Category Archives: bitcoin

Return of the Bitcoin Maximalist? Crypto Winter Luring Even More Institutional Capital than Before

Bitcoin’s price crept higher on Saturday, as the leading digital currency found renewed support near $3,600 following a week of mostly tepid moves. Although the bear market is showing little signs of letting up, Grayscale has declared the return of the ‘bitcoin maximalist’ following a dramatic surge in investments during the fourth quarter. Could this […]

The post Return of the Bitcoin Maximalist? Crypto Winter Luring Even More Institutional Capital than Before appeared first on Hacked: Hacking Finance.

Crypto Update: Another Spike Fails in Crypto-Land

The major cryptocurrencies continue to follow the pattern which consists of sudden spikes followed by choppy sideways periods. Today, the top coins jumped higher, with the strongest currencies testing their recent swing highs, but the move quickly failed. The market continues to be dominated by low liquidity and the bearish long-term forces, making it difficult […]

The post Crypto Update: Another Spike Fails in Crypto-Land appeared first on Hacked: Hacking Finance.

The “Accessibility Premium”: How Coinbase’s Overseas Expansion Could Affect Crypto Prices

The accessibility premium refers to the affect on a cryptocurrency’s price when it is added to Coinbase. The $8 billion valued exchange is now looking to expand beyond its U.S-based institutional trading business to offer institutional services worldwide. Bitcoin, Bitcoin Cash, Ethereum, and Litecoin may end up being the greatest beneficiaries. These cryptocurrencies could gain […]

The post The “Accessibility Premium”: How Coinbase’s Overseas Expansion Could Affect Crypto Prices appeared first on Hacked: Hacking Finance.

Bitcoin Price Sees Renewed Stability as Average Block Size Reaches All-Time High

Bitcoin’s price drifted slightly higher on Friday, as the potential for further downside continued to erode following a week-long drop in volatility. In terms of fundamentals, bitcoin’s average block size has reached a new record high, reigniting a long-standing debate over full blocks and the so-called capacity cliff. BTC/USD Update The bitcoin price is currently […]

The post Bitcoin Price Sees Renewed Stability as Average Block Size Reaches All-Time High appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ark

Our November 23, 2018 trade recommendation for Ark (ARK/BTC) hit both of our targets. The first one was hit on January 4, 2019 when the market climbed as high as 0.0001297. The second target was achieved on February 8 when the price rallied to 0.0001539. Those who followed the trade recommendation grew their investments by […]

The post Trade Recommendation: Ark appeared first on Hacked: Hacking Finance.

Morgan Chase’s JPM Coin: A Banker’s Intranet, or the First Major Attack on Bitcoin?

JP Morgan Chase unveiled plans for its JPM Coin on Thursday, sending the cryptocurrency universe into equal fits of both rancour and rapture. While some see institutional adoption of cryptocurrency as the most bullish news of 2019, many are not quite sold on the concept; and some are already fearing the emergence of a ‘Ripple […]

The post Morgan Chase’s JPM Coin: A Banker’s Intranet, or the First Major Attack on Bitcoin? appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Drift Sideways but Leadership Weakens

The major cryptocurrencies have been mostly trading in relatively narrow ranges in the past 24 hours, and although we saw a broad sell-off today in early trading, a major bearish move has been avoided, for now. While the coins are still holding on to most of their gains from last Friday’s Litecoin-led surge, the relatively […]

The post Crypto Update: Coins Drift Sideways but Leadership Weakens appeared first on Hacked: Hacking Finance.

WikiLeaks Exposes Craig Wright’s Lies as Nakamoto Saga Hits Peak ‘Faketoshi’

The comedy of errors that is Craig Wright’s attempt to convince the world that he is Satoshi Nakamoto took another turn this week, when WikiLeaks dropped a batch of documents showing his dishonest retrofitting of Bitcoin documentation. WikiLeaks vs Craig Wright Wright released a Medium post last week where he told the world once again […]

The post WikiLeaks Exposes Craig Wright’s Lies as Nakamoto Saga Hits Peak ‘Faketoshi’ appeared first on Hacked: Hacking Finance.

Trade Recommendation: Monero

Our trading system is simple. We plot the current range and identify three levels: support, resistance, and midpoint. We buy low and sell high by buying the support and selling the resistance. However, there are times when the midpoint is also a good buy level. Whenever we do that, we’re convinced that the market is […]

The post Trade Recommendation: Monero appeared first on Hacked: Hacking Finance.

Bitcoin Price Defends Critical Level as Fees Plummet, Transactions Surge

Bitcoin’s price may have stagnated through the early part of 2019, but underlying fundamentals show the market has turned a corner with respect to fees and transactions. As Diar recently pointed out, bitcoin fees plunged to four-year lows in January, while transactions hit their highest levels since 2017. BTC/USD Update In terms of price action, […]

The post Bitcoin Price Defends Critical Level as Fees Plummet, Transactions Surge appeared first on Hacked: Hacking Finance.

Crypto Update: Litecoin Pulls Back as Rally Fails to Reignite

While the major cryptocurrencies experienced another rally attempt yesterday following last week’s Litecoin-led surge, most of them failed to hit sustained new highs. The top coins are still holding on to most of their gains, but the lack of bullish momentum is a negative sign. With the bearish long-term picture in mind, traders should still […]

The post Crypto Update: Litecoin Pulls Back as Rally Fails to Reignite appeared first on Hacked: Hacking Finance.

Bitcoin Update: A Case That the Bottom Is In

With the current market sentiment, almost everyone in the crypto community believes that we have yet to bottom out. Most think that the recent Bitcoin (BTC/USD) rally is nothing but a dead cat bounce. From their point of view, we may rally to $4,300 or maybe even go as high as $5,800. Just as everyone’s […]

The post Bitcoin Update: A Case That the Bottom Is In appeared first on Hacked: Hacking Finance.

EOS, Maker Lead Tepid Crypto Market Rally; Mike Novogratz Touts Bitcoin as “Digital Gold”

Most of the top 20 cryptocurrencies reported gains on Wednesday, with EOS emerging as one of the frontrunners for the second day running. Positive contributions from the likes of Maker, Zcash and Monero kept markets buoyant after a tepid start to the week. Market Update The total value of all cryptocurrencies reached a high of […]

The post EOS, Maker Lead Tepid Crypto Market Rally; Mike Novogratz Touts Bitcoin as “Digital Gold” appeared first on Hacked: Hacking Finance.

Bitcoin and Derivatives: Why $4,200 is So Critical

Bitcoin continued to face strong resistance on Wednesday, with upside firmly capped below several technical hurdles that threaten to undermine the latest rally attempt. As Bloomberg recently reported, a growing number of bitcoin traders are turning to derivatives to squeeze some value out of their assets, a trend that could have adverse effects on the […]

The post Bitcoin and Derivatives: Why $4,200 is So Critical appeared first on Hacked: Hacking Finance.

Square CEO Jack Dorsey Says Bitcoin’s Lightning Is Coming To Cash App

An anonymous reader shares a report: A bitcoin scaling solution called the lightning network may soon come to Square's Cash App for mobile payments. Twitter and Square CEO Jack Dorsey, an investor in the bitcoin-oriented startup Lightning Labs, recently announced during an interview with podcaster Stephan Livera that there are plans to integrate the scaling technology with Square's mobile app. "It's not an 'if,' it's more of a 'when,' and how do we make sure that we're getting the speed that we need and the efficiency," Dorsey told Livera, adding: "We don't think it stops at buying and selling [bitcoin]. We do want to help make happen the currency aspect."

Read more of this story at Slashdot.

Crypto Rally Loses Steam as Wall Street Reviews the Merits of a Bitcoin ETF

Crypto markets were a mixed bag on Tuesday, as most of the top 20 coins headed for slight-to-moderate declines. There were a few notable exceptions, with the likes of Dash, NEO and Zcash flashing green. Meanwhile, the debate over a bitcoin exchange-traded fund (ETF) appears to be heating up on Wall Street, with one prominent […]

The post Crypto Rally Loses Steam as Wall Street Reviews the Merits of a Bitcoin ETF appeared first on Hacked: Hacking Finance.

Bitcoin’s Latest Rally Attempt Faces Strong Resistance

Bitcoin’s price ran into resistance on Tuesday, as price action continued to cool following an explosive rally last week. The leading digital currency has backed off 3% from the most recent swing high in what appears to be a broad consolidation phase for cryptoassets. BTC/USD Update The bitcoin price showed considerable variance on virtual exchanges […]

The post Bitcoin’s Latest Rally Attempt Faces Strong Resistance appeared first on Hacked: Hacking Finance.

Trade Recommendation: Pundi X

Pundi X (NPXS/BTC) is a coin that’s raring to leave its accumulation range and trend higher. It has been range trading between 0.0000001 and 0.0000002 for almost three months now. During this period, bulls attempted to take out the top end of the range three times. While all three attempts have failed, we believe the […]

The post Trade Recommendation: Pundi X appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Pull Back as Follow-Through Rally Fades

The cryptocurrency segment has been consolidating Friday’s Litecoin-led surge over the weekend, and although most of the major coins are holding on to the bulk of their gains, the follow-through move has been lacking momentum. That said, compared to the failed Ripple-led attempt two weeks ago, more coins are showing positive signs, and despite the […]

The post Crypto Update: Coins Pull Back as Follow-Through Rally Fades appeared first on Hacked: Hacking Finance.

Blockchain and Trust

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great promise, but it's just not true. Yes, bitcoin eliminates certain trusted intermediaries that are inherent in other payment systems like credit cards. But you still have to trust bitcoin -- and everything about it.

Much has been written about blockchains and how they displace, reshape, or eliminate trust. But when you analyze both blockchain and trust, you quickly realize that there is much more hype than value. Blockchain solutions are often much worse than what they replace.

First, a caveat. By blockchain, I mean something very specific: the data structures and protocols that make up a public blockchain. These have three essential elements. The first is a distributed (as in multiple copies) but centralized (as in there's only one) ledger, which is a way of recording what happened and in what order. This ledger is public, meaning that anyone can read it, and immutable, meaning that no one can change what happened in the past.

The second element is the consensus algorithm, which is a way to ensure all the copies of the ledger are the same. This is generally called mining; a critical part of the system is that anyone can participate. It is also distributed, meaning that you don't have to trust any particular node in the consensus network. It can also be extremely expensive, both in data storage and in the energy required to maintain it. Bitcoin has the most expensive consensus algorithm the world has ever seen, by far.

Finally, the third element is the currency. This is some sort of digital token that has value and is publicly traded. Currency is a necessary element of a blockchain to align the incentives of everyone involved. Transactions involving these tokens are stored on the ledger.

Private blockchains are completely uninteresting. (By this, I mean systems that use the blockchain data structure but don't have the above three elements.) In general, they have some external limitation on who can interact with the blockchain and its features. These are not anything new; they're distributed append-only data structures with a list of individuals authorized to add to it. Consensus protocols have been studied in distributed systems for more than 60 years. Append-only data structures have been similarly well covered. They're blockchains in name only, and -- as far as I can tell -- the only reason to operate one is to ride on the blockchain hype.

All three elements of a public blockchain fit together as a single network that offers new security properties. The question is: Is it actually good for anything? It's all a matter of trust.

Trust is essential to society. As a species, humans are wired to trust one another. Society can't function without trust, and the fact that we mostly don't even think about it is a measure of how well trust works.

The word "trust" is loaded with many meanings. There's personal and intimate trust. When we say we trust a friend, we mean that we trust their intentions and know that those intentions will inform their actions. There's also the less intimate, less personal trust -- we might not know someone personally, or know their motivations, but we can trust their future actions. Blockchain enables this sort of trust: We don't know any bitcoin miners, for example, but we trust that they will follow the mining protocol and make the whole system work.

Most blockchain enthusiasts have a unnaturally narrow definition of trust. They're fond of catchphrases like "in code we trust," "in math we trust," and "in crypto we trust." This is trust as verification. But verification isn't the same as trust.

In 2012, I wrote a book about trust and security, Liars and Outliers. In it, I listed four very general systems our species uses to incentivize trustworthy behavior. The first two are morals and reputation. The problem is that they scale only to a certain population size. Primitive systems were good enough for small communities, but larger communities required delegation, and more formalism.

The third is institutions. Institutions have rules and laws that induce people to behave according to the group norm, imposing sanctions on those who do not. In a sense, laws formalize reputation. Finally, the fourth is security systems. These are the wide varieties of security technologies we employ: door locks and tall fences, alarm systems and guards, forensics and audit systems, and so on.

These four elements work together to enable trust. Take banking, for example. Financial institutions, merchants, and individuals are all concerned with their reputations, which prevents theft and fraud. The laws and regulations surrounding every aspect of banking keep everyone in line, including backstops that limit risks in the case of fraud. And there are lots of security systems in place, from anti-counterfeiting technologies to internet-security technologies.

In his 2018 book, Blockchain and the New Architecture of Trust, Kevin Werbach outlines four different "trust architectures." The first is peer-to-peer trust. This basically corresponds to my morals and reputational systems: pairs of people who come to trust each other. His second is leviathan trust, which corresponds to institutional trust. You can see this working in our system of contracts, which allows parties that don't trust each other to enter into an agreement because they both trust that a government system will help resolve disputes. His third is intermediary trust. A good example is the credit card system, which allows untrusting buyers and sellers to engage in commerce. His fourth trust architecture is distributed trust. This is emergent trust in the particular security system that is blockchain.

What blockchain does is shift some of the trust in people and institutions to trust in technology. You need to trust the cryptography, the protocols, the software, the computers and the network. And you need to trust them absolutely, because they're often single points of failure.

When that trust turns out to be misplaced, there is no recourse. If your bitcoin exchange gets hacked, you lose all of your money. If your bitcoin wallet gets hacked, you lose all of your money. If you forget your login credentials, you lose all of your money. If there's a bug in the code of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security, you lose all of your money. In many ways, trusting technology is harder than trusting people. Would you rather trust a human legal system or the details of some computer code you don't have the expertise to audit?

Blockchain enthusiasts point to more traditional forms of trust -- bank processing fees, for example -- as expensive. But blockchain trust is also costly; the cost is just hidden. For bitcoin, that's the cost of the additional bitcoin mined, the transaction fees, and the enormous environmental waste.

Blockchain doesn't eliminate the need to trust human institutions. There will always be a big gap that can't be addressed by technology alone. People still need to be in charge, and there is always a need for governance outside the system. This is obvious in the ongoing debate about changing the bitcoin block size, or in fixing the DAO attack against Ethereum. There's always a need to override the rules, and there's always a need for the ability to make permanent rules changes. As long as hard forks are a possibility -- that's when the people in charge of a blockchain step outside the system to change it -- people will need to be in charge.

Any blockchain system will have to coexist with other, more conventional systems. Modern banking, for example, is designed to be reversible. Bitcoin is not. That makes it hard to make the two compatible, and the result is often an insecurity. Steve Wozniak was scammed out of $70K in bitcoin because he forgot this.

Blockchain technology is often centralized. Bitcoin might theoretically be based on distributed trust, but in practice, that's just not true. Just about everyone using bitcoin has to trust one of the few available wallets and use one of the few available exchanges. People have to trust the software and the operating systems and the computers everything is running on. And we've seen attacks against wallets and exchanges. We've seen Trojans and phishing and password guessing. Criminals have even used flaws in the system that people use to repair their cell phones to steal bitcoin.

Moreover, in any distributed trust system, there are backdoor methods for centralization to creep back in. With bitcoin, there are only a few miners of consequence. There's one company that provides most of the mining hardware. There are only a few dominant exchanges. To the extent that most people interact with bitcoin, it is through these centralized systems. This also allows for attacks against blockchain-based systems.

These issues are not bugs in current blockchain applications, they're inherent in how blockchain works. Any evaluation of the security of the system has to take the whole socio-technical system into account. Too many blockchain enthusiasts focus on the technology and ignore the rest.

To the extent that people don't use bitcoin, it's because they don't trust bitcoin. That has nothing to do with the cryptography or the protocols. In fact, a system where you can lose your life savings if you forget your key or download a piece of malware is not particularly trustworthy. No amount of explaining how SHA-256 works to prevent double-spending will fix that.

Similarly, to the extent that people do use blockchains, it is because they trust them. People either own bitcoin or not based on reputation; that's true even for speculators who own bitcoin simply because they think it will make them rich quickly. People choose a wallet for their cryptocurrency, and an exchange for their transactions, based on reputation. We even evaluate and trust the cryptography that underpins blockchains based on the algorithms' reputation.

To see how this can fail, look at the various supply-chain security systems that are using blockchain. A blockchain isn't a necessary feature of any of them. The reasons they're successful is that everyone has a single software platform to enter their data in. Even though the blockchain systems are built on distributed trust, people don't necessarily accept that. For example, some companies don't trust the IBM/Maersk system because it's not their blockchain.

Irrational? Maybe, but that's how trust works. It can't be replaced by algorithms and protocols. It's much more social than that.

Still, the idea that blockchains can somehow eliminate the need for trust persists. Recently, I received an email from a company that implemented secure messaging using blockchain. It said, in part: "Using the blockchain, as we have done, has eliminated the need for Trust." This sentiment suggests the writer misunderstands both what blockchain does and how trust works.

Do you need a public blockchain? The answer is almost certainly no. A blockchain probably doesn't solve the security problems you think it solves. The security problems it solves are probably not the ones you have. (Manipulating audit data is probably not your major security risk.) A false trust in blockchain can itself be a security risk. The inefficiencies, especially in scaling, are probably not worth it. I have looked at many blockchain applications, and all of them could achieve the same security properties without using a blockchain­ -- of course, then they wouldn't have the cool name.

Honestly, cryptocurrencies are useless. They're only used by speculators looking for quick riches, people who don't like government-backed currencies, and criminals who want a black-market way to exchange money.

To answer the question of whether the blockchain is needed, ask yourself: Does the blockchain change the system of trust in any meaningful way, or just shift it around? Does it just try to replace trust with verification? Does it strengthen existing trust relationships, or try to go against them? How can trust be abused in the new system, and is this better or worse than the potential abuses in the old system? And lastly: What would your system look like if you didn't use blockchain at all?

If you ask yourself those questions, it's likely you'll choose solutions that don't use public blockchain. And that'll be a good thing -- especially when the hype dissipates.

This essay previously appeared on Wired.com.

EDITED TO ADD (2/11): Two commentaries on my essay.

I have wanted to write this essay for over a year. The impetus to finally do it came from an invite to speak at the Hyperledger Global Forum in December. This essay is a version of the talk I wrote for that event, made more accessible to a general audience.

It seems to be the season for blockchain takedowns. James Waldo has an excellent essay in Queue. And Nicholas Weaver gave a talk at the Enigma Conference, summarized here. It's a shortened version of this talk.

Dow Deflates on U.S.-China Trade Talks, Possible Government Shutdown; Cryptocurrencies See Large Volume Spike

The U.S. stock market traded mixed on Monday, with the Dow giving up triple-digit gains as investors shifted their focus to U.S.-China trade talks and a looming government shutdown in Washington. Cryptocurrencies enjoyed some early momentum thanks to an upsurge in trading volume. Dow Gives Up Gains After a strong start, the Dow Jones Industrial […]

The post Dow Deflates on U.S.-China Trade Talks, Possible Government Shutdown; Cryptocurrencies See Large Volume Spike appeared first on Hacked: Hacking Finance.

A week in security (February 4 – 8)

Last week on Malwarebytes Labs, we took a closer look at the technical and reputational challenges for Facebook as it tries to integrate secure messaging across Messenger, WhatsApp, and Instagram. We explored Google’s latest attempts to change how the public sees—literally—web browser URLs, gave some of our best tips on how to safely browse the Internet at work, and detailed a unique spam campaign involving ebooks, the Amazon Kindle web store and… John Wick? Yep.

Other cybersecurity news

Stay safe, everyone!

The post A week in security (February 4 – 8) appeared first on Malwarebytes Labs.

Crypto Breakout Coming? Volume Indicators Say Yes

The major cryptocurrencies reported slight-to-moderate gains on Monday, as the return of high-volume trading offered compelling evidence that a bearish-to-bullish trend reversal may be afoot. Market Update Most of the top 20 cryptocurrencies are trading in positive territory. Among the majors, Ethereum is leading the way higher. The developer’s cryptocurrency has gained 4% in the […]

The post Crypto Breakout Coming? Volume Indicators Say Yes appeared first on Hacked: Hacking Finance.

Trade Recommendation: EOS

EOS (EOS/BTC) is a good example of a market that’s settling to a higher range. You may want to use it as an example of how markets typically move during bullish conditions. EOS bottomed out around support of 0.0005 on December 7, 2018. At that point, we expected the price to range trade between 0.0005 […]

The post Trade Recommendation: EOS appeared first on Hacked: Hacking Finance.

Bitcoin Price Aims Higher as Volume Returns, Volatility Crumbles

Bitcoin’s price was little changed at the start of Monday’s session, though a volume breakout overnight signaled the return of bullish momentum. At the same time, volatility has dropped to its lowest level in nearly three months, a possible sign that the bears were slowly relinquishing control of the market. BTC/USD Update The bitcoin price […]

The post Bitcoin Price Aims Higher as Volume Returns, Volatility Crumbles appeared first on Hacked: Hacking Finance.

As Crypto Rally Cools, Binance Coin Remains Buoyant; CEO Changpeng Zhao Offers Encouraging Message to New Traders

Crypto markets underwent a gradual cooling over the weekend, as bitcoin and the major altcoins struggled to make higher highs following an explosive Friday rally. However, for Binance Coin (BNB), the rally was still very much intact thanks to a bevy of positive news surrounding the exchange. Market Update Most of the top 20 coins […]

The post As Crypto Rally Cools, Binance Coin Remains Buoyant; CEO Changpeng Zhao Offers Encouraging Message to New Traders appeared first on Hacked: Hacking Finance.

Bitcoin Price Holds Above $3,600 as Mt. Gox Creditors Seek Exchange Revival

Bitcoin’s long road to recovery hit a speed bump over the weekend, as price action narrowed following an explosive rally on Friday. The leading digital currency continues to hold above $3,600 amid speculation that a group of Mt. Gox creditors is seeking to revive the exchange and repay victims’ bitcoin. BTC/USD Update At the time […]

The post Bitcoin Price Holds Above $3,600 as Mt. Gox Creditors Seek Exchange Revival appeared first on Hacked: Hacking Finance.

Clipper malware on Play Store replaces users BTC & ETH wallet address

By Waqas

This is the first ever Clipper malware found on Play Store. Another day another Android malware on Google Play Store – This time the IT security researchers at ESET have discovered a malware known for replacing the content of clipboard on the targeted device. This type of malware is called Clipper malware. The malware was targeting Android […]

This is a post from HackRead.com Read the original post: Clipper malware on Play Store replaces users BTC & ETH wallet address

Has Bitcoin Bottomed? A Closer Look at the Bullish and Bearish Cases

The bitcoin bulls were back in force on Friday, as markets finally broke out of a prolonged stalemate that had kept price action fairly subdued. The rally, which occurred suddenly, threatened the underlying assertion that bitcoin still has room to fall before reaching a definitive bottom. BTC/USD Price Update The cryptocurrency market rose to nearly […]

The post Has Bitcoin Bottomed? A Closer Look at the Bullish and Bearish Cases appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin

We’ve been watching Bitcoin (BTC/USD) closely ever since it started forming a falling wedge on the daily chart. This was an indication that the market was becoming bullish even though price, volume and volatility were gradually dropping. Bears used these indicators to argue that Bitcoin would soon breach support of $3,200 and nosedive to monthly […]

The post Trade Recommendation: Bitcoin appeared first on Hacked: Hacking Finance.

Litecoin Sparks Huge Crypto Rally as Bitcoin Smashes Through $3,700

Cryptocurrencies broke out of their mundane trading range on Friday, as bitcoin and its altcoin peers posted their biggest gains in over a month. The move follows an explosive rally for Litecoin earlier in the day that was sparked by news that the protocol is moving closer to implementing privacy transactions. Crypto Breakout In the […]

The post Litecoin Sparks Huge Crypto Rally as Bitcoin Smashes Through $3,700 appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Stage Rally Attempt as Litecoin Triggers Buy Signal

The major cryptocurrencies are finally having a positive day following a quiet and bearish period, and although the negative overall picture hasn’t changed, bulls at have something to cheer about. Litecoin managed to move above its primary resistance level at $34.50, building on its recent relative strength, and that triggered a short-term buy signal in […]

The post Crypto Update: Coins Stage Rally Attempt as Litecoin Triggers Buy Signal appeared first on Hacked: Hacking Finance.

Gold Rush 2.0: Who’s Selling Shovels to the Bitcoin and Cryptocurrency Pioneers?

There’s an old saying that goes something like: “During a gold rush, sell shovels.” At the height of the California gold rush, the most profitable venture (on average) was not mining for gold itself, but selling the tools that facilitated the mining of gold. The legacy of this fact is still present even today – […]

The post Gold Rush 2.0: Who’s Selling Shovels to the Bitcoin and Cryptocurrency Pioneers? appeared first on Hacked: Hacking Finance.

Weekly Recap: Crypto Markets Get a Shake-Up as Litecoin Ascends; Bitcoin ETF Has Another Backer at the SEC

Cryptocurrencies were on the path to recovery Friday, as Litecoin’s sudden ascendancy propelled markets higher. This had a domino effect on the top 10 coins, whose rankings shifted following Litecoin’s explosive move north. The market’s performance on Friday helped offset a lackluster start to the week that saw coin values plunge to new yearly lows. […]

The post Weekly Recap: Crypto Markets Get a Shake-Up as Litecoin Ascends; Bitcoin ETF Has Another Backer at the SEC appeared first on Hacked: Hacking Finance.

Crypto Update: Key Levels to Watch for TRON and 2 Other Coins

TRON (TRX/BTC), ChainLink (LINK/BTC), and Binance Coin (BNB/BTC) have one thing in common: they’ve all decoupled from Bitcoin’s trend. In other words, bulls have taken over these markets while Bitcoin and other altcoins continue to languish in bear territory. Bulls have been flexing their muscles so hard that these three alts have been recently on […]

The post Crypto Update: Key Levels to Watch for TRON and 2 Other Coins appeared first on Hacked: Hacking Finance.

Child abuse imagery found in cryptocurrency blockchain

For the second time in a year, illegal child abuse images have been spotted inside a blockchain. According to a post by web blockchain payments system Money Button, on 30 January its service was abused to place “illegal content” inside the Bitcoin Satoshi Vision (BSV) ledger, a recent cryptocurrency hard fork from Bitcoin Cash [BCH]. […]

Bitcoin’s Range-Bound Consolidation Continues; Bearish Breakdown Eyed

Bitcoin (BTC) was little changed on Friday, as prices continued to languish near two-month lows following a sizable correction at the beginning of the week. Since the hard fall on Monday, the leading digital currency has shown little signs of recovery as the bears continue to eye the December 2018 low. BTC/USD Update The bitcoin […]

The post Bitcoin’s Range-Bound Consolidation Continues; Bearish Breakdown Eyed appeared first on Hacked: Hacking Finance.

Crypto Update: Altcoins Bounce Back but Technicals Still Point Lower

The major cryptocurrencies had another quiet session, despite this week’s bearish price action, and although the top coins failed to show technical progress, bulls avoided a break-down yet again. That said, selling pressure remains apparent in the segment and although we saw some encouraging signs in a few smaller altcoins, the total value of the […]

The post Crypto Update: Altcoins Bounce Back but Technicals Still Point Lower appeared first on Hacked: Hacking Finance.

Bitcoin Needs New Money – Can Russia Provide the Stimulus?

Although the last 13 months have been extremely painful for traders, hope is not completely lost.  Bitcoin (BTC) appears to have stagnated between 3,200 and 3,800.  One of the main problems is that there is a lack of money flowing into the markets.  Many traders lost incredible amounts of money during the past 13 months […]

The post Bitcoin Needs New Money – Can Russia Provide the Stimulus? appeared first on Hacked: Hacking Finance.

Crypto Markets See Modest Gains as SEC Commissioner Hints at Bitcoin ETF Approval

The cryptocurrency market stabilized on Thursday, with most of the top 20 coins registering modest gains through the early part of trading. Meanwhile, a commissioner at the U.S. Securities and Exchange Commission (SEC) sent a strong signal that a bitcoin exchange-traded fund (ETF) will eventually be approved. Markets Stabilize The cryptocurrency market capitalization clawed back […]

The post Crypto Markets See Modest Gains as SEC Commissioner Hints at Bitcoin ETF Approval appeared first on Hacked: Hacking Finance.

Trade Recommendation: GoChain

We’ve been watching GoChain (GO/BTC) ever since it breached support of 0.0000055 on February 1, 2019. At that point, we were fairly certain that the market will go to our line in the sand of 0.0000048. That would be a good opportunity to bottom pick the market. It looks like we’re going to get that […]

The post Trade Recommendation: GoChain appeared first on Hacked: Hacking Finance.

Stocks Drift Lower as Trump’s State of the Union Address Leaves Investors Empty-Handed

U.S. stocks drifted lower on Wednesday after President Trump’s State of the Union address failed to provide any new insight on trade talks or border-security funding. Cryptocurrencies declined virtually across the board following weeks of relative calm. Stocks Turn Lower All of Wall Street’s top indexes finished in negative territory. The S&P 500 Index fell […]

The post Stocks Drift Lower as Trump’s State of the Union Address Leaves Investors Empty-Handed appeared first on Hacked: Hacking Finance.

Crypto Update: Ethereum Hits 7-Week Low as Coins Resume Slide

While the top cryptocurrencies sold off in a concerted fashion today in early trading, and the relatively weaker coins fell below their short-term support levels, the segment once again avoided a decisive break-down in the low-volume environment. With the bearish momentum still being weak, the immediate outlook is rather neutral, but given the negative long-term […]

The post Crypto Update: Ethereum Hits 7-Week Low as Coins Resume Slide appeared first on Hacked: Hacking Finance.

Bitcoin Update: Breakout Incoming

Bitcoin (BTC/USD) has been bleeding out ever since it failed to take out resistance of $4,200 on December 24, 2018. Slowly but surely, price faded along with volume and momentum. Relief bounces have been few and far in between. Under such conditions, bears are once again making noise, screaming that the bottom may be found […]

The post Bitcoin Update: Breakout Incoming appeared first on Hacked: Hacking Finance.

Crypto Markets in the Danger Zone as Altcoins, Tokens Tumble

Cryptocurrencies experienced a sudden reversal on Wednesday, as altcoins and tokens succumbed to a fresh wave of selling through the overnight session. A shake-up in the market cap rankings saw Binance Coin leap into tenth spot ahead of bitcoin SV, which has struggled for acceptance following the bitcoin cash hard fork nearly three months ago. […]

The post Crypto Markets in the Danger Zone as Altcoins, Tokens Tumble appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Fights For $0.30 Support as Market Remains Frozen

Light trading continued in the major cryptocurrencies, with the top coins trading in very narrow ranges across the board. While the low-volatility, low-volume environment is usually bullish, given the recent failed rally attempts and the overwhelmingly negative long-term picture, bearish forces continue to clearly dominate the segment. In light of the downside risks traders and […]

The post Crypto Update: Ripple Fights For $0.30 Support as Market Remains Frozen appeared first on Hacked: Hacking Finance.

Five in a Row: S&P 500 Extends Rally on Huge Earnings Beats from Estee Lauder, Ralph Lauren

U.S. stocks extended their rally on Tuesday, as positive earnings surprises from a pair of discretionary companies propelled the S&P 500 to two-month highs. Crypto coins pivoted slightly lower in afternoon trading, with Stellar, IOTA and Tron losing strength. Rally Continues The large-cap S&P 500 Index rose 0.5% to 2,737.70, its highest settlement since early […]

The post Five in a Row: S&P 500 Extends Rally on Huge Earnings Beats from Estee Lauder, Ralph Lauren appeared first on Hacked: Hacking Finance.

A Hackers Take On Blockchain Security

One of the leading factors of the blockchain—aside from the obvious decentralization—is the high level of security behind it. It’s not uncommon to hear people claim that it is “unhackable.”

The post A Hackers Take On Blockchain Security appeared first on The Cyber Security Place.

Crypto Update: Bearish Drift Continues in Crypto-Land

Trading activity remained low in the cryptocurrency segment following the mixed weekend, and although the top coins continue to be stuck in bearish technical setups, bulls avoided a move below the key short-term support levels. That said, none of the majors managed to show bullish momentum or technical progress in the quiet environment, and we […]

The post Crypto Update: Bearish Drift Continues in Crypto-Land appeared first on Hacked: Hacking Finance.

Digital Exchange Loses $137 Million As Founder Takes Passwords To the Grave

A cryptocurrency exchange in Canada has lost control of at least $137 million of its customers' assets following the sudden death of its founder, who was the only person known to have access to the offline wallet that stored the digital coins. British Columbia-based QuadrigaCX is unable to access most or all of another $53 million because it's tied up in disputes with third parties. Ars Technica reports: The dramatic misstep was reported in a sworn affidavit that was obtained by CoinDesk. The affidavit was filed Thursday by Jennifer Robertson, widow of QuadrigaCX's sole director and officer Gerry Cotten. Robertson testified that Cotten died of Crohn's disease in India in December at the age of 30. Following standard security practices by many holders of cryptocurrency, QuadrigaCX stored the vast majority of its cryptocurrency holdings in a "cold wallet," meaning a digital wallet that wasn't connected to the Internet. The measure is designed to prevent hacks that regularly drain hot wallets of millions of dollars. Thursday's court filing, however, demonstrates that cold wallets are by no means a surefire way to secure digital coins. Robertson testified that Cotten stored the cold wallet on an encrypted laptop that only he could decrypt. Based on company records, she said the cold wallet stored $180 million in Canadian dollars ($137 million in US dollars), all of which is currently inaccessible to QuadrigaCX and more than 100,000 customers. "The laptop computer from which Gerry carried out the Companies' business is encrypted, and I do not know the password or recovery key," Robertson wrote. "Despite repeated and diligent searches, I have not been able to find them written down anywhere." The mismanaged cold wallet is only one of the problems besieging QuadrigaCX. Differences with at least three third-party partners has tied up most or all of an additional $53 million in assets. Making matters worse, many QuadrigaCX customers continued to make automatic transfers into the service following Cotten's death. On Monday, the site became inaccessible with little explanation, except for this status update, which was later taken down. On Thursday, QuadrigaCX said it would file for creditor protection as it worked to regain control of its assets. As of Thursday, the site had 115,000 customers with outstanding balances.

Read more of this story at Slashdot.

U.S. Stocks Rise Despite Grim Earnings Guidance; Cryptocurrencies Continue to Struggle

U.S. stocks turned higher on Monday, as investors shrugged off negative earnings guidance from FactSet ahead of President Trump’s planned State of the Union address. Cryptocurrencies were mostly unchanged, though Tron (TRX) and Binance Coin (BNB) put up sizable advances. Stocks Extend Rally After a shaky start, all of Wall Street’s major indexes turned positive […]

The post U.S. Stocks Rise Despite Grim Earnings Guidance; Cryptocurrencies Continue to Struggle appeared first on Hacked: Hacking Finance.

Crypto exchange loses access to $145M after CEO dies without giving password

By Waqas

The Canada-based cryptocurrency exchange QuardigaCX has suffered a major setback after the untimely death of its founder and CEO Gerald Cotten. Apparently, Cotten had exclusive and crucial information about the exchange’s password. Now that the CEO is no more, the exchange claims to have lost access to an exorbitant virtual currency amount that totals around […]

This is a post from HackRead.com Read the original post: Crypto exchange loses access to $145M after CEO dies without giving password

Security Affairs: QuadrigaCX exchange lost access to $145 Million funds after founder dies

QuadrigaCX Bitcoin exchange announced to have lost USD 145 million worth of cryptocurrency because the only person with access to its cold storage has died.


QuadrigaCX, the major Bitcoin exchange in Canada announced to have lost CAD 190 million (USD 145 million) worth of cryptocurrency because the only person with access to its cold (offline) storage wallets has died.

This person was Gerry Cotten, the founder and chief executive officer at QuadrigaCX. The Canadian exchange filed for legal protection from creditors in the Nova Scotia Supreme Court until it locates lost funds.

The bankruptcy hearing for QuadrigaCX is scheduled for February 5 at the same court Nova Scotia Supreme Court.

“In a sworn affidavit filed Jan. 31 with the Nova Scotia Supreme Court, Jennifer Robertson, identified as the widow of QuadrigaCX founder Gerald Cotten, said the exchange owes its customers roughly $250 million CAD ($190 million) in both cryptocurrency and fiat.” reported Coindesk.

“The company previously announced it had filed for creditor protection on its website, but the filing itself provides greater details about its predicament.

As of Jan. 31, 2019, there were roughly 115,000 users with balances signed up on the exchange, with $70 million CAD in fiat and $180 million CAD in crypto owed overall, according to the filing.

The exchange holds roughly 26,500 bitcoin ($92.3 million USD), 11,000 bitcoin cash ($1.3 million), 11,000 bitcoin cash SV ($707,000), 35,000 bitcoin gold ($352,000), nearly 200,000 litecoin ($6.5 million) and about 430,000 ether ($46 million), totaling $147 million, according to the affidavit.”

quadrigacx cryptocurrency-exchange

According to a sworn affidavit filed by Cotten’s widow Jennifer Robertson, QuadrigaCX was maintaining some CAD 260 million (USD 198 Million) in both cryptocurrencies (Bitcoin, Bitcoin Cash, Litecoin, and Ethereum) and fiat money.

The majority of the funds was stored in a cold wallet, just USD 286,000 were stored in the hot wallet of the company. A ‘cold wallet’ is used by exchanges to protect the funds from online threats, for this reason, it is a physical device that is isolated from the Internet.

The cold wallet was protected with a private key that was known only by Cotten, who unfortunately died of Crohn’s disease on December 9 in Jaipur, India.

Cotten’s wife declared that no other members of the company was in possession of the key to access the funds.

“For the past weeks, we have worked extensively to address our liquidity issues, which include attempting to locate and secure our very significant cryptocurrency reserves held in cold wallets, and that are required to satisfy customer cryptocurrency balances on deposit, as well as sourcing a financial institution to accept the bank drafts that are to be transferred to us. Unfortunately, these efforts have not been successful,” reads a message posted on the QuadrigaCX website.

Some experts don’t believe in the version provided by the QuadrigaCX team, they speculated that QuadrigaCX never dad $100 Million in is pool of funds. If confirmed, the company never had a cold wallet storing such amount of funds.

Is this an exit scam?

The researcher CryptoMed investigated the case by analyzing the blockchain of the QuadrigaCX’s Bitcoin Holdings. The experts examined TX IDs, addresses, and coin movements, and concluded that “there is no identifiable cold wallet reserves for QuadrigaCX.”

“The number of bitcoins in QuadrigaCX’s possession is substantially less than what was reported in Jennifer Robertson’s affidavit, submitted to the Canadian courts on January 31st, 2019,” reads the post published by the researcher on Medium.

“At least some of the delays in delivering crypto withdrawals to customers were due to the fact that QuadrigaCX simply did not have the funds on hand at the time. In some cases, QuadrigaCX was forced to wait for enough customer deposits to be made on the exchange before processing crypto withdrawal requests by their customers.”

“The people trying to pull off a QuadrigaCX exit scam could actually be the family and other employees, by hiding the fact that the cold wallet keys are known,” speculates bitcoin analyst Peter Todd. “Not saying this is happening, but need to consider all possibilities fairly in the investigation.”

The only certainty is that thousands of users would never be able to access their funds.

Pierluigi Paganini

(SecurityAffairs – QuadrigaCX’s , exit scam)

The post QuadrigaCX exchange lost access to $145 Million funds after founder dies appeared first on Security Affairs.



Security Affairs

QuadrigaCX exchange lost access to $145 Million funds after founder dies

QuadrigaCX Bitcoin exchange announced to have lost USD 145 million worth of cryptocurrency because the only person with access to its cold storage has died.


QuadrigaCX, the major Bitcoin exchange in Canada announced to have lost CAD 190 million (USD 145 million) worth of cryptocurrency because the only person with access to its cold (offline) storage wallets has died.

This person was Gerry Cotten, the founder and chief executive officer at QuadrigaCX. The Canadian exchange filed for legal protection from creditors in the Nova Scotia Supreme Court until it locates lost funds.

The bankruptcy hearing for QuadrigaCX is scheduled for February 5 at the same court Nova Scotia Supreme Court.

“In a sworn affidavit filed Jan. 31 with the Nova Scotia Supreme Court, Jennifer Robertson, identified as the widow of QuadrigaCX founder Gerald Cotten, said the exchange owes its customers roughly $250 million CAD ($190 million) in both cryptocurrency and fiat.” reported Coindesk.

“The company previously announced it had filed for creditor protection on its website, but the filing itself provides greater details about its predicament.

As of Jan. 31, 2019, there were roughly 115,000 users with balances signed up on the exchange, with $70 million CAD in fiat and $180 million CAD in crypto owed overall, according to the filing.

The exchange holds roughly 26,500 bitcoin ($92.3 million USD), 11,000 bitcoin cash ($1.3 million), 11,000 bitcoin cash SV ($707,000), 35,000 bitcoin gold ($352,000), nearly 200,000 litecoin ($6.5 million) and about 430,000 ether ($46 million), totaling $147 million, according to the affidavit.”

quadrigacx cryptocurrency-exchange

According to a sworn affidavit filed by Cotten’s widow Jennifer Robertson, QuadrigaCX was maintaining some CAD 260 million (USD 198 Million) in both cryptocurrencies (Bitcoin, Bitcoin Cash, Litecoin, and Ethereum) and fiat money.

The majority of the funds was stored in a cold wallet, just USD 286,000 were stored in the hot wallet of the company. A ‘cold wallet’ is used by exchanges to protect the funds from online threats, for this reason, it is a physical device that is isolated from the Internet.

The cold wallet was protected with a private key that was known only by Cotten, who unfortunately died of Crohn’s disease on December 9 in Jaipur, India.

Cotten’s wife declared that no other members of the company was in possession of the key to access the funds.

“For the past weeks, we have worked extensively to address our liquidity issues, which include attempting to locate and secure our very significant cryptocurrency reserves held in cold wallets, and that are required to satisfy customer cryptocurrency balances on deposit, as well as sourcing a financial institution to accept the bank drafts that are to be transferred to us. Unfortunately, these efforts have not been successful,” reads a message posted on the QuadrigaCX website.

Some experts don’t believe in the version provided by the QuadrigaCX team, they speculated that QuadrigaCX never dad $100 Million in is pool of funds. If confirmed, the company never had a cold wallet storing such amount of funds.

Is this an exit scam?

The researcher CryptoMed investigated the case by analyzing the blockchain of the QuadrigaCX’s Bitcoin Holdings. The experts examined TX IDs, addresses, and coin movements, and concluded that “there is no identifiable cold wallet reserves for QuadrigaCX.”

“The number of bitcoins in QuadrigaCX’s possession is substantially less than what was reported in Jennifer Robertson’s affidavit, submitted to the Canadian courts on January 31st, 2019,” reads the post published by the researcher on Medium.

“At least some of the delays in delivering crypto withdrawals to customers were due to the fact that QuadrigaCX simply did not have the funds on hand at the time. In some cases, QuadrigaCX was forced to wait for enough customer deposits to be made on the exchange before processing crypto withdrawal requests by their customers.”

“The people trying to pull off a QuadrigaCX exit scam could actually be the family and other employees, by hiding the fact that the cold wallet keys are known,” speculates bitcoin analyst Peter Todd. “Not saying this is happening, but need to consider all possibilities fairly in the investigation.”

The only certainty is that thousands of users would never be able to access their funds.

Pierluigi Paganini

(SecurityAffairs – QuadrigaCX’s , exit scam)

The post QuadrigaCX exchange lost access to $145 Million funds after founder dies appeared first on Security Affairs.

Bitcoin Unable to Break Mundane Trading Range as Bearish Grip Tightens

Bitcoin drifted slightly lower on Monday, as the bulls struggled to break a mundane trading range that has kept prices capped below $3,500. BTC/USD Update Bitcoin drifted within a narrow range at the beginning of the week, with aggregate prices fluctuating between $3,442.59 and $3,483.69, according to CoinMarketCap. At the time of writing, the BTC/USD […]

The post Bitcoin Unable to Break Mundane Trading Range as Bearish Grip Tightens appeared first on Hacked: Hacking Finance.

Cryptocurrency Firm Loses $145 Million After CEO Dies With Only Password

QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million (nearly USD 145 million) worth of cryptocurrency after the exchange lost access to its cold (offline) storage wallets. Reason? Unfortunately, the only person with access to the company’s offline wallet, founder of the cryptocurrency exchange, is dead. Following the sudden death of Gerry Cotten,

Bitcoin is Worth Less Than the Cost To Mine It

The production-weighted cash cost to create one Bitcoin averaged around $4,060 globally in the fourth quarter, according to analysts with JPMorgan Chase & Co. With Bitcoin itself currently trading below $3,600, that doesn't look like such a good deal. However, there's a big spread around the average, meaning that there are clear winners and losers. From a report: Low-cost Chinese miners are able to pay much less -- the estimate is around $2,400 per Bitcoin -- by leveraging direct power purchasing agreements with electricity generators such as aluminum smelters looking to sell excess power generation, JPMorgan analysts led by Natasha Kaneva said in a wide-ranging Jan. 24 report about cryptocurrencies spearheaded by Joyce Chang. Electricity tends to be the biggest cost for miners, needed to run the high-powered computer rigs used to process data blocks to earn Bitcoin. "The drop in Bitcoin prices from around $6,500 throughout much of October to below $4,000 now has increasingly pushed margins further and further negative for just about every region except low-cost Chinese miners," the analysts said, offering the caveat that their cost estimates may be skewed to the high side due to spotty data and conservative efficiency assumptions. The cost figures exclude equipment. "The drop in Bitcoin prices from around $6,500 throughout much of October to below $4,000 now has increasingly pushed margins further and further negative for just about every region except low-cost Chinese miners," the analysts said, offering the caveat that their cost estimates may be skewed to the high side due to spotty data and conservative efficiency assumptions. The cost figures exclude equipment. With margins negative, it's expected more high-cost producers will be forced to drop out, the analysts said.

Read more of this story at Slashdot.

Crypto Update: Weekend Rally Fades as Coins Lack Momentum

While the major cryptocurrencies had a bullish Saturday following a hectic week, with Litecoin pulling its weight again, the segment continues to be controlled by sellers. We still haven’t seen meaningful technical progress in the top coins, with even the short-term resistance levels proving too strong in the quiet and illiquid environment. Today, the majors […]

The post Crypto Update: Weekend Rally Fades as Coins Lack Momentum appeared first on Hacked: Hacking Finance.

Crypto Market Update: Coins Directionless as Weekend Trade Volumes Drop 12%; What’s in Store for Next Week?

The cryptocurrency market was at a virtual standstill on Sunday, as bitcoin held below $3,500 and the major altcoins showed little direction. Trade volumes have declined sharply since Friday, reflecting a lack of committal from either the bulls or the bears. Market Update Most of the top-20 cryptocurrencies were trading slightly lower on Sunday, according […]

The post Crypto Market Update: Coins Directionless as Weekend Trade Volumes Drop 12%; What’s in Store for Next Week? appeared first on Hacked: Hacking Finance.

$137milllion Worth of QuadrigaCX’s Customers’ Bitcoin Stuck in The Abyss

Cryptocurrency exchange, QuadrigaCX, has suffered a security incident after it lost control of its customers assets. $137 million worth of

$137milllion Worth of QuadrigaCX’s Customers’ Bitcoin Stuck in The Abyss on Latest Hacking News.

Bitcoin Volatility Recedes as Bear Market Reaches 411 Days

Bitcoin’s trading range continued to narrow on Saturday, as the leading digital currency endured its longest bear market in history. BTC/USD Update From peak to trough, bitcoin’s price fluctuated within a $34 range on Saturday, according to aggregate data provided by CoinMarketCap. At the time of writing, bitcoin was averaging $3,478.58, where it was little […]

The post Bitcoin Volatility Recedes as Bear Market Reaches 411 Days appeared first on Hacked: Hacking Finance.

Crypto Update: Market Bounces Again as Litecoin Gains Ground

The cryptocurrency segment had another active day, and although the recent failed rally attempt cemented the short-term downtrend, the majors managed to avoid another downswing, for now. The top coins were boosted by the more than 5% advance of Litecoin, while the continued stability of Bitcoin also helped investor sentiment in the segment ahead of […]

The post Crypto Update: Market Bounces Again as Litecoin Gains Ground appeared first on Hacked: Hacking Finance.

Bitcoin Sees Further Stability as CBOE Resubmits VanEck ETF Application

Bitcoin’s price held within a narrow range on Friday, as calm returned to the cryptocurrency market following a rocky start to the week. In terms of news, VanEck caused quite the stir on Thursday by announcing it had resubmitted its joint proposal with CBOE and SolidX for a bitcoin exchange-traded fund (ETF). BTC/USD Update The […]

The post Bitcoin Sees Further Stability as CBOE Resubmits VanEck ETF Application appeared first on Hacked: Hacking Finance.

Matrix Ransomware: A Threat to Low-Hanging Fruit

In its 2019 Threat Report, Sophos predicted a rise in targeted ransomware attacks. According to new research, Matrix, a copycat targeted ransomware that is flying under the radar, is one such threat that

The post Matrix Ransomware: A Threat to Low-Hanging Fruit appeared first on The Cyber Security Place.

Stocks Extend Best Month Since 2015; S&P 500 Clinches Best January Since 1987

U.S. stocks finished higher on Thursday, as the S&P 500 rounded out its best January in 32 years on the back of strong corporate earnings. Cryptocurrencies turned defensive in afternoon trading as XRP failed to sustain a double-digit rally that began midweek. Stocks Close January in Positive Territory The S&P 500 Index rose 0.9% to […]

The post Stocks Extend Best Month Since 2015; S&P 500 Clinches Best January Since 1987 appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Turn Lower as Ripple-Effect Fades

Yesterday’s rally, which was led by the surge in the price of Ripple quickly ran out of steam, as the majority of the major cryptocurrencies failed to make meaningful technical progress, and the broad bearish pressures remained strong in the segment. XRP spiked briefly above the $0.33 level, but failed to maintain its bullish momentum, […]

The post Crypto Update: Coins Turn Lower as Ripple-Effect Fades appeared first on Hacked: Hacking Finance.

Bitcoin on Track for Sixth Consecutive Monthly Loss; Will February Bring Reprieve?

Bitcoin’s price showed little upside on Thursday, as the leading digital currency rounds out its sixth consecutive month in the red. A reluctance by the bulls to capitalize on the $3,500-$4,000 price range suggests further downside is likely in the short term. BTC/USD Update The bitcoin price is currently trading as low as $3,414 on […]

The post Bitcoin on Track for Sixth Consecutive Monthly Loss; Will February Bring Reprieve? appeared first on Hacked: Hacking Finance.

Trade Recommendation: VIBE

VIBE (VIBE/BTC) is a market that wants to trend higher. We’ve been watching it ever since it broke above resistance of 0.0000085 on January 14, 2019. This sparked a strong rally that allowed the market to temporarily breach resistance of 0.0000148 and climb as high as 0.00001813 on January 15. While VIBE pulled back and […]

The post Trade Recommendation: VIBE appeared first on Hacked: Hacking Finance.

Crypto Update: Ripple Surges on Swift-R3 Partnership, but Bearish Forces Still Strong

The major cryptocurrencies all gained ground today, with the help of Ripple’s strong, news-induced rally, which propelled the currency all the way to the, recently significant, $0.32 price level. While XRP managed to recapture the $0.30 resistance level, its peers failed to make meaningful technical progress, and the bearish overall picture remains dominant in the […]

The post Crypto Update: Ripple Surges on Swift-R3 Partnership, but Bearish Forces Still Strong appeared first on Hacked: Hacking Finance.

5 Things Cryptocurrency and Blockchain Investors Should Beware of in 2019

Just over ten years on from its inception, the cryptocurrency and blockchain space is still in the nascent stages of its development. However, that should not be taken as a sign of slow progress. On the contrary, the blockchain space is evolving fast – so fast, in fact, that already we’re starting to see a […]

The post 5 Things Cryptocurrency and Blockchain Investors Should Beware of in 2019 appeared first on Hacked: Hacking Finance.

Crypto Update: Bitcoin and Two Altcoins to Revisit Lows

The first month of the year hasn’t been so kind to large cap cryptos like Bitcoin (BTC/USD), EOS (EOS/USD), and Monero (XMR/USD). While these three cryptos ended the last couple of weeks of 2018 strong, they’ve been pulling back ever since the calendar switched to 2019. As a matter of fact, they are now in […]

The post Crypto Update: Bitcoin and Two Altcoins to Revisit Lows appeared first on Hacked: Hacking Finance.

Bitcoin Stabilizes as Fidelity Sets Launch Date for New Crypto Custody Service

Bitcoin saw little upside on Wednesday, as traders shrugged off reports that Fidelity Investments was targeting March for the launch of its new crypto custody service. Treading Water Bitcoin’s price was last seen approaching $3,500, according to aggregate data provider CoinMarketCap. Over the past 24 hours, the digital currency has gained 1.6% to $3,493.18. On […]

The post Bitcoin Stabilizes as Fidelity Sets Launch Date for New Crypto Custody Service appeared first on Hacked: Hacking Finance.

Trade Recommendation: Binance Coin

Despite overall bearish sentiment, Binance Coin appears to be gathering bullish momentum as it continues to surprise. The market dropped to 0.001233 on November 28, 2018. At that point, Binance Coin was looking weak. After all, it just broke down from a descending triangle pattern on November 16 when it took out support of 0.001445. […]

The post Trade Recommendation: Binance Coin appeared first on Hacked: Hacking Finance.

U.S. Stocks Finish Mostly Lower Ahead of Big Earnings Reports; DOJ Pursues Criminal Charges Against Huawei

The U.S. stock indexes diverged on Tuesday, as an ongoing investigation into Huawei Technologies Co rattled investors’ sentiment ahead of high-profile earnings reports. Cryptocurrencies stabilized following a sharp and sudden reversal on Monday. Dow Clinches Gains The Dow Jones Industrial Average managed to stave off a rocky start to finish higher. The blue-chip index gained […]

The post U.S. Stocks Finish Mostly Lower Ahead of Big Earnings Reports; DOJ Pursues Criminal Charges Against Huawei appeared first on Hacked: Hacking Finance.

Crypto Update: Majors Attempt Bounce but Technical Setup Still Bearish

Following yesterday’s key short-term breakdown the top cryptocurrencies found support today in early trading and attempted a weak rally towards the previous support levels. With Bitcoin showing relative weakness overnight, and with Ripple and Ethereum only bouncing back slightly, the break-down remained clearly intact despite the rally attempt and the negative short- and long-term trends […]

The post Crypto Update: Majors Attempt Bounce but Technical Setup Still Bearish appeared first on Hacked: Hacking Finance.

A World Divided: Trump and China Take Sides in Venezuela; Maduro Warns: ‘Blood’s on Your Hands’

The U.S and China have lined themselves up along either side of the ever-widening Venezuelan faultline, as Donald Trump continues to stoke the fire which rages between Nicolas Maduro and the new self-declared president Juan Guaido. On Monday Donald Trump and his cabinet cranked up trade sanctions against the troubled Venezuelan regime, while Maduro responded […]

The post A World Divided: Trump and China Take Sides in Venezuela; Maduro Warns: ‘Blood’s on Your Hands’ appeared first on Hacked: Hacking Finance.

As Bitcoin Selloff Resumes, Crypto Markets Could Be Headed for New Lows

Bitcoin’s sharp and sudden reversal on Monday hastened the decline of altcoins and tokens, which have struggled to regain their footing since the bear market took a turn for the worse in November. The rapid decline has put crypto markets on track to test new yearly lows in the short term. Paradoxically, whether or not […]

The post As Bitcoin Selloff Resumes, Crypto Markets Could Be Headed for New Lows appeared first on Hacked: Hacking Finance.

Bitcoin Trapped Under Bearish Pressure; Further Losses Eyed

Bitcoin’s price held lower Tuesday, as the technical tug-of-war between the bulls and the bears continued to favor the latter following the biggest one-day drop in three weeks. BTC/USD Update After reaching a low near $3,350 at the beginning of the week, the bitcoin price has recovered only modestly. The leading digital currency was trading […]

The post Bitcoin Trapped Under Bearish Pressure; Further Losses Eyed appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bitcoin Gold

Bitcoin Gold (BTG/BTC) had a chance to launch a bull run on November 19, 2018 when it breached the range high of 0.004886. All it had to do was to flip that resistance into a support. Unfortunately, the market was not yet ready, as the price moved below the resistance the very next day. Bitcoin […]

The post Trade Recommendation: Bitcoin Gold appeared first on Hacked: Hacking Finance.

Crypto Update: Top Coins Break Support as Consolidation Period Ends

The bearish trend in the cryptocurrency segment proved its strength yet again, as following a lengthy period of consolidation, most of the majors broke below key support levels today, hitting new 1-month lows in the process. While there are a few positive signs that could give hope to bulls here, especially the relative stability of […]

The post Crypto Update: Top Coins Break Support as Consolidation Period Ends appeared first on Hacked: Hacking Finance.

U.S. Stocks Plunge on China Growth Woes; Crypto Markets Hit Six-Week Lows

U.S. stocks declined sharply on Monday after dismal earnings guidance from Caterpillar Inc. (CAT) and Nvidia Corp (NVDA) raised doubts about China’s economic health. Cryptocurrencies were down across the board as bitcoin and the major altcoins plumbed six-week lows. Stocks Under Pressure All of Wall Street’s major indexes finished in negative territory, with the Dow […]

The post U.S. Stocks Plunge on China Growth Woes; Crypto Markets Hit Six-Week Lows appeared first on Hacked: Hacking Finance.

Razy Trojan Installs Malicious Browser Extensions to Steal Cryptocurrency

Security researchers observed the Razy Trojan installing malicious extensions across multiple web browsers to steal cryptocurrency.

In 2018, Kaspersky Lab noticed that the Trojan was being distributed via advertising blocks on websites and free file hosting services disguised as legitimate software. The malware uses different infection processes for Google Chrome, Mozilla Firefox and Yandex Browser, disabling automatic updates and integrity checks for installed extensions.

Razy then uses its main.js script to steal cryptocurrency by searching websites for the addresses of digital wallets. If it finds what it’s looking for, the Trojan replaces the wallet addresses with those controlled by the malware’s operators.

Razy can also spoof images of QR codes that point to cryptocurrency wallets, modify digital currency exchanges’ webpages by displaying messages that lure users with the promise of new features, and alter Google or Yandex search results to trick victims into visiting infected websites.

Not the First Cryptocurrency Stealer — And Likely Not the Last

The Razy Trojan isn’t the first malware known for stealing users’ cryptocurrency. In July 2018, for example, Fortinet came across a malware sample that modified victims’ clipboard content to replace a copied bitcoin address with one belonging to threat actors. Just a few months later, researchers at enSilo discovered DarkGate, malware that is capable of crypto-mining and ransomware-like behavior in addition to stealing virtual currency from victims’ wallets.

These malware samples played a part in the rise of cryptocurrency theft last year. In just the first six months of 2018, Carbon Black observed that digital currency theft reached $1.1 billion. One of the incidents that took place within that time period involved the theft of $530 million, as reported by CNN.

How to Defend Against Malware Like Razy

Security professionals can help defend against threats like Razy by incorporating artificial intelligence (AI) into their organizations’ malware defense strategies, including the use of AI in detectors and cyber deception to misdirect and deactivate AI-powered attacks. Experts also recommend using blockchain and other advanced technologies to protect against cryptocurrency threats.

The post Razy Trojan Installs Malicious Browser Extensions to Steal Cryptocurrency appeared first on Security Intelligence.

At least six accounts robbed in hack of Bitcoin exchange LocalBitcoins

A breach of peer-to-peer exchange trading platform LocalBitcoins led to a series of unauthorized transactions from a number of accounts.

The exchange, which covers more than 16,000 cities around the globe, lets traders buy and sell Bitcoin in their vicinity. Its tagline, “Instant. Secure. Private” should no longer hold water following Saturday’s incident, which allowed hackers to steal funds from at least six of its users.

As per the official announcement, on Jan. 26 at around 10 AM (UTC), LocalBitcoins detected an “unauthorised source” accessing and sending transactions from a number of affected accounts. The exchange immediately disabled outgoing transactions. Still, admins later determined that at least six accounts had been affected.

“We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack,” reads the announcement. “At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.”

Outgoing transactions have since been re-enabled. The exchange claims to have set up a number of roadblocks to prevent further unauthorized access. It also advises its customers to use the two-factor-authentication mechanism available with the LocalBitcoins service. According to the company, LocalBitcoins accounts are currently safe to log into and use.

Apparently, the vulnerability that led to the breach was in the forums page software. The forum is currently down for maintenance as the team continues to work towards remediation.

Two weeks ago, a similar incident was reported in New Zealand where local cryptocurrency exchange Cryptopia suffered a breach that culminated in a lot of empty crypto wallets. The news led some users to speculate that the exchange itself faked the breach as part of an “exit scam.” Local police are investigating the breach, saying that “Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation.”

According to a notice by the New Zealand Police Media Centre, “Good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent.”

Bitcoin Risks Bigger Pullback as Prices Fall to Six-Week Low

Bitcoin pivoted south on Monday, falling to the lowest level since mid-December as bearish forces reasserted their control. Hard Fall The bitcoin price plunged to a low of around $3,350 on Monday, as the carnage quickly spread to altcoins and tokens. The sudden move lower shaved more than $6 billion off the combined cryptocurrency market […]

The post Bitcoin Risks Bigger Pullback as Prices Fall to Six-Week Low appeared first on Hacked: Hacking Finance.

Crypto’s Road to Recovery Is Paved With Obstacles

Crypto markets witnessed a sizable pullback on Sunday, as bitcoin lurched back below $3,600 and major altcoins registered slight to moderate declines. Although 2019 is shaping up to be a pivotal year for cryptocurrencies, the path to recovery is riddled with obstacles, chief among them being damaged investor sentiment and a myriad of regulatory issues. […]

The post Crypto’s Road to Recovery Is Paved With Obstacles appeared first on Hacked: Hacking Finance.

Altcoins TRX, BNB and Holo Fight to Hold on as Crypto Market Sinks $3.6 Billion

The global cryptocurrency market lost $3.6 billion in the previous twenty-four hours, while recent gainers Tron (TRX), Binance Coin (BNB) and Holo (HOT) attempted to continue pushing upward. A short flash dip on Sunday morning saw the global market cap drop from $121.7B down to $118.1B, returning the price of Bitcoin to the $3,570 range. […]

The post Altcoins TRX, BNB and Holo Fight to Hold on as Crypto Market Sinks $3.6 Billion appeared first on Hacked: Hacking Finance.

Trade Recommendation: Stellar Lumens

Stellar Lumens (XLM/BTC) may be a laggard among its large cap peers. While Litecoin (LTC/BTC), Ethereum (ETH/BTC), and Ripple (XRP/BTC) have already established a short-term bottom and have pumped, Stellar Lumens still appears to be extremely bearish. However, the price action over the last few days makes us believe that the market may be ripe […]

The post Trade Recommendation: Stellar Lumens appeared first on Hacked: Hacking Finance.

Trade Recommendation: Monetha

Monetha (MTH/BTC) is a market that looks ready to shift from accumulation to markup. To understand why, we have to go back to December 2017. During that time, the market was struggling to establish a durable support around 0.000004. When it did, bulls exploited the opportunity as they ignited a parabolic run and sent Monetha […]

The post Trade Recommendation: Monetha appeared first on Hacked: Hacking Finance.

Is Bitcoin Influencing Demand for Gold?

Despite being a non-correlated asset, bitcoin’s influence on the broader financial system is only now starting to be understood. According to Jan Van Eck, CEO of VanEck Associates, demand for bitcoin could partly explain gold’s price behavior over the past two-and-a-half years. Bitcoin and Gold: Demand Drivers Bitcoin’s year-long bear market may have shined the […]

The post Is Bitcoin Influencing Demand for Gold? appeared first on Hacked: Hacking Finance.

Trade Recommendation: Zilliqa

Our November 30, 2018 trade recommendation for Zilliqa (ZIL/BTC) hit both targets. The first one was hit on December 28 when the market climbed to as high as 0.00000527. The second target was achieved on January 16 when Zilliqa rallied to 0.00000645. Those who bought when we published the recommendation grew their investments by almost […]

The post Trade Recommendation: Zilliqa appeared first on Hacked: Hacking Finance.

U.S. Stocks Surge as Trump Agrees to End Government Shutdown

U.S. stocks extended their rally Friday after President Trump endorsed a temporary spending bill to reopen the government for the first time in 36 days. Stocks Climb All of Wall Street’s major indexes recorded firm gains. The Dow Jones Industrial Average climbed 183.96 points, or 0.8%, to 24,737.20. That was its highest settlement since Dec. […]

The post U.S. Stocks Surge as Trump Agrees to End Government Shutdown appeared first on Hacked: Hacking Finance.

Crypto Update: Altcoin Season on the Horizon

With so many altcoins posting daily gains between 20% and 100%, many on social media have began to speculate whether we’re about to enter a proper altcoin season. During this season, many mid cap and low cap alts have the potential to grow their market capital by over 500% in a short period of time. […]

The post Crypto Update: Altcoin Season on the Horizon appeared first on Hacked: Hacking Finance.

10 Reasons Why Bitcoin WILL Go to Zero: A Pessimist’s View

The Davos Conference threw up a wide variety of Bitcoin price predictions this week, ranging from the hopeful to the apocalyptic. A recent article on CCN suggested 10 Reasons Why Bitcoin Will Never Go to Zero, and while I don’t necessarily disagree with the points made, I thought I’d take upon the role of devil’s […]

The post 10 Reasons Why Bitcoin WILL Go to Zero: A Pessimist’s View appeared first on Hacked: Hacking Finance.

Weekly Recap: Tron, Litecoin Emerge from Crypto Purgatory; CBOE Puts Bitcoin ETF Debate to Rest for Now

Crypto Winter was in full effect this week, as digital currencies failed to break out of their mundane trading range. Along the way, investors learned of CBOE’s plans to shelf its application for a rule change with the Securities and Exchange Commission that would pave the way for the first U.S.-listed bitcoin exchange-traded fund. The […]

The post Weekly Recap: Tron, Litecoin Emerge from Crypto Purgatory; CBOE Puts Bitcoin ETF Debate to Rest for Now appeared first on Hacked: Hacking Finance.

Crypto Update: Market in Standstill but Weakness in Top Coins Apparent

While directionless trading continues in the cryptocurrency segment, the bearish drift in the top 3 coins is a warning sign for bulls that the broader downtrend is still intact. The technical setup has been unchanged for over a week, with the short-term trading ranges still being in place despite the failed break-downs and the weak […]

The post Crypto Update: Market in Standstill but Weakness in Top Coins Apparent appeared first on Hacked: Hacking Finance.

Bitcoin Price Update: BTC/USD Approaches Longest Bear Market in History

Bitcoin’s trading range continued to narrow on Friday, as market players remained on the sidelines following CBOE’s abrupt pullout from the crypto ETF race earlier this week. The leading digital currency is exactly one week away from enduring its longest bear market in history, highlighting the extent of the price collapse since December 2017. BTC/USD […]

The post Bitcoin Price Update: BTC/USD Approaches Longest Bear Market in History appeared first on Hacked: Hacking Finance.

New Ransomware strain ‘hAnt’ targets Bitcoin mining rigs

The infected mining rigs include Antminer S9 and T9 devices used for Bitcoin mining and Antminer L3 rigs used for Litecoin mining. Security experts noted that hAnt comes hidden inside

The post New Ransomware strain ‘hAnt’ targets Bitcoin mining rigs appeared first on The Cyber Security Place.

Strong Earnings Lift Nasdaq as Trade Tensions Weigh on Dow; Crypto Markets Look Beyond Bitcoin ETF Hysteria

U.S. stocks traded mixed on Thursday, as upbeat quarterly earnings from chipmakers and airliners boosted the Nasdaq despite weaker performances from the Dow and S&P 500. Cryptocurrencies rose slightly as investors shrugged off CBOE’s abrupt withdrawal of a highly-touted bitcoin ETF application. Stocks Finish Mostly Higher Wall Street’s major indexes diverged on Thursday. Strong earnings […]

The post Strong Earnings Lift Nasdaq as Trade Tensions Weigh on Dow; Crypto Markets Look Beyond Bitcoin ETF Hysteria appeared first on Hacked: Hacking Finance.

Crypto Update: Top Coins Still Under Pressure as Support Levels Continue to Hold

The technical setup continues to be stable in the cryptocurrency segment, with no major developments among the top coins, even as a few key short-term support levels have been tested in the past 24 hours. The weakness in the markets of Ethereum and Ripple is still weighing on the outlook of the broader market, and […]

The post Crypto Update: Top Coins Still Under Pressure as Support Levels Continue to Hold appeared first on Hacked: Hacking Finance.

Crypto Markets See Minor Losses as Investors Shrug Off Bitcoin ETF Withdrawal

Cryptocurrencies posted slight to moderate declines on Thursday, as the impact of CBOE’s bitcoin ETF withdrawal was largely disregarded by traders. This can mean one of two things: traders don’t care about the ETF or have yet to fully process the news. Market Update Most major cryptocurrencies traded slightly lower on Thursday, though losses were […]

The post Crypto Markets See Minor Losses as Investors Shrug Off Bitcoin ETF Withdrawal appeared first on Hacked: Hacking Finance.

Davos: What’s Bitcoin’s Role in Trump and China’s ‘New World Order’?

According to Investec CEO Hendrik du Toit, despite U.S, President Donald Trump and China’s President Xi Jinping not coming face to face at Davos this week, the event is still encapsulated by their simmering economic battle. The chief of the global investment firm suggested that Davos represents a thrashing out of the coming ‘new world […]

The post Davos: What’s Bitcoin’s Role in Trump and China’s ‘New World Order’? appeared first on Hacked: Hacking Finance.

Trade Recommendation: Theta Token

Theta Token (THETA/BTC) is a market that looks ready to pump. That’s because it has been in an accumulation period for over five months. It started on August 14, 2018 when it plummeted to as low as 0.00000982. At that point, Theta Token looked like it had more room to drop. However, the market was […]

The post Trade Recommendation: Theta Token appeared first on Hacked: Hacking Finance.

BTC/USD Hovers Below $3,600 as CBOE Withdraws VanEck-SolidX Bitcoin ETF Proposal

Bitcoin’s price maintained a stable trading range on Thursday after the Chicago Board Options Exchange (CBOE) pulled its request for a rule change that, if approved, would allow it to list a highly-touted bitcoin exchange-traded fund (ETF). BTC/USD Holds Steady Bitcoin was little changed through the early part of Thursday, as the price continued to […]

The post BTC/USD Hovers Below $3,600 as CBOE Withdraws VanEck-SolidX Bitcoin ETF Proposal appeared first on Hacked: Hacking Finance.

U.S. Stocks Stave Off Bear Attack as Trade Risks Linger; Waves and Bitcoin Cash Lead Tepid Crypto Market Recovery

Stocks struggled to hold their ground Wednesday after an earnings boost failed to offset concerns about slowing global growth and a lack of progress in U.S.-China trade talks. An early rally in cryptocurrencies mostly faded by the afternoon, though bitcoin cash and Waves maintained sizable gains over the continuous 24-hour cycle. Stocks Hold Gains The […]

The post U.S. Stocks Stave Off Bear Attack as Trade Risks Linger; Waves and Bitcoin Cash Lead Tepid Crypto Market Recovery appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Survive Break-Down Attempt, but Setup Still Bearish

Yesterday, the major cryptocurrencies experienced a quick sell-off below support and a rapid reversal, but the “glitch” (or manipulation attempt) didn’t change the overall technical setup. The top coins are back in their trading ranges that have been dominant for over a week, and the short- and long-term downtrends are all intact. While the recovery […]

The post Crypto Update: Coins Survive Break-Down Attempt, but Setup Still Bearish appeared first on Hacked: Hacking Finance.

Crypto Update: These 3 Altcoins Look Ready to Pump

With Bitcoin (BTC/USD) trading sideways, altcoins finally get the opportunity to shine. Over the last few weeks, small and mid cap coins have been pumping left and right. Many, such as BlockMason Credit Protocol (BCPT/BTC) and Viberate (VIB/BTC) have posted double digit gains in terms of percentage from their bottom. However, there are those that […]

The post Crypto Update: These 3 Altcoins Look Ready to Pump appeared first on Hacked: Hacking Finance.

Flush of Green: Crypto Markets on the Rise as Bitcoin Approaches Oversold Territory

Crypto markets saw renewed upside on Wednesday, as bitcoin emerged from oversold levels and bitcoin cash jumped to weekly highs. The moves, which appear technical in nature, set the stage for a bigger short-term rally. Markets Eye Recovery The total value of cryptocurrencies rose by more than $1 billion on Wednesday, reaching a high of […]

The post Flush of Green: Crypto Markets on the Rise as Bitcoin Approaches Oversold Territory appeared first on Hacked: Hacking Finance.

FUD at Davos: Bitcoin Price Holds Steady as Debate Over Future Grows

Bitcoin’s price continued to stabilize on Wednesday, as a lack of trading catalysts kept the bulls and the bears at bay. A debate over bitcoin’s future raged on at Davos, Switzerland midweek, offering some interesting perspectives about bitcoin’s long-term future. Price Holds Steady The bitcoin price has traded within a narrow range in the last […]

The post FUD at Davos: Bitcoin Price Holds Steady as Debate Over Future Grows appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ravencoin

Ravencoin (RVN/BTC) is a market that looks ready to rally. It dropped to as low as 0.00000321 on January 14, 2019. At that point, Ravencoin breached the line in the sand of 0.00000344. We were curious whether the market will eventually recover the support or it will continue to trend lower. We got a response […]

The post Trade Recommendation: Ravencoin appeared first on Hacked: Hacking Finance.

Return of Volatility? U.S. Stocks Plunge on China Growth Woes

U.S. stocks declined sharply on Tuesday, as fears of a slowing Chinese economy disrupted weeks of steady progress on Wall Street. Meanwhile, crypto markets continued to stabilize after a weekend pump-and-dump. Stocks Plunge All of Wall Street’s major indexes booked heavy losses in the first session back from Martin Luther King Jr. Day. The Dow […]

The post Return of Volatility? U.S. Stocks Plunge on China Growth Woes appeared first on Hacked: Hacking Finance.

Top 3 Price Prediction Bitcoin, Ripple, Ethereum: Good Things Happen to Those Who Wait

Signs of weakness appear while playing on the edge. ETH/USD must lead now or suffer for months. BTC/USD does not work for either side of the market. The most rising value right now is patience. In a world where everything goes faster than our mind is capable of handling, patience is today a value that […]

The post Top 3 Price Prediction Bitcoin, Ripple, Ethereum: Good Things Happen to Those Who Wait appeared first on Hacked: Hacking Finance.

What Joe Rogan and His Billions of Viewers Have Learned About Bitcoin, Crypto and Blockchain

Podcast powerhouse Joe Rogan has been dipping his toes into cryptocurrency ever more frequently since Andreas Antonopoulos made his first of four appearances to date on the show back in early 2014. In the intervening years, a potential billion monthly listeners have frequently been exposed to informative, educational, and sometimes controversial, cryptocurrency conversations on the […]

The post What Joe Rogan and His Billions of Viewers Have Learned About Bitcoin, Crypto and Blockchain appeared first on Hacked: Hacking Finance.

Bitcoin Price Remains Motionless as Bulls, Bears Lack Confidence

Bitcoin’s trading range continued to narrow on Tuesday, reflecting a lack of committal from the bulls and bears following the weekend pump-and-dump. Lack of Direction The bitcoin price fluctuated within a $60 range on Tuesday, according to data provider CoinMarketCap. At the time of writing, BTC/USD was averaging $3,588.94, where it was virtually unchanged compared […]

The post Bitcoin Price Remains Motionless as Bulls, Bears Lack Confidence appeared first on Hacked: Hacking Finance.

Trade Recommendation: Ethereum

Our Ethereum (ETH/BTC) trade recommendation on December 20, 2018 hit both targets. The first one was hit on December 23 when the market climbed as high as 0.03315. The second one was achieved on December 29 when ETH/BTC rallied to 0.037441. Those who followed the trade recommendation grew their investments by almost 40% in a […]

The post Trade Recommendation: Ethereum appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Settle Down After Weekend Pump & Dump

While crypto bulls had something to cheer about early on during the weekend following a rally attempt in the majors, the move once again failed to improve the technical setup in the segment, and the top coins quickly gave back their gains. Now, most of the coins are trading near the bottom of their short-term […]

The post Crypto Update: Coins Settle Down After Weekend Pump & Dump appeared first on Hacked: Hacking Finance.

Crypto Update: 5 Altcoins to Watch This Week

Four out of five of the altcoins that we included on last week’s list moved within our expectations. Ethereum (ETH/BTC) and NEM (XEM/BTC) have managed to stay above key support areas. In addition, Binance Coin (BNB/BTC) and 0x (ZRX/BTC) have maintained their bullish tone. Only Bitcoin Gold (BTG/BTC) disappointed as the market took out its […]

The post Crypto Update: 5 Altcoins to Watch This Week appeared first on Hacked: Hacking Finance.

Bitcoin Turns Defensive Following Sunday Slide; Binance Euro Platform Sees “Huge” Demand Amid Brexit

Bitcoin traded within a narrow range on Monday, after a sharp and sudden reversal during the previous session dragged prices back toward $3,500. The largest digital currency by market capitalization faces renewed headwinds in the wake of yet another failed attempt to break through the $3,700-$3,800 range. BTC/USD Update The bitcoin price slipped 0.4% on […]

The post Bitcoin Turns Defensive Following Sunday Slide; Binance Euro Platform Sees “Huge” Demand Amid Brexit appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bread

We’ve been watching Bread (BRD/BTC) ever since it bottomed out around the support of 0.00004525. At that point, we knew that the market has transitioned from markdown to accumulation. The smart money accumulated positions as the market range traded between 0.00004525 and 0.00006314. While there were several instances when Bread breached the range high of […]

The post Trade Recommendation: Bread appeared first on Hacked: Hacking Finance.

Bitcoin Reverses Gains as Bears Eye Breakdown of Major Support Level

Bitcoin swung lower on Sunday, giving back all of Saturday’s gain and setting the stage for a possible re-test of a long-term support level. BTC/USD Update Bitcoin’s price fell 4% to $3,596.96, where it was approaching an important long-term support. That level is located at $3,550. A successful penetration south by the bears could set […]

The post Bitcoin Reverses Gains as Bears Eye Breakdown of Major Support Level appeared first on Hacked: Hacking Finance.

Your Guide to Stablecoins 2019

Stablecoins are cryptocurrencies with a value pegged to a currency or to exchange traded commodities. Many projects today are researching and developing such technology. Issuers distribute stablecoins to customers in exchange for fiat currency such as USD at a 1:1 fixed exchange rate. USD is a desirable medium of exchange and globally accepted unit of […]

The post Your Guide to Stablecoins 2019 appeared first on Hacked: Hacking Finance.

Trade Recommendation: HyperCash

HyperCash (HC/BTC) is giving us bullish price action. It dropped to as low as 0.0001714 on December 8, 2018. At that point, the market was in danger of breaching support of 0.000175. Bulls struggled for a few days to keep the market above the support. Fortunately on December 11, market participants finally felt that a […]

The post Trade Recommendation: HyperCash appeared first on Hacked: Hacking Finance.

Crypto Markets Get a Boost Heading Into the Weekend as Debate Over Bitcoin ETF Intensifies

Cryptocurrency prices rose on Saturday, alleviating the risk of an imminent pullback following days of mostly lateral moves. As history has shown, longer periods of sideways trading are often followed by brisk selloffs in bitcoin and altcoins. Flush of Green The biggest cryptocurrencies all reported gains at the start of the weekend. Bitcoin, the largest by […]

The post Crypto Markets Get a Boost Heading Into the Weekend as Debate Over Bitcoin ETF Intensifies appeared first on Hacked: Hacking Finance.

Trade Recommendation: Bancor

The market structure of Bancor (BNT/BTC) is something that we’ve seen before. It looks like a market trying to carve a bottom. It all started on December 18, 2018 when the market started to establish support of 0.00014. At that point, Bancor was showing signs of reversal. First, it was trading at oversold levels. On […]

The post Trade Recommendation: Bancor appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Drift Lower but Damage Remains Limited

The major cryptocurrencies continue to trade in narrow ranges following last week’s decline and this week’s failed rally attempt. While Bitcoin is stuck near the $3600 support, the other top coins have been losing ground today, with Ethereum dipping below the $120 level, Ripple violating the $0.32 price level and Litecoin testing the $30-$30.50 support […]

The post Crypto Update: Coins Drift Lower but Damage Remains Limited appeared first on Hacked: Hacking Finance.

PayPal Credentials Stolen Through Phishing Attacks




Recently an in-developed ransomware has been found that attempts to take the user's PayPal credentials through a phishing attack notwithstanding encrypting files. The ransomware itself is 'unremarkable', yet the cleverest part is the ransom note as it offers a choice to the user to pay through PayPal just as the typical Bitcoin course.

Found by the MalwareHunterTeam, the trick offers criminals a one-two punch of advantages: Individuals who pay utilizing the internet's payment technique will be coordinated to a persuading looking phishing website which will endeavor to take the unfortunate user's PayPal credentials.

Be that as it may, in case of the PayPal phishing site choice when users tap on the "Buy Now" button, they are thusly directed to the Credit card part of the phish, in this way skirting the login.

What's more, when the victim submits their data, it is sent to http://ppyc-ve0rf.890m.com/s2 [.]php, where personal data of the individual, for example, their address is stolen. The phishing page at that point tells the user that their account unlocked and they are diverted to the PayPal login page and incited to sign in.

Since ransomware is growing to be progressively advanced and for this situation, it's much increasingly deadly joined with yet another attack vector i.e. phishing. Consequently it's not constantly conceivable to abstain from being hit by ransomware, yet in the event that one is, some basic steps can help diminish its effect.

Jake Moore, cyber security expert at ESET says this phishing attempt “inherently uses classic techniques that have been used for years and can usually be overcome by educating users” later adds,  “Targets will always need to be on guard when sent to a link and it’s vital they actively check the URL - especially when the phishing site looks very genuine.”

In this manner the most reasonable activity is not to give away one’s personal details except if one is certain beyond a shadow of a doubt that the site is genuine. Also abstaining from tapping on any link or download or open a document except if the user is certain that it is from a 'reliable source'.

Binance Coin Update: Wyckoff Breakout in Progress

Binance Coin (BNB/BTC) is the altcoin market’s ultimate comeback kid. It was dead in the water on November 17, 2018 when it broke support of 0.0014. The market flipped the support into resistance two days later on November 19 to confirm the breakdown. Binance Coin was supposed to enter a long bear winter. However, the […]

The post Binance Coin Update: Wyckoff Breakout in Progress appeared first on Hacked: Hacking Finance.

Weekly Recap: Crypto Volatility Declines as Bitcoin Shows Renewed Stability; U.S.-China Trade War Could Soon End

Cryptocurrencies remained under pressure this week, though newfound stability for bitcoin alleviated the risk of a new bearish breakdown. The leading digital currency has managed to hold above a critical long-term support line, which has had a stabilizing effect on the broader market. In traditional markets, signs of progress on U.S.-China trade talks pushed stock […]

The post Weekly Recap: Crypto Volatility Declines as Bitcoin Shows Renewed Stability; U.S.-China Trade War Could Soon End appeared first on Hacked: Hacking Finance.

Cryptopia cryptocurrency exchange hacked; suffers “significant losses”

By Waqas

Cryptopia, a New Zealand based cryptocurrency exchange has undercome a cyber attack leading to “significant losses.” The incident took place on January 14 and upon detecting the attack Cryptopia was forced to halt services by taking their website and exchange offline. Initially, on its Twitter account, Cryptopia claimed that the website has been taken down for “unscheduled maintenance” and displayed a […]

This is a post from HackRead.com Read the original post: Cryptopia cryptocurrency exchange hacked; suffers “significant losses”

BBC Email Scam Spoofs Broadcaster’s Site to Generate Bitcoin

Researchers identified a new email scam using seemingly legitimate BBC News webpages to reroute user clicks and generate bitcoin.

According to My Online Security, the spoofing attack emerged just after the holidays in the U.K. Malicious actors created what appeared to be legitimate emails containing a “Display Message” button, which in turn directed users to fake BBC webpages. Clicking anywhere on these scam pages rerouted users to an affiliate site that generated bitcoin for scammers based on page views.

It’s worth noting that the “Display Message” button doesn’t appear for Outlook users, and Mac users may find themselves redirected to fake login pages rather than spoofed BBC sites.

Not-So-Flattering Imitations

Spoofing is a common technique used by scammers to assuage user doubts and grab login credentials. Financial institutions are among the most popular targets in this kind of email scam. In some cases, spoofers misspell the names of legitimate websites (typosquatting), and in others they attach words to the original site address to keep the format but change the destination.

The BBC email scam opted for the second method, redirecting users to https://business-news.bbc-1.site/landers/bbc-business-news/#forward. The site looks legitimate at first glance, but upon further inspection, all articles and links relate to bitcoin, making money quickly or “invest now” finance opportunities.

As My Online Security points out, scammers are also sending messages from familiar contacts. In one case, a user received what appeared to be an expected invoice from a roofing company, but was instead the bitcoin redirect link. Further investigation revealed that the fake site was hosted by Cloudflare — once notified, the cloud provider set up an interstitial scam warning page to alert other users.

How to Defend Your Organization From Email Scams

The lucrative nature of click-driven spoofing means enterprises should expect more of the same in the foreseeable future. But it’s not all bad news: By employing physical safeguards such as verifying suspicious emails via a separate channel — phone calls, text messages or in person — organizations can lower their risk.

Security experts also suggest developing cyberattack frameworks that identify common attack vectors and deploy relevant countermeasures. For example, if spoofing emails are on the rise, a layered approach to email security can help weed out potential fakes. In addition, experts recommend regular re-evaluation of basic cybersecurity hygiene such as deleting redundant accounts, backing up critical data and application whitelisting — to reduce the chance of becoming a victim of an email scam.

The post BBC Email Scam Spoofs Broadcaster’s Site to Generate Bitcoin appeared first on Security Intelligence.

The Pirate Bay malware can empty your Cryptocurrency wallet

By Waqas

The malware was found hidden in the Windows shortcut file on The Pirate Bay. A new malware has been identified in popular torrent forum The Pirate Bay. The malware is discovered in a shortcut file for a movie and it has the capability to manipulate web pages along with changing the addresses for Bitcoin and […]

This is a post from HackRead.com Read the original post: The Pirate Bay malware can empty your Cryptocurrency wallet

A city in Texas is using paper after suffering ransomware attack

By Waqas

Another day, another devastating ransomware attack; this time, computers at The City Hall of Del Rio, Texas have suffered a massive ransomware attack forcing authorities to completely shut down the targeted network. The attack took place on Thursday, January 10th after which the City’s Management Information Services (MIS) Department went on to isolate the malware by turning off the […]

This is a post from HackRead.com Read the original post: A city in Texas is using paper after suffering ransomware attack

The Dark Overlord Claims to Have Stolen Secrets of 9/11 Attacks in Law Firm Data Breach

The threat group known as The Dark Overlord has claimed responsibility for a law firm data breach involving files allegedly related to the 9/11 terrorist attacks.

The Dark Overlord first announced on New Year’s Eve that it had stolen files belonging to Llyod’s of London, Silverstein Properties and Hiscox Syndicates Ltd., according to Motherboard. Although the group’s announcement on the Pastebin messaging service has been deleted, Motherboard confirmed the hack with Hiscox.

The stolen information reportedly includes email and voicemail messages as well as legal files such as non-disclosure strategies and expert witness testimonies.

9/11 Data Held for Ransom

In a Dec. 31 tweet, The Dark Overlord claimed it had managed to steal more than 18,000 secret documents that would provide answers about 9/11 conspiracy theories. Twitter has since suspended the group’s account.

SC Magazine reported that the law firm paid an initial ransom, but then violated terms of agreement by reporting the incident to law enforcement. The threat group is now demanding a second ransom be paid in bitcoin and said it will also sell information obtained in the breach to interested third parties on the dark web.

According to a post on Engadget, The Dark Overlord also attempted to prove it had committed the data breach by publishing nonsensitive material from other law firms as well as organizations such as the U.S. Transportation Security Administration (TSA) and Federal Aviation Authority (FAA).

How to Limit the Threat of Groups Like The Dark Overlord

This latest attack from The Dark Overlord is further proof that data breaches can not only create a PR nightmare, but also put organizations’ survival and, in some cases, national security at risk.

Unfortunately, the exact details around how The Dark Overload accessed the law firm’s network are unknown. Security experts recommend conducting a short but comprehensive 15-minute self-assessment to gauge the organization’s IT security strengths and weaknesses. The results can be benchmarked against similar firms, and security leaders can gain access to the expertise they need to keep groups like The Dark Overlord away from their data.

The post The Dark Overlord Claims to Have Stolen Secrets of 9/11 Attacks in Law Firm Data Breach appeared first on Security Intelligence.

Cryptojacking Up 4,000% How You Can Block the Bad Guys

Cryptojacking RisingThink about it: In the course of your everyday activities — like grocery shopping or riding public transportation — the human body comes in contact with an infinite number of germs. In much the same way, as we go about our digital routines — like shopping, browsing, or watching videos — our devices can also pick up countless, undetectable malware or javascript that can infect our devices.

Which is why it’s possible that hackers may be using malware or script to siphon power from your computer — power they desperately need to fuel their cryptocurrency mining business.

What’s Cryptocurrency?

Whoa, let’s back up. What’s cryptocurrency and why would people rip off other people’s computer power to get it? Cryptocurrencies are virtual coins that have a real monetary value attached to them. Each crypto transaction is verified and added to the public ledger (also called a blockchain). The single public ledger can’t be changed without fulfilling certain conditions. These transactions are compiled by cryptocurrency miners who compete with one another by solving the complex mathematical equations attached to the exchange. Their reward for solving the equation is bitcoin, which in the crypto world can equal thousands of dollars.

Power Surge

Cryptojacking RisingHere’s the catch: To solve these complex equations and get to crypto gold, crypto miners need a lot more hardware power than the average user possesses. So, inserting malicious code into websites, apps, and ads — and hoping you click — allows malicious crypto miners to siphon power from other people’s computers without their consent.

While mining cryptocurrency can often be a harmless hobby when malware or site code is attached to drain unsuspecting users CPU power, it’s considered cryptojacking, and it’s becoming more common.

Are you feeling a bit vulnerable? You aren’t alone. According to the most recent McAfee Labs Threats Report, cryptojacking has grown more than 4,000% in the past year.

Have you been hit?

One sign that you’ve been affected is that your computer or smartphone may slow down or have more glitches than normal. Crypto mining code runs quietly in the background while you go about your everyday work or browsing and it can go undetected for a long time.

How to prevent cryptojacking

Be proactive. Your first line of defense against a malware attack is to use a comprehensive security solution on your family computers and to keep that software updated.

Cryptojacking Blocker. This new McAfee product zeroes in on the cryptojacking threat and helps prevent websites from mining for cryptocurrency (see graphic below). Cryptojacking Blocker is included in all McAfee suites that include McAfee WebAdvisor. Users can update their existing WebAdvisor software to get Cryptojacking Blocker or download WebAdvisor for free.

Cryptojacking Rising

Discuss it with your family. Cryptojacking is a wild concept to explain or discuss at the dinner table, but kids need to fully understand the digital landscape and their responsibility in it. Discuss their role in helping to keep the family safe online and the motives of the bad guys who are always lurking in the background.

Smart clicks. One way illicit crypto miners get to your PC is through malicious links sent in legitimate-looking emails. Be aware of this scam (and many others) and think before you click on any links sent via email.

Stick with the legit. If a website, an app, or pop-up looks suspicious, it could contain malware or javascript that instantly starts working (mining power) when you load a compromised web page. Stick with reputable sites and apps and be extra cautious with how you interact with pop-ups.

Install updates immediately. Be sure to keep all your system software up-to-date when alerted to do so. This will help close any security gaps that hackers can exploit.

Strong passwords. These little combinations are critical to your family’s digital safety and can’t be ignored. Create unique passwords for different accounts and be sure to change out those passwords periodically.

To stay on top of the latest consumer and security threats that could impact your family, be sure to listen to our podcast Hackable? And, like us on Facebook.

The post Cryptojacking Up 4,000% How You Can Block the Bad Guys appeared first on McAfee Blogs.

Luas data ransom: the hacker who cried wolf?

In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning:

hacked site

Click to enlarge

You are hacked. Some time ago I wrote that you have serious security holes.

You didn’t reply.

The next time someone talks to you, press the reply button.

You must pay one bitcoin in five days. Otherwise I will publish all data and send emails to your users.

The message came with a Bitcoin address, and the defacement was quickly taken down.

Real threat or a blast of bluster?

Many observers questioned the legitimacy of this ransom threat. One Bitcoin is currently around 3,100 Euros. Luas aren’t exactly short of cash, so it wouldn’t be an issue for them to pay (not that we’d advise it). The general feeling was that either 3,100 Euros was a large sum of money to the attacker, or they just wanted the company to address the problem facing them without fuss.

As soon as the hack was announced, nervous customers wondered exactly what might be dumped into the ether should the ransom go unpaid. Names and addresses? Emails? Perhaps even payment data? However, this is where the hacker’s version of events starts to unravel. I’m not personally familiar with the website in question, and it’s currently still down, so I looked on Internet Archive.

A trip down memory lane

The site doesn’t appear to have any form of registration or login; it seems to be more of an information portal. Additionally, the one section that references payment—“Pay your standard fare notice”—leads to the payments site, which Luas pointed out hadn’t been compromised. The site read as follows:

The Luas website is undergoing restoration following a cyber-attack.

We wish to advise customers that the Tax Saver and Standard Fare Notice sites have NOT been compromised.

It’s worth noting the payments section hasn’t been taken offline, either.

The hacker who cried wolf?

We waited with baited breath as the ransom timer ticked down. Would we see a large blast of customer data popping up online? Or would the whole thing fall flat? If essential information such as logins and payment data hadn’t been grabbed, what exactly were we talking about here? Basic website metrics such as visitor stats or website referrers? What could this attacker possibly have grabbed while achieving what appears to have been a perfectly standard webpage defacement in all other respects?

The answer is, of course, “Nobody knows.”

The deadline has come, gone, and is now on vacation somewhere. Occasionally, it lets you know the weather is lovely and reminds you to put the bins out.

Absolutely none of which helps anybody who suspects they may have been caught up in this. Even more slightly surreal is the fact Luas said they’d contact anyone they thought may be affected, but there’s zero example of said contact on social media that I can find.

Customers: An update on the Luas cyberattack.

Luas technicians are still investigating it and are working to restore the site.

Luas has contacted the Commissioner for Data Protection and we have in accordance with best practice contacted everyone whose information may have been compromised.

This is absolutely not what normally happens, and at this point I’d usually be linking to a deluge of “you got me” posts. That’s the theory. The reality, currently, is nothing but a wave of silence.

This number is no longer available

Our suspicion here is that nothing customer related was taken and it was all a ransom-themed bluff to either grab some Bitcoin cash or attention, or perhaps both. If you’ve used any Luas site for any type of registration or payment, you’re probably fine.

Unless the site compromiser had a sudden change of heart, they were going to dump the data in public fashion instead of some hidden underground forum, but it hasn’t happened. People may call them “underground,” but the reality is data dumps don’t remain private for long.

No further updates are forthcoming from Luas, so it doesn’t appear they’ve been told their number is up either. All in all, we’d say cross some fingers and hope everything is coming up Milhouse.

While I try to remember if things coming up Milhouse is good or bad, here’s what you can do if you’re still worried you may be affected.

Data dump fallout tips

This isn’t just good advice for the Luas attack, but for any potential breach situation.

If you’re on Twitter, simply follow haveibeenpwned, a service maintained by security pro Troy Hunt. It will usually be one of the first places you’ll hear about any breach where data has been taken. After that, head over to the haveibeenpwned website and check if your emails have been included in any attacks. If they have, you’ll see a short summary of when it happened and what was taken. Note that you won’t see the stolen data.

Finally, you can register for alerts when any new breaches are added.

There’s really no need to go spelunking into the murky pools of hacker forums, looking in vain for a breach you may be on. Rest assured that if it’s happened, you’ll find out eventually—one way or another. At that point, it’s a case of changing your logins and applying whatever security steps are required to fix things up. Ransoms are always a major issue, whether from threats or infection files. If this story has any additional developments, we will of course update this post as to what anyone affected should do next.

The post Luas data ransom: the hacker who cried wolf? appeared first on Malwarebytes Labs.

Security newsround: January 2019

We round up interesting research and reporting about security and privacy from around the web. This month: the security year in review, resilience on rails, incidents in depth, phishing hooks millennials, Internet of Threats, and CISOs climbing the corporate ladder.

A look back at cybercrime in 2018

It wouldn’t be a new year’s email without a retrospective on major security incidents over the previous 12 months. Credit to CSO Online for assembling a useful overview of some of last year’s most common risks and threats. To beef up this resource, it sourced external research and stats, while adding plenty of links for further reading. Some of the highlights include the massive rise in cryptocurrency mining. “Coin miners not only slow down devices but can overheat batteries and sometimes render a device useless,” it warned.

The article also advises against posting mobile numbers on the internet, because criminals are finding ways to harvest them for various scams. CSO also advises organisations about knowing the value of their data in order to protect it accordingly. Threatpost has a handy at-a-glance guide to some of the big security incidents from the past year. Meanwhile, kudos to Vice Motherboard for its excellent ‘jealousy list’ which rounds up great hacking and security stories from 2018 that first appeared in other media outlets.

Luas security derails tram website

The new year got off to a bad start for Dublin’s tram operator Luas, after an unknown attacker defaced its website in a security incident. On January 2nd, the Luas site had this message: “You are hacked… some time ago i wrote that you have serious security holes… you didn’t reply… the next time someone talks to you, press the reply button… you must pay 1 bitcoin in 5 days… otherwise I will publish all data and send emails to your users.”

The incident exposed 3,226 user records, and Luas said they belonged to customers who had subscribed to its newsletter. News of the incident spread widely, possibly due to Luas’ high profile as a victim, or because of the cryptocurrency angle.

The tram service itself was not affected, nor was the company’s online payments system. While the website was down, Luas used its Twitter feed to communicate travel updates to the public, and warned people not to visit the site. Interviewed by the Irish Times, Brian Honan said the incident showed that many organisations tend to forget website security after launch. As we’ve previously blogged, it’s worth carrying out periodic vulnerability assessments to spot gaps that an attacker could exploit. With the Luas site not fully back six days later, Brian noted on Twitter that it’s important to integrate incident response with business continuity management.

One hacked laptop and two hundred solemn faces

When an employee of a global apparel company clicked on a link in a phishing email while connected to a coffee shop wifi, they unwittingly let a cybercrime gang onto their corporate network. Once in, the attackers installed Framework POS malware on the company’s retail server to steal credit card details. It’s one real-life example from CrowdStrike’s Cyber Intrusion Casebook. The report details various incident response cases from 2018. It also gives recommendations for organisations on steps to take to protect their critical data better. In addition to coverage in online news reports, the document is available as a free PDF on CrowdStrike’s site.

Examples like these show the need for resilience, which we’ve blogged about before. No security is 100 per cent perfect. But it shouldn’t follow that one gap in the defences brings the entire wall crumbling down.

Digitally savvy, yes. Security savvy, not so much

Speaking of phishing, a new survey has found that digital natives are twice as likely to have fallen victim to a phishing scam than their older – sorry, we mean more experienced –  colleagues. Some 17 per cent in the 23-41 age group clicked on a phishing link, compared to 42-53 years old (6 per cent) or 54+ (7 per cent). The findings suggest a gap between perception and reality.

Out of all the age groups, digital natives were the most confident in their ability to spot a scam compared to their senior peers. Yet the 14 per cent of digital natives who weren’t as sure of their ability to spot a phish was strikingly close to the percentage in the same age bracket who had fallen for a phishing email. The survey by Censuswide for Datapac found that 14 per cent of Irish office workers – around 185,000 people – have been successfully phished at some stage.

OWASP’s IoT hit list

Is your organisation planning an Internet of Things project in 2019? Then you might want to send them in OWASP’s direction first. The group’s IoT project aims to improve understanding of the security issues around embedding sensors in, well, anything. To that end, the group has updated its top 10 list for IoT. The risks include old reliables like weak, guessable passwords, outdated components, insecure data transfer or storage, and lack of physical hardening. The full list is here.

The number’s up for CISO promotions

Why do relatively few security professionals ascend to the highest levels of business? That’s the provocative question from Raj Samani, chief scientist with McAfee. In an op-ed for Infosecurity Magazine, Samani argues that security hasn’t yet communicated its value to the business in an identifiable way. Proof of this is the fatigue or indifference over ever-mounting numbers of data breaches. Unlike a physical incident like a car accident where the impact is instantly visible, security incidents don’t have the same obvious cause and effect.

“The inability to determine quantifiable loss means that identifying measures to reduce risk are merely estimated at best. Moreover, if the loss is rarely felt, then the value of taking active steps to protect an asset can simply be overlooked,” Samani writes. “We can either bemoan the status quo or identify an approach that allows us to articulate our business value in a quantifiable way.”

The post Security newsround: January 2019 appeared first on BH Consulting.

Bogus Bomb Threats Demand Bitcoin Disrupt Businesses

Bogus bomb threats created a scare across the country. A quick note here that I'll dive into more deeply next week. The big question at this time -- with MANY of the IP addresses found in email headers originating from Moscow, Russia, is this "Russian influence" designed to disrupt American commerce? or is this just a spammer looking for a new way to make money?

IF YOU HAVE SAMPLES OF THE EMAIL, PLEASE REPORT THEM

The more emails we have to analyze, the better our understanding of this threat will be.  While reporting to the FBI's IC3.gov is a great idea, and highly encouraged, that hides the details from security researchers such as myself.  One great place to report any type of fraudulent bitcoin activity is "BitCoinAbuse.com".  If you decide to report there, please extract the sending IP address and the email Subject from your spam and include them as part of the report.  We can cluster on both of those things. (Including the bitcoin address used is a given.)

Extracts taken from BitCoinAbuse.com follow below. You can read the original reports yourselves here:

(If you have a sample of one of these emails, please consider filling out a BitCoinAbuse.com/report - but please make sure to include the SENDING IP ADDRESS from the email headers!)

Email Bodies contain Spam-template randomization

Here are extracts from many of the spam messages. Note for example the [man | mercenary | recruited person] and [tronitrotoluene | Hexogen | Tetryl] substitutions. Or the [suspicious | unnatural | strange] [activity | behavior] or the [power the device | device will be blown up | power the bomb]. This is very characteristic spam behavior.

Subjects reported by the NCFTA include:

Subject: Better listen to me
Subject: Bomb is in your building
Subject: Do not panic
Subject: Do not waste your time
Subject: Dont get on my nerves
Subject: I advise you not to call the police
Subject: I've collected some very interesting content about you
Subject: keep calm
Subject: My device is inside your building
Subject: Think about how they can help you
Subject: Think twice
Subject: We can make a deal
Subject: You are my victim
Subject: You are responsible for people
Subject: Your building is under my control
Subject: Your life is in your hands
Subject: Your life can be ruined, concentrate
Subject: You're my victim

(If you have examples of other Subjects, please share them in the comments section)

Hello. There is the bomb (tronitrotoluene) in the building where your company is located. It is constructed under my direction. It has small dimensions and it is hidden very carefully, it is not able to damage the supporting building structure, but you will get many wounded people if it detonates. My recruited person is controlling the situation around the building. If he notices any strange activity or policemen the device will be blown up. I want to propose you a deal. $20'000 is the value for your safety. Pay it to me in BTC and I assure that I have to withdraw my recruited person and the bomb will not explode. But do not try to deceive me- my assurance will become actual only after 3 confirms in blockchain. It is my btc address : 15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM

Good day. My mercenary hid an explosive device (Hexogen) in the building where your business is conducted. It was assembled according to my instructions. It is compact and it is hidden very carefully, it is impossible to damage the structure of the building by this bomb, but in case of its explosion you will get many victims.My mercenary is watching the situation around the building. If he notices any suspicious behavior, panic or cops he will blow up the bomb.I want to propose you a bargain. You transfer me 20'000 usd in BTC and the bomb will not explode, but don't try to deceive me -I guarantee you that I have to withdraw my man only after 3 confirmations in blockchain network. It is my Bitcoin address : 1LrZorkdqzPsg8JaGLwjLwg35viiH1Sv9v You must send bitcoins by the end of the working day.

My mercenary has carried an explosive device (Tetryl) into the building where your company is located. It was assembled under my direction. It can be hidden anywhere because of its small size, it is impossible to destroy the building structure by this explosive device, but if it detonates there will be many victims. My recruited person is watching the situation around the building. If he sees any unusual behavior or policemen he will power the device. I would like to propose you a deal. 20.000 dollars is the cost for your life. Tansfer it to me in BTC and I ensure that I will call off my man and the bomb will not explode. But do not try to fool me- my warranty will become valid only after 3 confirms in blockchain network. Here is my BTC address - 15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM You have to pay me by the end of the working day, if you are late with the payment the device will explode.

Good day. I write you to inform you that my mercenary hid an explosive device (lead azide) in the building where your company is located. My recruited person constructed a bomb under my direction. It can be hidden anywhere because of its small size, it can not damage the supporting building structure, but you will get many victims in case of its explosion. My mercenary keeps the territory under the control. If he notices any unnatural behavior or emergency he will power the bomb. I can call off my man if you make a transfer. 20'000 usd is the price for your safety. Pay it to me in Bitcoin and I guarantee that I will call off my mercenary and the device will not detonate. But do not try to cheat- my assurance will become valid only after 3 confirmations in blockchain.

Good day. There is a bomb (tronitrotoluene) in the building where your company is conducted. My recruited person constructed the explosive device according to my instructions. It can be hidden anywhere because of its small size, it is impossible to destroy the structure of the building by my explosive device, but in case of its explosion you will get many victims. My man keeps the territory under the control. If any unnatural behavior, panic or emergency is noticed the device will be blown up. I can call off my recruited person if you make a transfer. 20'000 usd is the price for your safety. Tansfer it to me in Bitcoin and I ensure that I will withdraw my mercenary and the bomb won't explode. But do not try to deceive me- my warranty will become valid only after 3 confirms in blockchain network. My payment details (Bitcoin address): 1CDs3JXUU6wNmndAF7EFcrJ6GGSYRKXd7w

My man hid a bomb (lead azide) in the building where your business is conducted. It was constructed according to my guide. It is small and it is hidden very well, it is impossible to destroy the supporting building structure by this explosive device, but you will get many victims in the case of its detonation. My mercenary keeps the territory under the control. If any unnatural activityor emergency is noticed the bomb will be blown up. I would like to propose you a deal. You transfer me $20'000 in Bitcoin and explosive will not explode, but do not try to cheat -I warrant you that I will call off my man solely after 3 confirmations in blockchain network.

Hello. There is the bomb (lead azide) in the building where your business is conducted. My man built the explosive device according to my instructions. It is compact and it is hidden very carefully, it is impossible to damage the structure of the building by this explosive device, but if it detonates you will get many victims. I would like to propose you a bargain. 20.000 dollars is the cost for your life. Pay it to me in BTC and I guarantee that I have to call off my man and the device will not explode. But do not try to cheat- my guarantee will become valid only after 3 confirmations in blockchain network.

My man has carried the explosive device (tronitrotoluene) into the building where your business is conducted. My recruited person constructed the bomb according to my guide. It can be hidden anywhere because of its small size, it can not destroy the supporting building structure, but in the case of its detonation there will be many wounded people. My man is controlling the situation around the building. If any unnatural activity, panic or policeman is noticed the device will be blown up.
I write you to inform you that my recruited person carried the explosive device (Tetryl) into the building where your business is located. It is assembled according to my instructions. It can be hidden anywhere because of its small size, it is impossible to destroy the building structure by this bomb, but in case of its explosion there will be many victims. My man is controlling the situation around the building. If he sees any suspicious activity, panic or emergency the device will be exploded. I can withdraw my mercenary if you make a transfer. You transfer me 20.000 dollars in Bitcoin and the device will not detonate, but don't try to fool me -I ensure you that I will withdraw my recruited person only after 3 confirmations in blockchain. Here is my BTC address - 161JE4rHfvygXUVLya8N2WFptjwon2172t


These were EVERYWHERE - NOT targeted

Dozens of law enforcement agencies tweeted about these threats being received in their local area.  If you are aware of such "official" tweets, please leave a link to the Twitter Status report in the comments section below. 

Even AFTER it was well known that these were hoaxes, many law enforcement agencies continued to respond with full bomb squad roll-outs.  Given the history in Oklahoma City, this was especially understandable there, but wasted a tremendous amount of resources as they responded to AT LEAST thirteen threats just in that city!

Here are a few examples, and then a longer list in Table form:


https://twitter.com/HsvPolice/status/1073310129284661254

https://twitter.com/PelhamPoliceAL/status/1073323648436658176

https://twitter.com/TulsaPolice/status/1073309200967761923

https://twitter.com/houstonpolice/status/1073320693507506177
Each entry in the table below is an "official" Tweet indicating local law enforcement responded to a bomb threat in that area.  If your local is not listed, please search for "official" notices for your area and share them in our comments section.  Thanks!

Calgary, Alberta, CA
Calgary, Alberta, CA
Winnipeg, Manitoba, CA
London, Ontario, CA
Toronto, Ontario, CA
Anniston, Alabama
Pelham, Alabama
Anchorage, Alaska
Phoenix, Arizona
Bakerfield, California
Chico, California
Chino, California
Garden Grove, California
Los Angeles, California
San Francisco, California
San Francisco, California
Santa Rosa, California
Ottawa, Canada
Aurora, Colorado
Fort Collins, Colorado
Danbury, Connecticut
Wallingford, Connecticut
Ocala, Florida
Sanford, Florida
Tampa, Florida
Atlanta, Georgia
Dekalb County, Georgia
Valdosta, Georgia
Honolulu, Hawaii
Chicago, Illinois
Chicago, Illinois
Indianapolis, Indiana
Cedar Rapids, Iowa
Wichita, Kansas
Wichita, Kansas
Lexington, Kentucky
Portland, Maine
Frederick, Maryland
Salisbury, Maryland
Boston, Massachusetts
Salisbury, Massachusetts
Massachusetts State Police
Detroit, Michigan
Grand Blanc, Michigan
Grand Rapids, Michigan
Long Beach, Mississippi
Raleigh, NC
Lincoln, Nebraska
Lincoln, Nebraska
Omaha, Nebraska
Linden, New Jersey
Buffalo, New York
Buffalo, New York
Buffalo, New York
New York, New York
Niagara Falls, New York
Rochester, New York
Boone, North Carolina
Boone, North Carolina
UNC Raleigh, North Carolina
Cleveland, Ohio
Columbus, Ohio
Bexley, Ohio (Capital University)
Oklahoma City, Oklahoma
Oklahoma City, Oklahoma
Tulsa, Oklahoma
Erie, Pennsylvania
Lancaster, Pennsylvania
Memphis, Tennessee
Beaumont, Texas
El Paso, Texas
Fricso, Texas
Houston, Texas
Lubbock, Texas
Rosenberg, Texas
St. George, Utah
St. George, Utah
Chesterfield County, Virginia
Hampton Roads, Virginia
Bellevue, Washington
Massachusetts States Police
Michigan State Police
Michigan State Police
Notre Dame University
Washington DC

Bitcoin Bomb Scare Associated with Sextortion Scammers

This blog was written by Jaeson Schultz.

Organizations across the country are on edge today after a flurry of phony bomb threats hit several public entities Thursday, such as universities, schools and news outlets, among others. The attackers distributed malicious emails claiming to have placed some type of explosive materials in the recipient's building. The emails stated the attackers would detonate these explosives unless the victim made a Bitcoin payment of several thousand dollars.

Cisco Talos discovered that this campaign is actually an evolution of sextortion and extortion attacks that we reported on in October. The claims in the emails we've seen from this actor are completely false, yet they have caused untold amounts of damage as organizations have evacuated buildings and called upon law enforcement to investigate.


An example of the malicious, phony emails that attackers sent out to organizations across the U.S. yesterday.


What makes these particular extortion messages unique from other extortion scams we've monitored is that, previously, the attackers threatened only the individual — the attackers would threaten to expose sensitive data, or even attack the recipient physically, but there was never any threat of harm to a larger group of people, and certainly not the threat of a bomb.

Talos has discovered 17 distinct Bitcoin addresses that were used in the bomb extortion attack. Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed. However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers.

So far, all of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers in this case may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign. In those cases, the attackers sent out emails claiming to have compromising videos of the victim and will release them to the public unless the attacker receives a Bitcoin payment.

As of late yesterday, the bomb threat email attack morphed. The attackers have returned to their empty threats of harming the individual recipient. This time, they threaten to throw acid on the victim.


An example of the newer extortion emails, claiming they will dump acid on the victim unless they receive a Bitcoin payment.


So far, none of the Bitcoin addresses associated with these new emails have received any payments. The source of the sending IP addresses changed, however. This time, the attackers are making heavy use of IP addresses at the Russian hosting company TimeWeb. As with the bomb threats, these IP addresses belong to domains that the attackers likely compromised.

The criminals conducting these extortion email attacks have demonstrated that they are willing to concoct any threat and story imaginable that they believe would fool the recipient. At this point, we have seen several different variations of these emails, and we expect these sorts of attacks to continue as long as there are victims who will believe these threats to be credible, and be scared enough to send money to the attackers. Talos encourages users not to fall for these schemes and — above all — DO NOT pay extortion payments. Doing so will only confirm for the attackers that their social engineering approach is working, and victims' money goes directly toward facilitating additional attacks.

IOCs (BTC Addresses)

11B68RbmyxQys2CXXbAZxcwVXnaWCNBbw
12MET3CnEBkRc5Si5udf95fGaTZ6JwgpkK
132f8T1qF9hZj13MvPN5FbxrAhGExYZ7P3
149oyt2DL52Jgykhg5vh7Jm1QpdpfuyVqd
15F7TCqGRWE66xrBNxyt9ko1XsKaQvEh9t
15qH84uLC49CmC6jRE958Qjcf9WRZ2rMuM
1893DMwnrq9vA6JmQBdyWRKecArDAUTcGR
18UNWkvEDXgYzSAVnTmaR1X66w3T7HHsdn
1BTuxsCpAGtCzcszvFV2g4beqAZ2AUnyFh
1BfmmRBfhujpK944gai4vWvwCwGeHKbmkB
1BHasGex1jhRZeY7KyUGGKUNRtVgKedRY8
1CDs3JXUU6wNmndAF7EFcrJ6GGSYRKXd7w
1CF9VQhwjJutPxwVq5QLFA7j7baq4RDb3w
1CXrmcKL7W2o6FnrFx3ZBGn2EAsbMVZMzD
1CdD3nthrWR76RkL1WwLH7BSqCFASLjbhu
1D3ArQebDneVBVCqLort9jwvUA3AoZaNq5
1DVVQpxF4nG7rmuQFb7ZboGxu6ahKJcjf5
1Dnw2qJxGFCZdE3PzCaVioBB9zERc7SzRB
1DRXeydtqfjAmvfrLY7XiCo2A1vCq32z3a
1Ebf2rrLxVuMGKkwi2PeZtjBEEiidxrkkL
1FnTQHffH42iS15FMYNZxmNdbXtmb8WChF
1GTd6DPqcxCwX263BMsvk7FcjCQxsXhJUs
1GYAJY3GRsC5twdPgmQiEeNjdn7Kx6KSPd
1L5SWCu4ZTLiyPyTAvfSVjhKrYNSnYgBKk
1LEevM4MxKSGRrTvVrvLyjiuq3vYssdTRa
1LT4WgSuTD71Emzc7DLeHxVoZ1RjkhNcFY
1LTYBLzVSLe6GDFJ5NVVxLR2j5eQ8Wy51N
1LjxZonruwcKXEUYySrXt7gWGJLL6Pzuyx
1M9r1FpWj5QbSMECeJvXoa85TDMpoQcRaT
1MeDDtvZB5TE5tDTcwk6GiGSK3sTAP2KLA
1P3cNFy3SdfZ8PvMSdgLRcb2TtaLvxfqat
1PqX7bMnCzpJ7L1mxuGgNyaJSkJRM8SjES


Coverage


Fake Flash updates upgrade software, but install crypto-mining malware

According to cybersecurity firm Palo Alto Networks, it discovered a fake Flash updater that has been duping conscientious computer users since August. The fake updater installs files to sneak a cryptocurrency mining bot called XMRig, which mines for Monero.

But here's the catch, while the fake updater is installing the XMRig malware, it's also updating the user's Flash.

Via: The Next Web

Source: Palo Alto Networks

Dark Markets’ Weakness? Cashing out the Bitcoin to USD!

Over the years there has been an on-going battle between law enforcement and those who use technology-based anonymity to perform their illegal deeds.  Some of the FBI's tricks to break through the anonymity have created interesting challenges, such as the "Operation Pacifier" case, where the FBI used court orders to allow them to use hacking tricks to expose the true locations of members of a child sexual exploitation site with 150,000 members, leading to 350 US arrests and 548 international arrests.  In that case the FBI deployed "Network Investigative Techniques" (NITs) to learn the IP addresses of top members of a TOR protected .onion server.  To clarify the legality of that situation, Rule 41 of the Federal Rules of Practice and Procedure was amended in 2016 under some controversy, as we blogged about in "Rule 41 Changes: Search and Seizure when you don't know the Computer's location."

In the current case, "Operation: Dark Gold", perhaps as a demonstration that the old "Follow the Money" rule can work even in these modern times, law enforcement posed as cryptocurrency exchangers, offering attractive conversion rates to USD even for those clearly involved in criminal activity.  After Alexander Vinnik's BTC-e exchange was shuttered, with the owner accused of facilitating the laundering of $4 Billion in illicit funds, Dark Market vendors had a real problem!  How do you turn a few million dollars worth of Bitcoin into money that you can spend in "the real world?"



That's just the kind of problem that the Department of Justice's Money Laundering and Asset Recovery Section is happy to help criminals solve.  In a major operation, Special Agents from Homeland Security Investigations in New York posed as money launderers on various TOR-protected dark markets.  As the money launderers were able to drive conversations "off platform" they had the opportunity to refer cases around the nation and around the world.  So far, more than 90 cases have been opened, leading to investigations by ICE's HSI, the US Postal Inspection Service, and the US Drug Enforcement Agency.  65 targets were identified and 35 Darknet vendors have been arrested so far.  At least $20 million in Bitcoin and other cryptocurrencies was seized, as well as 333 bottles of liquid opioids, 100,000 tramadol pills, 100 grams of fentanyl, 24kg of Xanax, 100 firearms, including assault rifles and a grenade launcher, five vehicles, and $3.6 million in cash and gold bars.  They also seized 15 pill presses, and many computers and related equipment.

Powell and Gonzalez (BonnienClyde)


The case against Nicholas Powell and Michael Gonzalez really explains the background of some of these cases well. 

"In or about October 2016, HSI NY, USPIS, the USSS, and the NASA Office of Inspector General, apprehended a Cryptocurrency Exchanger/Unlicensed Money Remitter herein rferred to as Target Subject-1. With TS1's cooperation, agents began investigating TS1's customers.  From the limited subset of customers for whom TS1 saved any kind of personal information (such as the names and addresses to which TS1 had shipped the customers' cash), agents identified a number of vendors selling illegal goods and services on the dark net." (Gar-note: NASA OIG has one of the coolest most proactive cybercrime teams in Federal government.  Little-known FACT!)

"With TS1's permission, agents took control of TS1's online accounts and identity, initiating an undercover operation using that identity to create new accounts (the "UC Vendor Accounts") targeting dark net drug vendors who utilized TS1's services to launder their illicit proceeds.  Since January 2017, agents have advertised the UC Vendor Accounts' services on AlphaBay, HANSA, and other dark net marketplaces, which has led to hundreds of bitcoin-for-cash exchanges.  Because TS1's original business model involved sending cash to physical addresses, each UC Vendor Account transaction has provided agents with leads on the identities and locations of their counterparties.  Individuals who used the UC Vendor Account were charged a fee notably higher than the fee charged by Bitstamp or other exchanges with Know  Your Customer protocols.  This and other evidence helped establish that many of these "customers" were likely dark net vendors or controlled substances or other illicit goods.  Furthermore, and as explained below, in some instances, agents have successfully utilized undercover buyer accounts on dark net marketplaces to conduct undercover drug buys from vendors believed to be the UC Vendor Accounts' customers."

In this case, Law Enforcement first caught up with Michael Gonzalez in Parma, Ohio.  He claimed Nicholas Powell was the mastermind, and the only got paid to help with shipping and packaging of "a few orders."  His job was to measure out 500 gram bags of Xanax powder and handle the shipping.  Powell was found and interviewed in his home at 5283 Bevens Ave, Spring Hill, Florida on May 22, 2018.  Powell confirmed that he had begun selling steroids and weed on the dark net. Later he became a drop shipper, arranging shipments from China to be delivered domestically.  Powell started on Silkroad 2, using the name BCPHARMA, selling steroids and GHB that he purchased from China.  He sold on Agora and AlphaBay as BONNIENCLYDE or BNC.  Later he also used that alias on Evolution Markets.  He also shifted later to selling Xanax and steroids on AlphaBay.  He claimed he physically destroyed the computer he used for this work, and later also destroyed two Apple computers. 

Powell confirmed that he used TS1 to convert between $10,000 and $40,000 in crypto currencies to cash at a time, and would receive the packages via USPS Express.  He claims a Canadian vendor wanted to buy his online identity, and that he made $100,000 by transferring the "BONNIENCLYDE" id to the Canadian. 

Powell willingly signed over to agents $438,000 worth of cryptocurrencies.

TrapGod 

TrapGod was an online vendor alias shared by  Antonio Tirado, 26 and Jeffrey Morales, 32, of Bronx, New York.  An affidavit from Antonio's search warrant shows he was growing marijuana and packaging and shipping both LSD and Cocaine.

Here's a photo of some of TrapGod's goods for sale on one dark market.

The 2050 means that 2,050 people have rated this vendor's services, giving an average review of 4.79 out of 5 stars.  Even the "bad" reviews, show that Trapgod was good to do business with.  One says "Vendor has been top notch. Then got some really sub-par stuff.  Contacted vendor. He said he'll take care of me next time. Will post again..."  Comments include things like "Great shipping, good stealth." and  "Stealth was good, my package was well hidden and secure.  Quality is good, after testing I found that the product is about a 80/20 cut as described!  I like honesty, plus seller put a little extra in my order!!"  "Shipment was delayed, quality not so good. However vendor sent an additional shipment to make up for it.  The price is good, but I'd rather pay more for higher quality."

Unfortunately, Morales and Tirado either weren't the only ones behind the Trapgod alias, or they are continuing to sell while out on bail.  Morales and Tirado's homes both got hit July 20, 2018, but there were fresh reviews posted yesterday (July 3, 2018).

Qu/Wu/Weng/Tseperkas/Akkaya

The next group were worked as a single case (1:18-mj-05193-UA) also in New York, and involved raids on three houses in Flushing and Mt. Sinai, New York.  Charges are brought against Jian Qu, Raymeond Weng, Kai Wu, Dimitri Tseperkas, and Cihad Akkaya.

Kai Wu and Jian Qu were in one home, where $200,000 in cash, 110 kg of marijuana, and "680 grams of unidentified powders" were seized.

Residence-2 yielded 12kg of Alprazolam, 10kg of marijuana vape cartridges, 570 grams of ecstasy, "12kg of unidentified powder" and four pill presses, used to press powders into ecstasy tablets.  There were also at least 2 kg of THC gummies.



Residence-3 was the home of Dimitri Tseperkas and Cihad Akkaya, where law enforcement recovered $195,000 in cash, 30kg of marijuana, and three loaded shotguns and 100 shotgun shells.


Videos recovered from the cell phones of Wu and Weng (who was not home, but has been observed repeatedly at Residence-1) reveal they also have at least two marijuana grow houses.

Farace/Swain

Ryan Farace, who the indictment makes clear "has no known medical education, qualifications, or licensing in the State of Maryland or elsewhere", yet he and his partner were manufacturing and distributing serious amounts of Xanax.  So much so that the indictment calls for them to forfeit $5,665,000 in cash as well as a Lincoln Navigator, a  GMC pick-up truck, and 4,000 Bitcoins (which currently would be the USD equivalent of more than $26 MILLION dollars!

Not bad for the former parking lot attendant of a Home Depot ... according to Ryan's Facebook, where both of the named vehicles are featured:



The indictment charges the pair with "Conspiracy to Manufacture, Distribute, and Possess with Intent to Distribute Alprazolam" (aka Xanax) (21 USC section 846) as well as "Maintaining Drug-involved Premises" (21 USC section 856) and "Conspiracy to Commit Money Laundering" (18 USC section 1956).

CANNA_Bars:

Jose Robert Porras III and his girlfriend, Pasia Vue, were selling marijuana and crystal meth, as well as Xanax and Promethazine-codeine cough syrup (Lean).  The HSI agent noticed on their Dream Market account that they shared their rating from Hansa.  Big mistake.  The Dutch High Tech Crimes Unit has the seized servers from Hansa and is happy to do lookups for law enforcement.  This revealed that "CANNA_BARS" had earned about 56 bitcoins on Hansa, selling crystal meth in quantities as large as 1 pound bars!  They described the product there as "this crystal is directly from manufacturers in mexico so it is made with the highest qaulity products that cant be found in the us. expect the highest qaulity on hansa for the cheapest."  The same criminal also couldn't spell "qaulity" right on Dream Market, which was further confirmation this might be the same guy.  From Dream Market "whats up we are canna_bars a vendor of top qaulity weed we offer qps to multiple pounds we are operating out of northern california and have direct relationships with many growers so expect good qaulity for cheap prices."

By searching for this signature typo, "qaulity" for "quality", the agent was also able to confirm that CANNA_BARS was the same person that sold as THEFASTPLUG on Wall Street Market, another dark net marketplace.  They completed 60 orders there between Feb 2018 and May 13, 2018.

One of his loyal customers, y***h,  is apparently wishing him well after learning of the arrest ... in the comments section for THEFASTPLUG on Wall Street Market, they made this July 2, 2018 comment:





In one photograph shared by CANNA_BARS, his hands are shown, palms up, holding marijuana buds.  The fingerprints of the open palms were so clear that they could easily be used to run a fingerprint match:


The HSI Forensic Document Laboratory returned a fingerprint match confirming that the image showed the fingerprints for Jose Robert Porras III, who had prints on file.

CANNA_BARS offered "free samples" of marijuana, which the agent asked for and had shipped to another state.  The package arrived and was confirmed to contain marijuana. (The inner package was wrapped in fabric softener sheets, presumably to stop drug-sniffing dogs?)

HSI surveillance was used to follow Porras and Vue to a US Post Office where they shipped packages, a Bank of America branch where they had accounts, and to a storage unit, where they maintained their inventory.  Undercover purchases from CANNA_BARS of two pounds of marijuana, and THEFASTPLUG of three pounds of "og kush" marijuana were able to be observed in the gathering and shipping end of the surveillance, providing "end-to-end" proof of the identity of the criminals.

Some of the bitcoin that was used by CANNA_BARS was able to be linked via blockchain analysis to accounts that had a bit of KYC information attached.  This revealed four accounts at one exchanger, including one each for VUE (using the email "pasiavue57@gmail.com" and (916) 228-1506) and PORRAS.  These further linked to several bank accounts, two in the name of Pasia Vue, one in the name of Marcos Escobado (a brother(?) of Porras, and another in the name of Julie Hernandez.  Escobado was arrested in Oregon for possession of methamphetamine and had received $11,000 from the bitcoin exchanger in four transactions.

After TS1's money exchanger service was taken over by the feds, the couple did four more transactions, receiving $56,000 in cash shipped from New York to their drops in Live Oak and Sacramento, California.

In addition to the Drugs and Money laundering charges, Porras was charged with Felon Possessing a Firearm:



Sam & Djeneba Bent

Less details are revealed in the Vermont indictment against Sam & Djeneba Bent.  Same used dark markets to sell Ecstasy (MDMA), LSD, marijuana, and cocaine, and used the TS1 money exchanging service to cash out more than $10,000 from bitcoin to USD.


They are charged with using a false return address on a package shipped through the postal service.

(Just joking, I know this got long and I wondered if anyone had read this far, haha.)


Daniel Boyd McMonegal 

McMonegal became a dark market vendor in or around December 2016, which might be how he chose his vendor name, Christmastree.  McMonegal, according to the affidavit by Homeland Security Investigations, incorporated a "medical marijuana delivery dispensary" in December 2, 2016 under the name "West Coast Organix" in San Luis Obispo, California, and almost immediately started selling the drugs via interstate postal delivery via Dream Market using his Christmasstree vendor name.

From June 15, 2017 to May 12, 2018, Christmastree sold 2,800 packages and earned a 4.98 rating on Dream Market!


The rave reviews from buyers make it clear Christmastree really knew his stuff with high ratings on his Blue  Dream, OG Kush, Super Silver Haze, Blackberry Kush, and many others.  

Like the others, McMonegal's downfall was getting his Bitcoin turned into cash.  After the time the federal agents controlled TS1's exchange business, McMonegal used it to cash out at least $91,000 which was shipped to him in Mariposa, California in six shipments between April 2017 and March 2018.



IMMIGRATIONS AND CUSTOMS ENFORCEMENT

For all the crap that is in the news recently about ICE, Homeland Security Investigations, the team that was at the lead of many of these investigations, are using technology and brilliant investigators to help shut down some of the worst crimes on the Internet.  If you know an ICE or HSI agent, make sure to let them know you appreciate what they are doing for us all!


(For more of this press conference, please see this YouTube video: "Officers arrest 35 in dark web bust, seize guns and drugs")

Weekly Cyber Risk Roundup: Bitcoin Attacks Dominate Headlines, New Phishing Warnings

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers.

2017-12-8_ITT.png

The most impactful incident occurred at the bitcoin mining platform and exchange NiceHash, which said on Wednesday that its payment system was compromised and the bitcoin in its wallet was stolen. NiceHash said it is “working to verify the precise number of BTC taken”; however, news outlets reported that a wallet linked to the attack obtained around 4,736 bitcoin, which is valued at more than $72 million based on Saturday’s price. The company has not released many details about the attack other than that it began after an employee’s computer was compromised.

In addition, researchers warned this week that the increased valuation of bitcoin has led to it becoming one of the top 10 most targeted industries for DDoS attacks. On Monday, Bitfinex said that its services were disrupted by a DDoS attack. On Thursday, Coinbase warned that the explosion of interest in digital currencies was creating “extreme volatility and stress” on its systems and warned its users to invest responsibly as any future downtime could impact their ability to trade.

News outlets also reported that some Bittrex customers who go through the company’s manual verification process but are rejected have received customer support emails that contain the passports details and photographs of other users, although Bittrex has not confirmed the reports.

Finally, the SEC announced that it obtained an emergency asset freeze to halt the Initial Coin Offering PlexCorps after it raised up to $15 million from thousands of investors by falsely promising a 13-fold profit in less than a month’s time.

2017-12-8_ITTGroups

Other trending cybercrime events from the week include:

  • TIO Networks announces breach: PayPal announced a breach at TIO Networks, a payment processor it acquired in July, that affects approximately 1.6 million customers. City Utilities (CU) and Duke Energy have since notified customers that their personal information was compromised due to the breach, as TIO was the provider of the operating system for CU’s payment kiosks and mobile payment app, in addition to being used to process Duke Energy’s in-person payments.
  • Payment card breaches: The Image Group is notifying customers of a temporary vulnerability on its eCommerce platform, Payflow Pro, that made some payment card numbers susceptible to interception while in transit to PayPal. JAM Paper & Envelope is notifying customers of a payment card card breach affecting its website due to unauthorized access by a third party. A payment card breach involving the Royal National Institute for the Blind’s web store affects as many as 817 customers, and around 55 individuals have already reported fraudulent activity as a result of the incident.
  • Extortion attacks: The Alameda County Library is notifying its users that their personal information may have been compromised after it received an extortion email that claimed hackers had gained access to the library’s entire database of users and may sell that information if they weren’t paid a five bitcoin ransom. The Mecklenburg County government in North Carolina said that its computer systems were infected with ransomware that is demanding $23,000 for the encryption key. Mad River Township Fire and EMS Department in Ohio said that years of data related to residents who used EMS or fire services was lost due to a ransomware infection. The fertility clinic CCRM Minneapolis said that nearly 3,300 patients may have had their information compromised due to a ransomware attack.
  • Other notable incidents: The Center for Health Care Services in San Antonio is notifying 28,434 patients that their personal information was stolen by a former employee. The County of Humboldt is notifying current and former employees that the Humboldt County Sheriff’s Office recovered payroll documents from the county. Pulmonary Specialists of Louisville is notifying patients their information may have been compromised due to possible unauthorized access. Virtual keyboard developer Ai.Type, bike sharing company oBike, Real Time Health Quotes, and Stanford University all had data breaches due to accidental data exposure. Baptist Health Louisville, Sinai Health System, and The Henry Ford Health System notified patients of employee email account breaches.
  • Law enforcement actions: Authorities reportedly shut down Leakbase, a service that sold access to more than two billion credentials collected from old data breaches. The Justice Department announced a software developer at the National Security Agency’s Tailored Access Operations has pleaded guilty to removing classified NSA data and later having that data stolen from his personal computer by Russian state-sponsored actors. A Michigan man pleaded guilty to gaining access to the Washtenaw County computer network and altering the electronic records of at least one inmate in an attempt to get the inmate released early. A Missouri man has been sentenced to six years in prison for hacking his former employer, American Crane & Tractor Parts, in order to steal trade secrets.

SurfWatch Labs collected data on many different companies tied to cybercrime over the past week. Some of those “newly seen” targets, meaning they either appeared in SurfWatch Labs’ data for the first time or else reappeared after being absent for several weeks, are shown in the chart below.

2017-12-8_ITTNew

Cyber Risk Trends From the Past Week

2017-12-8_RiskScoresPhishing concerns were highlighted once again this past week due to a newly announced vulnerability that allows malicious actors to spoof emails, as well as warnings that phishers are making efforts to appear more legitimate.

A researcher has discovered a collection of bugs in email clients, dubbed “Mailsploit,” that circumvents spoofing protection mechanisms and, in some cases, allows code injection attacks. The vulnerabilities were found in dozens of applications, including Apple Mail, Mozilla Thunderbird, Microsoft Outlook 2016, Yahoo! Mail, ProtonMail, and others.

The bug has been fixed in 10 products and triaged for 8 additional products, the researcher said. In addition, Mozilla and Opera said they won’t fix the bug as they consider it to be a server-side problem; however, Thunderbird developer Jörg Knobloch told Wired that a patch would be made available. DMARC spoofing protection is not attacked directly using Mailsploit,  the researcher said, but rather bypassed by taking advantage of how the clients display the email sender name.

In addition, researchers said that nearly a quarter of all phishing websites are now hosted on HTTPS domains, up from three percent a year ago. The increase is due to both an increased number of HTTPS websites that can be compromised and used to host malicious content, as well as phishers registering HTTPS domains themselves due to their belief that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims. An informal poll conducted by PhishLabs found that more than 80% of the respondents incorrectly believed the green padlock associated with HTTPS websites indicated that a website was either legitimate or safe — when in reality it only means that the connection is encrypted.

Individuals and organizations should be aware that malicious actors continue to leverage exploits like Mailsploit along with more secure-looking websites in order to dupe potential victims via phishing attacks with the goal of installing malware, gaining access to networks, or stealing sensitive data.

Cybercrime Surges in Q3

young man with glasses sitting in front of his computer, programming. the code he is working on (CSS) can be seen through the screen.

PandaLabs Q3 Report indicates that incidences of cybercrime continue to increase, with 18 million new malware samples captured this quarter – more than 200,000 samples daily.

The Quarter at a Glance

Cybercrime continues to grow at an exponential rate, fuelled by the opportunity for large financial rewards.

Hackers have taken to developing new variants of successful Ransomware such as Locky, and the development of a model known as Ransomware-as-a-Service (RaaS), whereby developers create Ransomware for distributors, these distributors then target and infect victims – allowing both parties to achieve greater profits.

Another key development was the occurrence of DDoS attacks. Most natably that of Cyber Security journalist Brian Krebs. Krebs exposure of vDoS lead to the arrest of its key members and subsequently made Krebs’ site the target of a massive DDoS attack that saw Google step in to restore the site. As one of the largest attack of its kind, hackers leveraged IoT devices to send 620GB of data per second – at its peak – to the site.
graphs_cabecera-mediacenter
This quarter cyber-attacks targeted multiple gaming sites, gaining access to millions of users’ personal information. These attacks were largely launched using botnets composed of smartphones, and effected users of Overwatch, World of Warcraft and Diablo 3. Further attacks saw more than 3.5 million users exposed when Dota 2 and mobile game Clash of the Kings were targeted. These highlight just a few incidences in the Gaming world in the last 3 months.

The Banking sector remained a target for hackers as attacks on ATM’s, POS terminals and Bitcoin wallets continue to become more frequent and more advanced.

A Taiwanese ATM attack this quarter indicated just how advanced cybercriminals have become when they were able to hack the banks internal network and withdraw over R28 million without even touching the ATM itself.

Another big victim was Yahoo – one of the biggest attacks of its kind revealed this quarter indicated that 500 million user accounts had been comprised in a 2014 attack.

Finally, Q3 saw the largest Bitcoin robbery to date, when R 84 billion worth of Bitcoin was stolen by hackers.

View the full PandaLabs Q3 Report for more detail on specific attacks and find out how you can protect yourself and your business from the advanc

The post Cybercrime Surges in Q3 appeared first on CyberSafety.co.za.