Category Archives: bitcoin

Crypto Update: The First Test of the Uptrend

The major coins continue to trade in a bullish general setup, despite the dip today in early trading, as the preceding rally on Saturday carried Bitcoin and the other leaders of the rally to important technical levels. The current correction is a crucial one, as we already mentioned, as an orderly pull-back with higher swing […]

The post Crypto Update: The First Test of the Uptrend appeared first on Hacked: Hacking Finance.

COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign

Researchers with Cisco Talos have monitored a bitcoin phishing campaign conducted by a criminal gang tracked as Coinhoarder that made an estimated $50 million by exploiting Google AdWords.

Researchers with Cisco Talos have monitored a bitcoin phishing campaign for several months with the help of the Ukraine Cyberpolice.

The gang, tracked as Coinhoarder, has made an estimated $50 million by exploiting Google AdWords to trick netizens into visiting Bitcoin phishing sites. This is the element that characterized this phishing campaign, Coinhoarder attackers used geo-targeting filters for their ads, the researchers noticed that hackers were targeting mostly Bitcoin owners in Africa.

The Ukrainian authorities located and shut down the servers hosting some of the phishing websites used by crooks. The phishing sites were hosted on the servers of a bulletproof hosting provider located in Ukraine, Highload Systems. The operation was temporarily disrupted but the police haven’t arrested any individual.

“Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims.” reads the analysis published by Talos. “This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims.”

The Coinhoarder group used Google Adwords for black SEO purposes, on February 24, 2017, researchers at Cisco observed a massive phishing campaign hosted in Ukraine targeting the popular Bitcoin wallet site blockchain.info with over 200,000 client queries. Crooks used Google Adwords to poison user search results in order to steal users’ wallets.

Unfortunately, this attack scheme is becoming quite common in the criminal ecosystem, hackers implement it to target many different crypto wallets and exchanges via malicious ads.

The COINHOARDER gang leveraged the typosquatting technique, the hackers used domains imitating the Blockchain.info Bitcoin wallet service in conjunction SSL signed phishing sites in order to appear as legitimate. Based on the number of queries, the researchers confirmed that this is one of the biggest campaigns targeting Blockchain.info to date.

“The COINHOARDER group has made heavy use of typosquatting and brand spoofing in conjunction SSL signed phishing sites in order to appear convincing. We have also observed the threat actors using internationalized domain names.” continues the analysis. “These domains are used in what are called homograph attacks, where an international letter or symbol looks very similar to one in English. Here are some examples from this campaign. 

The Punycode (internationalized) version is on the left, the translated (homographic) version on the right:

xn–blockchan-d5a[.]com → blockchaìn[.]com

xn–blokchan-i2a[.]info → blokchaín[.]info”

Talos researchers revealed that one campaign that was conducted between September and December 2017, the group made around $10 million.

“While working with Ukraine law enforcement, we were able to identify the attackers’ Bitcoin wallet addresses and thus, we could track their activity for the period of time between September 2017 to December 2017. In this period alone, we quantified around $10M was stolen.In one specific run, they made $2M within 3.5 week period. ” states Cisco Talos.

Further technical details on the campaign, including Indicators of Compromise are included in the analysis published by Cisco Talos.

Pierluigi Paganini

(Security Affairs – Coinhoarder, Bitcoin phishing campaign)

The post COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign appeared first on Security Affairs.

Bitcoin Leads Cryptocurrency Market Back Above $500 Billion

The cryptocurrency market’s broad recovery continued on Saturday, as bitcoin inched closer to $11,000 and nearly all major altcoins reported gains. $500 Billion Market Cryptocurrencies achieved a combined market cap of $508 billion on Saturday, their highest since Jan. 30. The market is up 22% over the past seven days and a staggering 84% from […]

The post Bitcoin Leads Cryptocurrency Market Back Above $500 Billion appeared first on Hacked: Hacking Finance.

Technical Analysis: Cryptocurrencies Show Strength amid Slight Correction

The crypto segment is trading in a short-term correction, or rather consolidation pattern today, as bullish signs continue to dominate the landscape, despite the pause in the surge. The largest coins are mostly down by a few percent from the overnight highs, but the momentum of the move is not substantial, for now, and several […]

The post Technical Analysis: Cryptocurrencies Show Strength amid Slight Correction appeared first on Hacked: Hacking Finance.

Trade Recommendation: Viberate

The Viberate/Bitcoin (VIB/BTC) market ignited its bull run on December 22, 2017 when it took out resistance at 0.000025 and reached 0.00006499. The 160% growth in one day forced intraday traders to take profits. Consequently, the market closed significantly lower at 0.00003747.    Selling continued for a few more days until the market went as […]

The post Trade Recommendation: Viberate appeared first on Hacked: Hacking Finance.

Trade Recommendation: Enigma

The Enigma/Bitcoin (ENG/BTC) pair launched its bull run on January 1, 2018 when the market took out resistance of 0.0002. The breakout attracted momentum players which allowed the pair to go as high as 0.00057850 on January 10. In 10 days, the market increased by almost 190%. The rapid growth inspired participants to take profits. […]

The post Trade Recommendation: Enigma appeared first on Hacked: Hacking Finance.

Crypto Update: Coins Enter Shallow Correction

The segment experienced a rush of optimism yesterday, as Bitcoin’s price pushed over $10,000, Litecoin, the undoubted leader of the rally hit an intraday high at $235, and the other relatively strong coins like Monero, Dash, and IOTA also shined. Ethereum Classic, the early leader continued its short-term correction, while the slightly lagging currencies, most […]

The post Crypto Update: Coins Enter Shallow Correction appeared first on Hacked: Hacking Finance.

Technical Analysis: Bitcoin Tops $10,000

The cryptocurrency market continued to heal considerably, as the major coins keep on successfully tackling resistance levels following a very deep sell-off that shaved off more than 60% of the market value of the segment. The sector is now back near the $500 billion mark in market capitalization, but investors shouldn’t get complacent here, as corrections […]

The post Technical Analysis: Bitcoin Tops $10,000 appeared first on Hacked: Hacking Finance.

The State of Security: How a Bitcoin phishing gang made $50 million with the help of Google AdWords

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.

The post How a Bitcoin phishing gang made $50 million with the help of Google AdWords appeared first on The State of Security.



The State of Security

How a Bitcoin phishing gang made $50 million with the help of Google AdWords

A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.

The post How a Bitcoin phishing gang made $50 million with the help of Google AdWords appeared first on The State of Security.

Crypto Update: Rally Pauses as Bitcoin Eyes $10,000

After the major cryptocurrencies followed Litecoin’s lead as expected yesterday, most of the segment pushed higher overnight again, running into another batch of key resistance levels. All eyes are on Bitcoin again, as the coin quickly got within Dollars of the psychologically important $10,000 price level after its break-out above the $9000-$9200 zone, as we […]

The post Crypto Update: Rally Pauses as Bitcoin Eyes $10,000 appeared first on Hacked: Hacking Finance.

TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets

The TrickBot Trojan has been a rising global threat in the cybercrime arena ever since its emergence in late 2016. The organized cybergang that operates TrickBot has been widening its scope of activity to dozens of countries across the globe. It has been targeting financial entities, such as banks and credit providers, and focusing on business and private banking as it aims for hefty fraudulent transfer bounties.

But this is not where TrickBot’s diverse interests stop. As the value and popularity of cryptocurrency continues to rapidly rise, so does this cybergang’s interest in obtaining cryptocoins in the easiest way possible: theft. TrickBot configurations have featured popular cryptocurrency exchange URLs since about mid-2017, and we at IBM X-Force have been looking at the malware’s most recent attack schemes to steal coins from infected users.

There are several types of cryptocurrency platforms, each offering a variety of services, such as trading one coin for another, transferring coins between different wallets and buying coins with a credit card. According to our analysis, TrickBot is actively targeting one such service that enables users to purchase bitcoin and bitcoin cash by credit card.

The attacks we have looked into are facilitated by TrickBot’s webinjections, getting in the middle of the flow of a legitimate payment card transaction. In the normal payment scenario, a user looking to buy coins provides his or her public bitcoin wallet address and specifies the amount of bitcoin to purchase. When submitting this initial form, the user is redirected from the bitcoin exchange platform to a payment gateway on another domain, which is operated by a payment service provider. There, the user fills in his or her personal information, as well as credit card and billing details, and confirms the purchase of coins.

This is where TrickBot hijacks the coins. This particular attack targets both the bitcoin exchange website and that of the payment service to grab the coins and route them to an attacker-controlled wallet.

Watch the on-demand webinar: The Evolution of TrickBot Into the Next Global Banking Threat

Webinjection Basics

The inner workings of TrickBot’s cryptocoin attack rely on an existing TrickBot attack tactic: webinjections. This age-old favorite tool of many banking Trojans is a form of man-in-the-browser attack that enables malware to modify webpages presented to the user. Malware authors achieve this by placing hooks on key application programming interface (API) functions inside the browser. These hooks intercept information going from and back to the browser and alter it midway.

The code that dictates which webpages should be attacked is usually not part of the malware’s executable code. Rather, it is in a configuration stored separately in the form of rules, each one defining which URL is to be modified and how. These rules usually contain large sections of malicious JavaScript code that is responsible for visually modifying the page, sending sensitive user information to the fraudulent server, etc.

Unlike most financial malware, TrickBot does not expose the injected code in the configuration itself. Instead, a web URL of a remote command-and-control (C&C) server corresponds with every targeted URL. This modus operandi is called serverside webinjection and has been used by TrickBot since its launch in 2016. Serverside webinjections allow TrickBot to modify the injected code on its server in real time without having to update the configuration on the infected machine.

The Target: Bitcoin

To see the attack rules TrickBot has in store for any targeted site, we must first access the configuration. TrickBot keeps its configuration encrypted on the infected machine. To read it and unveil the list of targeted entities, one can either decrypt the configuration file or inspect it in the browser’s memory after the malware has already decrypted it.

The relevant part of TrickBot’s configuration for this attack shows that the scheme involves two webpages that, together, make up the coin purchase process. The first is a page where the user provides his or her bitcoin wallet address and the desired amount of bitcoin to purchase. The second is a page where the payment process is executed.

In the image below, we can see the exact set of rules in TrickBot’s configuration, each one matching a targeted page with a URL on TrickBot’s server. This way, TrickBot fetches the appropriate webinjection to alter the legitimate transaction and do its bidding instead.

IBM X-Force Research

Figure 1: Attack rules in TrickBot’s configuration (source: X-Force Research)

To enable it to control the infected machine’s web browser, TrickBot’s modules are injected into the browser ahead of time and already have hooks in place to launch webinjections.

IBM X-Force Research

Figure 2: TrickBot dynamic link libraries (DLLs) loaded into the browser

IBM X-Force Research

Figure 3: PR_Read and PR_Write functions with TrickBot’s hooks in place

To view what was happening during the web session, we sniffed HTTP network traffic on the infected machine when opening the targeted URL. This revealed the attack flow of the malware’s dynamic injection method, which TrickBot refers to as “dinj.”

For every resource that TrickBot wishes to replace — an HTML page, a JavaScript or a CSS file — an HTTP POST request is sent to the C&C server with the following attributes of that resource:

  1. “sourcelink,” the complete URL of the resource to be replaced;
  2. “sourcequery,” the browser’s HTTP request for the resource (including all headers); and
  3. “sourcehtml,” the original code as would be returned by the legitimate host.

Injection No. 1: Gathering Victim Data

One of the resources TrickBot replaced is the HTML code of the bitcoin website. The code is being switched up to gather data on the victim’s cryptocoin wallet and the number of coins to be purchased.

Using Wireshark, we can see that the page is sent to TrickBot’s C&C and that a the attack server returned a modified version.

IBM X-Force Research

Figure 4: HTTP Packets capture from the targeted site sent to C&C

IBM X-Force Research

Figure 5: The injection request for the HTML page of the targeted site

To point out the injected script, we performed a simple diff between the original page source and the one returned by TrickBot’s C&C.

IBM X-Force Research

Figure 6: Diff between original HTML page and one returned by TrickBot

Flow of Events

The script first fetches an HTML element with ID “btcAddress.” This element is an input field in which the user fills in his or her wallet address. If this element is found on the page, the malware performs the following actions to alter the interaction with the targeted webpage:

  1. Any existing logic attached to the enter key (key code 13) is eliminated, probably to limit the form submission via keyboard and make sure the victim has to click a TrickBot-generated submit button.
  2. The original submit button is cloned, the new copy is placed in the HTML document object model (DOM) and the original button is hidden from the victim.
  3. A fraudulent form-submission process is registered to the new submit button with an event listener. Upon clicking, the wallet address and the desired amount of bitcoin entered by the user are fetched and sent to the malware server using an AJAX request.

IBM X-Force Research

Figure 7: Part of the injected code TrickBot used to hijack cryptocoin purchase transactions (code comments added by X-Force research)

The injection into the HTML page is used only to collect information. The attacker can use this information — the legitimate user’s bitcoin wallet address and the bitcoin amount to purchase — to decide whether to proceed with a fraudulent operation.

Later on, after being redirected to the payment process, TrickBot will gather more information. This is probably done to allow a future account takeover attack, which will enable the fraudsters to perform a purchase/coin transfer from a machine they control using the legitimate user’s wallet credentials and payment card details.

Injection No. 2: Stealing the Coins

The second phase of the TrickBot attack facilitates the theft of the cryptocoins by preying on the web logic defined by the payment provider for legitimate online transactions.

The actual bitcoin theft is once again facilitated by a webinjection that modifies another resource of the site, “bundle.js,” which contains most of the payment processing logic.

IBM X-Force Research

Figure 8: bundle.js is loaded by the original HTML page

IBM X-Force Research

Figure 9: The dynamic injection request to bundle.js

By checking the diff between the original version of bundle.js and the modified one, we noticed that the function sendPaymentRequest had been changed. This function is responsible for sending payment requests to the payment service provider, and it has been modified to contain a hardcoded bitcoin address instead of the one inserted by the user.

IBM X-Force Research

Figure 10: sendPaymentRequest before and after modification by TrickBot

The “walletaddress” attribute is the address of the bitcoin wallet to which the purchased coins will be delivered after the deal is complete. This injection ensures that the bitcoin will not be delivered to the original address provided by the victim, but to an address belonging to TrickBot’s operators.

From this point on, the victim is led through several steps of identification in which he or she provides a phone number, an email address, a selfie photo with the credit card he or she wants to use, and a photo of his or her national ID card.

However, these steps only serve to verify the personal identity and not the ownership of the wallet address. By now, the wallet address has already been set and will not be shown to the victim again. Thus, the victim’s credit card will be charged and he or she will believe the deal was successful, expecting to see the new coins in his or her wallet. The bitcoin will never reach the designated wallet, however, but will instead be delivered to a wallet belonging to one of TrickBot’s operators.

More to Come?

Having researched the attack tactics TrickBot applied to this cryptocurrency coin theft, we can see that, while it relies on existing mechanisms, the scheme required extensive research of the targeted sites, their web logic and the security controls they use. It highlights what we already know about this malware gang: It continues to study new targets and expand its reach.

As the theft of cryptocurrency becomes increasingly popular among financial malware operators, we expect to see a many more campaigns targeting platforms and service providers in the cryptocurrency sector.

To mitigate the risk of financial malware, organizations can leverage the adaptive controls provided by IBM Trusteer’s Pinpoint Detect.

Indicators of Compromise

In this study, we used a TrickBot sample with MD5 039bc78ca0801006cc33485bc94f415c.

Watch the on-demand webinar: The Evolution of TrickBot Into the Next Global Banking Threat

The post TrickBot’s Cryptocurrency Hunger: Tricking the Bitcoin Out of Wallets appeared first on Security Intelligence.

Has the Crypto Market Finally Turned a Corner?

Bitcoin and the broader crypto universe traded firmly higher on Wednesday as South Korea left little doubt about its intent to foster a vibrant market. Not only are the South Koreans not banning cryptocurrency trading, they have shifted their focus to making the market more transparent. Market Extends Recovery The total value of cryptocurrencies reached […]

The post Has the Crypto Market Finally Turned a Corner? appeared first on Hacked: Hacking Finance.

Technical Analysis: Coins Jump as Litecoin Leads the Way Again

The short-term triangle pattern that developed in Bitcoin and in most of the segment, resolved today as expected, and it did so in a bullish manner, with the majority of the majors gaining close to double digits during the session. The consolidation phase, which saw a meaningful decline in volatility and the further breakdown of […]

The post Technical Analysis: Coins Jump as Litecoin Leads the Way Again appeared first on Hacked: Hacking Finance.

COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style

This post is authored by Jeremiah O'Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. 

Executive Summary


Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims. This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals. Additionally, the revenue generated by these sorts of attacks, can then be reinvested into other cybercriminal operations.

The COINHOARDER Campaign


On February 24, 2017, Cisco observed a massive phishing campaign hosted in Ukraine targeting the popular Bitcoin wallet site blockchain.info with a client request magnitude of over 200,000 client queries. This campaign was unique in that adversaries leveraged Google Adwords to poison user search results in order to steal users' wallets. Since Cisco observed this technique, it has become increasingly common in the wild with attackers targeting many different crypto wallets and exchanges via malicious ads.

Cisco identified an attack pattern in which the threat actors behind the operation would establish a "gateway" phishing link that would appear in search results among Google Ads. When searching for crypto-related keywords such as "blockchain" or "bitcoin wallet," the spoofed links would appear at the top of search results. When clicked, the link would redirect to a "lander" page and serve phishing content in the native language of the geographic region of the victim's IP address.
The reach of these poisoned ads can be seen when analyzing DNS query data. In February 2017, Cisco observed spikes in DNS queries for the fake cryptocurrency websites where upwards of 200,000 queries per hour can be seen during the time window the ad was displayed. Here are two examples.

DNS Statistics for block-clain[.]info
 
The domain block-clain[.]info was used as the initial "gateway" victims would first visit. Victims would immediately be redirected to blockchalna[.]info, the landing page where the actual phishing content was hosted. These fraudulent sites are mostly hosted on bulletproof hosting providers based in Europe.

Here is what the actual lander phishing site looked like. Note how similar and convincing it is compared to a real site, with the exception of the URL:

Finding Additional Pivots


After discovering these domains and the activity on Google Adwords, Cisco implemented a system to flag similar domains as malicious. This resulted in DNS requests being blocked to said domains. Additionally, Cisco researchers were able to track and monitor related networks and info, such as WHOIS registrant data.

This information allowed Cisco to use DNS graph traversal techniques to uncover other phishing domains associated with the initial site. In this example, we can see the registrant dsshvxcnbbu@yandex[.]ru, which is also associated with many other phishing sites:
Cisco also monitored the networks these domains are hosted on. Here is a snapshot of 2 of the recently active IP addresses for this campaign, 91.220.101.106 and 91.220.101.141, and the ASN associated with these domains, Highload Systems, in Ukraine.
We can see the Second Level Domain (SLD) strings in these domains follow a similar pattern of targeting blockchain.info with many permutations of the string "blockchain", along with co-occurrences of "http", "https", "wallet" in the SLD string. Here is a graph visualization of the domains on these infrastructures:

Geographic Targeting


One of the most interesting facets to these attacks are the geographic regions of the victims. Using data from Umbrella Client Requester Distribution queries to these malicious domains, we can see a significant number of DNS resolution requests coming from countries such as Nigeria, Ghana, Estonia and many more.
This threat actors appears to be standing up phishing pages to target potential victims African countries and other developing nations where banking can be more difficult, and local currencies much more unstable compared to the digital asset. Additionally, attackers have taken notice that targeting users in countries whose first language is not English make for potentially easier targets. Based on the number of queries, this campaign is one of the biggest targeting Blockchain.info to date. Blockchain.info has been very proactive in supporting users. Kristov Atlas, a security and privacy engineer at Blockchain.info, has even gone so far to say "phishing is one of our top areas of concern in protecting our users."

Quantifying Attacker's Revenue


Cisco has evidence the COINHOARDER group has been actively pilfering Bitcoin since at least 2015. Based on our findings, we estimate this group has stolen tens of millions of USD in cryptocurrency. While working with Ukraine law enforcement, we were able to identify the attackers' Bitcoin wallet addresses and thus, we could track their activity for the period of time between September 2017 to December 2017. In this period alone, we quantified around $10M was stolen.In one specific run, they made $2M within 3.5 week period. Here we have a screenshot of one of the wallets, 19yAR4yvGcKV3SXUQhKnhi43m4bCUhSPc, related to this actor group, which has received a total of $1,894,433.09.
While identifying the individual who owns a specific wallet is extremely difficult, we still can look for open source intelligence surrounding the wallet. In December 2017, Cisco found posts on Reddit and Stack Exchange with addresses associated with stolen funds from this campaign, 13wahvu3FP8LK8P51UmEkhBUhyC7mzkrn3.

The wallet address in the screenshot above was also mentioned in a Reddit post in October 2017.

Based on our findings associated with this syndicate, we estimate the COINHOARDER group to have netted over $50M dollars over the past three years. It is important to note that the price of Bitcoin has shot up drastically over 2017, starting around $1,000 in January and hitting a high point just under $20,000 in December. While criminals were able to profit from this, it also adds a new level of complexity for criminals to convert their cryptocurrency funds to a fiat currency like US dollars. The historic price of Bitcoin during the height of this campaign would have made it very difficult to move these ill-gotten finances easily.

Ukraine: A Hotbed For Crypto Theft


Ukraine is a hotbed for many types of attacks and a home for known bulletproof hosting providers. In the past year, Cisco has witnessed a substantial rise in financial motivated campaigns coming from and targeting this region. One of Cisco's goals is to collaborate with countries worldwide and use our global visibility on attacks to asses their security posture and help improve it.

Some other observed IPs are 176.119.1.88 and 176.119.5.227, which host domains targeting many currencies using IDN and SSL certs and are hosted on VServer in Ukraine. We also observed AS 58271 hosting multiple search engine poisoning attacks on Google and Bing:

New Effective Attack Techniques


Cisco has observed this threat actor evolve over time. Not only have we seen the COINHOARDER group abuse Google Adwords to generate traffic to their phishing servers, but we have also observed this group evolve to make their sites appear more legitimate. A few months after we began tracking this particular group, we observed them starting to use SSL certs issued by Cloudflare and Let's Encrypt. SSL certificate abuse has been a rising trend among phishing campaigns in general. Below is an example of a wildcard SSL certificate issued by Cloudflare for the domain bockchain[.]info.
Here is an example of one of these SSL certificates issued by Let's Encrypt associated with this campaign and the site blockcharin[.]info.
The COINHOARDER group has made heavy use of typosquatting and brand spoofing in conjunction SSL signed phishing sites in order to appear convincing. We have also observed the threat actors using internationalized domain names. These domains are used in what are called homograph attacks, where an international letter or symbol looks very similar to one in English. Here are some examples from this campaign.

The Punycode (internationalized) version is on the left, the translated (homographic) version on the right:

xn--blockchan-d5a[.]com → blockchaìn[.]com

xn--blokchan-i2a[.]info → blokchaín[.]info

These attacks can be nearly impossible to spot with the human eye, especially when delivered on a mobile platform and using these techniques helps coax users into handing over their funds.

Conclusion


Crypto assets have proven to be a new, valuable financial commodity targeted by varying degrees of cyber criminals. In 2017, we observed phishers advance their tactics by utilizing new attack vectors such as Google Adwords combined with the use of IDNs and rogue SSL certificates to improve their probability of success, and generate millions in profit.

What is clear from the COINHOARDER campaign is that cryptocurrency phishing via Google Adwords is a lucrative attack on users worldwide. Phishers are significantly improving their attack techniques by moving to SSL and employing the use of IDNs to fool victims into handing over their credentials. We can expect to see more of these realistic looking phishes with Let's Encrypt releasing full wildcard certificate support at the end of this month. Cisco will continue to monitor the landscape and coordinate with international law enforcement teams in 2018 to help protect users and organizations.

IOCs


The following IP address are known to have been used in these phishing attacks:
  • 91.220.101.11
  • 91.220.101.109
  • 91.220.101.106
  • 91.220.101.104
  • 91.220.101.111
  • 91.220.101.112
  • 91.220.101.113
  • 91.220.101.115
  • 91.220.101.117
  • 91.220.101.141
  • 91.220.101.48
  • 91.220.101.115

Coverage

    Additional ways our customers can detect and block this threat are listed below.

    Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.

    CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.

    Email Security can block malicious emails sent by threat actors as part of their campaign.

    Network Security appliances such as NGFW, NGIPS, and Meraki MX can detect malicious activity associated with this threat.

    AMP Threat Grid helps identify malicious binaries and build protection into all Cisco Security products.

    Umbrella, our secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs, and URLs, whether users are on or off the corporate network.

    Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

     

    Appendix


    Here you can view more about how Cisco Security has worked hard on helping securing the cryptocurrency landscape:



    Hackers Exploiting ‘Bitmessage’ Zero-Day to Steal Bitcoin Wallet Keys

    Bitmessage developers have warned of a critical 'remotely executable' zero-day vulnerability in the PyBitmessage application that was being exploited in the wild. Bitmessage is a Peer-to-Peer (P2P) communications protocol used to send encrypted messages to users. Since it is decentralized and trustless communications, one need-not inherently trust any entities like root certificate

    Crypto Update: Litecoin on the Move

    As the choppy consolidation period in most of the majors continued in Asian trading today, with the overhead resistance still towering above Bitcoin and Ethereum. In another bullish turn of events, Litecoin, which has been gathering relative strength in recent days, as we pointed out yesterday, popped higher, taking out the crucial $170-$180 resistance zone. […]

    The post Crypto Update: Litecoin on the Move appeared first on Hacked: Hacking Finance.

    Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining

    According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

    Read more of this story at Slashdot.

    Technical Analysis: Quiet and Choppy day in Crypto-Land

    The tug of war that we described in yesterday’s analysis continued in earnest in the cryptocurrency market, as most of the major coins remained in low-volatility holding patterns, leaving the technical setup largely unchanged. The dominant short-term triangle pattern in BTC is noticeable in most of the major altcoins too, and that points to a […]

    The post Technical Analysis: Quiet and Choppy day in Crypto-Land appeared first on Hacked: Hacking Finance.

    Crypto Update: Market Stable as Consolidation Continues

    The cryptocurrency segment is having its most boring period in a long-time, with no significant moves in the majority of the coins since the Sunday dip and the subsequent rebound. The major coins attempted a rally overnight, but last week’s highs proved too strong yet again in the case of most of the currencies. That […]

    The post Crypto Update: Market Stable as Consolidation Continues appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Binance Coin/Bitcoin

    The Binance Coin/Bitcoin (BNB/BTC) pair launched its bull run when it took out 0.00068 resistance on January 5, 2018. Its momentum was so strong that went as high as 0.0018382 on January 12. In one week, the market grew by 170.32%. The surge in value was exploited by breakout buyers as they took profits.   […]

    The post Trade Recommendation: Binance Coin/Bitcoin appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Cardano

    The Cardano/Bitcoin (ADA/BTC) pair jump started its bull run on December 29, 2017 after it breached resistance of 0.00003. The market had such a strong momentum that it went as high as 0.00008788 on January 4, 2018. At this point, however, it was in extreme overbought territory. The rapid ascent was taken advantage by breakout […]

    The post Trade Recommendation: Cardano appeared first on Hacked: Hacking Finance.

    Crypto Market Recovers from Early Slump as Ethereum Classic Jumps 16%

    Capital flowed back into cryptocurrency portfolios Monday, as the market resumed its upward trajectory from last week’s lows. Among the most notable moves were bitcoin’s brief rally north of $9,000 and Ethereum Classic jumping double-digits to nearly two-week highs. Broad Recovery Continues Digital currencies enjoyed a broad upswing on Monday, as the market recovered more […]

    The post Crypto Market Recovers from Early Slump as Ethereum Classic Jumps 16% appeared first on Hacked: Hacking Finance.

    Technical Analysis: Tug of War between Bears and Bulls

    Despite the weekend sell-off, the cryptocurrency market is having another quiet and mostly positive session, although the large-scale setup in the segment is still a declining trend. That said, the rally of the now one-week-old lows has been encouraging, and we still expect a new bullish cycle to begin, with the final lows likely being […]

    The post Technical Analysis: Tug of War between Bears and Bulls appeared first on Hacked: Hacking Finance.

    Lazarus Resurfaces, Targets Global Banks and Bitcoin Users

    This blog was written with support and contributions provided by Asheer Maholtra, Jessica Saavedra Morales, and Thomas Roccia.

    McAfee Advanced Threat Research (ATR) analysts have discovered an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact.

    This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed as employee recruitment, but now targets Bitcoin users and global financial organizations. When victims open malicious documents attached to the emails, the malware scans for Bitcoin activity and then establishes an implant for long-term data-gathering.

    HaoBao targets and never-before-seen implants signal to McAfee ATR an ambitious campaign by Lazarus to establish cryptocurrency cybercrime at a sophisticated level.

    Background

    Beginning in 2017, the Lazarus group heavily targeted individuals with spear phishing emails impersonating job recruiters which contained malicious documents. The campaign lasted from April to October and used job descriptions relevant to target organizations, in both English and Korean language. The objective was to gain access to the target’s environment and obtain key military program insight or steal money. The 2017 campaign targets ranged from defense contractors to financial institutions, including crypto currency exchanges, however; much of this fake job recruitment activity ceased months later, with the last activity observed October 22, 2017.

    Analysis

    On January 15th , McAfee ATR discovered a malicious document masquerading as a job recruitment for a Business Development Executive located in Hong Kong for a large multi-national bank. The document was distributed via a Dropbox account at the following URL:

    hxxps://www.dropbox.com/s/qje0yrz03au66d0/JobDescription.doc?dl=1

    This is the mark of a new campaign, though it utilizes techniques, tactics and procedures observed in 2017. This document had the last author ‘Windows User’ and was created January 16, 2018 with Korean language resources. Several additional malicious documents with the same author appeared between January 16 though January 24, 2018.

    Document summary from Virus Total

     

    Malicious job recruitment documents


    Victims are persuaded to enable content through a notification claiming the document was created in an earlier version of Microsoft Word. The malicious documents then launch an implant on the victim’s system via a Visual Basic macro.

    Malicious Microsoft Word document

     

    Implants dropped in campaign

    The document (7e70793c1ca82006775a0cac2bd75cc9ada37d7c) created January 24, 2018 drops and executes an implant compiled January 22, 2018 with the name lsm.exe (535f212b320df049ae8b8ebe0a4f93e3bd25ed79). The implant lsm.exe contacted 210.122.7.129 which also resolves to worker.co.kr.Implants dropped in campaign

    The other malicious document ( a79488b114f57bd3d8a7fa29e7647e2281ce21f6) created January 19, 2018 drops the implant (afb2595ce1ecf0fdb9631752e32f0e32be3d51bb); which is 99% similar-to the lsm.exe implant.

    This document was distributed from the following Dropbox URLs:

    • hxxps://dl.dropboxusercontent.com/content_link/AKqqkZsJRuxz5VkEgcguqNE7Th3iscMsSYvivwzAYuTZQWDBLsbUb7yBdbW2lHos/file?dl=1
    • hxxps://www.dropbox.com/s/q7w33sbdil0i1w5/job description.doc?dl=1
    HTTP response for job description document

    This implant (csrss.exe) compiled January 15, 2018 contacts an IP address 70.42.52.80 which resolves to deltaemis.com. We identified that this domain was used to host a malicious document from a previous 2017 campaign targeting the Sikorsky program.

    • hxxp://deltaemis.com/CRCForm/3E_Company/Sikorsky/E4174/JobDescription.doc

    A third malicious document (dc06b737ce6ada23b4d179d81dc7d910a7dbfdde) created January 19, 2018 drops e8faa68daf62fbe2e10b3bac775cce5a3bb2999e which is compiled January 15, 2018. This implant communicates to a South Korean IP address 221.164.168.185 which resolves to palgong-cc.co.kr.

    McAfee ATR analysis finds the dropped implants have never been seen before in the wild and have not been used in previous Lazarus campaigns from 2017. Furthermore, this campaign deploys a one-time data gathering implant that relies upon downloading a second stage to gain persistence. The implants contain a hardcoded word “haobao” that is used as a switch when executing from the Visual Basic macro.

    Malicious Document Analysis

    The malicious document contains two payloads as encrypted string arrays embedded in Visual Basic macro code. The payloads are present as encrypted string arrays that are decrypted in memory, written to disk and launched in sequence (second stage malicious binary launched first and then the decoy document).

    The VBA Macro code is self-executing and configured to execute when the OLE document (MS Word doc) is opened (via “Sub AutoOpen()”). The AutoOpen() function in the VBA Macro performs the following tasks in the sequence listed:

    • Decodes the target file path of the second stage binary payload. This file path is calculated based on the current user’s Temp folder location:

    <temp_dir_path>\.\lsm.exe

    VB code to decrypt second stage filepath
    • Decodes the second stage binary in memory and writes it to the %temp%\.\lsm.exe file location
    second stage binary (MZ) as an encrypted String Array in the VBA Macro
    second stage binary (MZ) decoded in memory by the VBA Macro
    • After writing the second stage payload to disk the VBA code performs two important actions.
      • Runs the second stage payload using cmd.exe. This is done so that the cmd.exe process exists as soon as the payload is launched. This way a process enumeration tool cannot find the parent process => Smaller footprint.

    cmdline for executing the second stage binary:

    cmd.exe /c start /b <temp_dir_path>\.\lsm.exe /haobao

    • Adds persistence on the system by creating a shortcut in the user’s Startup folder with the correct cmdline arguments:

    Link file command line: <temp_dir_path>\.\lsm.exe /haobao

    Link File Name: GoogleUpdate.lnk

    Trigger code for executing the second stage binary and establishing persistence

     

    LNK file configuration for establishing persistence
    • Once the second stage payload has been launched, the VBA Macro proceeds to display a decoy document to the end user. This decoy document is also stored in the VBA Macro as an encrypted string array (similar to the second stage payload). The decoy document is again written to the user’s temp directory to the following filename/path:

    <temp_dir_path>\.\Job Description.doc

    Decoy Document decoded in memory by the VBA Macro
    • Once the decoy document has been written to disk, the VBA Macro sets its file attributes to System + Hidden
    • The decoy document is then opened by the malicious VBA Macro and the original malicious document’s caption is copied over to the decoy document to trick the end user into mistaking the decoy document for the original (malicious) document.
    • This activity, combined with the fact that the VBA Macro then closes the current (malicious) document, indicates that the VBA Macro aims to trick an unsuspecting user into thinking that the decoy document currently open is the original (malicious) document opened by the user.
    • Since the decoy document is a benign file and does not contain any macros the victim does not suspect any malicious behavior.

    Implant Analysis

    As part of the implant initialization activities the implant does the following;

    • Checks the string passed to it through command line
      • “/haobao” in case of 535f212b320df049ae8b8ebe0a4f93e3bd25ed79
      • “/pumpingcore” in case of e8faa68daf62fbe2e10b3bac775cce5a3bb2999e

    If the malware does not find this string in its cmdline arguments, it simply quits without going any further.

    • Unwraps a DLL into memory and calls its one-and-only import using Reflective DLL injection. DLL information.

    During our research, we discovered additional variants of the DLL file.


    DLL information

     

    • As part of Reflective DLL loading the malware performs the following tasks on the DLL it has unwrapped in memory:
      • Copy the unwrapped DLL into new locations in its own memory space.
      • Build imports required by the DLL (based on the IAT of the DLL)
    Imports builder code in malware for the DLL imports
    • Call the newly loaded DLL image’s Entry Point (DllMain) with DLL_PROCESS_ATTACH to complete successful loading of the DLL in the malware process.
    DLL Entry Point Call from malware to finish loading of the DLL in memory
    • Call the actual malicious export in the DLL named “CoreDn”
    Hardcoded DLL export name “CoreDn” in malware

    All the malicious activities described below are performed by the DLL unless specified otherwise.

    Data Reconnaissance

    The implant has the capability of gathering data from the victim’s system. The following information will be gathered and sent to the command and control server.

    • Computer name and currently logged on user’s name, stored in the format

    <ComputerName> \ <Username>

    Malware obtaining the computer name and user name
    • List of all processes currently running on the system arranged in format

    <Process Name>\r\n

    <Process Name>\r\n

    <Process Name>\r\n

    <Process Name>\r\n

    Malware collecting process information from endpoint
    • The presence of a specific registry key on the system

    HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

    • The malware appends an indicator (flag) specifying whether the above registry key was found in the user’s registry:

    This key is checked again as part of the command and control communication and is sent as a duplicate value to the command and control in the HTTP POST request as well (explained in the below).

    Malware checking for the presence of the registry key

    Exfiltration

    Preparation

    In preparation of the exfiltration of information collected from the endpoint, the malware performs the following activities:

    • Encode the collected information using a simple byte based XOR operation using the byte key: 0x34.
    • Base64 encode (standard) the XORed data.
    • Again, check for the presence of the Registry Key: HKCU\Software\Bitcoin\Bitcoin-Qt

     

    Command and Control Server Communication

    Once the malware has performed all these activities it sends an HTTP POST request to the CnC server:

    • www[dot]worker.co.kr for md5 BDAEDB14723C6C8A4688CC8FC1CFE668
    • www[dot]palgong-cc.co.kr for md5 D4C93B85FFE88DDD552860B148831026

     

    In the format:

    HTTP POST to www[dot]worker.co.kr

    /board2004/Upload/files/main.asp?idx=%d&no=%s&mode=%s

    OR

     

    HTTP POST to www[dot]palgong-cc.co.kr

    /html/course/course05.asp?idx=%d&no=%s&mode=%s

    where

    idx= 20 (14h) if the Registry key does not exist; 24 (18h) if the key exists.

    no= XORed + base64 encoded “<Computername> \ <username>”

    mode= XORed + base64 encoded Process listing + Registry key flag

    Command and control server domain

    Persistence

    The persistence mechanism of the malware is performed only for the downloaded implant. Persistence is established for the implant via the visual basic macro code initially executed upon document loading by the victim. This persistence is also performed ONLY if the malware successfully executes the downloaded implant. The malware first tries to update the HKEY_LOCAL_MACHINE registry key.

    If the update is unsuccessful then it also tries to update the HKEY_CURRENT_USER registry key. Value written to registry to achieve persistence on the endpoint:

    Registry Subkey = Software\Microsoft\Windows\CurrentVersion\Run

    Value Name = AdobeFlash

    Value Content = “C:\DOCUME~1\<username>\LOCALS~1\Temp\OneDrive.exe” kLZXlyJelgqUpKzP

    Registry based persistence of the second stage payload

    Connections to 2017 campaigns

    The techniques, tactics and procedures are very similar to the campaigns that targeted US Defense contractors, US Energy sector, financial organizations and crypto currency exchanges in 2017.

    The same Windows User author appeared back in 2017 in two malicious documents 비트코인_지갑주소_및_거래번호.doc and 비트코인 거래내역.xls which were involved in crypto currency targeting. Furthermore, one of the implants communicates to an IP address that was involved in hosting malicious job description documents in 2017 involving the Sikorsky military program.

    McAfee Advanced Threat research determines with confidence that Lazarus is the threat group behind this attack for the following reasons:

    • Contacts an IP address / domain that was used to host a malicious document from a Lazarus previous campaign in 2017
    • Same author appeared in these recent malicious documents that also appeared back in Lazarus 2017 campaigns
    • Uses the same malicious document structure and similar job recruitment ads as what we observed in past Lazarus campaigns
    • The techniques, tactics and procedures align with Lazarus group’s interest in crypto currency theft

    Conclusion

    In this latest discovery by McAfee ATR, despite a short pause in similar operations, the Lazarus group targets crypto currency and financial organizations. Furthermore, we have observed an increased usage of limited data gathering modules to quickly identify targets for further attacks. This campaign is tailored to identifying those who are running Bitcoin related software through specific system scans.

     

     Indicators of Compromise

    MITRE ATT&CK techniques

    • Data encoding
    • Data encrypted
    • Command-Line Interface
    • Account discovery
    • Process Discovery
    • Query registry
    • Hidden files and directories
    • Custom cryptographic protocol
    • Registry Run Keys / Start Folder
    • Startup Items
    • Commonly used port
    • Exfiltration Over Command and Control Channel

    IPs

    • 210.122.7.129
    • 70.42.52.80
    • 221.164.168.185

    URLs

    • hxxps://dl.dropboxusercontent.com/content_link/AKqkZsJRuxz5VkEgcguqNE7Th3iscMsSYvivwzAYuTZQWDBLsbUb7yBdbW2lHos/file?dl=1
    • hxxps://www.dropbox.com/s/q7w33sbdil0i1w5/job description.doc?dl=1

    Hashes

    • dc06b737ce6ada23b4d179d81dc7d910a7dbfdde
    • a79488b114f57bd3d8a7fa29e7647e2281ce21f6
    • 7e70793c1ca82006775a0cac2bd75cc9ada37d7c
    • 535f212b320df049ae8b8ebe0a4f93e3bd25ed79
    • 1dd8eba55b16b90f7e8055edca6f4957efb3e1cd
    • afb2595ce1ecf0fdb9631752e32f0e32be3d51bb
    • e8faa68daf62fbe2e10b3bac775cce5a3bb2999e

    McAfee Detection

    • BackDoor-FDRO!
    • Trojan-FPCQ!
    • RDN/Generic Downloader.x
    • RDN/Generic Dropper
    • RDN/Generic.dx

    The post Lazarus Resurfaces, Targets Global Banks and Bitcoin Users appeared first on McAfee Blogs.

    Litecoin Is the Second-Most Popular Cryptocurrency on the Dark Web, Study Finds

    Litecoin is the second-most popular cryptocurrency among vendors that operate on the Dark Web, according to recent research.

    Recorded Future analyzed 150 message boards, marketplaces and illicit services on the Dark Web and determined that 30 percent of these vendors currently accept Litecoin as an alternative payment system. Not far behind is Dash, another form of cryptocurrency, which is accepted by 1 in 5 digital underground merchants.

    Meanwhile, bitcoin still enjoys universal acceptance among Dark Web vendors.

    Litecoin Gaining Ground on Bitcoin

    According to the report, bitcoin’s rise in popularity has strained the blockchain network, resulting in larger payment fees and rendering these payments “economically infeasible.” In addition, some criminals abuse the blockchain to try to double-spend their bitcoins.

    Most vendors have responded by requiring three confirmations before marking a transaction as complete. Such a policy makes Dark Web bitcoin users jittery, especially if they’re purchasing illicit goods such as drugs or weapons.

    Litecoin’s code increases the speed of transactions. As a result, transaction fees are low and miners can generate a larger number of coins. Recorded Future asserted that these benefits could ultimately make Litecoin, or a similar cryptocurrency such as Dash, the top choice on the Dark Web within the next year.

    Ryan Taylor, CEO of the Dash Core team, told SC Magazine he disagrees with that assessment, noting that the criminal underground doesn’t use his cryptocurrency. “Currently, less than 1 percent of transactions on the Dash network utilize the PrivateSend feature,” he said, “which contradicts the assertion that Dash is on the rise as a Dark Net payments alternative.”

    The Growing Risk of Cryptocurrency Mining Attacks

    If Litecoin continues to grow in popularity, ransomware authors will surely adopt the cryptocurrency. Bad actors will also begin using cryptocurrency mining attacks to generate new Litecoin, which could increase the number of organizations that will be affected by such incidents in the coming years.

    The post Litecoin Is the Second-Most Popular Cryptocurrency on the Dark Web, Study Finds appeared first on Security Intelligence.

    Trade Recommendation: Quantstamp

    The Quantstamp/Bitcoin pair ignited its bull run on December 30, 2017 after breaching resistance of 0.00002. The market’s momentum was so strong that it went as high as 0.00005420 on January 8, 2018. The market grew by 171% in less than two weeks. This sudden spurt was exploited by breakout players as they started to […]

    The post Trade Recommendation: Quantstamp appeared first on Hacked: Hacking Finance.

    Trade Recommendation: ChainLink/Bitcoin

    The ChainLink/Bitcoin (LINK/BTC) pair lost all bullishness on October 12, 2017 when it generated a lower high of 0.00009850. On the next day, the market broke support at 0.00008, which triggered the downtrend. From then on, the market created consecutive lower lows and lower highs. It took the pair exactly two months to find the […]

    The post Trade Recommendation: ChainLink/Bitcoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Coins Regain Strength after Brief Correction

    The major cryptocurrencies experienced a low-volume dip in the second half of the weekend that concluded a generally bullish week. The pullback didn’t cause major technical damage, with the important support levels holding up, and now the coins are likely headed for a test of last week’s highs. The stock market sell-off that has been […]

    The post Crypto Update: Coins Regain Strength after Brief Correction appeared first on Hacked: Hacking Finance.

    Energy Riches Fuel Bitcoin Craze For Speculation-shy Iceland

    Iceland is expected to use more energy "mining" bitcoins and other virtual currencies this year than it uses to power its homes. From a report: With massive amounts of electricity needed to run the computers that create bitcoins, large virtual currency companies have established a base in the North Atlantic island nation blessed with an abundance of renewable energy. The new industry's relatively sudden growth prompted lawmaker Smari McCarthy of Iceland's Pirate Party to suggest taxing the profits of bitcoin mines. The initiative is likely to be well received by Icelanders, who are skeptical of speculative financial ventures after the country's catastrophic 2008 banking crash. "Under normal circumstances, companies that are creating value in Iceland pay a certain amount of tax to the government," McCarthy told The Associated Press. "These companies are not doing that, and we might want to ask ourselves whether they should."

    Read more of this story at Slashdot.

    Crypto Prices Slide as New Week Begins

    The world’s top cryptocurrencies declined at the start of Monday trading, with bitcoin, Ethereum and Stellar falling by at least 4%. Each currency in the top 20 was down following a weekend rally that fizzled out on Sunday. Crypto Price Levels Bitcoin briefly traded below $7,900 on Monday, where it was off more than $1,000 […]

    The post Crypto Prices Slide as New Week Begins appeared first on Hacked: Hacking Finance.

    Russian scientists arrested for mining Bitcoin at nuclear facility

    Russian Scientists Arrested For Using a Top-Secret Government Computer For Mining Bitcoin

    Some engineers working at a top-secret Russian nuclear research facility have been arrested by Russian security officers for allegedly using one of the country’s most powerful supercomputers to mine Bitcoin, reports BBC.

    The alleged attempt to mine Bitcoin was carried out at the Federal Nuclear Center in Sarov, a top-secret area with high security where the Soviet Union’s first atomic bomb was developed during the cold war.

    “There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” The Federal Nuclear Center in Sarov stated, according to the BBC and the Russian news agency, Interfax. “As far as we are aware, a criminal case has been launched against them.”

    The supercomputer that was reportedly used was not supposed to be connected to the internet for security reasons. However, it was used by the engineers for personal agendas that included mining for cryptocurrencies. The officials quickly realized something was not right after they were alerted that it had been connected.

    “Their activities were stopped in time,” institute spokeswoman Tatiana Zalesskaya, told Interfax news agency.

    “The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them,” she added, without saying how many were detained.

    The arrested engineers have been handed over to the Federal Security Service. It is unclear when the crime had taken place or how many suspects were involved.

    Cryptocurrencies require a great deal of computational power and energy consumption to turn a profit. The Federal Nuclear Center employs about 20,000 people and its supercomputer boasts a capacity of 1 petaflop, which is the equivalent of 1,000 trillion calculations per second, the BBC reported.

    Russia is turning into a breeding ground of cryptocurrency mining due to its low-cost energy reserves and computer takeovers are expected to only continue in all likelihood.

    The Federal Nuclear Center is supervised by Rosatom, the Russian nuclear agency, and works on producing nuclear weapons.

    “Similar attempts have recently been registered in a number of large companies with large computing capacities, which will be severely suppressed at our enterprises,” Zalesskaya told the Russian news agency Interfax.

    Such attempts “at our enterprises will be harshly put down, this activity technically has no future and is punishable as a crime”, she added.

    The post Russian scientists arrested for mining Bitcoin at nuclear facility appeared first on TechWorm.

    Security Affairs: FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins

    Russian authorities have arrested some employees at the Russian Federation Nuclear Center facility because they are suspected for trying to using a supercomputer at the plant to mine Bitcoin.

    The peaks reached by the values of principal cryptocurrencies is attracting criminal organizations, the number of cyber-attacks against the sector continues to increase, and VXers are focusing their efforts on the development of cryptocurrency/miner malware.

    In a few days, security firms have spotted several huge botnets that were used by crooks to mine cryptocurrencies.

    This week, security experts at  Radiflow, a provider of cybersecurity solutions for critical infrastructure, have discovered in a water utility the first case of a SCADA network infected with a Monero cryptocurrency-mining malware.

    Radiflow, a provider of cybersecurity solutions for critical infrastructure, today announced that the company has revealed the first documented cryptocurrency malware attack on a SCADA network of a critical infrastructure operator.” reads the press release published by the company.

    The Radiflow revealed that the cryptocurrency malware was designed to run in a stealth mode on a target system and even disable security software.

    “Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator,” explained Yehonatan Kfir, CTO at Radiflow. “While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time.”

    A cryptocurrency malware infection could have e dramatic impact on ICS and SCADA systems because it could increase resources consumption affecting the response times of the systems used to control processes in the environments.

    While the story was making the headlines, the Russian Interfax News Agency reported that several scientists at the Russian Federation Nuclear Center facility (aka All-Russian Research Institute of Experimental Physics) had been arrested by authorities charged for mining cryptocurrency with “office computing resources.”

    The nuclear research plant is located in Sarov, in 2011, the Russian Federation Nuclear Center deployed on a new petaflop-supercomputer.

    The scientists are accused to have abused the computing power of one of Russia’s most powerful supercomputers located in the Federal Nuclear Center to mine Bitcoins.

    Russian Federation Nuclear Center facility

    The supercomputer normally isolated from the Internet, but the researchers were discovered while attempting to connect it online. the Federal Security Service (FSB) has arrested the researchers.

    “There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” Tatyana Zalesskaya, head of the Institute’s press service, told Interfax news agency.

    “Their activities were stopped in time. The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them,”

     

    Pierluigi Paganini

    (Security Affairs – Russian Federation Nuclear Center facility, Mining)

    The post FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins appeared first on Security Affairs.



    Security Affairs

    FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins

    Russian authorities have arrested some employees at the Russian Federation Nuclear Center facility because they are suspected for trying to using a supercomputer at the plant to mine Bitcoin.

    The peaks reached by the values of principal cryptocurrencies is attracting criminal organizations, the number of cyber-attacks against the sector continues to increase, and VXers are focusing their efforts on the development of cryptocurrency/miner malware.

    In a few days, security firms have spotted several huge botnets that were used by crooks to mine cryptocurrencies.

    This week, security experts at  Radiflow, a provider of cybersecurity solutions for critical infrastructure, have discovered in a water utility the first case of a SCADA network infected with a Monero cryptocurrency-mining malware.

    Radiflow, a provider of cybersecurity solutions for critical infrastructure, today announced that the company has revealed the first documented cryptocurrency malware attack on a SCADA network of a critical infrastructure operator.” reads the press release published by the company.

    The Radiflow revealed that the cryptocurrency malware was designed to run in a stealth mode on a target system and even disable security software.

    “Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator,” explained Yehonatan Kfir, CTO at Radiflow. “While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time.”

    A cryptocurrency malware infection could have e dramatic impact on ICS and SCADA systems because it could increase resources consumption affecting the response times of the systems used to control processes in the environments.

    While the story was making the headlines, the Russian Interfax News Agency reported that several scientists at the Russian Federation Nuclear Center facility (aka All-Russian Research Institute of Experimental Physics) had been arrested by authorities charged for mining cryptocurrency with “office computing resources.”

    The nuclear research plant is located in Sarov, in 2011, the Russian Federation Nuclear Center deployed on a new petaflop-supercomputer.

    The scientists are accused to have abused the computing power of one of Russia’s most powerful supercomputers located in the Federal Nuclear Center to mine Bitcoins.

    Russian Federation Nuclear Center facility

    The supercomputer normally isolated from the Internet, but the researchers were discovered while attempting to connect it online. the Federal Security Service (FSB) has arrested the researchers.

    “There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” Tatyana Zalesskaya, head of the Institute’s press service, told Interfax news agency.

    “Their activities were stopped in time. The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them,”

     

    Pierluigi Paganini

    (Security Affairs – Russian Federation Nuclear Center facility, Mining)

    The post FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins appeared first on Security Affairs.

    Trade Recommendation: Qtum/Bitcoin

    The Qtum/Bitcoin (QTUM/BTC) pair launched its bull run on December 18, 2017 when it took out resistance at 0.002. The momentum it carried was so strong that it went as high as 0.004996 on January 7, 2018. At that point, however, the market has grown by almost 150%, and that was enough for breakout buyers […]

    The post Trade Recommendation: Qtum/Bitcoin appeared first on Hacked: Hacking Finance.

    Who Killed The ICO?

    For all the hype and chatter we listened to going back to last year, initial coin offerings have suddenly gone dead.  The entire month of January 2018 raised only $52 million according to ICOWatchlist.com.  In the halcyon days this was the rate of  inflow every three days (it’s important to note that crowdfunding amounts vary, […]

    The post Who Killed The ICO? appeared first on Hacked: Hacking Finance.

    Crypto Update: Ripple Leads Weekend Rally despite Pull-Back

    The Asian session saw another bullish push in the cryptocurrency segment, as the uncertainty that the US stock volatility meant for all financial markets waned after the closing of traditional exchanges. The late-day rally in stocks also helped to calm tensions, and the major coins took advantage of the favorable environment and continued the rally […]

    The post Crypto Update: Ripple Leads Weekend Rally despite Pull-Back appeared first on Hacked: Hacking Finance.

    Technical Analysis: Bullish Signs Remain Dominant as Coins Continue Rally

    A quiet and positive day; it has been a while that cryptocurrency investors experienced such a comfortable environment, especially amid the most volatile period in global financial markets in the past two years. Of course, the preceding steep decline was challenging for crypto-bulls, but as early positive signs already emerged last week, and price action […]

    The post Technical Analysis: Bullish Signs Remain Dominant as Coins Continue Rally appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Vertcoin

    The Vertcoin/Bitcoin pair ignited its bull run on October 21, 2017 when it broke out of resistance of 0.00035. It went as high as 0.00096219 on October 28 before succumbing to selling pressure. In just a matter of seven days, the market grew by 174.91%. Such a rapid rise in value was taken advantage by […]

    The post Trade Recommendation: Vertcoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Coins Still Stable as Ripple Breaks Trendline

    While the major coins didn’t make too much progress in the last couple of days, with a few exceptions like Bitcoin Cash, Lisk, ETC, and Monero, the price action is encouraging considering the recent period and the global environment in financial markets. The segment shows clear signs of resilience amid the elevated levels of uncertainty […]

    The post Crypto Update: Coins Still Stable as Ripple Breaks Trendline appeared first on Hacked: Hacking Finance.

    Arizona Introduces Bill That Would Allow Residents To Pay Taxes In Bitcoin

    In a bid to attract businesses involved in blockchain and cryptocurrencies, Arizona lawmakers have proposed a bill that would allow the state's citizens to pay their taxes in bitcoin. "Arizona State Rep. Jeff Weninger, who introduced the bill, said it was a signal to everyone in the United States, and possibly throughout the world, that Arizona was going to be the place to be for blockchain and digital currency technology in the future," reports Investopedia. From the report: Weninger, a Republican, also cited the ease of making online payments through the cryptocurrency "while you're watching television," as another reason. But he did not divulge much detail about the implementation of such a system. That might be the reason why Weninger faces an uphill battle in getting the bill approved by the state legislature. Bitcoin's price volatility is already being cited as a possible roadblock to implementing such a measure by state legislators. Arizona state senator Steve Farley, a Democrat who's running for governor, said the bill puts the "volatility burden" of bitcoin's price on taxpayers who make payments in U.S. dollars. "It would mean that the money goes to the state and then the state has to take responsibility of how to exchange it," Farley said.

    Read more of this story at Slashdot.

    Technical Analysis: Coins Hold Gains amid Stock Turmoil

    As volatility and uncertainty continue to reign supreme in financial markets, the cryptocurrency segment is an island of relative calm, which is a huge change compared to the previous weeks and months, when cryptocurrencies were the most volatile asset class by a mile. Bitcoin and the rest of the majors have been trading in relatively […]

    The post Technical Analysis: Coins Hold Gains amid Stock Turmoil appeared first on Hacked: Hacking Finance.

    Bitcoin Won’t Be the Dark Web’s Top Cryptocurrency For Long

    Bitcoin has essentially become the poster child for cryptocurrencies, and that's a problem for cybercriminals dealing on the dark web. From a report: Researchers from Recorded Future, a threat intelligence company, looked through 150 of the dark web's top marketplaces and forums and found that bitcoin's boom is driving shady characters away from the cryptocurrency. The rise of bitcoin has brought cryptocurrency -- digital alternatives to government-issued money -- to the mainstream, enticing people who are looking to get rich quick. Last December, bitcoin hit its all-time high at nearly $20,000, but it has since slumped and as of Thursday is trading at a little over the $8,000 mark. But before it was a massive investment that millionaires bought, it was the dark web's currency of choice, thanks to its decentralized and anonymous structure.

    Read more of this story at Slashdot.

    New Deepfakes forum goes mining with Coinhive

    You may or may be familiar with the furore over Deepfakes, a relatively new development in pornography involving a tool called FacesApp, which is capable of producing a real porn clip that replaces the original actors’ heads with those of celebrities—or indeed, anyone at all.

    Online fakes have been around since the early 2000s or possibly even earlier; alongside those old photos, fakers would also make the odd terrible porno flick. Those movies would quite literally be a static cut out of a celebrity’s head stuck onto the body. Some 20 years later, the tech has caught up, and the web is suddenly dealing with the fallout.

    FacesApp allows people to “train” an AI to create a realistic head so the scene is practically indistinguishable from reality. The AI is trained by feeding it images or footage of people; the more data it has to go off, the more realistic everything is.

    After a media firestorm, the inevitable has happened. All of the Deepfake subreddits, where the majority of content was being created, have been taken offline after major players such as Twitter and PornHub had already effectively banned Deepfake content from their networks.

    The Deepfake tech is available for pretty much anyone to make use of—the only real barrier to entry is having a powerful PC capable of withstanding the intensive training process, which can take hours or days to complete.

    Now, if you were a crafty cybercriminal and knew that the main Deepfakes sources were taken offline, with a sizable community of content consumers and creators with heavy-duty PC rigs suddenly set adrift, what would you do?

    The answer, of course, is monetize potentially dubious fakes that you didn’t create yourself and hammer visitor’s PCs with mining scripts.

    One of the most popular “lifeboat” sites we’ve seen for those unceremoniously dumped from the tender embrace of reddit was being promoted pretty heavily on surviving subreddits:

    promo messages

    Click to enlarge

    On the surface, it looks like a fairly typical forum, and it’s been getting a fair bit of activity so far. It all looks legit—or at least as legit as can be given the controversial content on offer:

    Deep...coins?

    Click to enlarge

    A quick check of the source code, while your CPU likely ramps up to 100 percent, would tell a slightly different story:

    miner code

    Click to enlarge

    We have some Javascript located at:

    /mybbalertsjs(dot)min(dot)js

    Click to enlarge

    Sure, you could try to make sense of it as is. Or, you could just unpack it instead and save yourself a headache because that is a large, confusing pile of code. What is it doing?

    miner function

    var Miner=function

    …miner…function? Did this site place mining scripts in the background?

    coinhive

    Click to enlarge

    self.CoinHive.CONFIG=

    They sure did, and we block both the mining and the website in question.

    blocked

    Click to enlarge

    Coinhive is something we’ve been blocking since October. It allows you to place cryptocurrency mining scripts on your webpage, similar to how regular adverts are placed, except it’ll try to make as much use of your machine as possible to whip up some Monero coins for the site owner. Here’s an example of a site pushing a PC to the limit via mining scripts in the background. Check out the resources being gobbled up on the right-hand side:

    Ramping up

    Click to enlarge

    In an age of people leaving dozens of tabs open and going for dinner, websites running scripts that ramp you up to 100 percent CPU usage and generate a fair bit of heat in the bargain just aren’t my thing. Now that we have DIY fake porn tech which demands high system specs and also has people simultaneously making content as well as downloading it, they’re prime targets for a spot of potentially surreptitious cryptomining taking place behind the scenes.

    We’ve seen a few mentions of other Deepfake aficionados complaining about dodgy sites, and we’ll be taking a closer look to see what’s out there. All in all, you’re probably better off steering clear of the whole mess and taking up a less stress-inducing hobby (for you and your computer).

    Keep your security tools up to date, make informed decisions about what you want to block, and keep those CPU temperatures down to a minimum!

    The post New Deepfakes forum goes mining with Coinhive appeared first on Malwarebytes Labs.

    Trade Recommendation: Monero

    The Monero/Bitcoin (XMR/BTC) pair is in the midst of a strong bull run that started when the market breached resistance of 0.02 on December 19, 2017. It went as high as 0.0288 on December 20 before flashing overbought reading. In just one day, the market grew by 44%. The surge was exploited by participants who […]

    The post Trade Recommendation: Monero appeared first on Hacked: Hacking Finance.

    Trade Recommendation: EOS

    The EOS/Bitcoin pair launched its bull run on December 13, 2017 when it breached resistance of 0.0004. Its momentum was so strong that it went as high as 0.0013333 on January 13, 2018. In just a month, the market grew by 233.33%. This surge was exploited by those bought the breakout at 0.0004 by taking […]

    The post Trade Recommendation: EOS appeared first on Hacked: Hacking Finance.

    Attackers Drain CPU Power From Water Utility Plant In Cryptojacking Attack

    darthcamaro writes: Apparently YouTube isn't the only site that is draining CPU power with unauthorized cryptocurrency miners. A water utility provider in Europe is literally being drained of its CPU power via an cryptojacking attack that was undetected for three weeks. eWeek reports: "At this point, Radiflow's (the security firm that discovered the cryptocurrency mining malware) investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Radiflow CTO Yehonatan Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Radiflow's CEO, Ilan Barda, noted that many SCADA environments still have Windows XP systems deployed as operators tend to be very slow to update their operating systems." Radiflow doesn't know how much Monero (XMR) cryptocurrency was mined by the malware, but a recent report from Cisco's Talos research group revealed that some of the top un-authorized cryptocurrency campaigns generate over a million dollars per year. The average system would generate nearly $200,000 per year.

    Read more of this story at Slashdot.

    Hospital warns 24,000 patients that its EMR system was hacked to mine cryptocurrency

    Hackers are increasingly setting their sights on electronic medical records (EMR) to extort money from hospitals and their affiliated system vendors. Most recently, one hospital has seen its EMR service hijacked to mine cryptocurrency.

    On January 26, Parsons, Tennessee-based Decatur County General Hospital started notifying customers that its EMR vendor was compromised by a hacker who injected cryptocurrency mining malware into its systems.

    “On November 27, 2017, we received a security incident report from our EMR system vendor indicating that unauthorized software had been installed on the server the vendor supports on our behalf,” reads the DCGH notice. “The unauthorized software was installed to generate digital currency, more commonly known as ‘cryptocurrency.’”

    An investigation revealed the attacker infected the servers remotely some time in September. However, the hospital was only notified of the breach two months later, which is highly unorthodox considering that the attackers could have (and potentially might have) compromised the sensitive information of tens of thousands of patients.

    It is unclear how much cryptocurrency was generated for the attacker(s) as part of the hack, but DCGH says “the EMR vendor replaced the server and operating about four days later [following the breach].”

    The hospital says information on the affected server included patient names, addresses, dates of birth, Social Security numbers, diagnosis and treatment data, and insurance billing information.

    On the good side, while the investigation into the breach continues, DCGH claims (so far) it has no evidence that patient information was acquired or viewed by unauthorized parties.

    “Based upon reports of similar incidents, we do not believe that your health information was targeted by any unauthorized individual installing the software on the server,” reads the reassuring notice.

    The growing popularity of cryptocurrency has spawned huge interest in cryptocurrency miners and ransomware. Digital currency is highly untraceable, while at the same time it can be generated out of thin air by hacking and using other people’s computers to ‘mine’ new coins.

    For the curious, the cryptocurrency mined with the hacked EMR vendor’s systems was reportedly Dash. According to the World Coin Index, which tracks the fluctuating values of all cryptocurrencies in existence, Dash is the fourth-most valuable cryptocurrency per unit, currently trading at 557 USD.

    For comparison, one Ethereum is $820, BitcoinCash sells for just over $1,000, and the almighty Bitcoin – which two months ago stood at almost $20,000 per unit – is now worth $8,200.

    Crypto Update: Bitcoin Leads Morning Rally after Overnight Dip

    The crypto rally is well and alive this morning, even as the dominant downtrend is still intact in all of the majors. The coins are showing strength despite the renewed volatility-related fears in financial markets that are sending shockwaves through equity and forex markets since the Monday crash. The relative strength in cryptocurrencies comes on […]

    The post Crypto Update: Bitcoin Leads Morning Rally after Overnight Dip appeared first on Hacked: Hacking Finance.

    Technical Analysis: Cryptocurrencies Consolidate after Powerful Rally

    The advance that catapulted the major coins off the recent lows by 30-50% stalled out today in the second half of the session, as the major coins settled down somewhat following the highly volatile period. As stock markets had a choppy and ultimately flat day after the crash and the subsequent bounce, and that helped […]

    The post Technical Analysis: Cryptocurrencies Consolidate after Powerful Rally appeared first on Hacked: Hacking Finance.

    Trade Recommendation: SNGLS/Bitcoin

    While the SNGLS/Bitcoin pair is a relatively new market, it established its bearish trend when it failed to close above 0.00003 on November 7, 2017. From that point on, the market gradually tumbled until it bottomed out on December 8 at 0.00000613. A week later, the pair established support at 0.0000068, which it used as […]

    The post Trade Recommendation: SNGLS/Bitcoin appeared first on Hacked: Hacking Finance.

    Trade Recommendation: NEO

    The NEO/Bitcoin pair ignited its bull run on January 7, 2018 when it breached resistance of 0.006. The momentum it carried was so strong that the market went as high as 0.0152 on January 30. Those who bought the breakout at 0.006 grew their investments by 153.33% in three weeks. As the market was already […]

    The post Trade Recommendation: NEO appeared first on Hacked: Hacking Finance.

    Get Ready For Most Cryptocurrencies to Hit Zero, Goldman Says

    An anonymous reader shares a report: The tumble in cryptocurrencies that erased nearly $500 billion of market value over the past month could get a lot worse, according to Goldman Sachs Group's global head of investment research. Most digital currencies are unlikely to survive in their current form, and investors should prepare for coins to lose all their value as they're replaced by a small set of future competitors, Goldman's Steve Strongin said in a report dated Feb. 5. While he didn't posit a timeframe for losses in existing coins, he said recent price swings indicated a bubble and that the tendency for different tokens to move in lockstep wasn't rational for a "few-winners-take-most" market. "The high correlation between the different cryptocurrencies worries me," Strongin said. "Because of the lack of intrinsic value, the currencies that don't survive will most likely trade to zero."

    Read more of this story at Slashdot.

    Crypto Update: Coins Extend Gains Above Prior Lows

    Although the major coins are still not completely out of the woods, with the dominant downtrend still being intact, bullish signs continue to show up across the board, and today’s rally could be the start of the durable rally that bulls have been expecting. The stabilizing global stock markets and the improving news flow helped […]

    The post Crypto Update: Coins Extend Gains Above Prior Lows appeared first on Hacked: Hacking Finance.

    Senate Cryptocurrency Hearing Strikes a Cautiously Optimistic Tone

    An anonymous reader quotes a report from TechCrunch: In a hearing today before the Senate Banking Committee, Securities and Exchange Commission Chairman Jay Clayton and Commodity Futures Trading Commission Chairman Christopher Giancarlo opened up about what the near-term U.S. regulatory fate of cryptocurrency might look like. In a week of plunging prices and bad news, the hearing struck a tone that coin watchers could reasonably interpret as surprisingly optimistic. Over the course of the open hearing, Clayton and Giancarlo traded testimony over what can be regulated, what should be regulated and how, while offering a broader outlook on the long-term future of virtual currency markets and blockchain tech. The testimony drew a useful distinction among three pillars of the virtual currency ecosystem (for lack of a better unifying term): cryptocurrencies, "a replacement for dollars;" ICOs, "like a stock offering;" and distributed ledger technologies, or the technical framework generally known as blockchain. Throughout the hearing, on the SEC side, Clayton struck a relatively solemn tone focused on ICO fraud concerns, while the CFTC's Giancarlo came across as genuinely enthusiastic and curious about the emerging market. When asked about the intrinsic value of cryptocurrency, Clayton said: "There are a lot of smart people who think there's something to the value of cryptocurrency and the international exchange and I'm not seeing those benefits manifesting themselves in the market yet. I look at this from the perspective of Main Street investors and they should understand that." On ICOs as a security: "I believe every ICO I've seen is a security... You can call it a coin but if it functions as a security, it is a security... Those who engage in semantic gymnastics or elaborate re-structuring exercises in an effort to avoid having a coin be a security are squarely in the crosshairs of our enforcement provision."

    Read more of this story at Slashdot.

    Tesla in Space, The Global Market Bounce in Stocks and Cryptos

    Looks like we’re one step closer to life on Mars. For those who haven’t seen, Elon Musk’s Space exploration company has just successfully completed the monumental task of launching the most powerful rocket of our generation, the Falcon Heavy. The first payload of the groundbreaking rocket was one of Musk’s own Tesla Roadsters. Here we […]

    The post Tesla in Space, The Global Market Bounce in Stocks and Cryptos appeared first on Hacked: Hacking Finance.

    Daily Analysis: Stocks, Cryptos Bounce Back Hard after Volatility-Driven Crash

    Tuesday Market Recap Asset Current Value Daily Change S&P 500 2684 2.94% DAX 12,392 -2.32% WTI Crude Oil 63.92 -0.36% GOLD 1326.00 -0.72% Bitcoin 7800 9.71% EUR/USD 1.2380 0.03% The disastrous overnight session in stocks that drove the S&P 500 almost 100 points below even yesterday’s crash lows, saw the unwind of several short-volatility ETFs, […]

    The post Daily Analysis: Stocks, Cryptos Bounce Back Hard after Volatility-Driven Crash appeared first on Hacked: Hacking Finance.

    Technical Analysis: Coins Stabilize amid Positive Divergences

    A hectic and bearish overnight session was followed by a strong bounce in the cryptocurrency segment, as the stock market, which experienced the largest sell-off in years, also rebounded. Bitcoin recovered above $7500 after hitting a low near $6000, and while most of the majors followed the largest coin, several currencies showed relative strength again. […]

    The post Technical Analysis: Coins Stabilize amid Positive Divergences appeared first on Hacked: Hacking Finance.

    Crypto Update: Are We There Yet?

    The crypto segment had another rough overnight session, despite the already steep losses in the segment. The uncertainty regarding the stock market volatility crisis and the preceding technical break-down in most of the major coins created a very unstable environment with wild swings in the still generally bearish trend. The positive divergences in the already […]

    The post Crypto Update: Are We There Yet? appeared first on Hacked: Hacking Finance.

    Running Firefox, OnyX or Deeper on your Mac? You might be mining cryptocurrency for a hacker

    Three widely used Mac apps infected with cryptocurrency miners have been flagged by security researchers this week. The programs, distributed through third-party aggregators (i.e. not the official Mac App Store), need to be immediately uninstalled if users are to stay out of harm’s way.

    Earlier this week, researchers found fake or otherwise modified versions of Mozilla’s Firefox web browser, as well as system tools OnyX and Deeper, infected with cryptocurrency-mining malware targeting Macs. The modified apps were distributed through MacUpdate, a third-party Mac software aggregator.

    Deeper is a personalization utility and OnyX is a popular maintenance tool. Both apps were created by veteran development studio Titanium Software.

    Dubbed OSX.CreativeUpdate, the malware spread through hacked pages on MacUpdate. OSX.CreativeUpdate is a Trojan that, once installed, downloads its cryptocurrency mining component. The miner hijacks the Mac’s processor to generate digital “coins” that go straight to the attacker’s wallet.

    A spokesperson for MacUpdate confirms the hack in a comment on all three infected download pages.

    “If you have installed-and-run Firefox 58.0.2, OnyX, or Deeper since 1 February 2018, please accept my apologies, but you will need to follow these steps to remove a bitcoin miner which hacked versions of those apps,” writes the person, identified only as Jess. “This is not the fault of the respective developers, so please do not blame them. The fault is entirely mine for having been fooled by the hackers.”

    In short, if you’ve downloaded any of these three apps through MacUpdate as of late, you need to trash them.

    However, just deleting the app binaries is not enough. As power users should know, when new software is installed, MacOS makes room for additional application resources in different parts of the system – specifically, the Library folder. So, even if you delete the app itself, some leftovers might remain in this directory.

    Case in point – according to Jess, users need to follow these exact steps to eliminate any potential infection with OSX.CreativeUpdate:

    • Delete any copies of the above titles you might have installed.
    • Download and install fresh copies of the titles.
    • In Finder, open a window for your home directory (Cmd-Shift-H).
    • If the Library folder is not displayed, hold down the Option/Alt key, click on the “Go” menu, and select “Library (Cmd-Shift-L)”.
    • Scroll down to find the “mdworker” folder (~/Library/mdworker/).
    • Delete the entire folder.
    • Scroll down to find the “LaunchAgents” folder (~/Library/LaunchAgents/).
    • From that folder, delete “MacOS.plist” and “MacOSupdate.plist” (~/Library/LaunchAgents/MacOS.plist and ~/Library/LaunchAgents/MacOSupdate.plist).
    • Empty the Trash.
    • Restart your system.

    The web site says it already fixed the pages for Firefox, Onyx and Deeper. A lot of Mac owners make use of the vast software library that is MacUpdate. However, we advise downloading your third-party software either from the developer’s web site or through Apple’s curated Mac App Store. For more peace of mind, run Bitdefender Antivirus for Mac, which classifies cryptocurrency miners as malware and blocks them as such.

    Trade Recommendation: Syscoin

    The Syscoin/Bitcoin pair started its bull run on when it broke out of 0.000048 resistance on December 24, 2017. Its strong momentum enabled the market to temporarily pierce resistance at 0.000068 on January 13, 2018. The rally gave breakout buyers a growth of over 40% in their investments in three weeks. To lock profits, breakout […]

    The post Trade Recommendation: Syscoin appeared first on Hacked: Hacking Finance.

    Where’s the Money Gone?

    By now it is clear that we are in the throes of a historic market sell off. Money is flying off the table at a record-breaking pace and it’s affecting everything from stocks to bonds to commodities to cryptos. One of my colleagues asked a really smart question yesterday if everything is selling off where […]

    The post Where’s the Money Gone? appeared first on Hacked: Hacking Finance.

    Man Sues T-Mobile For Allegedly Failing To Stop Hackers From Stealing His Cryptocurrency

    Over the weekend, a lawsuit was filed against T-Mobile claiming that the company's lack of security allowed hackers to enter his wireless account last fall and steal cryptocoins worth thousands of dollars. "Carlos Tapang of Washington state accuses T-Mobile of having 'improperly allowed wrongdoers to access' his wireless account on November 7th last year," reports The Verge. "The hackers then cancelled his number and transferred it to an AT&T account under their control. 'T-Mobile was unable to contain this security breach until the next day,' when it finally got the number back from AT&T, Tapang alleges in the suit, first spotted by Law360." From the report: After gaining control of his phone number, the hackers were able to change the password on one of Tapang's cryptocurrency accounts and steal 1,000 OmiseGo (OMG) tokens and 19.6 BitConnect coins, Tapang claims. The hackers then exchanged the coins for 2.875 Bitcoin and transferred it out of his account, the suit states. On November 7th, the price of Bitcoin was $7,118.80, so had the hackers cashed out then, they would have netted a profit of $20,466.55. Tapang goes on to say, "After the incident, BTC price reached more than $17,000.00 per coin," but given the volatility of bitcoin prices, the hackers may not have benefited from the soar. The suit alleges T-Mobile is at fault partly because the carrier said it would add a PIN code to Tapang's account prior to the incident, but didn't actually implement it. Tapang also states that hackers are able to call T-Mobile's customer support multiple times to gain access to customer accounts, until they're able to get an agent on the line that would grant them access without requiring further identity verification. The complaint also lists several anonymous internet users who have posted about similar security breaches to their own T-Mobile accounts.

    Read more of this story at Slashdot.

    Technical Analysis: Coins Hit New Lows amid China Crackdown and Stock Rout

    Cryptocurrencies experienced heavy selling yet again, as the negative regulatory news flow continued to weigh on sentiment. The severe stock market decline in the US also increased uncertainty in the second half of the day, and the majority of the largest coins hit new correction lows. That said, several coins showed relative strength amid the […]

    The post Technical Analysis: Coins Hit New Lows amid China Crackdown and Stock Rout appeared first on Hacked: Hacking Finance.

    US Regulators To Back More Oversight of Virtual Currencies

    Digital currencies such as bitcoin demand increased oversight and may require a new federal regulatory framework, the top U.S. markets regulators will tell lawmakers at a congressional hearing on Tuesday. From a report: Christopher Giancarlo, chairman of the Commodity Futures Trading Commission (CFTC), and Jay Clayton, chairman of the Securities and Exchange Commission (SEC), will provide testimony to the Senate Banking Committee amid growing global concerns over the risks virtual currencies pose to investors and the financial system. Giancarlo and Clayton will say a patchwork of rules for cryptocurrency exchanges may need to be reviewed in favour of a rationalised federal framework, according to prepared testimony published on Monday. Congressional sources told Reuters the hearing will largely be a fact-finding exercise focusing on the powers of the SEC and CFTC to oversee cryptocurrency exchanges, how the watchdogs can protect investors from volatility and fraud, and the risks posed by cyber criminals intent on stealing digital tokens.

    Read more of this story at Slashdot.

    Add to Bitcoin Positions on Panic Selling

    We had recently written about a likely bottom in bitcoin, however, the pullback was shallow and the cryptocurrency is on the verge of a breakdown once again. While it is difficult to pinpoint an exact bottom, we can estimate the process of a bottom formation. Key observations Bitcoin is looking weak and is likely to […]

    The post Add to Bitcoin Positions on Panic Selling appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Zcash

    The Zcash/Bitcoin exhausted all bullishness when it created a lower high of 0.167 on June 20, 2017. The downtrend was confirmed when it broke below critical support of 0.12 on July 1. From that point, the market created a series of lower lows and lower highs. It took the pair five months to find stability. […]

    The post Trade Recommendation: Zcash appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Dogecoin

    The Dogecoin/Bitcoin pair launched its bull run on December 24, 2017 when it broke out of the resistance level of 0.0000005. The momentum it carried was so strong that it more than doubled its value in about two weeks. On January 7, 2018 the market went as high as 0.00000114. At this price point, however, […]

    The post Trade Recommendation: Dogecoin appeared first on Hacked: Hacking Finance.

    Market Update: Re-Test or Another Leg Lower?

    The major coins are plunging yet again today, as the panic lows of Friday are being tested by most of them with the dominant downtrend still being intact. Bitcoin already breached the Friday low, being down by 10% since yesterday, while all of the top 20 coins are sporting double-digit losses as well, with another […]

    The post Market Update: Re-Test or Another Leg Lower? appeared first on Hacked: Hacking Finance.

    Cryptos Surrender Gains After Weekend Bounce; Ethereum Leads Decline

    Cryptocurrencies were back on the defensive Monday, with nearly all major tokens declining sharply following upward consolidation over the weekend. After amassing significant fortunes, speculators appear less keen to re-enter the market due to perceived regulatory risks and possible collusion between Bitfinex and Tether. Cryptos Resume Downtrend The cryptocurrency market’s total capitalization has fallen by around $50 […]

    The post Cryptos Surrender Gains After Weekend Bounce; Ethereum Leads Decline appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Primecoin

    The Primecoin/Bitcoin (XMP/BTC) pair broke out of a bullish cup and handle pattern as it closed above 0.00006 resistance on January 6, 2018. The market reached as high as 0.00010608 on January 27. From the breakout of 0.00006, that’s an increase of 76.8% in three weeks. The fast-paced growth was exploited by breakout players as […]

    The post Trade Recommendation: Primecoin appeared first on Hacked: Hacking Finance.

    Five Major Credit Cards Are Now Blocking Cryptocurrency Purchases

    An anonymous reader quotes CNBC: J.P. Morgan Chase, Bank of America and Citigroup said Friday they are no longer allowing customers to buy cryptocurrencies using credit cards. "At this time, we are not processing cryptocurrency purchases using credit cards, due to the volatility and risk involved," a J.P. Morgan Chase spokesperson said in a statement to CNBC. "We will review the issue as the market evolves." A Bank of America spokesperson also said in an email that the bank has decided to decline credit card purchases of cryptocurrencies. Citigroup said in a statement that it has "made the decision to no longer permit credit card purchases of cryptocurrency. We will continue to review our policy as this market evolves." Earlier in January, Capital One Financial said it has decided to ban cryptocurrency purchases with its cards. Discover Financial Services has effectively prohibited cryptocurrency purchases with its credit cards since 2015.

    Read more of this story at Slashdot.

    Trade Recommendation: NEM

    The NEM/Bitcoin (XEM/BTC) pair kicked its bull run into overdrive when it took out 0.0001 on January 3, 2018. The next day, it went as high as 0.000137 which is a growth of in 80.26% from the market’s low on January 3rd. Such a rapid increase in value in 48 hours prompted breakout buyers to […]

    The post Trade Recommendation: NEM appeared first on Hacked: Hacking Finance.

    Crypto Update: Coins Hold Gains, Consolidation Expected

    After the classic panic selling/liquidation event yesterday, the cryptocurrency segment entered a violent snapback rally that carried the major coins up by 20-40% in a matter of hours. On a bullish note, most of the currencies are trading at or near their bounce-highs despite the overnight sell-off. That said, the downtrend remains intact and although […]

    The post Crypto Update: Coins Hold Gains, Consolidation Expected appeared first on Hacked: Hacking Finance.

    Leaked US Army Cyber Protection Brigade Memorandum appears to show Privacy Solutions compromised




    The picture being referred to is a leaked picture of a memorandum on image board 4chan, complete with Department of Defence letterhead, seeming, by all accounts, to be from the United States Army’s Cyber Protection Brigade.

    The posted picture displays an official document brought up on a terminal screen, on one side of which is a Common Access Card or CAC, complete with picture, conventional of a Department of Defence employee. It seems, by all accounts, to be a legitimate one, however it reeks of incredulity and skepticism. Be that as it may, it's as yet not clear with respect to why somebody would want this data leaked.

    However another sensible theory can be that, there might be some sort of involvement of the cryptocommunity. Nevertheless an extraordinary method to constrain utilization of privacy solutions is to convey into the environment rumours about their being anything but, a sort of scheming way of spreading trepidation, uncertainty and doubt.

     “The success we have had with Tor, I2P, and VPN, cannot be replicated with those currencies that do not rely on nodes. There is a growing trend in the employment of Stealth addresses and ring signatures that will require additional R&D.” reads the document.

    the memo's first line uncovers a unit required with the National Security Administration (NSA) and Cyber Protection Team (CPT) encouraging all the more financing for "new contracts and extra subsidizing to meet GWOT and drug interdiction targets aimed in July's Command update brief," Global War On Terror (GWOT) being a go-to pretext for about two decades of obtrusive military and law enforcement action.

    “In order to put the CPT back on track, we need to identify and employ additional personnel who are familiar with the Crypto Note code available for use in anonymous currencies,” the memo stressed.
    Crypto Note which is likewise the application layer for privacy tokens, for example, Bytecoin (BCN), Monero (XMR), utilizes a memory bound function which is hard to pipeline, that the pertinent agencies entrusted with monitoring and tracking internet solutions, and now coins, needs outside help with Crypto Note may say a lot about where the different government divisions are in terms of their security keenness.

    The picture was distributed among Steemit, Veekly, and even Warosu exactly five months back, yet outlets, for example, Deep Dot Web may claim to have broken news. The document but is as yet worth dissecting, assuming its legitimacy.


    As far as concerns its, Deep Dot Web claims to have contacted "a Monero developer, who spoke on state of obscurity," and the dev "said that the vast majority of the Monero engineers who have seen the leak trust it to be true. A few sources who were some time ago in the Armed force have additionally said they trust the report to be genuine." Offering ascend to the way that the contents of the document do give off an impression of being totally conceivable.

    India Rejects Cryptocurrency, But It Isn’t Giving Up On Blockchain

    Mark Wilson shares a report from BetaNews: A budget speech given by India's finance minister led to numerous reports that India was banning the use of cryptocurrencies such as Bitcoin and Ethereum within the country. While Arun Jaitley noted in a speech that the Indian government does not recognize cryptocurrencies as legal tender, his slightly ambiguous language resulted in something of a misunderstanding. Now the Blockchain and Cryptocurrency Committee of the Internet and Mobile Association of India (IAMAI) has spoken out in an attempt to clarify the issue, and allay fears that Bitcoin et al are on the verge of being banned. At first glance, Jaitley's speech certainly seemed to imply that the Indian government wants to forbid the use of cryptocurrencies. In reality, he merely voiced concern about how cryptocurrencies were being used, and announced vague plans to introduce regulation to stop their use for illegal purposes. Delivering his speech, Jaitley said: "Distributed ledger system or the block chain technology allows organization of any chain of records or transactions without the need of intermediaries. The Government does not consider crypto-currencies legal tender or coin and will take all measures to eliminate use of these cryptoassets in financing illegitimate activities or as part of the payment system. The Government will explore use of block chain technology proactively for ushering in digital economy."

    Read more of this story at Slashdot.

    Week in Review: Epic Selloff Hit Cryptos, Stocks as Volatility Reaches 2016 Levels

    It was a sea of red across multiple asset classes this week, with stocks and cryptocurrencies experiencing epic-style collapses. The crypto market slump was largely driven by fears of regulatory bottlenecks after India sounded the alarm on illicit financing. On Wall Street, concerns over rising interest rates put the major indexes on track for their […]

    The post Week in Review: Epic Selloff Hit Cryptos, Stocks as Volatility Reaches 2016 Levels appeared first on Hacked: Hacking Finance.

    Technical Analysis: A Durable Low Might be in as Bitcoin Hits $7650

    Cryptocurrencies got slaughtered in the first two days of February, with this morning’s sell-off closely resembling a wash-out liquidation event. While a confirmed trend change is far away, given the technical damage that the coins suffered, today’s panic low could be a significant bottom or the start of a more complex bottoming process. With all that […]

    The post Technical Analysis: A Durable Low Might be in as Bitcoin Hits $7650 appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Gridcoin Research

    The Gridcoin Research/Bitcoin pair breached resistance of 0.00000656 on December 24, 2017. The surge in price and volume on that day brought the market back to life. In less than three weeks, it went as high as 0.00001454. At this stage, however, the market flashed overbought readings. Participants who bought the 0.00000656 breakout took the […]

    The post Trade Recommendation: Gridcoin Research appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Burst

    The Burst/Bitcoin pair broke out of a rounding bottom reversal pattern on December 22, 2017 when it breached resistance of 0.000003. The bullish move propelled the market to as high as 0.00000726 on January 6, 2018 before facing heavy selling pressure. Those who bought when the market breached 0.000003 took the chance to dump their […]

    The post Trade Recommendation: Burst appeared first on Hacked: Hacking Finance.

    Bitcoin Plummets Below $8,000 For First Time Since November

    Bitcoin's value dipped $8,000 this morning -- the first time since November 24, according to CNBC -- just hours after the cryptocurrency made news after going under $9,000. From a report: After the news that Bitcoin had headed south of $9,000, CNBC branded the range of $9,000 to $10,000 as "a difficult one for bitcoin to break below" after its surge over $10,000 last year.

    Read more of this story at Slashdot.

    Crypto Update: Carnage Everywhere (But This is How Panic Bottoms are Formed)

    The downtrend that has been dominant throughout January is likely entering its final phase today, as correlations are sky-high, all majors are crashing, and forced liquidations are accelerating the decline. Volatility surged higher as expected, and technical trading is still the name of the game, with no significant news behind today’s move, even if the […]

    The post Crypto Update: Carnage Everywhere (But This is How Panic Bottoms are Formed) appeared first on Hacked: Hacking Finance.

    Check Your Shadow

    Happy Groundhog Jobs Day!! February 2nd is marked on many calendars as a uniquely superstitious holiday in which a rodent named Phil who lives in Pennsylvania will decide if we’re ready for Spring or if we get six more weeks of winter. This tradition comes at an auspicious time for the financial markets. The irregularities […]

    The post Check Your Shadow appeared first on Hacked: Hacking Finance.

    Crypto Market Sheds $50 Billion on Perceived Regulatory Risks

    The global cryptocurrency market suffered huge declines on Thursday, with most major coins down double-digit percentages on reports of increased regulation in India. Broad Declines The selloff on Thursday mirrored similar corrections throughout the month of January. With the exception of DigixDAO (DGD), all 100 of the top cryptocurrencies traded lower, according to data provider […]

    The post Crypto Market Sheds $50 Billion on Perceived Regulatory Risks appeared first on Hacked: Hacking Finance.

    Cyber Security Roundup for January 2018

    2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

    The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

    The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

    At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

    It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

    In the United States, 
    the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

    It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

    Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

    Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.

    NEWS

    AWARENESS, EDUCATION AND THREAT INTELLIGENCE

    REPORTS

    Technical Analysis: Bitcoin Tumbles Below $9000 as Coins Hit New Lows

    The new correction lows that we have been expecting in the segment arrived today, as the selling pressure of the Asian and European session remained dominant as US markets opened. The most valuable coin is now more than 50% off its all-time high set in December, and the currency traded on the lowest levels since […]

    The post Technical Analysis: Bitcoin Tumbles Below $9000 as Coins Hit New Lows appeared first on Hacked: Hacking Finance.

    Is This a Good Time to Buy Bitcoin?

    It is a difficult task to call a bottom when an asset class is in a downtrend. However, using technical analysis, we can at least try to get a rough idea about the levels that can offer a strong support. Please remember that when panic sets in the decline can easily overshoot on the downside. […]

    The post Is This a Good Time to Buy Bitcoin? appeared first on Hacked: Hacking Finance.

    Smashing Security #063: Carole’s back!

    Ss episode 63 thumb

    Fitness trackers breaching your privacy, how anyone can create convincing celebrity porn, and how ransomware authors are getting ripped off by scammers.

    All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.

    India Vows To Eliminate Use of Cryptocurrencies in the Country

    India will move to stamp out use of cryptocurrencies, which it considers illegal, country's Finance Minister Arun Jaitley said on Thursday, launching a no-holds-barred attack on virtual currencies such as Bitcoin. From a report: Governments around the world are grappling with how to regulate cryptocurrency trading, and policymakers are expected to discuss the matter at a G20 summit in Argentina in March. "The government does not consider cryptocurrencies legal tender or coin and will take all measures to eliminate use of these cryptoassets in financing illegitimate activities or as part of the payment system," Jaitley told parliament in his annual budget speech. However, the minister said, the government would explore use of block chain technology proactively to speed the move toward a digital economy. Jaitley's announcement could trigger "panic selling" in cryptocurrencies in India, said Amit Maheshwari, partner at tax consultants Ashok Maheshwary & Associates LLP.

    Read more of this story at Slashdot.

    Trade Recommendation: Peercoin

    The Peercoin/Bitcoin pair turned bearish on May 18, 2017 when it posted a lower high of 0.00131044. The downtrend was confirmed when it broke critical support of 0.0008 on May 25. From there, the market generated a series of lower lows and lower highs as it breached one support level after another. The pair only […]

    The post Trade Recommendation: Peercoin appeared first on Hacked: Hacking Finance.

    Trade Recommendation: LBRY Credits

    The LBRY Credits/Bitcoin pair broke out of the 0.00007 resistance level on January 8, 2018 to kickstart its bull run. It went as high as 0.00008972 on January 12 before succumbing to profit taking. Those who bought when the market breached 0.00007 took the opportunity to dump their positions. As selling commenced, the market broke […]

    The post Trade Recommendation: LBRY Credits appeared first on Hacked: Hacking Finance.

    Crypto Update: Bitcoin’s Plunge Continues, New Lows Ahead?

    Yet another week bounce faded away in the segment as BTC continues to lead the market lower, with the most valuable coin hitting a new two-week low today below the $9500 level. Reports regarding India’s crackdown on illegal activities involving cryptocurrencies weighed on sentiment, but the market remains dominantly technical, with the on-going downtrend in […]

    The post Crypto Update: Bitcoin’s Plunge Continues, New Lows Ahead? appeared first on Hacked: Hacking Finance.

    Ransomware And Cryptomining Spiked In 2017 According To Report

    Spoiler alert: There are a lot of exploits and malware spreading online in an attempt to ruin your day. Year after year security vendors compile data to produce annual reports

    The post Ransomware And Cryptomining Spiked In 2017 According To Report appeared first on The Cyber Security Place.

    Bitcoin Caps Off Worst Month in Three Years as Losses Mount

    Bitcoin steadied above $10,000 on Wednesday, but not before closing out its worth monthly performance since 2015. January Woes The world’s largest digital currency by trade and market cap has declined 29% since New Year’s Eve. After adding more than $3,000 in the first week of January, bitcoin posted steady losses for the rest of […]

    The post Bitcoin Caps Off Worst Month in Three Years as Losses Mount appeared first on Hacked: Hacking Finance.

    Cryptocurrency Analysis: Market Stabilizes but Bounce Fizzles Out

    The test of the crash lows in the segment got postponed by the early-session rally today, in the case of most of the majors, as yesterday’s sell-off ran out of steam. That said, the bounce that followed the overnight low didn’t change the short-term setup in the coins, as the dominant downtrend is still intact […]

    The post Cryptocurrency Analysis: Market Stabilizes but Bounce Fizzles Out appeared first on Hacked: Hacking Finance.

    Trade Recommendation: ZRX

    The 0x/Bitcoin pair (also known as ZRX/Bitcoin) is in the midst of a strong bull run that started on January 8, 2018 when the market surged above 0.0001. It went as high as 0.00017 on January 13 before it succumbed to profit taking. As selling commenced, the market retreated to 0.00010570 on January 16 which […]

    The post Trade Recommendation: ZRX appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Omni

    The Omni/Bitcoin pair exhausted its bull run on July 6, 2017 when it generated a lower high at 0.0253. The downtrend was confirmed when the market broke support at 0.02 on July 11, which triggered a bearish head and shoulders reversal pattern. It then created a series of lower lows and lower highs until it […]

    The post Trade Recommendation: Omni appeared first on Hacked: Hacking Finance.

    Crypto Update: Coins Rebound as Crash Lows Hold

    The bleeding in the cryptocurrency segment paused yet again overnight, and the major coins all stayed above their correction lows from early January, for now.  Trading remains focused on technical levels, with BTC’s $10,000 price level being in the center of attention. The crucial support/resistance zone around the historical price level acts as a magnet […]

    The post Crypto Update: Coins Rebound as Crash Lows Hold appeared first on Hacked: Hacking Finance.

    Cybercriminals Stealing From Cybercriminals Ransomware Victims Left Stranded

    What do you get when you add Bitcoin, with a TOR network proxy and cybercriminals? Even more cybercrime!

    Bitcoin is the preferred cryptocurrency for ransomware payments. Like most cryptocurrencies it is largely anonymous, allowing the ransoming cybercriminals to collect their money while staying safely in the shadows. Even though Bitcoin is the most popular cryptocurrency, the majority of victims do not have a ready cache of Bitcoin to pay ransom with so the cybercriminals came up with a process to facilitate these ransom payments.

    Payment websites are hosted on the Tor network where victims login, purchase Bitcoin and deposit them into the wallet of the bad actors. Sounds convenient, unless there is another bad actor in the middle. To understand how that happens, we first need to explain the Tor network.

    Tor is an acronym based on a software project called The Onion Router. It “[redirects] Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage…“, Tor (anonymity network), Wikipedia. In other words, you must use a Tor client to connect to the Tor network and in doing so, you participate as a relay in the network helping to provide anonymity for all other users.

    There are many situations where this type of Internet anonymity would be useful: researching a company without alerting them to who is looking, researching a controversial topic without being identified, avoiding oppressive government restrictions or spying, and facilitating Bitcoin payments while hiding the location of the web server. The challenge for the ransomers is that victims are even less likely to be set up with a Tor client than they are to have Bitcoin! To solve this problem, there are individuals who run “Tor proxies.” These proxies are accessible with a regular browser on the Internet so no special software is required. For example, the hidden server on the Tor network might be addressed by hxxps://sketchwebsite.onion which requires a Tor browser to connect. However by entering hxxps://sketchwebsite.onion.to into a regular browser, a connection is made with a “regular server” on the Internet which redirects (proxies) the request to sketchwebsite.onion on your behalf. You can surf the Tor network, and make your Bitcoin payments with no special software required. By design, a proxy takes a connection from one party and passes it to another. This involves looking at the incoming request to understand where it needs to be forwarded. This also creates an opportunity for the proxy to make changes in between.

    Proofpoint is the security vendor that identified cybercriminals taking advantage of Tor proxies to steal from victims and the ransoming cybercriminals. They discovered that when victims attempted to connect to the ransomers’ website through a Tor proxy, the criminals operating the proxy made changes to the stream. Instead of the Bitcoin being deposited to the intended ransomer’s digital wallets, the funds were redirected to the proxy operator’s wallet. While you won’t be sympathetic to the ransoming cybercriminals’ loss of revenue, the real problem is that without payment they won’t release the decryption key to the victim. The ransomware victim thought they were paying Bitcoin to the ransomer for the decryption key, but with the man-in-the-middle attack at the Tor proxy they paid for nothing.

    Through some very detailed analysis documented here, Proofpoint estimates that approximately 2 BTC have been redirected (around $20,000 at the time they published their article.) It was a notice on the LockeR ransomware payment portal that alerted Proofpoint researchers that something was amiss in the cybercrime underworld:

    bitcoin ransomware

    “While this is not necessarily a bad thing, it does raise an interesting business problem for ransomware threat actors and practical issues for ransomware victims by further increasing the risk to victims who would resort to paying ransomware ransoms,” Proofpoint researchers said. “This kind of scheme also reflects the broader trend of threat actors of all stripes targeting cryptocurrency theft. Continued volatility in cryptocurrency markets and increasing interest in the Tor network will likely drive further potential abuses of Tor proxies, creating additional risks for new users.”

    About the author:  Steve Biswanger has over 20 years experience in Information Security consulting, and is a frequent speaker on risk, ICS and IoT topics. He is currently Director of Information Security for Encana, a North American oil & gas company and sits on the Board of Directors for the (ISC)2 Alberta Chapter.
     

    Pierluigi Paganini

    (Security Affairs – Bitcoin, cybercrime)

    The post Cybercriminals Stealing From Cybercriminals Ransomware Victims Left Stranded appeared first on Security Affairs.

    South Korea’s New Trading Rules Trigger Renewed Volatility for Bitcoin

    Bitcoin declined sharply on Tuesday, leading a broad downtrend in the crypto market as South Korea moved to implement new regulations governing domestic exchanges. Bitcoin’s Descent The world’s most actively traded cryptocurrency became much cheaper on Tuesday as prices briefly fell below $10,000 on the major exchanges. At its lowest, bitcoin reached $9,839 for a […]

    The post South Korea’s New Trading Rules Trigger Renewed Volatility for Bitcoin appeared first on Hacked: Hacking Finance.

    Technical Analysis: Bitcoin Price Drops Below $10,000 Again as Sell-Off Accelerates

    The next volatile phase of the ongoing correction started today after the technical break-down in BTC that we warned about yesterday. The weak rising trend got violated by the most valuable coin after a bearish start of the week, and the decline strengthened even more amid reports of increased US scrutiny regarding Bitfinex and Tether […]

    The post Technical Analysis: Bitcoin Price Drops Below $10,000 Again as Sell-Off Accelerates appeared first on Hacked: Hacking Finance.

    US Regulators To Subpoena Crypto Exchange Bitfinex, Tether

    U.S. regulators are scrutinizing one of the world's largest cryptocurrency exchanges as questions mount over a digital token linked to its backers, Bloomberg reported on Tuesday. From the report: The U.S. Commodity Futures Trading Commission sent subpoenas last week to virtual-currency venue Bitfinex and Tether, a company that issues a widely traded coin and claims it's pegged to the dollar, according to a person familiar with the matter. The firms share the same chief executive officer. Tether's coins have become a popular substitute for dollars on cryptocurrency exchanges worldwide, with about $2.3 billion of the tokens outstanding as of Tuesday. While Tether has said all of its coins are backed by U.S. dollars held in reserve, the company has yet to provide conclusive evidence of its holdings to the public or have its accounts audited. Skeptics have questioned whether the money is really there.

    Read more of this story at Slashdot.

    Trade Recommendation: MaidSafeCoin/Bitcoin

    The MaidSafeCoin/Bitcoin pair lost all bullishness when it generated a lower high of 0.000237 on June 7, 2017. Things went from bad to worse when the market broke support of 0.00016 on July 10. The pair lost of its over 17% of its value when it opened at 0.00016802 and closed at 0.00013844 on that […]

    The post Trade Recommendation: MaidSafeCoin/Bitcoin appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Lisk

    The Lisk/Bitcoin pair resumed its bull run on December 21, 2017 when it breached resistance of 0.0012. The move attracted momentum players and breakout buyers, which pushed the market as high as 0.00241697 on January 7, 2018. That’s an astounding 101.41% increase in value in less than three weeks. However, those who bought the breakout […]

    The post Trade Recommendation: Lisk appeared first on Hacked: Hacking Finance.

    Market Update: Persistent Selling Pressure in Crypto Land

    Following a bearish start for the week, the major coins are in the red yet again today in early trading, with only last week’s laggard, IOTA sporting slight gains. The news flow is still mostly highlighted by regulatory issues, and the aftermath of last week’s gigantic exchange hack, but trading remains overwhelmingly technical in most […]

    The post Market Update: Persistent Selling Pressure in Crypto Land appeared first on Hacked: Hacking Finance.

    What will 2018 bring to the world of cryptocurrencies?

    With the vast amounts of people suddenly becoming millionaires, the chances of you not hearing about Bitcoin are almost nil. The success stories are all over the internet. Even the already rich rap-star 50 Cent added his name to the ever-growing list of Bitcoin millionaires. He claims that over the last few years he has been sitting on a “forgotten” fortune of 700 virtual coins that he made selling his album back in 2014. Is he a smart investor or a lucky guy? No one knows, but the truth is that he is now worth $7 million more than last year. Cheers, 50 Cent, this is what we call a flying start to the new year!

    In 2017 Bitcoin managed to become so popular that it is an absolute rarity to live in the western world and not to have at least one friend or a relative who is somehow engaged in cryptocurrency trading. User-friendly virtual money exchanges such as Coinbase started gaining speed making the purchase of cryptocurrency as easy as requesting an Uber ride. People who wanted to invest no longer had to wire money to exchange sites but use a simple app to purchase some of the crypto-gold with a credit card. Last year was also the year that saw Bitcoin increase its value 20 times and become the 6th most valuable currency in the world.

    While Bitcoin’s price kept surging, there were a ton of leading economists such as Jamie Dimon, chairman and CEO of JPMorgan Chase, and billionaire investor Warren Buffett, who said the crypto-world might be doomed. Jamie called it a fraud and Warren kept warning everyone that the craze over Bitcoin and other cryptocurrencies won’t end well. Even Jordan Belfort, also known as the real Wolf of Wall Street and the man who predicted the 2008 financial crisis, called Bitcoin a “huge danger.” Things are never perfect, Bitcoin lost half of its gains but still managed to close 2017 about ten times more valuable than it started it.

    Love it or hate it, there is no doubt, 2017 was the year of Bitcoin! Over the last 13 months, Bitcoin has been a subject of enormous attention and is rapidly changing the landscape of the financial world boldly paving the way for other cryptocurrencies such as Ethereum, Ripple, Bitcoin Cash, Litecoin, Monero, and Zcash. While Bitcoin was the primary currency making the news, it’s contenders had a good year too as almost all of them registered even better growth percentages than Bitcoin.

    What about 2018?

    High volatility and the lack of understanding have been scaring many investors away from the crypto-world. While governments are trying to regulate the market, it still feels like it is the wild west. Exchanges have been prone to hacks, investors have been afraid to jump in due to the lack of regulations and regular folks have been avoiding the crypto-world because of the lack of non-user friendly crypto exchanges. However, things are changing – governments from all over the world are starting to realize that instead of fighting the new currencies, they can tax the transactions and get their piece of the pie. New and stricter laws are making Initial Coin Offerings more and more transparent and regulated, and in 2018 exchanges in the US will most likely be forced to report every account trading more than $20k to the IRS. Exchanges are continually trying to increase security, and there are user-friendly exchanges like Coinbase who are allowing everyday people to participate. Cryptocurrencies will continue to be part of our lives in 2018.

    What is the future of cryptocurrencies?

    In 2018 we will see more and more governments trying to regulate cryptocurrencies, we will witness the creations of more altcoins, and we will see how Bitcoin’s main competitors Ethereum; Monero; ZCash; and Ripple, try to take a shot at Bitcoin. The new 2018 may be the year that will see Bitcoin being taken down from its throne. This wouldn’t be a first for the tech world – Nokia’s Symbian was the primary modern mobile OS, but later it got overshadowed by better mobile operating systems such as Android and iOS. This might be the case with Bitcoin too. The time will show!

    On the other hand, Bitcoin has been known as the gold of the cryptocurrencies. It may stick around, but it won’t be the game-changer technology that will transform the financial world. The cashier at Stater Brothers won’t be happy if you try to pay for the groceries with gold bullions – you will most likely be asked to use a credit card or cash instead. This is what is happening with Bitcoin. Stripe, one of the first firms to help users do financial transactions with Bitcoin, recently announced that they would be stopping the support of Bitcoin payments saying the fees are too high. And people do not blame them for their decision, Bitcoin transaction fees can easily reach amounts of $20+, while transactions with currencies such as Ethereum and Ripple only cost a few bucks.

    While governments are desperately racing each other to find ways to regulate the decentralized virtual currencies, they are also exploring opportunities of creating their national cryptocurrencies too. So the next groundbreaking virtual money might have not even been invented yet. The masses are more likely to support a government-backed cryptocurrency than the ones associated with the dark web that we see now.

    If you are thinking of entering the world of crypto, or you are already in, you have to bear in mind that it is an extremely risky investment and there is no insurance for your assets. Hackers are lurking around so securing your digital wallet should be a high priority. Always make sure you have antivirus software on all your devices. Having another layer of security can prevent cybercriminals from gaining access to your digital coins. It only takes seconds for hackers to send your virtual money away from your wallet, and once it leaves your digital portfolio, there is no way of getting it back. Be prepared!

    Download your Antivirus

    The post What will 2018 bring to the world of cryptocurrencies? appeared first on Panda Security Mediacenter.

    Why Government Regulation Will Fail

    The crypto markets have been buzzing lately with as much price volatility as ever.  The attention, as usual, often appears to be on how many dollars have been lost or what ginormous percentage loss has taken place.  There is all this talk about broken support levels and the urgent need of a price reversal.   […]

    The post Why Government Regulation Will Fail appeared first on Hacked: Hacking Finance.

    Ethereum Startup Vanishes After Seemingly Making $11, Leaves Message: ‘Penis’

    CaptainDork shares a report from Motherboard: An Ethereum startup called Prodeum disappeared from the web on Sunday after raising a grand total of $11 USD from investors in a crowdsale. Shortly after the website disappeared, a message appeared on its homepage: "penis." Prodeum's website now redirects visitors to the Twitter account of a cryptocurrency trader (they did not immediately respond to our request for comment), and its Twitter account has been deactivated. Prodeum is at least the second Ethereum startup to pull up stakes after raising money from people in events called Initial Coin Offerings, or ICOs, in which a startup funds their enterprise by taking cryptocurrency from people in exchange for digital tokens. Some ICOs have managed to raise millions of dollars, and the last startup to vanish after conducting an ICO -- Confido, which disappeared from the internet in late 2017 -- made off with roughly $374,000. (A message later appeared on Confido's site stating that it would buy back investors' tokens, but it's unclear if that took place.) Prodeum, by comparison, only seems to have raised $11 based on the Ethereum address that was advertised on Prodeum's site as being the ICO address. (Update: After this article was published the contents of the ICO wallet were sent to another wallet. That wallet contains roughly $100, with the other funds all coming from a single wallet that predates the Prodeum ICO and contains 46 cents.) Prodeum's pitch, according to a cached version of its webpage, was to track vegetables in a supply chain using digital addresses on a blockchain -- a decentralized ledger at the heart of Ethereum and other cryptocurrencies like Bitcoin. As for why the "penis" message was left on its homepage, it may have something to do with the name of the startup. Prodeum is a medication that treats urinary tract infections and other urinary problems...

    Read more of this story at Slashdot.

    Top Cryptos See Red at the Start of Tuesday Session

    Global cryptocurrencies shed market cap on Tuesday, reversing a modest rally at the start of the week and signaling continued downside risk following multiple corrections. Sea of Red Nine of the ten largest cryptocurrencies by market cap traded lower on Tuesday, with losses generally ranging between 4% and 8%. Bitcoin, whose share of the total […]

    The post Top Cryptos See Red at the Start of Tuesday Session appeared first on Hacked: Hacking Finance.

    British cryptocurrency traders robbed of Bitcoin at gunpoint

    Cryptocurrency heist are usually covert affairs that leave users with empty wallets, but not fearing for their life. Still, there are always some unlucky individuals who get the worst of everything. Case in point: Bitcoin traders Danny Aston and Amy Jay, who were robbed at gunpoint on January 22 in their home in Moulsford, Oxfordshire (UK). The two are directors of Aston Digital Currencies, and Aston traded cryptocurrency online under the pseudonym “Goldiath.” He has … More

    A week in security (January 22 – January 28)

    Last week on Labs, we analyzed a rogue app outbreak on Twitter, took a look at how Singapore’s government is faring with network defense, and rolled out our 2017 State of Malware report. We also became visionaries in Gartner’s Magic Quadrant report and explored a VR data mishap.

    Other news

    Finally, a tip of the hat and a shout out to the very awesome Hasherezade, who’s been included on a Forbes Europe list of 30 under 30—a fantastic achievement!

    Stay safe, everyone!

    The post A week in security (January 22 – January 28) appeared first on Malwarebytes Labs.

    Technical Analysis: Consolidation Continues as Weekend Rally Fails but Support Levels Hold

    The choppy, hard-to-trade period that we expected after the crash two weeks ago is still ongoing, as most of the major coins are trading sideways inside the range of the initial rally off the January 17th low. That said, the broader declining trend in the segment is clearly intact, and the continuation of the correction […]

    The post Technical Analysis: Consolidation Continues as Weekend Rally Fails but Support Levels Hold appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Counterparty

    The Counterparty/Bitcoin pair started to correct on January 12, a day after it generated a high of 0.00698820. Those who bought the 0.003 breakout on January 6 were very fortunate as they earned over 130% in less than a week. As profit taking commenced, the market retreated to 0.0039 where it created a bullish a […]

    The post Trade Recommendation: Counterparty appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Riecoin/Bitcoin

    The Riecoin/Bitcoin pair attempted to breach 0.000036 resistance on January 11, 2018 when it closed at 0.00003640. Unfortunately for the bulls, bears defended that level with a passion. While buyers came in to try to convert that resistance level into support, volume fell with each passing day. More importantly, the market remained in overbought territory […]

    The post Trade Recommendation: Riecoin/Bitcoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Another Monday, Another Sell-Off

    As traditional financial markets opened in Asian trading this morning, cryptocurrencies headed south yet again, as they did on most of recent Mondays. While this could very well be a coincidence, given the continuously growing futures BTC short positions, this could also be the result of banks and other financial institutions building up large bets […]

    The post Crypto Update: Another Monday, Another Sell-Off appeared first on Hacked: Hacking Finance.

    E Hacking News – Latest Hacker News and IT Security News: Japan cryptocurrency exchange to refund stolen assets worth $400m

    Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

    The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

    The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

    The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

    Over 260,000 are reported to have been affected by the hack.

    According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

    The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.


    E Hacking News - Latest Hacker News and IT Security News

    Japan cryptocurrency exchange to refund stolen assets worth $400m

    Coincheck, one of Japan’s major cryptocurrency exchange, has promised to refund to its customers about $423m (£282m) stolen by hackers two days ago in one of the biggest thefts of digital funds.

    The hack occurred on Friday, when the company detected an “unauthorised access” of the exchange and suspended trading for all cryptocurrencies apart from bitcoin.

    The attackers were able to access the company’s NEM coins, which are a lesser known but still the world’s 10th biggest cryptocurrency by market capitalisation. The losses went up to about $534m (£380m).

    The company has stated that it will reimburse the affected customers to nearly 90% of their loss using cash.

    Over 260,000 are reported to have been affected by the hack.

    According to Coincheck, the hackers were able to steal the NEM coins because they were kept in online “hot wallets” instead of the more secure and offline “cold wallets.”

    The company claims that it is aware of the digital address where the coins have been transferred and believes the assets are recoverable.

    Long-Term Cryptocurrency Analysis: Ethereum Leads Yet Another Rally Attempt

    The major coins had a relatively calm week, especially following the early sell-off as the largest currencies all held up above their crash lows and entered a low-volatility period. Thanks to the stabilization, and a slight breakdown of the correlations between the coins, some early strength is already obvious in some of the altcoins, as […]

    The post Long-Term Cryptocurrency Analysis: Ethereum Leads Yet Another Rally Attempt appeared first on Hacked: Hacking Finance.

    Deanonymizing Tor: Your Bitcoin Transactions May Come Back To Haunt You

    jwhyche, Slashdot reader #6,192, writes: If you bought some illegal narcotics off Silk Road or even gave money to Wikileaks. Researchers at Qatar University and Hamad Bin Khalifa University have been able to link these transactions with real world identities. They have been able to do this even if the transactions are years old. Their research shows how easy it is to link accounts to these transactions without using any of the tools available to law enforcement like search warrants or subpoenas. The researchers started with 88 unique bitcoin addresses from Tor hidden services, and then searched 5 billion tweets and 1 million pages on the Bitcoin Talk forum -- ultimately linking 125 unique users to 20 Tor hidden services. "Bitcoin addresses should always be considered exploitable," the researchers conclude, "as they can be used to deanonymize users retroactively." Their paper is titled "When a Small Leak Sinks a Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis," and Wired summarizes one of their conclusions. "Even deleting profile information that includes bitcoin addresses may not be enough if a post has been cached or captured by services like the Internet Archive, they point out. 'If you're vulnerable now, you're vulnerable in the future.'"

    Read more of this story at Slashdot.

    Good News and Low Prices

    So interesting, isn’t it? Yes, we had gigantic hacking of a large exchange & perhaps some ponzi schemes, but overall I think we are sitting pretty! We have more and more banks looking into blockchain, and if you didn’t see it, Robinhood exchange is going to be offering BTC and ETH, with more coins to […]

    The post Good News and Low Prices appeared first on Hacked: Hacking Finance.

    Week in Review: Crypto Roller Coaster Continues as Korea Bans Anonymous Trading, Coincheck Reports Major NEM Theft

    It was another wild ride for cryptocurrencies this week, as evolving regulations and a major cyber security breach dulled investors’ appetite. Although the fundamental picture hasn’t changed very much, bitcoin continues to struggle below $12,000, with altcoins eating away its market share. Equity markets continued higher this week, as Wall Street soared to new record […]

    The post Week in Review: Crypto Roller Coaster Continues as Korea Bans Anonymous Trading, Coincheck Reports Major NEM Theft appeared first on Hacked: Hacking Finance.

    $500 Million Worth of Cryptocurrency Stolen From Japanese Exchange

    Locke2005 shares a report from CNBC: Hackers stole several hundred million dollars' worth of a lesser-known cryptocurrency from a major Japanese exchange Friday. Coincheck said that around 523 million of the exchange's NEM coins were sent to another account around 3 a.m. local time (1 p.m. ET Thursday), according to a Google translate of a Japanese transcript of the Friday press conference from Logmi. The exchange has about 6 percent of yen-bitcoin trading, ranking fourth by market share on CryptoCompare. The stolen NEM coins were worth about 58 billion yen at the time of detection, or roughly $534.8 million, according to the exchange. Coincheck subsequently restricted withdrawals of all currencies, including yen, and trading of cryptocurrencies other than bitcoin. Locke2005 adds, "That, my friends, is the prime reason why speculating in cryptocurrency is a bad idea!"

    Read more of this story at Slashdot.

    Old Bitcoin transactions can come back to haunt you

    A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services. It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them. Researchers’ findings “We crawled 1.5K hidden service pages and created … More

    Technical Analysis: Coins Hold Their Ground Despite Early Sell-Off

    Today’s session started out in a decisively negative fashion, as the continued regulatory issues and the Japanese exchange hack weighed heavily on investor sentiment. The previously weaker majors lead the market lower, while Ethereum remained the most notable bright spot in the segment before the weekend. Bitcoin fell as low as $10,300 after plunging below […]

    The post Technical Analysis: Coins Hold Their Ground Despite Early Sell-Off appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Gas/Ethereum

    The Gas/Ethereum pair has been in a downtrend since it broke support of 0.07 on November 19, 2017. While the bulls tried to defend the 0.045 support level, the pair eventually broke below that level on December 6. The market continued to tumble until it bottomed out at 0.0279 on December 12. The market immediately […]

    The post Trade Recommendation: Gas/Ethereum appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Factom/Bitcoin

    The Factom/Bitcoin broke out of a bullish double bottom pattern in the daily chart on December 31, 2017 after the pair breached resistance of 0.0034. On the next day, the market went as high as 0.00572. The powerful surge kickstarted the market’s bull run, but breakout players were quick to take advantage as they took […]

    The post Trade Recommendation: Factom/Bitcoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Here We Go Again?

    After a few days of sluggish and choppy trading in the cryptocurrency segment, today the major coins are trending lower again, underlying the still intact bearish short-term trend. As we emphasized throughout the week, the correction is likely not over yet, despite the admirable performance of some of the altcoins, and the fact that most […]

    The post Crypto Update: Here We Go Again? appeared first on Hacked: Hacking Finance.

    Webroot Threat Blog: Cyber News Rundown: Evrial Trojan Targets Bitcoin Users

    The Cyber News Rundown brings you the latest happenings in cybersecurity news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst and a guy with a passion for all things security. Any questions? Just ask.

    New Trojan Alters Bitcoin Addresses

    A newly discovered trojan variant targets Bitcoin users and, more specifically, any Bitcoin addresses that may be copied into the device’s clipboard. The trojan “Evrial” can alter the address in the clipboard so funds are transferred elsewhere when a user performs a Bitcoin transaction. Additionally, Evrial is capable of stealing cookies and any credentials that are being stored within web browsersto further compromise any purchases made on the device.

    Paradise Ransomware is Anything But

    In a recent return, new attacks have been linked to Paradise ransomware, which had been relatively quiet since its initial burst of attacks last year. Not much has changed for the variant since its previous reveal; it still requires a user to open a phony email attachment and unzip the packed infection. Unfortunately, there is no easy way to decrypt any of the affected files, and the user would need to either restore everything from a clean backup or pay the ransom, which varies based on the victim’s reply time.

    Top UK Law Firms Face Massive Breach

    Researchers have recently discovered several data dumps that contain over a million email credentials from several of the largest law firms in the UK. Based on the information found in the dumps, roughly 2,000 credentials belonged to each of the companies; the largest company is responsible for over 30,000 of them. Even worse, many of the dumps were released just in the last six months, though most come from third-party breaches.

     

    Don't Get Hacked

    Major Twitter Accounts Hacked

    Several high-profile Twitter accounts were compromised over the last week and used to spread Turkish and Palestinian propaganda while attempting to phish the credentials of related accounts. Along with the credentials, it appears that private messages and other sensitive information were breached as well, leaving the compromised accounts even more vulnerable.

    Business Security Moving Forward

    Following a Ponemon Institute study from late last year, many were shocked at the results from the companies who responded. Over half of the 1,000 IT professionals surveyed claimed to have suffered a ransomware attack within the last year, and the majority of those reported the cause to be phishing and social engineering tactics. Even more worrisome, the average data breach involved the compromise of an average of 9,000 unique records, costing victims several million dollars to return to normal.

    The post Cyber News Rundown: Evrial Trojan Targets Bitcoin Users appeared first on Webroot Threat Blog.



    Webroot Threat Blog

    Technical Analysis: Market Remains Choppy as Bears Still in Control

    The major coins are trading in a relatively low volatility environment today, with weekend-like volumes, and narrow trading ranges in most of the largest currencies. The day started out in a bullish fashion, but the early rally stalled yet again, and now, the market is little changed compared to yesterday’s levels. Bitcoin continued to trade […]

    The post Technical Analysis: Market Remains Choppy as Bears Still in Control appeared first on Hacked: Hacking Finance.

    McAfee Blogs: Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities

    Many of the stealthiest cyberthreats out there spawn on underground forums, as malware authors leverage the space to sell unique variants to fellow criminals. And now there’s a new addition to the underground scene. Meet Evrial: a powerful, information-stealing Trojan which is currently for sale for 1,500 Rubles or $27 USD. Its author previously created another variant named CryptoShuffler, which allows cybercriminals to replace the Windows clipboard and steal files from cold cryptocurrency wallets, as well as passwords from programs/browsers. Its successor, Evrial, can steal browser cookies, swoop stored credentials, and monitor the Windows clipboard too — only now it can potentially hijack active cryptocurrency payments and send stolen money directly to a cybercriminal’s address.

    Specifically, the Trojan is capable of monitoring the Windows clipboard for certain types of text, and if it detects specific strings, it can modify or even replace them with ones sent by the attacker. This could mean replacing legitimate addresses and URLs with ones under the attacker’s control; a regular Bitcoin address could suddenly become one belonging to a cybercriminal. If the target pastes that address into their app, thinking it’s the legitimate one, and sends Bitcoin, the cyptocurrency will be soon be in the hands of the cybercriminal. Mind you, Evrial goes beyond Bitcoin, as it is also configured to detect strings that correspond to Litecoin, Monero, WebMoney, Qiwi addresses and Steam items trade URLs.

    Evrial is just one of many Bitcoin-centric news stories lately, as cryptocurrency in general has been on practically everyone’s minds – which begs the question, is there a connection? Is the increased focus on digital currency inciting the creation of malware variants designed specifically to capitalize on Bitcoin’s boom?

    In short – yes and no. Historically, cryptocurrencies have been a popular mechanism on underground markets for several years. Other digital currencies were used in the past but presented problems for bad actors due to their centralized nature. However, Blockchain technology, which powers cryptocurrencies like Bitcoin and is designed to be decentralized, allowed bad actors to protect their assets from law enforcement. Noticing this value, criminals on underground markets began to use this to their benefit well before the value of Bitcoin reached $1000+ a coin.

    But soon enough Bitcoin value continued to grow and malware authors took notice, as they began to target Bitcoin wallets rather than simply trade in it. Ransomware exploded, holding victim’s files and machines hostage for almost exclusively Bitcoin payment. Malware that was traditionally sold as a scraper (to steal credit card information and passwords) was upgraded to include a cryptocurrency mining feature and was sold at a premium price.

    Bad actor adoption of cryptocurrency has been both significant and quick, and notably much faster than the general population. Malware that uses, steals, and is sold with cryptocurrency is now the norm. And now as the general population’s interest in cryptocurrency has exploded, we’ve seen an increase in interest from malware authors as well. This interest has led to new malware behavior, such as Evrial’s ability to scan clipboards for cryptocurrency addresses. It’s had a major impact in how business is done in the underground.

    However, it’s important to note that Bitcoin’s popularity presents its own problems. The volatile value has made the buying and selling of illicit goods problematic. Additionally, the pricing of a ransom is now askew. This has forced some markets to move to multi-coin platforms (namely incorporating Monero) as an alternative and some malware families to turn to other alt-coins to mine or steal.

    All in all, cryptocurrency is no different than other motivators before it – when cybercriminals find the right opportunity to enhance their profitability, they capitalize on it. And when road blocks emerge, they find ways to maneuver around them. Now, the next step for cyber defenders is to keep their eyes peeled for what’s next, and eventually — outpace cybercriminals entirely.

    To learn more about the fight against Evrial and other Trojans like it, be sure to follow us at @McAfee and @McAfee_Labs.

    The post Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities appeared first on McAfee Blogs.



    McAfee Blogs

    Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities

    Many of the stealthiest cyberthreats out there spawn on underground forums, as malware authors leverage the space to sell unique variants to fellow criminals. And now there’s a new addition to the underground scene. Meet Evrial: a powerful, information-stealing Trojan which is currently for sale for 1,500 Rubles or $27 USD. Its author previously created another variant named CryptoShuffler, which allows cybercriminals to replace the Windows clipboard and steal files from cold cryptocurrency wallets, as well as passwords from programs/browsers. Its successor, Evrial, can steal browser cookies, swoop stored credentials, and monitor the Windows clipboard too — only now it can potentially hijack active cryptocurrency payments and send stolen money directly to a cybercriminal’s address.

    Specifically, the Trojan is capable of monitoring the Windows clipboard for certain types of text, and if it detects specific strings, it can modify or even replace them with ones sent by the attacker. This could mean replacing legitimate addresses and URLs with ones under the attacker’s control; a regular Bitcoin address could suddenly become one belonging to a cybercriminal. If the target pastes that address into their app, thinking it’s the legitimate one, and sends Bitcoin, the cyptocurrency will be soon be in the hands of the cybercriminal. Mind you, Evrial goes beyond Bitcoin, as it is also configured to detect strings that correspond to Litecoin, Monero, WebMoney, Qiwi addresses and Steam items trade URLs.

    Evrial is just one of many Bitcoin-centric news stories lately, as cryptocurrency in general has been on practically everyone’s minds – which begs the question, is there a connection? Is the increased focus on digital currency inciting the creation of malware variants designed specifically to capitalize on Bitcoin’s boom?

    In short – yes and no. Historically, cryptocurrencies have been a popular mechanism on underground markets for several years. Other digital currencies were used in the past but presented problems for bad actors due to their centralized nature. However, Blockchain technology, which powers cryptocurrencies like Bitcoin and is designed to be decentralized, allowed bad actors to protect their assets from law enforcement. Noticing this value, criminals on underground markets began to use this to their benefit well before the value of Bitcoin reached $1000+ a coin.

    But soon enough Bitcoin value continued to grow and malware authors took notice, as they began to target Bitcoin wallets rather than simply trade in it. Ransomware exploded, holding victim’s files and machines hostage for almost exclusively Bitcoin payment. Malware that was traditionally sold as a scraper (to steal credit card information and passwords) was upgraded to include a cryptocurrency mining feature and was sold at a premium price.

    Bad actor adoption of cryptocurrency has been both significant and quick, and notably much faster than the general population. Malware that uses, steals, and is sold with cryptocurrency is now the norm. And now as the general population’s interest in cryptocurrency has exploded, we’ve seen an increase in interest from malware authors as well. This interest has led to new malware behavior, such as Evrial’s ability to scan clipboards for cryptocurrency addresses. It’s had a major impact in how business is done in the underground.

    However, it’s important to note that Bitcoin’s popularity presents its own problems. The volatile value has made the buying and selling of illicit goods problematic. Additionally, the pricing of a ransom is now askew. This has forced some markets to move to multi-coin platforms (namely incorporating Monero) as an alternative and some malware families to turn to other alt-coins to mine or steal.

    All in all, cryptocurrency is no different than other motivators before it – when cybercriminals find the right opportunity to enhance their profitability, they capitalize on it. And when road blocks emerge, they find ways to maneuver around them. Now, the next step for cyber defenders is to keep their eyes peeled for what’s next, and eventually — outpace cybercriminals entirely.

    To learn more about the fight against Evrial and other Trojans like it, be sure to follow us at @McAfee and @McAfee_Labs.

    The post Exploring the Correlation Between Bitcoin’s Boom and Evrial’s Capabilities appeared first on McAfee Blogs.

    A look into the cyber arsenal used by Lazarus APT hackers in recent attacks against financial institutions

    Security experts at Trend Micro have analyzed malware and a tool used by the Lazarus APT group in the recent attacks against financial institutions.

    Security experts at Trend Micro have analyzed the attacks conducted by the notorious Lazarus APT group against financial institutions.

    The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

    This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.  Security researchers discovered that North Korean Lazarus APT group was behind attacks on banks, including the Bangladesh cyber heist.

    In the last campaigns against financial firms, the cyber spies launched watering hole attacks and leveraged a variant of the Lazarus-linked RATANKBA Trojan.

    “The malware known as RATANKBA is just one of the weapons in Lazarus’ arsenal. This malicious software, which could have been active since late 2016, was used in a recent campaign targeting financial institutions using watering hole attacks. The variant used during these attacks (TROJ_RATANKBA.A) delivered multiple payloads that include hacking tools and software targeting banking systems.” reads the analysis published by Trend Micro.

    “We analyzed a new RATANKBA variant (BKDR_RATANKBA.ZAELA), discovered in June 2017, that uses a PowerShell script instead of its more traditional PE executable form—a version that other researchers also recently identified.

    The researchers identified and hacked in some servers used by the cyber spies for temporarily storing stolen data, the analysis of the backend revealed that around 55% of the victims were located in India and neighboring countries.

    The majority of the victims were not using enterprise versions of Microsoft software, less than 5% of the victims were Microsoft Windows Enterprise users.

    The IP addresses of the victims don’t belong to a large bank or a financial institution, according to Trend Micro victims are likely employees of three web software development companies in India and one in South Korea.

    The RATANKBA Trojan is delivered via weaponized Office documents (containing topics related to cryptocurrencies and software development), CHM files, and script downloaders.

    Experts noticed that attackers don’t implement a real-time communication with the malware. Once compromised a target machine, the attackers will use a Remote Controller tool to send jobs to the system, the queue of jobs is then processed by RATANKBA.

    “During our analysis, we collected a copy of the RATANKBA malware’s Lazarus Remote Controller tool. The remote controller provides a user interface that allows attackers to send jobs to any compromised endpoint. The controller gives the attackers the ability to manipulate the victims’ host by queueing tasks on the main server. RATANKBA retrieves and executes the tasks, and retrieves the collected information.” continues the analysis.

    The controller tools used by the Lazarus APT implements a graphical UI interface that allows hackers to push code to the server and download victim profiles from it.

    Lazarus APT group 2

    Trend Micro also provided a profile of the members of the Lazarus APT group, the hackers appear to be native Korean speakers and at least one of them is believed to also understand Chinese.

    “Given Lazarus’ use of a wide array of tools and techniques in their operations, it’s reasonable to assume that the group will continue to use ever-evolving tactics in their malicious activities.” concluded Trend Micro.

    Pierluigi Paganini

    (Security Affairs – Lazarus APT Group, hacking)

    The post A look into the cyber arsenal used by Lazarus APT hackers in recent attacks against financial institutions appeared first on Security Affairs.

    Security Affairs: A look into the cyber arsenal used by Lazarus APT hackers in recent attacks against financial institutions

    Security experts at Trend Micro have analyzed malware and a tool used by the Lazarus APT group in the recent attacks against financial institutions.

    Security experts at Trend Micro have analyzed the attacks conducted by the notorious Lazarus APT group against financial institutions.

    The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

    This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.  Security researchers discovered that North Korean Lazarus APT group was behind attacks on banks, including the Bangladesh cyber heist.

    In the last campaigns against financial firms, the cyber spies launched watering hole attacks and leveraged a variant of the Lazarus-linked RATANKBA Trojan.

    “The malware known as RATANKBA is just one of the weapons in Lazarus’ arsenal. This malicious software, which could have been active since late 2016, was used in a recent campaign targeting financial institutions using watering hole attacks. The variant used during these attacks (TROJ_RATANKBA.A) delivered multiple payloads that include hacking tools and software targeting banking systems.” reads the analysis published by Trend Micro.

    “We analyzed a new RATANKBA variant (BKDR_RATANKBA.ZAELA), discovered in June 2017, that uses a PowerShell script instead of its more traditional PE executable form—a version that other researchers also recently identified.

    The researchers identified and hacked in some servers used by the cyber spies for temporarily storing stolen data, the analysis of the backend revealed that around 55% of the victims were located in India and neighboring countries.

    The majority of the victims were not using enterprise versions of Microsoft software, less than 5% of the victims were Microsoft Windows Enterprise users.

    The IP addresses of the victims don’t belong to a large bank or a financial institution, according to Trend Micro victims are likely employees of three web software development companies in India and one in South Korea.

    The RATANKBA Trojan is delivered via weaponized Office documents (containing topics related to cryptocurrencies and software development), CHM files, and script downloaders.

    Experts noticed that attackers don’t implement a real-time communication with the malware. Once compromised a target machine, the attackers will use a Remote Controller tool to send jobs to the system, the queue of jobs is then processed by RATANKBA.

    “During our analysis, we collected a copy of the RATANKBA malware’s Lazarus Remote Controller tool. The remote controller provides a user interface that allows attackers to send jobs to any compromised endpoint. The controller gives the attackers the ability to manipulate the victims’ host by queueing tasks on the main server. RATANKBA retrieves and executes the tasks, and retrieves the collected information.” continues the analysis.

    The controller tools used by the Lazarus APT implements a graphical UI interface that allows hackers to push code to the server and download victim profiles from it.

    Lazarus APT group 2

    Trend Micro also provided a profile of the members of the Lazarus APT group, the hackers appear to be native Korean speakers and at least one of them is believed to also understand Chinese.

    “Given Lazarus’ use of a wide array of tools and techniques in their operations, it’s reasonable to assume that the group will continue to use ever-evolving tactics in their malicious activities.” concluded Trend Micro.

    Pierluigi Paganini

    (Security Affairs – Lazarus APT Group, hacking)

    The post A look into the cyber arsenal used by Lazarus APT hackers in recent attacks against financial institutions appeared first on Security Affairs.



    Security Affairs

    Another Tipping Point is Reached

    When will we reach a point when cryptocurrencies are something more than just a hot topic? We are already there.  Google report for 2017 reveals the nitcoin and related cryptos were the second most searched topic.  Just a couple years ago they were far down on a very long list.  Today I received some of […]

    The post Another Tipping Point is Reached appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Namecoin

    The Namecoin/Bitcoin pair lost all bullishness on June 23, 2017 when it generated a lower high at 0.001388. It may not be easily recognizable in the chart, but the lower high created a bearish head and shoulders structure. The market effectively went in a downtrend when it broke critical support at 0.00085 on July 19. […]

    The post Trade Recommendation: Namecoin appeared first on Hacked: Hacking Finance.

    Technical Analysis: Cryptocurrencies Mixed as Rally Attempt Stalls

    The correlation between the major coins slightly broke down today, as the currencies settled down somewhat after the latest sell-off. While that might be an early bullish sign for the segment, the short-term setups are still bearish for the largest coins, and the rally attempts failed near the key resistance levels. Bitcoin briefly spiked above […]

    The post Technical Analysis: Cryptocurrencies Mixed as Rally Attempt Stalls appeared first on Hacked: Hacking Finance.

    Bitcoin Atom (BCA) Hard Fork Arrives Today

    A new proposal to modify bitcoin’s underlying protocol is full steam ahead, according to the backers of the Bitcoin Atom project. Bitcoin Atom Hard Fork An anonymous team of developers will fork the bitcoin blockchain on Wednesday, creating a separate digital currency it says will uphold the founding principles of Satoshi Nakamoto. Like other forks, […]

    The post Bitcoin Atom (BCA) Hard Fork Arrives Today appeared first on Hacked: Hacking Finance.

    Technical Analysis: Coins Fight Back as $10,000 Holds in BTC For Now

    Technical trading continued in earnest in the cryptocurrency segment, as the dominant downtrend briefly carried Bitcoin below the widely watched $10,000 level which was followed by a sharp snapback rally. As correlations between the major coins remained very high, altcoins tracked the movements of BTC closely, still pointing to a nervous and bearish sentiment in […]

    The post Technical Analysis: Coins Fight Back as $10,000 Holds in BTC For Now appeared first on Hacked: Hacking Finance.

    Technical Analysis: Selling Resumes as BTC Eyes $10,000 Again

    The post-crash bounce that carried Bitcoin and altcoins higher in a concerted fashion, ended on Sunday, and the major cryptocurrencies are now under pressure again, with steep losses across the board. The largest coins are holding on above their prior lows, but correlations are still very high, and that points to a likely re-test of […]

    The post Technical Analysis: Selling Resumes as BTC Eyes $10,000 Again appeared first on Hacked: Hacking Finance.

    Kaspersky Lab official blog: Phishing for cryptocurrencies: How bitcoins are stolen

    The recent price rollercoaster of Bitcoin and other cryptocurrencies have made this topic incredibly hot. Whereas only a year ago cryptocurrencies were the domain of geeks, now all online media are talking about them, and even TV and radio have joined in. Not a day goes by without fresh reports from the cryptomarkets.

    But scammers too have been quick to smell the opportunity. Indeed, cryptocurrencies have given phishing — the creation of fake sites to steal credentials from unwary users — a new purpose.

    [crypto-phishing-featured]

    Simple cryptophishing

    The simplest version of cryptocurrency phishing, aka cryptophishing, involves good old-fashioned spam mailings. In this case, such e-mails appear to originate with providers of cryptocurrency-related services — Web wallets, exchanges, and so on.

    The messages are markedly more detailed and sophisticated than the average phishing e-mail. For example, one might be a security alert saying that someone just tried to sign into your account from such and such address using such and such browser — all you have to do is click the link to check that everything’s OK. The potential victim might even have requested such messages on the cryptowallet site, in which case they will notice nothing untoward.

    Or it might be an invitation to take a survey about a cryptocurrency event, offering a fairly generous reward for your opinion (say, 0.005 bitcoin, which amounts to about $50–$70 at the current rate). Click on the link, it says, to enter.

    The result is always the same: The victim is directed to a fake version of the expected cryptocurrency site and asked to enter their e-wallet credentials. Most popular Bitcoin Web wallet sites look quite simple, yet recognizable, which helps criminals to create convincing imitations.

    Three different phishing sites that look like blockchain.info

    Three different phishing sites that look like blockchain.info

    The stakes are pretty high: Hijacking an e-wallet that contains a few decibitcoin isn’t like stealing a piffling e-mail account — those fetch some 20 cents per bucket on the black market. In e-wallets, criminals see a quick and direct route to some juicy pickings, so they are investing more in phishing messages and making them more plausible.

    Inventive cryptophishing

    A more intricate cryptophishing scheme was discovered recently that uses some, shall we say, interesting features of Facebook. Here’s how it works.

    1. Scammers find a cryptocurrency community and create a Facebook page with the same title and design as the community’s official page. They make the address of the fake page very similar to that of the real one, differing by as little as one letter. Spotting the difference is not so easy, because in Facebook you can set any name for your organization or yourself, and these names are always displayed far more prominently than real addresses.
    The genuine Facebook page of a cryptoplatform — and a fake one

    The genuine Facebook page of a cryptoplatform — and a fake one

    1. The scammers then send phishing messages to members of the real community from the fake page. Personal messages are not suitable for this purpose for various reasons (for example, they can’t be sent to a user on behalf of a page).

      So the scammers employ an interesting trick: To target someone, they share the victim’s profile photo on their page and tag them there.

      The cunning part is that the profile photo is always visible to everyone — and it is not possible to stop someone from sharing it, or tagging you in Facebook — so the trick is effective even against people who are privacy savvy. The only way to stay protected from such activity is to disable notifications about tags created by unknown users, pages, and communities.

    1. The most interesting bit is in the text of the message scammers use to mark their prey. For example, the message might say that the user is one of 100 lucky recipients of 20.72327239 (yes, the figure is that precise) cryptocurrency units for their loyalty to the platform. And, of course, there is a link for getting hold of the coins.

      Note that the message contains detailed terms and conditions for receiving the reward (a minimum number of transactions on the platform, for example). Coupled with the appealingly exact and not excessively high but reasonable amount (about $100–$200), it all seems plausible.

    Some more examples of messages from cryptophishing pages on Facebook

    How to guard against cryptophishing

    Lately, the cryptomarket may have resembled a magic money tree, but cryptocurrency services are not charities, and they do not give away money for the fun of it. If someone promises you free cryptocurrency, most likely it’s on the end of a hook.

    1. Always check every link very carefully. It’s best not to click on links in messages from Internet services at all — instead, type in the address of the service in the address bar of your browser.
    2. Carefully configure your privacy settings to avoid fraudulent schemes in Facebook. See this post for details of how to do that. It’s also not a bad idea to configure Facebook notifications — we have a post about that too.
    3. Use an antivirus solution with dedicated antiphishing protection. Kaspersky Internet Security is one such solution.


    Kaspersky Lab official blog

    Trade Recommendation: Siacoin

    The Siacoin/Bitcoin pair kickstarted its uptrend on December 24, 2017 when the pair broke out of a bullish rounding bottom formation at 0.000002 on the daily chart. In a couple of weeks, it hovered close to 0.0000042 resistance. Investors who bought the breakout and sold at the resistance made around 110% in profits easy.  If […]

    The post Trade Recommendation: Siacoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Test of the Crash-Lows Ahead?

    The major coins started the week on a negative note, as the broad correction entered another bearish swing after a strong pre-crash bounce. Technical trading is still dominant, with no major news behind the move as a catalyst, and as the correlation between the coins is still very high. The latest wallet-hack is a weighing […]

    The post Crypto Update: Test of the Crash-Lows Ahead? appeared first on Hacked: Hacking Finance.

    The State of Security: Cryptocurrency Hacks and Heists in 2017

    The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of official status to Bitcoin […]… Read More

    The post Cryptocurrency Hacks and Heists in 2017 appeared first on The State of Security.



    The State of Security

    Cryptocurrency Hacks and Heists in 2017

    The cryptocurrency rush took the world by storm last year. This dynamic environment lured new players, including hungry investors, miners, enthusiasts, looking to their hand at innovative startups not to mention threat actors. We witnessed blockchain splits, a boom of Initial Coin Offerings (ICOs), regulatory attempts by governments, the granting of official status to Bitcoin […]… Read More

    The post Cryptocurrency Hacks and Heists in 2017 appeared first on The State of Security.

    Better Early Than Never: OPEC, Cryptos, & BoJ

    The US Government failed to reach any sort of deal to approve a budget last Friday. If there’s no budget there’s no money to pay government employees or to keep things open. Welcome to Day 1 of the US Government Shutdown. (Technically, the shutdown started on Friday night but short of a last minute arrangement, […]

    The post Better Early Than Never: OPEC, Cryptos, & BoJ appeared first on Hacked: Hacking Finance.

    Is 2018 the year cybercrime becomes mainstream?

    The issue of cybercrime was thrust into international conversation last year, but what will the phenomenon look like in 2018?Cryptocurrencies will continue to be a driver for cybercrime. This is

    The post Is 2018 the year cybercrime becomes mainstream? appeared first on The Cyber Security Place.

    More Wall Street Pundits Caution Against Investing In Bitcoins

    Peter Boockvar is the Chief Investment Officer of Bleakley Financial Group, a $3.5B wealth management firm -- and he predicts "an epic crash will hit the cryptocurrency market," according to CNBC. "He isn't sure if it'll come to a grinding halt or be a slow and steady drop -- but he says it's coming." "When something goes parabolic like this has, it typically ends up to where that parabola began," he said on CNBC's "Futures Now." Boockvar, a CNBC contributor, contends bitcoin is in danger of dropping 90 percent from current levels. He calls it a classic bubble. "I wouldn't be surprised if over the next year it's down to $1,000 to $3,000," he added. That's where bitcoin, the largest cryptocurrency player, was trading less than 12 months ago. Friday afternoon it was trading above $11,000. Meanwhile, today the International Business Times chronicled the predictions of tech billionaire Mark Cuban. In June of last year as bitcoin was climbing toward the $3,000 threshold, Cuban cautioned potential investors about jumping in on the bandwagon... "[C]rypto is like gold. More religion than asset. Except of course gold makes nice jewelry." He told his followers at the time that he wasn't questioning the value of Bitcoin but was questioning the "valuation" and said , "I think it's in a bubble. I just don't know when or how much it corrects." Cuban suggested that when everyone is "bragging about how easy they are making [money]," that indicates there is a bubble happening... Still, the Dallas Mavericks owner was open to the idea of using cryptocurrencies as a volatile investment vehicle. "If you're a true adventurer and you really want to throw the Hail Mary, you might take 10 percent and put it in Bitcoin or Ethereum," he said. Cuban also cautioned, "If you do that, you've got to pretend you've already lost your money"... Showing just have far Cuban has come on bitcoin and cryptocurrency, he announced earlier this week that his Dallas Mavericks will accept bitcoin and Ethereum as a method to pay for tickets starting next season. Even if the tech investor doesn't fully believe in cryptocurrency, he's clearly willing to try to profit off it...

    Read more of this story at Slashdot.

    Cryptos Pivot Sharply Lower After Weekend Rebound; Bitcoin, Ethereum, Ripple All Down

    After a favorable weekend rally, cryptocurrencies were back on the defensive Monday as investors took profits on bitcoin, Ethereum and Ripple. Although it’s still too early to determine if we are starting the next leg of the correction, market participants are still spooked about regulatory uncertainty in South Korea, not to mention the collapse of […]

    The post Cryptos Pivot Sharply Lower After Weekend Rebound; Bitcoin, Ethereum, Ripple All Down appeared first on Hacked: Hacking Finance.

    Cookbook for a Down Day

    We got ourselves another buying day folks. Unfortunately, when I was asleep there were some pretty good deals going on. I woke up to find some okay prices, but they went back up to those purgatory prices that weren’t eye popping enough. I wanted to share what I do on days like this to stay […]

    The post Cookbook for a Down Day appeared first on Hacked: Hacking Finance.

    Long-Term Cryptocurrency Analysis: Bitcoin and Monero Shine As Post-Crash Consolidation Continues

    It has been a week for the history books yet again in the cryptocurrency segment, as the market went through another violent phase of the ongoing broad correction that finally cleared the momentum and sentiment extremes of the late-2017 rally. Now, the majors are mostly in neutral long-term setups, although the late leaders of the […]

    The post Long-Term Cryptocurrency Analysis: Bitcoin and Monero Shine As Post-Crash Consolidation Continues appeared first on Hacked: Hacking Finance.

    The Technology Behind Bitcoin Private

    By definition, bitcoin private (BTCP) basically refers to a privacy-centric bitcoin fork that has been hosted by another cryptocurrency named ZClassic (a privacy-oriented cryptocurrency based on Zero-Knowledge Proofs and forked from ZCash). The basic purpose of a hard fork is to validate the previously invalid blocks as well as transactions by changing the blockchain protocol […]

    The post The Technology Behind Bitcoin Private appeared first on Hacked: Hacking Finance.

    Week in Review: Cryptocurrencies Steady Following Two-Day Bloodbath as South Korea Weighs New Regulations

    The events of this past week proved once again that cryptocurrency speculation isn’t for the faint of heart. Between Monday and Wednesday, the digital asset class shed $285 billion in an epic flash crash triggered by speculation that South Korea was considering a new ban on domestic cryptocurrency exchanges. Carnage in the cryptocurrency market compelled […]

    The post Week in Review: Cryptocurrencies Steady Following Two-Day Bloodbath as South Korea Weighs New Regulations appeared first on Hacked: Hacking Finance.

    Cryptocurrency Analysis: Market Turns Lower Again Before the Weekend

    Choppy market conditions remained dominant, as we expected, after the segment-wide crash and the subsequent spectacular bounce. Trading volumes plunged back to normal levels as the majors settled down, but correlations remained high across the board, and the short-term downtrend in Bitcoin and most of the largest coins is still intact. The sector is headed […]

    The post Cryptocurrency Analysis: Market Turns Lower Again Before the Weekend appeared first on Hacked: Hacking Finance.

    Trade Recommendation: BitCrystals

    A triple top structure is rare, but when it happens, it can send a market spiralling down. This is what happened to the Bitcrystals/Bitcoin pair. On June 23, the market created a triple top structure at 0.00032. In less than three weeks, the pair broke support at 0.000175. It continued to nosedive until it found […]

    The post Trade Recommendation: BitCrystals appeared first on Hacked: Hacking Finance.

    Trade Recommendation: Bitcoin

    This is a long term trade. The price bounces from the support zone formed by SMA100, 10000.00 support level and the uptrend line. RSI confirms price reversal. MACD histogram is going to support a new upward movement. Entry level is at 12150.00 with stop orders below the local swing low at 8850.00 level. Profit targets […]

    The post Trade Recommendation: Bitcoin appeared first on Hacked: Hacking Finance.

    Crypto Update: Volatility Declines as Choppy Consolidation Continues

    The wild swings of this week will long be remembered by cryptocurrency investors, but for now, the market settled down, and the majors are holding on to most of their post-crash gains, despite the overnight sell-off. The oversold bounce was once again led by the price of Bitcoin, but percentage-wise, altcoins gained more than the […]

    The post Crypto Update: Volatility Declines as Choppy Consolidation Continues appeared first on Hacked: Hacking Finance.

    Bitcoin’s Fluctuations Are Too Much For Even Ransomware Cybercriminals

    Bitcoin's price swings are so huge that even ransomware developers are dialling back their reliance on the currency, according to researchers at cybersecurity firm Proofpoint. From a report: Over the last quarter of 2017, researchers saw a fall of 73% in payment demands denominated in bitcoin. When demanding money to unlock a victim's data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of bitcoin. Just like conventional salespeople, ransomware developers pay careful attention to the prices they charge. Some criminals offer discounts depending on the region the victim is in, offering cheaper unlocking to residents of developing nations, while others use an escalating price to encourage users to pay quickly and without overthinking things. But a rapidly oscillating bitcoin price plays havoc with those goals, Proofpoint says.

    Read more of this story at Slashdot.

    Technical Analysis: Coins Explode Higher but Segment Remains in Downtrend

    The sea of red in the cryptocurrency sector quickly turned green today, as all of the major coins surged off the crash lows, gaining from 25% to 100% in less than a day after BTC plunged below the$10,000 level. The rally was fueled by reports from South Korea about the rumored exchange ban that suggests […]

    The post Technical Analysis: Coins Explode Higher but Segment Remains in Downtrend appeared first on Hacked: Hacking Finance.

    Cryptocurrency Mining Malware Infects More Than Half of Organizations Globally

    More than half of organizations around the world were struck by threat actors using cryptocurrency mining tools to steal corporate computing resources last month, a trend that will likely continue in 2018, according to recent research.

    The Golden Age of Cryptocurrency Crime

    The popularity of bitcoin, Ethereum and other cryptocurrencies is likely fueling interest among rogue actors to prey upon the CPU power behind major websites and streaming services. According to Check Point’s most recent “Global Threat Index,” the top 100 malware included 10 different kinds of cryptocurrency mining tools. In some cases, 65 percent of a system’s resources are being drained for mining, going far beyond legitimate or legal uses of the software.

    Although the cybercriminals behind such attacks aren’t necessarily going after victims’ personal data or money, the tactics are somewhat similar. Infosecurity Magazine reported that some attackers inject malicious code into ads, otherwise known as malvertising, to install cryptocurrency mining tools designed to harvest Monero. All someone would have to do is click on a pop-up ad and the process would begin without their knowledge.

    Digging Into Cryptocurrency Mining Tools

    Many of the cryptocurrency mining applications in question were never intended to be misused like this. As WCCF Tech pointed out, Cryptoloot and Coinhive were initially seen as ways for certain online properties to generate additional revenue, but bad actors are capitalizing on their capabilities. In other cases, sites such as Pirate Bay have taken advantage of their visitors by running these tools quietly in the background.

    Check Point research also revealed that there are some downright malicious cryptocurrency mining tools on the market, such as the RIG exploit kit. SecurityBrief suggested that, for some threat actors, harvesting bitcoin might be easier and more lucrative than using ransomware to take over an individual system or device.

    As the cryptocurrency gold rush gains steam, there’s no telling how many more cybercriminals are going to get in on the act.

    The post Cryptocurrency Mining Malware Infects More Than Half of Organizations Globally appeared first on Security Intelligence.

    rud.is: Bitcoin (World Map) Bubbles

    We’re doing some interesting studies (cybersecurity-wise, not finance-wise) on digital currency networks at work-work and — while I’m loathe to create a geo-map from IPv4 geolocation data — we:

    • do get (often, woefully inaccurate) latitude & longitude data from our geolocation service (I won’t name-and-shame here); and,
    • there are definite geo-aspects to the prevalence of mining nodes — especially Bitcoin; and,
    • I have been itching to play with the nascent nord palette🔗 in a cartographical context…

    so I went on a small diversion to create a bubble plot of geographical Bitcoin node-prevalence.

    I tweeted out said image and someone asked if there was code, hence this post.

    You’ll be able to read about the methodology we used to capture the Bitcoin node data that underpins the map below later this year. For now, all I can say is that wasn’t garnered from joining the network-proper.

    I’m including the geo-data in the gist🔗, but not the other data elements (you can easily find Bitcoin node data out on the internets from various free APIs and our data is on par with them).

    I’m using swatches🔗 for the nord palette since I was hand-picking colors, but you should use @jakekaupp’s most excellent nord package🔗 if you want to use the various palettes more regularly.

    I’ve blathered a bit about nord, so let’s start with that (and include the various other packages we’ll use later on):

    library(swatches)
    library(ggalt) # devtools::install_github("hrbrmstr/ggalt")
    library(hrbrthemes) # devtools::install_github("hrbrmstr/hrbrthemes")
    library(tidyverse)
    
    nord <- read_palette("nord.ase")
    
    show_palette(nord)

    It may not be a perfect palette (accounting for all forms of vision issues and other technical details) but it was designed very well (IMO).

    The rest is pretty straightforward:

    • read in the bitcoin geo-data
    • count up by lat/lng
    • figure out which colors to use (that took a bit of trial-and-error)
    • tweak the rest of the ggplot2 canvas styling (that took a wee bit longer)

    I’m using development versions of two packages due to their added functionality not being on CRAN (yet). If you’d rather not use a dev-version of hrbrthemes just use a different ipsum theme vs the new theme_ipsum_tw().

    read_csv("bitc.csv") %>%
      count(lng, lat, sort = TRUE) -> bubbles_df
    
    world <- map_data("world")
    world <- world[world$region != "Antarctica", ]
    
    ggplot() +
      geom_cartogram(
        data = world, map = world,
        aes(x = long, y = lat, map_id = region),
        color = nord["nord3"], fill = nord["nord0"], size = 0.125
      ) +
      geom_point(
        data = bubbles_df, aes(lng, lat, size = n), fill = nord["nord13"],
        shape = 21, alpha = 2/3, stroke = 0.25, color = "#2b2b2b"
      ) +
      coord_proj("+proj=wintri") +
      scale_size_area(name = "Node count", max_size = 20, labels = scales::comma) +
      labs(
        x = NULL, y = NULL,
        title = "Bitcoin Network Geographic Distribution (all node types)",
        subtitle = "(Using bubbles seemed appropriate for some, odd reason)",
        caption = "Source: Rapid7 Project Sonar"
      ) +
      theme_ipsum_tw(plot_title_size = 24, subtitle_size = 12) +
      theme(plot.title = element_text(color = nord["nord14"], hjust = 0.5)) +
      theme(plot.subtitle = element_text(color = nord["nord14"], hjust = 0.5)) +
      theme(panel.grid = element_blank()) +
      theme(plot.background = element_rect(fill = nord["nord3"], color = nord["nord3"])) +
      theme(panel.background = element_rect(fill = nord["nord3"], color = nord["nord3"])) +
      theme(legend.position = c(0.5, 0.05)) +
      theme(axis.text = element_blank()) +
      theme(legend.title = element_text(color = "white")) +
      theme(legend.text = element_text(color = "white")) +
      theme(legend.key = element_rect(fill = nord["nord3"], color = nord["nord3"])) +
      theme(legend.background = element_rect(fill = nord["nord3"], color = nord["nord3"])) +
      theme(legend.direction = "horizontal")

    As noted, the RStudio project associated with this post in in this gist🔗. Also, upon further data-inspection by @jhartftw, we’ve discovered yet-more inconsistencies in the geo-mapping service data (there are way too many nodes in Paris, for example), but the main point of the post was to mostly show and play with the nord palette.



    rud.is

    Bitcoin Watchers Running Out of Explanations Blame Slump on Moon

    If regulatory concerns aren't enough to explain Bitcoin's 50 percent slump from its record high reached last month, how about blaming it on the moon? An anonymous reader writes: The Lunar New Year, which marks the first day of the year in the Chinese calendar, is being cited by some as contributing to Bitcoin's slump as Asian traders cash out their cryptocurrencies to travel and buy gifts for the holiday that starts Feb. 16 this year. The festivity is celebrated not just in China, but in other Asian countries including Singapore, Indonesia, Malaysia, Korea and Thailand. "The January drop is a recurring theme in cryptocurrencies as people celebrating the Chinese New Year, aka Lunar New Year, exchange their crypto for fiat currency," said Alexander Wallin, chief executive officer of trading social network SprinkleBit in New York. "The timing is about four to six weeks before the lunar year, when most people make their travel arrangements and start buying presents."

    Read more of this story at Slashdot.

    What is the Right Time to Buy Bitcoin

    If you read the news, you have probably become aware of the fact that the price of Bitcoin has been consistently going up for quite a while. At a point, you probably realized you didn’t want to be the one person to miss out one of the best investing opportunities of the last decade, so you want to get in.

    The Hard Part of Investing in Bitcoin

    Bitcoin prices may be constantly going up, but they are also very volatile, which can scare away many investors. You will see many news stories covering this from various angles. Some will talk about how quickly Bitcoin has gone up and others will talk about the most recent drastic dip (despite the fact that Bitcoin is still up on the month). The point is volatility creates risk and scares away the investors who aren’t willing to lose all the money they put into it.

    The funny thing about this is that the volatility actually works to create the investment opportunity. If there was a sure-fire way for investors to make 50% returns per annum consistently, then everyone would be throwing their money in as fast as possible. But the volatility means risk, and not everyone is willing to handle that.

    So, the hard part of investing in Bitcoin is figuring out what you want your strategy to be. There are a few different ways to approach it, and you will need to tailor your approach to whatever suits you best as well as what you think will yield the highest returns.

    Buy-and-Hold (or HODL)

    Warren Buffett has popularized the investment approach of just buying a security and holding it forever or until your original thesis about the security changes. This appears one of the most popular approaches investors take with Bitcoin.

    When presented with the option to day trade and be smart about their management of Bitcoin, some investors just realized that it wasn’t worth it and would be safer to buy Bitcoin for a long time. This is almost a fear-based approach that is optimized to avoid any of the big missteps. The basic idea is you think Bitcoin is a winner, so you hold Bitcoin.

    The cryptocurrency jargon “HODL” came from a famous misspelling where a Bitcoin enthusiast was explaining how he realized he couldn’t beat the traders at their game and didn’t want to lose money trying to be the smartest guy in the room. Since then, it has caught on as an explanation for someone’s long-term investment strategy.

    Buy the Dip

    Not necessarily in direct opposition to HODL, but trying to get a little fancier, is the idea of buying Bitcoin on the dip. There are invariably going to be drops in the price, and that is when you buy the currency.

    This is a form of market timing but doesn’t mean you are making frantic trades to eke out every last bit of profit you can. You are just being an opportunist at a time where most people are being foolish and selling off their cryptocurrency because they think this time is the end of Bitcoin.

    Buying when others are fearful is another precept of Warren Buffett, which he borrowed from Ben Graham, and is a great way to guarantee bargains when you were already planning on buying more of it.

    Dollar-Cost Averaging

    Another approach you could take to acquiring your Bitcoin is buying a certain amount every month. This is referred to as dollar cost averaging and can apply to any investment. The opposite of this would be buying all your Bitcoin in one lump sum and then never adding to this position.

    Diversification is important because it allows you to participate in the upside (and downside) of many different securities, which lowers the overall risk of your portfolio. Dollar-cost averaging has you do this, but rather than diversify over an asset class, you are diversifying over time. Buying Bitcoin at a bunch of different points in time, you are ensuring a less risky outcome for your portfolio.

    Trading for Profit

    You get more advanced when you start analyzing charts and looking for trends in the prices of these securities. Day trading has always existed as a potential career, but with the emergence of these highly volatile cryptocurrencies, it has become even easier to make money (or lose all of it).

    There are more than a hundred different trading platforms and exchanges available for those who think they can beat the market and take some money off the table. The big thing to remember here is for every bit of profit you make, someone else must be losing to subsidize that. The money doesn’t come from nowhere.

    Trading is a high-risk, high-reward way to handle your cryptocurrency investments. Whether you HODL or use any other strategy, you are still participating in the upside of cryptocurrency along the way.

    Conclusion

    No one knows the exact time which is appropriate for buying cryptocurrency as volatile as Bitcoin. Having learned about all the different ways, you can go about managing your cryptocurrency investments. It is now up to you to determine which method is the most suited to your particular needs.

    You might not have enough time to learn about trading, in which case you would probably want to try dollar-cost averaging. Or if you want to keep putting more money in, you can buy every time there is a noticeable dip below the trend. This would be closer to a day trading version of buying the dip.

    The point is that there are many different ways to approach your acquisition of Bitcoin, and it all depends on how much money you want to put in and what your risk tolerance is, rather than the time when the purchase is to be made.

    The post What is the Right Time to Buy Bitcoin appeared first on TechWorm.

    Cryptocurrency Exchanges, Students Targets of North Korea Hackers

    A late-2017 state-sponsored cyber attacks by North Korea against South Korea not only targeted cryptocurrency users and exchanges, but also college students interested in foreign affairs, new research from Recorded Future has found. North Korea shows no signs of letting up on its cyber war against South Korea with state-sponsored attacks against...

    Read the whole entry... »

    Related Stories

    Researchers Find That One Person Likely Drove Bitcoin From $150 to $1,000

    An anonymous reader shares a report: Researchers Neil Gandal, JT Hamrick, Tyler Moore, and Tali Oberman have written a fascinating paper on Bitcoin price manipulation. Entitled "Price Manipulation in the Bitcoin Ecosystem" and appearing in the recent issue of the Journal of Monetary Economics the paper describes to what degree the Bitcoin ecosystem is controlled by bad actors. To many it's been obvious that the Bitcoin markets are, at the very least, being manipulated by one or two big players. "This paper identifies and analyzes the impact of suspicious trading activity on the Mt. Gox Bitcoin currency exchange, in which approximately 600,000 bitcoins (BTC) valued at $188 million were fraudulently acquired," the researchers wrote. "During both periods, the USD-BTC exchange rate rose by an average of four percent on days when suspicious trades took place, compared to a slight decline on days without suspicious activity. Based on rigorous analysis with extensive robustness checks, the paper demonstrates that the suspicious trading activity likely caused the unprecedented spike in the USD-BTC exchange rate in late 2013, when the rate jumped from around $150 to more than $1,000 in two months." The team found that many instances of price manipulation happened simply because the market was very thin for various cryptocurrencies including early Bitcoin.

    Read more of this story at Slashdot.