GoDaddy’s DNS Hack Is at the Center of Several Crypto Domains Being Compromised: Report

  • Several cryptocurrency companies were targeted in the recent hack on GoDaddy.com, the largest global domain manager, including Japan-based crypto exchange Liquid.com and crypto mining service, NiceHash.

Earlier this month, BEG reported that Japan-based cryptocurrency exchange, Liquid.com, experienced a data breach hack, affecting the users’ Know your Customer (KYC) information. The attack follows GoDaddy’s, the world’s largest domain registrar, an incursion that saw hackers trick the firm’s employees into transferring ownership and control over targeted domains.

In an analysis of the recent intrusions, Krebs on Security, a cybersecurity website, reported four more cryptocurrency firms were target to phishing and “vishing” attempts, similar to Liquid exchange.

In a letter shared to crypto traders on its exchange, Liquid.com CEO Mike Kayamori stated that several customers’ data, including email addresses and passwords, were compromised following malicious attacks on their domain registrar, GoDaddy. Mike stated,

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor.”

This allowed the attacker to control and change the domain name system (DNS) and control some email accounts at Liquid exchange. This allowed the attacker to compromise some of the exchange data and gain access to the firm’s document storage.

NiceHash, a cryptocurrency mining service, was also compromised from GoDaddy’s malicious attack, the report stated. Five days after Liquid noticed the attack, NiceHash also found out that its domain registration records were being changed without authorization. To secure the customers’ funds, the crypto mining service shut down their website for 24 hours, resuming operations a day later. A blog post from the company reads,

“In the early morning (UTC) hours of November 18, 2020, the NiceHash domain was not reachable. The domain registrar GoDaddy had technical issues, and as a result of unauthorized access to the domain settings, the DNS records for the NiceHash.com domain were changed”.

An analysis of the hackers’ accounts showed that the affected domains were redirected to set email addresses and websites. Further research shows three other crypto firms, including Bitbox, Celsius.network, and Wirex.app, could also have been affected.

GoDaddy’s spokesperson, Dan Race, confirmed the attack affected its employees’ details through phishing and voice phishing hacks. His statement further reads,

“As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”

This attack is similar to the recent Twitter hack in July, whereby hackers compromised over 130+ high-profile accounts in an established cryptocurrency scam. The firm’s employees were tricked using social engineering to take over the company’s administrative tools.

Read Original/a>
Author: Lujan Odera

Origin Offers to Hire OUSD Hacker as a Security Consultant in Exchange for the Stolen $7M

Yet another DeFi hack this week.

Matthew Liu, the co-founder of Origin Protocol, confirmed an attack on the Origin Dollar (OUSD) vault.

“OUSD has been hacked, and there has been a loss of user funds. We are actively investigating the issue. We are committed to making things right,” wrote Liu in the official Medium post.

In the attack, the hacker got away with over $3.3 million worth of ETH and 249,822 DAI after having laundered a substantial amount through Tornado.Cash, wBTC, and renBTC.

The team is now asking exchanges to blacklist any transactions from the wallets identified as belonging to the attacker.

“The attack was a reentrancy bug in our contract.

Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us.”

He explained that the attack originated from a contract deployed at Nov-17–2020 at 12:40:56 AM +UTC, which involved a flash loan of 70,000 ETH borrowed from dYdX. It further involves the stablecoin swaps, the minting of 7,500,000 OUSD as intended.

“At this point, the attacker held a little over half of all OUSD in existence”

The attacker basically exploited a missing validation check in mint multiple, minting OUSD with multiple stablecoins, to pass in a fake “stablecoin” under their control, which then called “transferFrom” on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.

image1

The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first mint but before the supply of OUSD increased. This created a massive rebase for everyone in the contract, including the attacker. As such, the attacker received their first large OUSD mint, more OUSD than the contract had assets.

The attacker was able to take extra OUSD after withdrawing and selling it on Uniswap and SushiSwap for USDT.

The Origin Protocol team continues to recover the funds and asked the users to stop providing liquidity on SushiSwap, remove their funds, and not indulge in buying or selling OUSD.

The team has also asked the hacker to do the right thing by returning the funds, now that they have “demonstrated your superior skills as a hacker, and we’d happily hire you as a security consultant.”

As a result, the stablecoin pegged to $1.00 has dropped over 85% in value to $0.15.

More than $40 million has been lost in the last month alone in DeFi hacks such as Value DeFi, Akropolis, Harvest Finance, and CheesBank.

Read Original/a>
Author: AnTy

Robinhood Raises Cybersecurity Awareness After Insider Says 2,000 Accounts Exposed in the Hack

About 2,000 of trading app Robinhood accounts were compromised in a recent hack that stole customer funds.

The popular online brokerage service also offers trading of limited cryptocurrencies, previously said that cybercriminals targeted only a “limited number” of customer funds. The service in itself wasn’t hacked, but users’ personal email accounts were compromised, which were used to gain access to customers’ Robinhood account, it has been said in a statement.

But a person with knowledge of an internal review told Bloomberg the estimated figure, a sign that attacks have been more widespread than previously believed.

Users complained on social media as the brokerage service with more than 13 million accounts does not have a customer service phone number. The company said in a statement,

“We always respond to customers reporting fraudulent or suspicious activity and work as quickly as possible to complete investigations.”

The company is now sending push notifications to users to enable two-factor authentication on their accounts and is further planning to send customers more security advice.

However, several victims said their brokerage accounts were accessed despite having set up 2FA, while others said they found no sign of their email compromising.

“Unfortunately, it’s a common occurrence that online accounts of monetary value are bought, sold and traded by cyber-criminals,” said Mark Arena, CEO of Intel 471, which monitors activities of digital criminals.

“This shows the importance of people practicing common information-security hygiene such as not re-using the same password across multiple accounts and enabling two-factor authentication, which Robinhood supports.”

Menlo Park, California-based Robinhood was founded seven years ago, exploded in popularity this year as millions of Americans, including millennials stuck at home, took to making money from stock prices swinging. They put their stimulus money into the stock market that sent it flying.

But at the same time, the no-fee brokerage app has attracted consumer complaints and faced the SEC probe.

Read Original/a>
Author: AnTy

Little Known Slovakian Based Exchange, ETERBASE, Suffers A $5 Million Hack On Its Hot Wallets

  • European crypto exchange, ETERBASE, suffers a $5 million hack as attackers compromise its hot cryptocurrency wallets.
  • The Slovakian exchange announced a halt to its deposits and withdrawals on Monday, September 7, hours before the hack was officially announced.

An unfortunate $5 million hack on little-known Slovakian-based exchange, ETERBASE, occurred on September 8th as its hot wallets were compromised, the exchange announced on its Telegram page. The attack seems to have started on Sept. 7 after the exchange suspended all the EUR SEPA bank transfers withdrawals at 6.40 PM GMT +3.

The message read,

“We apologize for ongoing inconveniences, EUR SEPA withdrawals will be disabled approximately until 10th Sept 2020. If you wish to cancel your pending withdrawals, please, contact the support.”

A follow-up message at 10.07 AM GMT +3 on Tuesday, Sept. 8 confirmed ETERBASE had suffered an attack on ETH/ ERC-20, Tron (TRX), Tezos (XTZ), Bitcoin (BTC), XRP, and Algorand (ALGO) tokens hot wallets. According to a research by BEG on the wallet addresses provided, close to $5.5 million in token value was stolen from ETERBASE during the hack.

Addresses for the Hacks:

  • ETH Address: 0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9
  • TRX Address: TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna
  • XTZ Address: tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc
  • BTC Address: 1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c
  • ALGO Address: PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI
  • XRP Address: rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX

ERC-20 wallets faced the largest losses with $3.9 million take from the exchanges hot wallet. Tezos (~$471k), ALGO (~$406k), and XRP (~$340k) represent other wallets that faced severe losses.

According to their Telegram message, most of the tokens stolen from the exchange was sent to other centralized exchanges. The ETERBASE team is currently in contact will all centralized exchanges that “might be receiving these illicit funds.”

Furthermore, the exchange has contacted relevant authorities on the hack, who have begun their investigations. The exchange promises users that they are working to ensure the deposits by the users are not affected due to the hack.

“We want to assure our clients that we are taking all necessary steps to ensure that the amount of their deposit does not suffer any damage as a result of the hacker attack,” a recent message from ETERBASE reads.

More details will be provided by the exchange as the story develops.

Read Original/a>
Author: Lujan Odera

Ethereum Classic Core Developer, ETC Labs, Onboards CipherTrace to Investigate 51% Attacks

Ethereum Classic’s lead development team, ETC Labs, is investigating the recent 51% hack after hiring Kobre & Kim, an investigations firm to lead its legal proceedings. The firm will also use blockchain analysis firm, CipherTrace services, who will work together with U.S. authorities to pursue criminal charges on the perpetrators of the $5.7 million hack.

In a press release this Friday, the core development and accelerator organization of the ETC blockchain stated they would also be working on better security systems after multiple 51% attacks in the past 20 months or so.

Terry Culver, the CEO of ETC Labs, rightly termed the hack as “manipulating a public blockchain to steal,” further stating there will be severe consequences.

“Together, we will cooperate with stakeholders and agencies in the United States and wherever else the investigation leads to analyze the transactions and to identify the responsible parties with the knowledge and motive to carry out these attacks,” Culver said.

“We are determined to protect the integrity of the ecosystem.”

The blockchain has been a victim of 51% attacks in the recent past – facing two successive attacks on July 31st and August 5, losing upwards of $5.5 million in a double spend. According to the statement, the second attempt was similar to the first as the hackers reorganized 4,236 blocks after probably buying hash power from Nicehash DaggerHashimoto, also used previously.

Hashing similar tones to Culver, CEO of ChipherTrace, Dave Jevans said,

“We are proud to help solve this pivotal case, which represents more than a major theft because it is an attack on the integrity of a major blockchain.”

Ethereum Classic has shown resilience in the past after facing 51% hashing power attacks. In January 2019, the blockchain suffered a reorganization attack but little changed on the market, as ETC only lost 6% following the attack. ETC currently trades at $6.84 on Coingecko charts, a sharp 17% fall from highs achieved on August 2, days before the second attack.

Read Original/a>
Author: Lujan Odera

Crypto Trading Platform, 2gether, Unable To Refund $1.4M Hack; Offers Its Native Tokens

Spanish cryptocurrency trading app, 2gether announced on Sunday the platform faced a hack on July 31 on its investment coffers losing €1.183 million ($1.4 million) in investors’ and traders’ money. According to the explanation video posted by the founders, Luis Estrada, Salvador Casquero, and Ramón Ferraz Estrada, the cyberattack represents nearly 27% of the total funds of the firm leaving the company unable to refund the customers.

Ferraz further states that the attack compromised the users’ passwords, but Euro accounts and wallets are safe. The CEO stated the company has been working with several investment firms to work a way around reimbursing the users’ stolen amounts but yet to no avail.

A softer landing cushion

While reimbursing the amount is almost impossible at this time, 2gether released a statement saying the firm will give users’ an equal dollar proportion of their native 2GT token (at the initial offer price of $0.06) to ease their pain. The 2GT token offers users incentives and premium access to certain areas of the platform.

Notwithstanding, the founders stated they would scrape up funds in the future to pay out the losses while allowing the users to keep the 2GT tokens. The statement reads,

“On top of that, we commit to keep looking, at top capacity, and as soon as possible, for additional funds to make up for every single one of your cryptocurrencies. That way, you’ll be able to get back the totality of your positions and the equivalent value in 2GT tokens at issuance price.”

No further information has been offered on the state of the attack. Some of the 2gether users have joined a Telegram group to raise questions on the attack and to the management team, who have scheduled an Ask Me Anything (AMA) session on the state of the platform.

Read Original/a>
Author: Lujan Odera

Florida Teenager, the ‘Mastermind’ Behind Twitter ‘Bit-Con’ Hack, Arrested

A Tampa, Florida teenager has been accused of being the ”mastermind” behind the biggest hack on Twitter and has been placed under arrest.

17-year-old Graham Clark is facing 30 felony charges for “scamming people across America” that includes organized fraud, communications fraud, fraudulent use of personal information, and access to computer or electronic devices without authority.

The charges have been related to the July 15 incident when some of the big accounts including Elon Musk, Bill Gates, Warren Buffett, Joe Biden, Barack Obama, Kanye West among others were hacked to promote a Bitcoin giveaway scam. The scam was able to steal less than 13 BTC worth about $120,000.

“As a cryptocurrency, Bitcoin is difficult to track and recover if stolen in a scam,” the state attorney’s office said. The suspect behind the attack was found by the FBI and US Department of Justice after a “complex, nationwide investigation.”

IT Department Here

Twitter also released a statement thanking law enforcement for their “swift actions” while sharing further details about the attack.

A small number of Twitter employees were targeted via a phone spear-phishing attack relying on “a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” read the statement.

A total of 130 Twitter accounts were targeted — the hackers tweeted from 45 accounts, accessing the DM inbox of 36, and downloading the data of 7.

The Tempa teen allegedly convinced a Twitter employee that he worked in the Twitter IT department and tricked them into giving them the credentials, as per an affidavit released late Friday.

The Bit-Con

Clark will be prosecuted in Florida so he can be charged as an adult, “This was not an ordinary 17-year old,” said the state attorney who added,

“This could have had a massive, massive amount of money stolen from people, it could have destabilized financial markets within America and across the globe.”

“This ‘Bit-Con’ was designed to steal money from regular Americans from all over the country.,”

“This massive fraud was orchestrated right here in our backyard, and we will not stand for that.”

Clark is just one of the three suspects, the other two were identified as 9-year-old Mason Sheppard from the UK and 22-year-old Nima Fazeli from Orlando.

Sheppard was found thanks in part to his driver’s license used to verify himself with crypto exchanges Coinbase and Binance. His accounts were also found to have sent and received some of the scammed BTC.

Similarly, Fazeli used a driver’s license to verify with Coinbase where accounts controlled by him allegedly received payments in exchange for stolen Twitter usernames.

Both are facing $250,000 fine and while Fazeli is facing five years in prison, Sheppard is being charged with wire fraud and money laundering conspiracy as well on top of computer intrusion as such facing a 20-year sentence.

Read Original/a>
Author: AnTy

Twitter Hackers Accessed 36 DM’s From Compromised Accounts in Large Scale Bitcoin Scam

Twitter has released an update following last week’s hack, which saw over 100 accounts compromised. The social media giant confirmed on July 22 that the hackers accessed the direct messages of some of these exposed accounts. Some notable mentions include Geert Wilders, an elected official in the Netherlands, and Coindesk’s.

“We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including one elected official in the Netherlands. To date, we do not indicate that any other former or current elected official had their DMs accessed.”

They were, however, keen to highlight there are no indications that any other former or current public officials, some sort of relief given Joe Biden and Barack Obama’s accounts were among the compromised. Nonetheless, Twitter has found itself at a tricky position in the past week, this new development following a review of the 130 accounts might just be the beginning of more frequent updates before the platform fully recovers from the recent hack.

The firm is communicating with the account owners that were exposed, with some yet to gain back access to their accounts. Notably, these hackers who scammed $120,000 worth of Bitcoin from tweeting with 45 of the accounts also downloaded the archive twitter data of 8 accounts, including Coindesk’s.

Jitters are now emerging from stakeholders, including federal lawmakers on Twitter’s security practices. The firm’s DMs have previously been faulted as below standard when it comes to encryption. However, it’s not clear whether the hackers got inbox access directly via the compromised administrative tool. With the FBI and other agencies now on the case, things might develop faster than we thought!

Read Original/a>
Author: Edwin Munyui

Yet Another Balancer Attack for ‘Unclaimed’ COMP; DeFi Liquidity Provider to Reimburse Hack Victims

It hasn’t been 24 hours since the news about a $500,000 hack on Balancer came that a new attack has claimed $2,300 worth of the hot Compound tokens (COMP).

Hao, a hacker and engineer at DeBank, a DeFi wallet took to Twitter to share how this time as well, someone used Andreessen-funded dYdX to flash loan and drained, yes again, unclaimed COMP stored in several pools of Balancer, an automatic market maker.

The hacker explained that the contract flash loaned some tokens from dYdX to mint cToken from these funds. Then they Uniswap v2 to flash loaned some COMP.

The contract joined COMP/cBAT/cUSDT pool to trigger Compound to send unclaimed COMP to this balancer pool. After syncing COMP balance, the contract withdrew from the balancer at an advantage and continued to do the same for other pools.

After getting all the extra COMP, it repaid Uniswap and dydx and made an exit and swapped COMP for ETH in a normal Uniswap V2 trade.

However, @FollowTheChain said the “unclaimed COMP” is just a tiny fraction of COMP that has accumulated since the last movement of each cToken that happened a few minutes before.

According to Balancer Labs, this attack wasn’t like the one from yesterday either.

Amidst this came the good news, that Balancer Labs will be reimbursing all the liquidity providers who lost funds in yesterday’s attack.

It will also pay out the “highest bug bounty available” to Hex capital, who alerted about this vulnerability to balancer Labs in May.

“This is a major issue in crypto today – creating bug bounty programs and then ignoring the results + refusing to pay out. We need to do better,” said Hex Capital.

Market Unaffected

Yesterday’s attack involved two pools of the Balancer that contained deflationary tokens STA and STONK, tokens with transfer fees, worth more than $500,000 getting drained by a hacker.

The attack happened in two separate transactions which were 30 minutes apart. And only the pools with a token with transfer fees were affected by the exploit.

DeFi aggregator 1inch in its official report said the attacker was a “very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols.”

Not only was he organized and prepared in advance but also used Tornado Cash, a privacy-focused Ethereum mixer, to get initial funds that hid his source of Ether.

It reported that the attack on one of the Balancer Pools was caused by a complex transaction that the hacker sent to the Ethereum mainnet. Then, with another transaction, the hacker drained another Balancer Pool.

The address with the stolen funds currently has about 601 ETH worth about $133,823.

In its official report on the incident, Balancer Labs reported that it wasn’t aware that “his specific type of attack was possible” which now came to be untrue.

However, they have been warning about the unintended effects of ERC20s with transfer fees in the protocol. As such, STA wasn’t included in the recently put together mining whitelist of BAL.

Now, transfer fee tokens will be added to the blacklist and will continue to audit, the third planned audit is starting soon, and review the protocol.

However, the market seems unaffected for now, as the total value locked in Balancer is $115 million, down from the all-time high of $117 million just a day before, as per DeFi Pulse.

Read Original/a>
Author: AnTy

Bitcoin Stolen in 2016 $72 Million Bitfinex Hack Moving

Some of the stolen BTC during the $72 million hack of crypto exchange Bitfinex in 2016 has been just moved.

Whale Alert that tracks large movements of top cryptocurrencies reported that 28.3 BTC worth more than $255k has been moved to an unknown wallet.

Four years back, Bitfinex lost 120,000 BTC worth $72 million, when the price of bitcoin was about $600. Today, with each BTC at $9,160, this stash is now worth more than $1 billion.

This isn’t the first time that these hackers are moving their funds. Back in June, last year about 185 BTC were transferred to unknown addresses, at that time BTC price was up over 60% YTD at around $10,000. Then in August, 30 BTC were also moved.

Now, just as happens with large transfers, the crypto community fears the worst.

One twitter user said, “If btc does not crash to sub 4k in 1 month, I’ll delete my twitter.”

Large amounts of Bitcoin on the move surely affects the price as happened on May 10. The BTC price fell about 16% that day after a large deposit took place on Gemini; but that deposit was “abnormally” large at 2,500 BTC unlike just over 28 BTC.

Such kind of big deposits result in heightened activity on the exchange where they were made but also triggers market sell on other exchanges as well. This causes a significant increase in trade volume across all exchanges, resulting in a drop in Bitcoin’s price.

However, at times, relatively small and few orders can also have a significant impact on liquidity across many major exchanges.

Just this week, there was speculation led sell-off that resulted in a brief decline of about 7% in BTC price.

It was after Whale Alert reported that 50 Bitcoin had been moved from a wallet dormant since February 2009. Whale Alert suggested it might have been bitcoin’s pseudo-anonymous creator Satoshi Nakamoto who moved the coins, triggering the panic among the market, but as we reported it was very unlikely.

Read Original/a>
Author: AnTy