CryptoCurrency
Cryptocurrency theft attacks traced to 2022 LastPass breach
Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. In 2022, LastPass disclosed that attackers breached its systems by compromising a developer environment, stealing portions of the company’s source code and proprietary technical […]
Hackers drain $3.9M from Unleash Protocol after multisig hijack
The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. According to the team behind the blockchain project, the attacker obtained enough signing power to act as an administrator of Unleash’s multisig governance system. “Our initial investigation indicates that an […]
New GlassWorm malware wave targets Macs with trojanized crypto wallets
A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the OpenVSX registry and the Microsoft Visual Studio Marketplace expand the capabilities of a VS Code-compatible editor by adding features and productivity enhancements in the form of development tools, language support, or themes. […]
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software. The 29-year-old man was extradited from Georgia to South Korea following a related request under Interpol’s coordination. According to the Korean National Police Agency, the suspect […]
Trust Wallet says 2,596 wallets drained in $7 million crypto theft attack
Trust Wallet says attackers who compromised its browser extension right before Christmas have drained approximately $7 million from nearly 3,000 cryptocurrency wallet addresses. The cryptocurrency wallet (used by over 200 million people according to its official website) allows users to store, send, receive, and manage Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies and digital […]
Former Coinbase support agent arrested for helping hackers
A former Coinbase customer service agent was arrested in India for helping hackers earlier this year steal sensitive customer information from a company database. The arrest occurred in Hyderabad, the capital of India’s Telangana state and a major technology center in the country, and it is expected that more individuals will be detained, according to Coinbase CEO Brian Armstrong. […]
Fake Grubhub emails promise tenfold return on sent cryptocurrency
Grubhub users received fraudulent messages, apparently from a company email address, promising a tenfold bitcoin payout in return for a transfer to a specified wallet. The emails claimed to be part of a ‘Holiday Crypto Promotion’ and came from an email address on ‘b.grubhub.com’, which is a legitimate subdomain that Grubhub uses to communicate with […]
Trust Wallet confirms extension hack led to $7 million crypto theft
Trust Wallet confirmed that a compromised Chrome extension update released on December 24 led to $7 million in stolen cryptocurrency after users reported their wallets drained. “So far, $7m affected by this hack. TrustWallet will cover. User funds are SAFU. Appreciate your understanding for any inconveniences caused,” posted Binance founder Changpeng “CZ” Zhao on X. “The team is still investigating […]
Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). The operation started on November 2nd and employed a persistence mechanism that extended mining operations and hindered incident responders. The threat actor used a Docker […]
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. According to the ICO, the incident stemmed from two interconnected breaches […]