Krebs on Security

NOVEMBER 20, 2020

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018.

Cryptocurrency 309

Cryptocurrency Mobile Authentication Accountability 309

The Hacker News

JULY 9, 2024

Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.

Cryptocurrency 131

Cryptocurrency Authentication Cybersecurity 131

Security Affairs

APRIL 26, 2024

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions.

Cryptocurrency 130

Cryptocurrency Cybercrime Education Scams 130

SecureWorld News

NOVEMBER 22, 2024

The attacks have resulted in millions of dollars in theft, including cryptocurrency and sensitive corporate data, showcasing the ongoing threat of organized cybercrime. Scattered Spider has gained infamy for its high-profile cyberattacks, including the ransomware assault on MGM Casino in 2023 , which caused widespread disruption.

Phishing 106

Phishing Identity Theft Cryptocurrency Cybercrime 106

Malwarebytes

AUGUST 2, 2024

The Federal Bureau of Investigation (FBI) issued a public service announcement warning the public about scammers impersonating cryptocurrency exchange employees to steal funds. With cryptocurrency exchanges, this is often not true. Some crypto-related scams often deploy imposter websites which are hard to discern from the real ones.

Cryptocurrency 129

Cryptocurrency Scams Accountability Identity Theft 129

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Krebs on Security

SEPTEMBER 5, 2023

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults. “The victim profile remains the most striking thing,” Monahan wrote.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

Hacking 342

Hacking Cybercrime Phishing Passwords 342

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Following the theft, Terpin filed a civil lawsuit against Truglia with the Los Angeles Superior court.

Cryptocurrency 363

Cryptocurrency Mobile Accountability Scams 363

Malwarebytes

SEPTEMBER 27, 2023

Cryptocurrency owners should take heed of warnings related to Xenomorph malware—Bleeping Computer reports that the most recent version of Xenomorph now targets various cryptocurrency wallets using fake browser update messaging as bait. At this point, Xenomorph deploys its most favoured tactic: That of the bogus overlay.

Cryptocurrency 123

Cryptocurrency Malware Scams Banking 123

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft.

Cryptocurrency 134

Cryptocurrency Phishing Accountability VPN 134

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. ” On July 28 and again on Aug. According to an Aug. In an Aug.

Mobile 340

Mobile Phishing Authentication Accountability 340

Schneier on Security

AUGUST 24, 2020

You can then use that key to derive master passwords for password managers, as the seed to create a U2F key for two-factor authentication, or even as the secret key for cryptocurrency wallets.

Passwords 251

Passwords Cryptocurrency Password Management Authentication 251

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims.

Mobile 249

Mobile Cryptocurrency Computers and Electronics Scams 249

Krebs on Security

FEBRUARY 1, 2024

government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.

Cryptocurrency 311

Cryptocurrency Ransomware Retail Government 311

Krebs on Security

NOVEMBER 9, 2024

Donahue said 60 technology companies are now routing all law enforcement data requests through Kodex, including an increasing number of financial institutions and cryptocurrency platforms. “That can include control over data, like an account freeze or preservation request.”

Hacking 291

Hacking Accountability Government Social Engineering 291

The Hacker News

JANUARY 4, 2023

A new Linux malware developed using the shell script compiler (shc) has been observed deploying a cryptocurrency miner on compromised systems. "It

Cryptocurrency 104

Cryptocurrency Malware Authentication 104

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

SEPTEMBER 22, 2022

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. ” warns Censys. Pierluigi Paganini.

Cryptocurrency 119

Cryptocurrency Internet Internet Hacking 119

The Last Watchdog

DECEMBER 18, 2024

Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. Dooley Doug Dooley , COO, Data Theorem In 2025, cybersecurity threats will escalate across APIs, cloud setups, supply chains, and cryptocurrency.

Risk 173

Risk Threat Detection Technology Phishing 173

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 274

Mobile Cryptocurrency Accountability Passwords 274

SecureWorld News

FEBRUARY 26, 2025

On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. billion theft from Bybit is set to drastically reshape the cryptocurrency sector, most likely leading to a new era of regulatory scrutiny and security practices. billion in crypto assets.

Hacking 79

Hacking Cryptocurrency Cyber threats Malware 79

Krebs on Security

JUNE 27, 2023

But O’Connor also pleaded guilty in a separate investigation involving a years-long spree of cyberstalking and cryptocurrency theft enabled by “ SIM swapping ,” a crime wherein fraudsters trick a mobile provider into diverting a customer’s phone calls and text messages to a device they control.

Cryptocurrency 277

Cryptocurrency Accountability Mobile Hacking 277

Security Affairs

FEBRUARY 20, 2023

The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers. A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase. ” reads the statement published by the cryptocurrency exchange.

Cryptocurrency 98

Cryptocurrency Accountability Authentication Hacking 98

Krebs on Security

JULY 15, 2024

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network , Compound Finance , Pendle Finance , and Unstoppable Domains. ’ This is absolutely insane if you’re used to and expecting the controls Google provides.”

Accountability 336

Accountability Cryptocurrency Passwords DNS 336

Dark Reading

OCTOBER 12, 2023

Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows.

Authentication 111

Authentication Encryption Cryptocurrency Engineering 111

Bleeping Computer

OCTOBER 1, 2021

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company's SMS multi-factor authentication security feature. [.].

Cryptocurrency 145

Cryptocurrency Authentication 145

The State of Security

MAY 27, 2021

Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it's possible that you've overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers. Read more in my article on the Tripwire State of Security blog.

Cryptocurrency 131

Cryptocurrency Scams Media Accountability 131

SecureList

APRIL 29, 2025

kswapd0 identification and unpacking By querying the hash on threat intelligence portals and by statically analyzing the sample, it became clear that this binary is a malicious modified version of XMRig (6.19.0), a cryptocurrency miner. Even simple practices, such as using key-based authentication, can be highly effective.

Passwords 98

Passwords Authentication System Administration Malware 98

Adam Levin

MAY 15, 2019

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone.

Identity Theft 176

Identity Theft Social Engineering Mobile Authentication 176

Graham Cluley

MARCH 27, 2024

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

Accountability 120

Accountability Cryptocurrency Manufacturing Passwords 120

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” T-Mobile has not yet responded to requests for comment.

Mobile 243

Mobile Cyber Risk Data breaches Cryptocurrency 243

eSecurity Planet

SEPTEMBER 30, 2021

Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online accounts. By using the services, cybercriminals can gain access to victims’ accounts to steal money.

Authentication 113

Authentication Social Engineering Phishing Banking 113

Krebs on Security

OCTOBER 13, 2021

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. ” Last month, Coinbase disclosed that malicious hackers stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

Passwords 363

Passwords Phishing Accountability Mobile 363

eSecurity Planet

OCTOBER 22, 2024

Matanbuchus and XMRig: Used for cryptocurrency mining, these malware strains can slow down systems while surreptitiously utilizing computing resources. These groups are considered sub-teams of larger cryptocurrency scam networks, highlighting the organized and systematic nature of these phishing attacks.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

FEBRUARY 26, 2023

Absent from GoDaddy’s SEC statement is another spate of attacks in November 2020, in which unknown intruders redirected email and web traffic for multiple cryptocurrency services that used GoDaddy in some capacity. It is possible this incident was not mentioned because it was the work of yet another group of intruders.

Hacking 330

Hacking Social Engineering Phishing Scams 330

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. UNDERGR OUND FORUMS AND PAYMENT DYNAMICS Payments are handled through mechanisms long rooted in underground trades.

Cybercrime 139

Cybercrime Social Engineering Accountability Government 139