cryptocurrency (30)

13156969684?profile=RESIZE_400xThe operator of the cryptocurrency mixing service Helix was sentenced to three years in prison last week.  Akron, Ohio native Larry Dean Harmon, 41, pleaded guilty in 2021 to conspiracy to commit money laundering.  A US Justice Department spokesperson did not respond to requests for comment about why the sentencing took place three years after the deal was agreed to.  It is unclear whether Harmon will be released this year.  In addition to his term in prison, Harmon was sentenced to three years

13044342875?profile=RESIZE_400xThe US Department of Justice (DoJ) has announced arrests and charges against several individuals and entities for allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action, codenamed Operation Token Mirrors, is the result of the US Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company, NexFundAI.

NexFundAI, as per information on the website, was marketed as redefining the "

13002296463?profile=RESIZE_400xAutomating the on-demand collection of memory dumps, process information, system files, and event logs for inclusion in threat-hunting activities allows for a more comprehensive and proactive approach to adaptive threat-hunting. In the WatchTower Threat Hunting blog series, Sentinel Labs calls out some adaptive threat-hunting methodologies, including Chained Detections, a Multi-Directional Approach, and AI-powered hunts. This shows the benefits of applying a multi-directional approach to adaptiv

12960360270?profile=RESIZE_400xThe Marko Polo cybercrime gang represents a growing global financial threat, steering at least 30 ongoing fraud campaigns simultaneously and wielding an arsenal of sophisticated malware that has compromised tens of thousands of devices.  Researchers reported that the group's scams are going after individuals and organizations alike by impersonating popular brands such as Zoom, Discord, and OpenSea, mainly in online gaming, virtual meeting software, and cryptocurrency platform markets.  The effor

12744610093?profile=RESIZE_400xThe HardBit ransomware first appeared in October 2022, with a 2.0 version coming shortly thereafter in November of 2022.   As one expects of a ransomware attack, HardBit targets organizations and demands cryptocurrency payments in exchange for decrypting data. 

Earlier variants of HardBit aren’t noted as being especially unique, though one standout attribute of HardBit is that the operators have enhanced their extortion tactics by demanding to know about the victim’s potential cyber insurance co

12490401073?profile=RESIZE_400xThe US Department of Justice (DOJ) on 24 April 2024 announced the arrest of two co-founders of a cryptocurrency mixer called Samourai. It seized the service for allegedly facilitating over $2 billion in illegal transactions and laundering more than $100 million in criminal proceeds.  Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money-transmitting business from 2015 through February 2024.

12421607062?profile=RESIZE_400xEclipse attacks are a special type of cyberattack where an attacker creates an artificial environment around one node, or user, which allows the attacker to manipulate the affected node into wrongful action.  By isolating a target node from its legitimate neighboring nodes, eclipse attacks can produce illegitimate transaction confirmations, among other effects on the network. While these types of attacks isolate individual nodes, the effectiveness of eclipse attacks at disrupting network nodes a

12336864900?profile=RESIZE_400xMicrosoft representatives have warned that adversaries use OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks.  "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an analysis.  The misuse of OAuth also enables threat actors to maintain access to applications even if the

12283117064?profile=RESIZE_400xIn the secretive world of venture capital and startups, information means access and it means money.  And so, it is rare that we see closely-guarded information the financials, the emails, the cap table all picked apart and challenged for anyone who chooses to pay attention.  It is rare we hear a startup’s executives give unadulterated answers to questions on the record, under oath laying out how things really went under the hood.  We only get that kind of a look at a private company when things

12283099090?profile=RESIZE_400xA highly sophisticated piece of malware posing as a cryptocurrency miner has stayed hidden for five years, infecting more than one million devices, cybersecurity investigators warn.  Named StripedFly, the threat contains code sequences previously observed in the malware used by the threat actor known as the Equation Group, known for APT malware and attacks, which has been linked to the US National Security Agency.

Designed as a modular framework, StripedFly can target both Windows and Linux and

12246230285?profile=RESIZE_400xA new malware-as-a-service option for cybercriminals known as BunnyLoader was released on September 4th, 2023.  It has since seen a variety of updates and has reached version 2.0.  As one might expect from any number of the “as a service” monikers, malware-as-a-service is a business model for cybercriminals.  The business model is such that malware and its associated infrastructure are provided to customers for a fee.  This can also be seen as a variation to the software-as-a-service model.

Thos

11836179895?profile=RESIZE_400x"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it.  Early examples of its use are among gamblers and confidence tricksters of the era.  A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

This massive campaign has likely resulted in thousands of people being scamm

11147291066?profile=RESIZE_400xFortiGuard Labs discovered an ongoing threat campaign targeting YouTube viewers searching for pirated software earlier this month.  Videos advertising downloads of “cracked” (aka pirated) software are uploaded by verified YouTube channels with a large number of subscribers.  Victims are led to execute malicious binaries that install multiple malware into their systems focused on harvesting credentials, cryptojacking, and stealing cryptocurrency funds from wallets.

While investigating this campai

11035559075?profile=RESIZE_400xAmericans do not have a lot of faith in cryptocurrency.  Around 75% of those familiar with crypto say they are not confident that the current ways to invest in, trade or use cryptocurrency are reliable and safe, according to Pew Research Center’s April 2023 survey of 10,071 people ages 18 and older living in the US.  The survey found that about 18% say they are somewhat confident, but just 6% feel extremely or very confident.  Confidence varies by age as well. The survey found that about 66% of

11026180301?profile=RESIZE_400xIn the cryptocurrency ecosystem, coins have a story, tracked in the unchangeable blockchains underpinning their economy.  The only exception, in some sense, is a cryptocurrency freshly generated by its owner's computational power.  Unsurprisingly, Kim Jong-Un’s North Korean hackers have begun adopting a new trick to launder the coins they steal from victims worldwide and use their dirty, stolen coins in services that allow them to mine innocent new ones.

Recently, cybersecurity investigators pub

10997443262?profile=RESIZE_400xAnother day and another US Securities and Exchange Commission (SEC) crypto crackdown case.  Recently, the US regulator announced emergency action against investment adviser BKCoin Management in connection with an alleged fraud scheme.  

The SEC alleged on 07 March 2023 that Miami-based BKCoin Management raised $100 million from at least 55 investors to plug into cryptocurrency. Instead, it was used to spend on luxury items and make “Ponzi-like payments” to investors to hide their fraud.  The inv

10953809075?profile=RESIZE_400xThe following article is based on the opinions of cyber threats and financial professionals and is not intended to place blame on any parties.  It is an important topic that has been brought to the attention of the US Government, even before the fall of the FTX Exchange.

See:  https://redskyalliance.org/xindustry/sec-chairman-pushes-for-more-cryptocurrency-regulations

The seemingly limitless innovations from information technology have created enormous opportunities for all kinds of predatory be

10921669465?profile=RESIZE_400xNorth Korea’s BlueNoroff hackers have updated their strategies and delivery techniques in a new wave of attacks targeting banks and venture capital firms according to cyber threat investigators.  Part of Lazarus, a hacking group linked to the North Korean government, BlueNoroff is financially motivated and has been blamed for numerous cyber-attacks targeting banks, cryptocurrency firms, and other financial institutions.

The campaign by BlueNoroff has been in operation at least since 2017.  It us

10905863501?profile=RESIZE_400xThe fall of the FTX crypto exchange forced many investors to seriously reconsider their overall approach to investments starting from self-custody to verifying the on-chain existence of funds.  This shift in approach was driven primarily by the lack of trust crypto investors have in the entrepreneurs after being duped by FTX CEO and co-founder Sam Bankman-Fried.

FTX crashed after Mr. Bankman-Fried and his accomplices were caught secretly reinvesting users’ funds, resulting in the misplacement of

10859343060?profile=RESIZE_400xResearchers found buried deep in a 61-page recent report by the U.S. Attorney General, the Biden Administration called for a dramatic expansion in the federal government’s ability to seize and keep cryptocurrency. If enacted, the proposed changes would bolster both criminal forfeiture, which requires a conviction to permanently confiscate property, as well as civil forfeiture, which does not require a conviction or even criminal charges to be filed.  Notably, the report’s release was coupled wit