BlueNoroff, part of the North Korean state-sponsored Lazarus Group, has renewed its targeting of venture capital firms, crypto startups and banks. Cybersecurity lab Kaspersky reported that the group has shown a spike in activity after a lull for most of the year and it is testing new delivery methods for its malware. BlueNoroff has created more than 70 fake domains that mimic venture capital firms and banks. Most of the fakes presented themselves as well-known Japanese companies, but some also assumed the identity of United States and Vietnamese companies. BlueNoroff introduces new methods bypassing MoTWhttps://t.co/C6q0l1mWqo — Pentesting News (@PentestingN) December …

After recovering the funds lost in a recent flash loan exploit, decentralized leverage-trading platform Defrost Finance is planning to return the funds to their rightful owners, according to a new announcement. In a Medium post, Defrost highlighted that it will soon be refunding the assets to their original holders and will be following a specific process. The process includes converting all Ether (ETH) into stablecoins, like DAI, at the on-chain market rate. Then, all stablecoins will be transferred from the Ethereum blockchain into Avalanche. Apart from these, the team will also be conducting a scan of on-chain data to find …

The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】 1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker …

Major cryptocurrency mining pool BTC.com has suffered a cyberattack resulting in a significant loss of funds by the company and its customers. BTC.com experienced a cyberattack on Dec. 3, with attackers stealing around $700,000 in client assets and $2.3 million in the company’s assets, the mining pool’s parent firm BIT Mining Limited officially announced on Dec. 26. BIT Mining and BTC.com reported the cyberattack to law enforcement authorities in Shenzhen, China. The local authorities subsequently launched an investigation into the incident, starting collecting evidence and requesting assistance from relevant agencies in China. The local coordination has already helped BTC.com recover …

While many are still enjoying the holiday season, hackers are hard at work, draining around $8 million in an ongoing BitKeep wallet exploit. On Dec. 26, some users of the multichain crypto wallet BitKeep reported that their funds were being drained and transferred while they were not using their wallets. In their official Telegram group, the BitKeep team confirmed that some APK package downloads have been hijacked by some attackers and have been installed with code that was implanted by hackers. They wrote: “If your funds are stolen, the application you download or update may be an unknown version (unofficial …

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims. Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects. Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, …

Defrost Finance, a decentralized leveraged trading platform on Avalanche blockchain, announced that both of its versions — Defrost V1 and Defrost V2 — are being investigated for a hack. The announcement came after investors reported losing their staked Defrost Finance (MELT) and Avalanche (AVAX) tokens from the MetaMask wallets. Moments after a few users complained about the unusual loss of funds, Defrost Finance’s core team member Doran confirmed that Defrost V2 was hit with a flash loan attack. At the time, the platform believed that Defrost V1 was not impacted by the hack and decided to close down V2 for …

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. Uniswap, one of the leading decentralized exchange platforms, is integrating debit and credit card support for its users. It will allow Uniswap users to buy cryptocurrency directly with their cards. An ex-employee caused Ankr protocol’s recent $5 million hack. The DeFi protocol alerted relevant authorities and is seeking to prosecute the attacker while shoring up its security practices. A Web3 developer has claimed that many crypto ecosystem projects would rather get hacked than pay …

The team behind the Raydium decentralized exchange (DEX) has announced details as to how the hack of Dec. 16 occurred and offered a proposal to compensate victims. According to an official forum post from the team, the hacker was able to make off with over $2 million in crypto loot by exploiting a vulnerability in the DEX’s smart contracts that allowed entire liquidity pools to be withdrawn by admins, despite existing protections being to prevent such behavior. The team will use its own unlocked tokens to compensate victims who lost Raydium tokens, also known as RAY. However, the developer does …

A $5 million hack of Ankr protocol on Dec. 1 was caused by a former team member, according to a Dec. 20 announcement from the Ankr team. The ex-employee conducted a “supply chain attack” by putting malicious code into a package of future updates to the team’s internal software. Once this software was updated, the malicious code created a security vulnerability that allowed the attacker to steal the team’s deployer key from the company’s server. After Action Report: Our Findings From the aBNBc Token Exploit We just released a new blog post that goes in-depth about this: https://t.co/fyagjhODNG A pic.twitter.com/d6psUbpxNY …

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year. In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens. This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on …

As hacks and exploits continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so. In a tweet, a Web3 developer claimed that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him. The developer noted that this sends …