly, the threat may be catastrophic, considering that PwC Veleneula’s Twitter currently boasts over 37,000 followers. Cointelegraph has reached out to PwC Venezuela to inform them about the hack. PwC Venezuela has …

A YouTube channel owned by the government of South Korea was reportedly hacked and renamed SpaceX Invest, following which the channel uploaded fabricated videos of Elon Musk discussing cryptocurrencies. On Sept 3, the South Korean government's YouTube channel was momentarily hacked and renamed for sharing live broadcasts of crypto-related videos. However, the account was soon restored within four hours following a proactive intervention, confirmed a local report from Yonhap News Agency (YNA). The above screenshot was provided to YNA by a locale that shows the compromised channel being renamed to SpaceX Invest and streaming videos depicting SpaceX CEO Elon Musk. …

Helping investigate a $265,000 hack on decentralized crypto exchange KyberSwap, crypto exchange Binance narrowed down two suspects that seem responsible for the attack. On Sept. 1, Kyber Network succumbed to a frontend exploit, allowing the attacker to make away with $265,000 worth of user funds from KyberSwap. While investigations were underway, KyberSwap offered a 10% bounty — of roughly $40,000 — to the hacker as means to remediate the situation. Parallelly, based on an independent investigation, Binance’s security team identified two suspects that may be responsible for orchestrating the virtual heist. Binance CEO Changpeng ‘CZ’ Zhao confirmed that the intel …

KyberSwap, the decentralized exchange built on liquidity protocol Kyber Network, has offered a hacker 15% of the funds from a $265,000 exploit as a bug bounty. In a Thursday blog post, Kyber Network said a hacker had used a frontend exploit to pilfer roughly $265,000 worth of user funds from KyberSwap. The protocol said it will compensate all users for any missing funds related to the exploit, and directly addressed the hacker to give them an opportunity to return the funds in exchange for “a conversation with our team” and 15% of what was taken — roughly $40,000. “We know …

A group of hacktivists called the Belarusian Cyber Partisans have been attempting to sell a nonfungible token (NFT) featuring the purported passport info of Belarus president Alexander Lukashenko. The Belarusian Cyber Partisans say the move is part of a grassroots fundraising campaign to fight “bloody regimes in Minsk and Moscow.” The members claim to have hacked into a government database that has the passport info of every Belarusian citizen, allowing them to launch an NFT collection called "Belarisuan Passports," which includes a digital passport that supposedly features Lukashenko’s actual information. 1/3For the 1st time in human history a #hacktivist collective …

The U.S Federal Bureau of Investigation (FBI) has issued a fresh warning for investors in decentralized finance (DeFi) platforms, which have been targeted with $1.6 billion in exploits in 2022. In an Aug. 29 public service announcement on the FBI's Internet Crime Complaint Center, the agency said the exploits have caused investors to lose money — advising investors to conduct diligent research about Defi platforms before using them, while also urging platforms to improve monitoring and conduct m rigorous code testing. The law enforcement agency warned that cybercriminals are out in force to take advantage of "investors' increased interest in …

How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …

Hackers behind the $190 million Nomad Bridge are now being incentivized with "whitehat" themed non-fungible tokens (NFTs) if they return nearly all of the funds they stole from the protocol at the start of this month. The exclusive NFT, which simply depicts a white wizard’s hat, is being offered by NFT firm Metagame and can be minted by those that return at least 90% of their stolen funds to Nomad. 1/ Our friends at @metagame created an earned NFT as a thank you to whitehats who returned funds from the Nomad Bridge Hack. Head over https://t.co/TWwuJwnRXj to claim it! pic.twitter.com/V87rkGhBEE …

Cross-chain bridges have increasingly become targeted by malicious entities. However, not all hackers can run away with millions in their exploit attempts. Some end up losing money from their own wallets. In a Twitter thread, Alex Shevchenko, the CEO of Aurora Labs, told the story of a hacker who attempted to exploit the Rainbow Bridge but ended up losing 5 Ether (ETH), worth around $8,000 at the time of writing. According to Shevchenko, the hacker has presented a falsified NEAR block to the Rainbow Bridge contract and submitted the required 5 ETH safe deposit. Thinking that the team would be …