The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.

In a statement on its website today, Crypto.com revealed fresh details concerning a recent hack on its platform, stating that 483 of its customers were affected and that unauthorized withdrawals of over $15 million in ETH, $19 million in BTC, and $66,200 in ‘other currencies’ occurred. The total losses, which amount to more than $34 million at today’s cryptocurrency prices, are more than analysts had projected before Crypto.com’s announcement. The company’s post-mortem came just one day after CEO Kris Marszalek admitted the breach in a Bloomberg TV interview. After many Crypto.com users claimed their funds had been stolen, he confirmed the breach, which had previously been received with cryptic responses from the corporation, referring only to an ‘event.’ During the interview, Marszalek did not reveal how the hack occurred, but he did disclose that Crypto.com has refunded all affected accounts. According to today’s announcement, Crypto.com discovered the suspicious activity on Monday, when ‘transactions were being approved without the user entering the 2FA authentication control.’ To investigate the problem, the site temporarily halted all withdrawals for 14 hours. The attacker was able to approve transactions without triggering 2FA, which is required for all users, according to Crypto.com. Customers were asked to enter into the platform and set up their 2FA tokens again after the company ‘revoked all client 2FA tokens and added additional security hardening measures,’ according to the company. Users will be warned and have ‘enough time to react and respond’ by contacting the Crypto.com staff if the withdrawal appears to be unlawful. The extra precautions include a mandatory 24-hour delay between the registration of a new withdrawal address and the first withdrawal. Following the incident, the company undertook an internal investigation and hired third-party security experts to examine its platform, according to the company. To improve security, it announced plans to move away from two-factor authentication and toward ‘real multi-factor authentication,’ though it did not provide a date. In a statement today, Crypto.com also stated that ‘beginning February 1st, the Worldwide Account Protection Scheme (WAPP) will be introduced in select regions,’ a programme that will recover cash up to $250,000 for “eligible consumers” in the event of an unauthorized withdrawal. Users must enable multi-factor authentication on all transaction types where it is available, set up an anti-phishing code at least 21 days prior to the reported unauthorized transaction, file a police report and provide it to Crypto.com, complete a forensic investigation questionnaire, and not be using a jailbroken device to qualify for the programme, according to the company. While Crypto.com is the world’s fourth-largest cryptocurrency exchange, it has been aggressively expanding its presence in the United States in recent months, with stunts such as viral advertisements starring actor Matt Damon and a $700 million purchase of the naming rights to the Los Angeles Lakers and Clippers Arena. It bills itself as the ‘fastest-growing’ cryptocurrency exchange, and earlier this week announced a $500 million expansion of its venture capital arm to support early-stage crypto businesses. The consequences from this week’s hack, as well as the company’s tardy response, may threaten to halt some of the company’s expansion in the United States.

The post 2FA Compromise Led to $34M Crypto.com Hack appeared first on Cryptoknowmics-Crypto News and Media Platform.

Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.

read more

U.S sanctions against Afghanistan have exacerbated starvation, poverty, and made life even more perilous for the millions living under Taliban occupation. However, people both within and outside the country have been experimenting with crypto options to overcome legal and financial barriers. Coders without borders An investigation by The Intercept interviewed the CEO of a coding school […]

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues

01 Exchange says it's "the first fully-decentralized derivatives exchange to support orderbook-based power perpetuals and perpetual futures on Solana."

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result of a ten-day investigation dubbed Operation Falcon II undertaken by the Interpol along with

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion (or, as we like to call it: Cyber Extortion or Cy-X). This is a unique form of cybercrime in that we can

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that

Bitcoin both fits into and defies all of the major theoretical models developed in recent history, speaking to just how early we are.

The impact of Bitcoin on war will not simply be the eradication of violence, a problem of humanity since the dawn of time.

Once attackers have obtained access, they can compromise other systems or pivot within your networks.