TronWeekly

Crypto World News

You are here: Home / Archives for News / Cyber Security

Cyber Security

Binance Sued For Allegedly Facilitating Money Laundering in Northern California District Court

by

Binance landed in a fresh trouble on Monday as the world’s largest cryptocurrency exchange was sued in a U.S. court by the Japanese crypto platform Fisco.

According to a 33-page lawsuit filed by Fisco in the Northern California District Court on the 14th of September, Binance allegedly facilitated the laundering of over $9 million of stolen cryptocurrency after another Japanese crypto exchange, Zaif was hacked in 2018. Cryptocurrency exchange, Fisco acquired Zaif shortly after the hack.

The plaintiff accused Binance’s “lax policies” for know-your-customer [KYC] and anti-money laundering [AML] protocols which allowed the hackers to transfer the stolen funds. Fisco further maintained that the CZ-led exchange was fully capable of freezing those accounts and stop transactions on its platform involving the stolen
funds and return them to the Zaif exchange, but failed to do so. The complaint read,

“Binance could have done so before some or all of the stolen cryptocurrency left the Binance exchange, but it did not do so. Binance either intentionally or negligently failed to interrupt the money laundering process when it could have done so.”

But why was the lawsuit filed in California Court?

Fisco presented several arguments evidencing as to why Northern California was the proper jurisdiction for suing the cryptocurrency exchange. Firstly, in its complaint, Fisco stated that Binance has used servers and data centers provided by Amazon Web Services [AWS] for its business operation. The complaint further alleged Binance “purposely directed its activities toward California” and benefitted itself of the privileges of conducting activities in the region.

The plaintiff also claimed that the customers of the hacked exchange, who were Californian residents, “suffered harm” because of Binance’s “unreasonable KYC-AML procedures” which encouraged hackers by providing them a
marketplace to easily launder their “stolen digital loot”. It further conceded,

“Zaif and all Zaif customers affected by the hack, whose claims now belong to, and are being asserted by, Plaintiff, suffered harm in California when their cryptocurrency was stolen and laundered through Binance’s servers in California.”

Fisco is now seeking the value of the laundered Bitcoin with the interest from that time, in addition to fair compensation for the time and money spent in pursuit of the property.

bZx Sustains iToken Duplication; Protocol Compromised for Third Time in a Year

by

On the one hand, DeFi shows no signs of stopping, on the other hand, some popular projects are being hacked due to a number of internal vulnerabilities. One such protocol is the bZx, which had a very difficult year.

In a yet another fresh trouble, the popular DeFi lending protocol encountered bug exploitation. bZx’s official blog post claimed that the platform sustained a duplication incident with several of the iTokens. The incident caused the protocol insurance fund to transiently accrue a debt. Calling the incident “surmountable”, bZx revealed that the insurance fund was backstopped by both the token treasury in addition to protocol cash flows.

It was the steep drop in bZx’s TVL that caught the attention of the platform’s developers which was then followed by a tweet stating that it was “investigating” the reason behind it.

Marc Thalen, Lead Engineer at Bitcoin.com found an exploit after noticing a user capable of duplicating iTokens who then contacted the team. But by the time the team’s founders got the word, the attacker had drained substantial amounts of Dai and USDC. Thalen further stated that the entire pool could have been drained “if the attacker had a bit more time”.

Funds are SAFU

However, the platform confirmed that no funds were at risk. Furthermore, the duplication bug in question was patched up after it was audited by two prominent security firms – Peckshield and Certik. bZx stated,

“The protocol was heavily audited by top security firms Peckshield and Certik. The Peckshield audit was 12 person weeks. This is the same amount of time that Peckshield audited the Multi-collateral DAI [MCD] contracts for MakerDAO. The Certik audit was 7 person weeks. Additionally, we performed extensive automated testing. Unfortunately, audits are not silver bullets.”

This is not an isolated case wherein an entity was able to compromise bZx. The protocol was compromised for the first time on the 14th of February when the team was at the ETH Denver industry event. The second attack followed a couple of days later. The two hacks saw the protocol lose more than $954K.

Brave Browser Integrates Anti-Phishing Solutions To Prevent Crypto Scams

by

Prominent privacy-centric web browser, Brave has been making headlines lately with several updates along with its Gemini integration to enhance its crypto features. The platform once again made news following its association with a cybersecurity firm, PhisFort.

Protection Against Crypto Scams

As the popularity and the value of the crypto industry have been progressing rapidly, the attacks and scams pertaining to the same seem to be following suit. While every other crypto platform has been taking the necessary measures to prevent scams and attacks, Brave joined the list and collaborated with PhisFort. On Tuesday, Brave browser took to Twitter to announce that the platform had incorporated PhishFort’s anti-phishing solutions to steer clear of potential crypto scams.

The tweet read,

“Brave now uses @PhishFort’s open source anti-phishing solutions for our in-browser Crypto Wallets to better protect our users. PhishFort’s spam list detects crypto scams and immediately warns our users of any suspicious domains.”

PhishFort isn’t new to the crypto-verse, the cybersecurity firm has partnered with several notable crypto platforms including MyEtherWallet as well as Binance Labs. PhishFort also elaborated on its latest affiliation with Brave and suggested that users of the browser would be protected with additional security that would have a vital impression on the protection of the community.

The anti-phishing platform shared a blog post detailing the importance of its integration on the browser. The post indicated,

“This integration provides additional security to their users who use the crypto wallet functionality built into the browser as they are now protected by our real time intelligence feed.”

Previously, PhishFort had highlighted that crypto users are prone to scams as “crypto is a high-value target for criminals.”

Back in June, Brave Browser was subject to immense backlash for the inclusion of affiliate links to the searches of its users. This further redirected the users of the browser to another website. However, the platform rectified its mistake and affirmed that the personal data of its users were not compromised.

The platform’s latest move along with Gemini integration reveals that Brave is diving deep into the crypto industry by bolstering its features related to crypto.

Slovakian Cryptocurrency Exchange Hacked; $5.4 Million Worth Assets Stolen

by

Hacks and security breaches happen on an almost daily basis. Cryptocurrency exchange hacks, in particular, are even more damaging since space is already seen with hostility across several jurisdictions despite its increasing popularity. While cryptocurrencies such as Bitcoin, Ethereum are themselves secure, it’s the exchanges that fall prey in the hands of malicious actors constantly hunting for vulnerabilities and loopholes.

In the latest development, hackers have managed to compromise a Slovakian cryptocurrency exchange, ‘Eterbase’, and siphoned off with assets worth nearly $5.4 million.

The platform’s official blog post regarding the compromise stated,

“Law enforcement authorities have been informed and we will assist as much as we can in the ongoing investigations. We want to inform our users that we have enough capital to meet all our obligations. At the same time, we want to reassure everyone that this event won’t stop our journey.

Hackers reportedly compromised hot wallets on Monday morning for Bitcoin, Ether, XRP, Tezos, Algorand, and TRON. They then transferred the stolen funds into public wallets of various exchanges that have since been emptied. However, no personal credentials have been stolen.

The exchange further revealed that it has reported the law enforcement for the investigation and assured its clients that necessary steps were being taken to ensure that the amount of their deposit does not suffer any damage as a result of the attack. On its official Telegram channel, Etherebase stated,

“Due to ongoing investigation more details can not be announced currently. Sorry for the inconvenience and please have some patience until we solve the issue.”

The Bratislava-based crypto exchange, which claims to be the first platform fully compliant with European regulations, said that it was under maintenance and after the security audit the operations will resume. It is unclear, at this point, if the exchange will manage to reclaim its user’s funds.

Microsoft Detects Malware, Steals Bitcoin and Cryptocurrency Wallet Details

by

Security breaches are on the rise as hackers are constantly looking for loopholes. With every passing day, their malicious attempts are becoming more and more sophisticated. As bitcoin and other cryptocurrencies became popular, this space has become one of the most highly exploited industries.

Due to this, time and again, cybersecurity experts have warned that malware could be stealing Bitcoin and cryptocurrency wallet information.

In yet another alarming development, Microsoft Security Intelligence notified about the distribution of new information-stealing malware. Tweeting about the same, it stated,

According to Microsoft Security Intelligence, this new malware shares a name with an unrelated family of Android banking malware and also asserted that Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers.

It further tweeted,

“Microsoft Defender ATP detects the new malware as PWS:MSIL/Anubis.G!MTB. We will continue to monitor this threat for the possible expansion of these campaigns.”

Anubis is found in several applications on the Google Play Store and is known for stealing confidential banking credentials and “allowing its master to spy on the smartphone’s user”.

The reason it remains undetected by Google, according to the security services provide Orange Cyber Defense, is because the first stage of the malware in the app is a downloader that does not contain any harmful code.

In another similar event in September 2019, cybersecurity researchers at Zscaler’s ThreatLabZ had notified that a malware called ‘InnfiRAT’ had the ability to perform specific tasks from an infected machine. This piece of malware is designed to access and steal personal information on a user’s computer.

Among other things, InnfiRAT can look for crypto wallet information and grab browser cookies to steal stored usernames and passwords, as well as session data using its “screenshot” functionality.

New Monero Mining Malware is Targeting Government Agencies and Education

by

According to a new study conducted by cybersecurity and intelligence firm, Guardicore Labs, a monero mining malware by the name XMRig, has been send to tens of millions of IP addresses. The malware has mainly attacked healthcare centers, the education sector, government agencies, banks, telecommunication firms, and many others.

The malware’s success rate has been abundant so far: the study by Guardicore shows that the monero mining malware has inflicted more than 500 SSH servers, including servers owned by major educational institutions across Europe, the United States, and a railway firm.

Furthermore, the report claims that a botnet triggers the XMRig monero mining malware by the name FritzFrog, which uses a kind of brute-force to attack millions of servers across the world to gain access. Once FritFrog penetrates the servers, it triggers a different procedure called “libexec,” which launches the monero mining malware, XMRig.

Highly effective monero mining malware

Although crypto-jacking incidents are nothing new, the cybersecurity firm reports that FritzFrog is a special type of malware. First of all, the botnet’s network was masked in a P2P system, making it very tough to trace. Guardicore also discovered that the botnet’s P2P execution was coded from the ground up, signaling that it was developed by “highly professional software developers.”

The botnet’s protocol is coded in a language referred to as Golang. The style is extremely volatile and does not leave any tracks on the disk. Furthermore, Golang forms an SSH public key that operates as a rear way that permits access to the infringed computer systems.

Cryptojacking malware targeting learning institutions

Earlier this year, a different crypto-jacking malware was targeting supercomputers owned by significant educational institutions. FritzFrog also seems to be targeting large supercomputers similar to those reported earlier. The cryptojacking malware at the time forced most of the supercomputers used for COVID-19 research to be shut down, obstructing the progress.