Phishers Swim Around 2FA in Coinbase Account Heists
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
Cryptocurrency security covers theft, fraud, ransomware payments, wallet compromise, and blockchain risks involving digital assets and transactions.
Search across headline titles and summaries.
Background for this topic.
Cryptocurrency is a digital asset secured by cryptography and recorded on a decentralized blockchain ledger. It enables peer-to-peer transactions without intermediaries, relying on consensus mechanisms like proof-of-work or proof-of-stake to validate and add transaction blocks. Users control funds through private keys, which are critical for accessing and transferring cryptocurrency.
From an information security perspective, protecting private keys is paramount, as their compromise leads to irreversible theft. Cryptocurrency exchanges and wallet software are frequent targets for hacking, requiring robust security controls and vulnerability management. Additionally, the pseudonymous nature of transactions can facilitate illicit activities, challenging efforts to trace funds and enforce compliance. Defenses include hardware wallets, multi-factor authentication, and secure key management practices to mitigate risks inherent in cryptocurrency operations.
Weekly headline count for the current query.
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.
Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.
The popular underground market traded in drugs, stolen data, forged documents and more -- raking in billions in Bitcoin.
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
Scammers are bypassing Apple's App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep's clothing that grabs your cryptocurrency info instead.
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine.
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn't care less: It's still operating just fine. Still, the dump is a bouquet’s worth of intel.
One cryptography expert said that 'serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics, are 'embarrassingly bad.'
Attackers took advantage of a smart-contract migration to swindle 17 users.
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it's-not-saying. Wormhole is trying to negotiate with the attacker.
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.