Hackers

Хакеры начали скрывать вредоносное программное обеспечение в смарт-контрактах #Ethereum , используя блокчейн как прикрытие для кибератак. Исследователи компании ReversingLabs обнаружили два пакета в репозитории Node Package Manager (NPM), которые применяли новый метод доставки вредоносных команд и ссылок.
Блокчейн как укрытие для вредоносного кода
Пакеты «colortoolsv2» и «mimelib2», опубликованные в июле этого года, использовали смарт-контракты Ethereum для сокрытия вредоносных команд, которые устанавливали программы-загрузчики на скомпрометированные системы. Исследователь ReversingLabs Луция Валентич (Lucija Valentić) объяснил, что злоумышленники применили «новаторскую и креативную технику загрузки вредоносного ПО на скомпрометированные устройства — смарт-контракты блокчейна Ethereum».
Чтобы избежать сканирования безопасности, пакеты функционировали как простые загрузчики. Вместо прямого размещения вредоносных ссылок они извлекали адреса командных серверов из смарт-контрактов. При установке пакеты обращались к блокчейну для получения URL-адресов загрузки вредоносного ПО второй стадии, что усложняло обнаружение, поскольку трафик блокчейна выглядит легитимно.
Новый вектор атак
Вредоносное ПО, нацеленное на смарт-контракты Ethereum, не является новинкой — его использовала в начале этого года хакерская группировка Lazarus Group, связанная с Северной Кореей. Однако применение смарт-контрактов Ethereum для размещения URL-адресов с вредоносными командами представляет собой принципиально новый подход.
«Это то, чего мы не видели ранее, и это подчеркивает быструю эволюцию стратегий обхода обнаружения злонамеренными субъектами, которые атакуют репозитории с открытым исходным кодом и разработчиков», — отметила Валентич.
Сложная кампания обмана
Вредоносные пакеты стали частью масштабной кампании социальной инженерии и обмана, проводимой преимущественно через GitHub. Злоумышленники создали поддельные репозитории торговых ботов для криптовалют, которые выглядели крайне надежными благодаря:
Фабрикации коммитов для имитации активной разработкиСозданию фальшивых аккаунтов пользователей специально для отслеживания репозиториевМножественным аккаунтам сопровождающих для симуляции командной работыПрофессионально выглядящим описаниям проектов и документации
Эволюция угроз
В 2024 году исследователи безопасности задокументировали 23 связанных с криптовалютами вредоносных кампании в репозиториях с открытым исходным кодом. Этот новейший вектор атак демонстрирует эволюцию нападений на репозитории, объединяя технологию блокчейна с изощренной социальной инженерией для обхода традиционных методов обнаружения.
Подобные атаки проводятся не только на Ethereum. В апреле поддельный репозиторий GitHub, выдававший себя за торгового бота Solana, использовался для распространения скрытого вредоносного ПО, крадущего данные криптокошельков.
Использование блокчейна как инструмента сокрытия вредоносного кода представляет собой значительный шаг в развитии киберугроз. Этот метод показывает, как злоумышленники адаптируются к современным технологиям, превращая децентрализованные системы в свое преимущество.
#hackers #software
$ETH

Venus Protocol – Pérdida de USD 27 millones
Un usuario del protocolo Venus en la BNB Chain fue víctima de una estafa de phishing y autorizó unknowingly una dirección maliciosa, lo que permitió al atacante drenar aproximadamente USD 27 millones en activos como vUSDT, vUSDC, vXRP, vETH y BTCB.
Importante: las investigaciones indican que esto ocurrió a nivel de cartera comprometida, no fue un fallo en el protocolo de Venus en sí.

BunnyXYZ – Exploit de USD 8.4 millones
El protocolo BunnyXYZ, operando en Ethereum y Unichain, sufrió una vulnerabilidad técnica en su pool que permitió a un atacante drenar USD 8.4 millones (USD 6 millones en Unichain y USD 2.4 millones en Ethereum). El atacante manipuló ticks de precio, ejecutó retiros repetidos aprovechándose de errores de precisión y luego canjeó los activos.

¿Por qué es relevante?
Vulnerabilidad humana y técnica: Venus expone los riesgos del phishing, mientras que BunnyXYZ revela fallos en el mecanismo de pools, ambos recordatorios de que ni usuarios ni desarrollos están completamente a salvo.Impacto en la confianza del mercado: Estos ataques pueden generar reacciones negativas inmediatas en tokens relacionados y reducir la confianza de usuarios e inversores.Oportunidad para reforzar seguridad: Se refuerza la necesidad de auditorías técnicas, mejor educación en seguridad para usuarios y protocolos más robustos.

#hackers , #exploit

So, let’s talk about cryptocurrency. It’s all about trustless systems and decentralized networks, right? And there’s this big promise of security thanks to blockchain tech. But here’s the kicker — crypto is like a magnet for hackers. Seriously, from exchange breaches to phishing scams, we’re talking billions lost over the last decade.
Now, enter Artificial Intelligence (AI). It’s stepping into this wild world — playing both the hero and, well, sometimes the villain. This ongoing battle between AI and hackers? It could really shape the future of crypto security.
Why Are Hackers Drawn to Crypto?
You see, hackers love money, and crypto is like a shiny trophy for them. Unlike traditional banking, once crypto is stolen and shuffled around wallets or mixed up with privacy tools, good luck getting it back. Here are some common ways they strike:
Exchange hacks: Centralized exchanges are like gold mines, holding billions in user funds — a prime target.
Smart contract exploits: If there’s a flaw in DeFi protocols, hackers can drain liquidity pools in mere minutes.
Phishing scams: Fake websites, wallets, and messages — they trick people into handing over their seed phrases. It’s sneaky.Ransomware & malware: They often demand payments in Bitcoin or Monero because, you know, it’s all about that anonymity.
And here’s where AI comes into play, acting as both a protector and, at times, a potential threat.
AI as the Defender of Crypto
AI-driven cybersecurity is becoming essential for protecting blockchain platforms, wallets, and exchanges. Here’s how it’s making a difference:
Real-Time Fraud Detection: AI models can sift through billions of transactions to spot weird patterns — like sudden withdrawals or spikes in trading volume — and flag them before things get out of hand.Phishing Defense: With AI-powered spam filters and natural language processing, it can sniff out suspicious emails or fake Telegram/Discord bots pretending to be the real deal.Smart Contract Auditing: AI tools can comb through DeFi protocols for vulnerabilities way faster than human auditors, helping to prevent exploits before they even get launched.Behavioral Biometrics: Some crypto wallets are testing out AI that learns how users typically behave (like their typing speed, login times, or device signatures) to catch unauthorized access attempts.
Pretty fascinating stuff, right? The battle between AI and hackers is just heating up, and it’s going to be interesting to see how it all unfolds.

Hackers’ Counterattack: Weaponizing AI
You know, while AI is busy protecting crypto users, hackers are also stepping up their game with some serious AI upgrades.
Take AI-powered phishing, for instance. It's all about personalized messages that sound just like crypto influencers or even friends on platforms like Telegram and Discord. Sneaky, right?Then there are deepfake scams—where fake, AI-generated videos of CEOs pop up, claiming there are “airdrop campaigns” to lure in unsuspecting investors. It’s like something out of a sci-fi movie!
And let’s not forget the automated exploit search. AI models can now scan through thousands of smart contracts, spotting vulnerabilities way quicker than the old methods ever could.
Crypto wallet attacks? Oh, they’re getting clever too. Hackers are using AI to guess weak private keys or wallet seed phrases, and even automating brute-force attempts. It's wild how AI is giving these hackers the same edge it gives to those trying to defend against them: speed, scale, and a lot of smarts.
The Endless Arms Race in Web3
Honestly, it’s like this never-ending cat-and-mouse game:
Hackers take advantage of DeFi contracts → AI auditors swoop in to patch those vulnerabilities.Hackers let loose deepfake scams → AI detection tools raise the alarm.Hackers create more sophisticated phishing campaigns → AI responds with smarter filters.
It’s a continuous back-and-forth, and in the fast-paced crypto world, even a minute’s delay can mean millions down the drain.
Real-World Example
Just look at the Poly Network hack back in 2021—$600 million vanished because of some smart contract flaws. Now, that wasn’t AI-related, but can you imagine if an AI-powered attacker was scanning DeFi contracts at scale? Future exploits could be even quicker and more automated.
And on the flip side, major exchanges like Binance and Coinbase are now leveraging AI models to keep an eye on transactions for any suspicious behavior. This tech is really helping to cut down on large-scale thefts and money laundering attempts. It’s a wild world out there!
The Human Factor: Still the Weakest Link
You know, even with fancy AI defenses in place, crypto users are still pretty vulnerable. It’s kind of wild how hackers often use social engineering tactics—like tricking someone into giving up their seed phrase, clicking on a sketchy link, or signing off on a dodgy transaction. Sure, AI can help spot these scams better, but at the end of the day, it’s really up to users to stay aware and informed.
Future Outlook: AI as Crypto’s Gatekeeper
When we think about the future of AI versus hackers in the crypto space, it’s clear that this will seriously impact how secure Web3 becomes.
Imagine a Positive Future: AI audits, constant monitoring, and even behavioral biometrics could bring hacks down to nearly zero. Sounds great, right?
But then there’s the Dark Future: hackers could take control of AI bots that could drain wallets, mess with markets, and even create deepfake leaders. Scary stuff.
So, it’s not really about whether AI will come out on top, but rather who’s going to use it better—the defenders of crypto or the hackers looking to exploit it?
Conclusion
In the crypto world, this whole showdown between AI and hackers isn’t just a tech issue; it’s really about trust. If we don’t have solid defenses, getting mainstream users on board with Web3 is going to be a tough sell. If AI steps up as the protector of decentralized finance, then we could see the industry flourish. But if hackers start to dominate with their AI-driven attacks, we might find ourselves set back years.
Ultimately, in this digital battlefield, it’s going to take vigilance, innovation, and teamwork to figure out if AI will be our shield or our sword in this crypto revolution.

#Aİ #Hackers

On August 21, 2024,b# McDonald's faced a significant security breach when a hacker hijacked the company's official Instagram account to promote a fraudulent cryptocurrency. The hacker leveraged the global reach and credibility of McDonald's to promote a fake Solana-based meme coin called “GRIMACE.” This event quickly drew widespread attention as it demonstrated the increasing frequency and sophistication of cyber-attacks targeting major corporations' social media accounts.
The hacker's campaign was both audacious and cunning. By exploiting the McDonald's brand, they aimed to deceive unsuspecting followers into believing that the fast-food giant was endorsing the new cryptocurrency. The posts on McDonald's Instagram account featured flashy graphics and promises of high returns, a common tactic used in crypto scams. The use of "GRIMACE" as the meme coin's name was a direct reference to one of McDonald's iconic mascots, further adding a layer of deception to the campaign.#
The fraudulent promotion was designed to lure followers into purchasing the fake coin, likely through links provided in the hacked posts. Once followers clicked on these links, they were probably directed to a phishing site designed to collect personal information or facilitate fraudulent transactions. The hacker’s strategy relied on the trust that McDonald's followers had in the brand, making the scam more convincing and potentially more damaging.McDonald's quickly responded to the breach, issuing a statement that their Instagram account had been compromised and that the posts promoting "GRIMACE" were fraudulent. The company urged followers not to engage with the content or click on any links. They also worked with Instagram to regain control of the account and remove the malicious posts.This incident underscores the vulnerability of even the largest and most established brands to cyber-attacks. It also highlights the growing trend of cybercriminals targeting social media platforms to execute their schemes, particularly in the rapidly evolving world of cryptocurrency. As businesses continue to expand their digital presence, ensuring robust cybersecurity measures will be crucial to protecting their brand integrity and safeguarding their customers from similar attacks.#hackers #BinanceCreatorAwards

Crypto hackers have stolen $4+ billion in the last 2 years.
If you are not careful, you'll be next.
This article shares 8 security practices that everyone should be using.
If you already have multisig, virtual machines, 3 identities, your own email servers, a nuclear bunker and a lifetime supply of ramen.
Then you won’t need this guide,
For everyone else let's begin.

1. Crypto Storage
Hardware Wallets (Tier 1) - Ledger, NGRAVE, Trezor
Paper Wallet (Tier 2) - Easily lost and damaged. But costs only time.
Desktop wallet (Tier 3) - Only as safe as the system they are on. Not Ideal.

2. Emails
Old emails with weak passwords are a common point of entry for hackers.
If you’ve had it for a while and used it for multiple websites, chances are you want to get rid of it.

3. VPN
Most main providers are good enough (nord / express).
You can take your privacy even further and try something like Mullvad.

4. 2FA
2FA everything.
Cold 2fa Device (Tier 1) - Yubikey or Google Titan
Custom 2fa Device (Tier 2) - Cheaper option is to buy a cheap phone, download 2fa, swap it to flight mode forever.
Note: 2FA can be circumvented, it is not an absolute defence.\

5. Passwords
This is where we disproportionately limit the damage a successful hack can do to us. I’m going to share a multilevel system I’ve built for myself.
There are two tiers of data.
Level 1 Data
Level 2 Data

Level 1 Data
To determine if your data is level 1 ask yourself this.
"If a hacker had access to only this information, would they be able to attack me?"
For example, if a hacker gained access to your private keys, they could directly access your cryptocurrency.

Level 1 Data Rules
- Keep offline
- Never be stored on your laptop
- When entering these passwords, you will alternate between using your actual keyboard and an on-screen keyboard
- These passwords will be a minimum of 15 keys long and as complex as possible
- Have back ups

Level 2 Data
Any data which on its own cannot grant the hacker access to any of your funds or important data is considered level 2.
This means If a hacker were to gain access to a level 2 password, they would still be unable to actually access anything vulnerable.

Level 2 Data Rules
You can randomly generate by your password manager and should never be typed, always copy and paste from your manager without revealing the password in case you are being watched or key logged.

6. EXCHANGES
Don't trust any sketchy exchanges with your crypto.
-Deposit only what you need to buy/sell.
-Use reputable exchanges like Binance.
- Use 2FA
-Set a global lock that requires a minimum wait time before settings are changed
-Whitelist your addresses and set a lock on adding new addresses
-Use leverage to reduce counterparty risk

7. Advanced: Separate computers
Separate computers are an expensive option so decide if it’s worth the investment relative to the value of your online security and assets.
-High Security Computer
-Low Security Computer

High Security Computer
Used only for handling crypto, banking, trading and other sensitive activities.
Your high security device is never to deviate from essential websites or click on any links.
All it takes is one mistake to compromise your security.

Low Security Computer
For all other activities, you can use your low security device.
There should never be crossover between these two devices.

8. PROTECT OTHERS
Someone you care about getting attacked can be leveraged against you.
Share this with others and make sure they are as protected as you.

#hackers #BitEagleNews

The Health Sector #cybersecurity Coordination Center (HC3) in the United States has announced that at least one healthcare institution in the U.S. has been hit by the Trinity ransomware, a new threat targeting critical infrastructure.
The Threat of Trinity Ransomware and How It Works
A U.S. government agency issued a warning regarding the Trinity ransomware, which targets victims and extorts them for #CryptocurrencyPayments in exchange for not leaking sensitive data. This ransomware uses various attack methods, including phishing emails, malicious websites, and exploiting software vulnerabilities.
Once it infiltrates a system, the ransomware scans the victim's computer, collects sensitive information, and encrypts files using advanced encryption algorithms, rendering them unreadable. #hackers then leave a message in the computer informing the victim that their data has been encrypted and demanding a ransom in exchange for a decryption key.
Hackers’ Demands: 24-Hour Deadline for Payment
In the ransom note, victims are warned that they have only 24 hours to pay the ransom in cryptocurrency, or their data will be leaked or sold. HC3 noted that there are currently no available decryption tools for Trinity ransomware, leaving victims with few options for recovery.
"Victims have 24 hours to contact the cybercriminals, and if they fail to do so, the stolen data will be leaked or sold," HC3 reported. The ransomware primarily targets critical infrastructure, including healthcare providers.
Attacks on Healthcare Institutions
The Trinity ransomware has already affected seven organizations, with healthcare facilities being one of its primary targets. HC3 reported that at least one healthcare entity in the U.S. was recently impacted by this ransomware, raising concerns about cybersecurity in the healthcare sector.
Crypto Ransom Payments Reached $1 Billion in 2023
According to the Chainalysis 2024 #cryptocrime Report, ransomware attackers received approximately $1.1 billion in cryptocurrency payments in 2023. These ransoms were paid by high-profile institutions and critical infrastructure, with attacks ranging from small criminal groups to large syndicates.
The report also revealed that 538 new ransomware variants were created in 2023, with major corporations like BBC and British Airways being among the primary targets of these attacks.
#cyberattacks

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

El día 21 de febrero ocurrió uno de los más grandes hackeos a un #exchange centralizado, en donde #hackers se llevaron cerca de $ 1,400 millones de dólares en ETH de una de las billeteras de la plataforma, pero, ¿Cómo sucedió este hecho y que es lo que están haciendo los Hackers con este dinero? Exploremos.

El viernes 21 de febrero, el investigador de #blockchain "Zach XBT" comunicaba en sus redes principales que existían unas salidas de dinero muy sospechosas del Exchange By...bit.

Más tarde el CEo del exchange centralizado, Ben Zhou ,indicaba en un anuncio oficial que una de las billeteras frías de #ETH del Exchange se encontraba realizando transacciones rutinarias, y en uno de esos movimientos los hackers lograron obtener acceso a la interfaz de usuario de la plataforma (a través de un ataque phishing previo), lo que les permitió sustituir el contrato de implementación de monedero multifirma por una versión maliciosa.  Es así que los atacantes obtuvieron permisos necesarios para empezar a procesar transferencias de fondos no autorizadas.

Como consecuencia, los hackers tuvieron el control de la billetera hardware, y pudieron robarse cerca de $ 1,400 millones de dólares en activos.

Hasta el momento este hecho es considerado uno de los mayores robos de criptomonedas de todos los tiempos.

Ahora se sabe que los hackers detrás de este robo es el grupo Lazarus de Corea del Norte.

¿Quiénes son el grupo Lazarus?

El Grupo Lazarus es un colectivo de hackers sofisticados de Corea del Norte, quienes trabajan muy cuidadosamente hasta poder conseguir su objetivo. Además, no son nada nuevo en el ecosistema #cripto ya que en el pasado fueron responsables de otros robos a diversas plataformas. Es así que tenemos al grupo lazarus detrás del hackeo a:

-       Axie infinity $625 millones de dólares

-       Puente Harmony $ 100 millones de dólares

-       Billetera Atomic $100 millones de dólares

-       Stake $ 41 millones de dólares

-       Alphapo hot wallet $ 60 millones de dólares

-       Wazirx $ 230 millones de dólares

Ahora tras el robo de ETH al Exchange centralizado, este grupo de hackers es considerado como uno de los mayores holders de ETH, ya que posee alrededor de 0.42% del ETH.

Una vez que los fondos fueron robados, el siguiente paso para este grupo de hackers era mover y limpiar el dinero, tratando de borrar cualquier tipo de rastro. Esta táctica aplicada de los hackers, ya lo han hecho en el pasado a través de mezcladores de criptomonedas, el uso de plataformas Defi sin KYC, entre otras opciones.

¿Qué hizoel exchange centralizado después del hackeo?
Tras el incidente, el CEO del exchange , Ben Zhou, salió a calmar las aguas, explicando el procedimiento para poder devolver los ETH robados y que no se expandan falsos rumores. No se congelaron o detuvieron las transacciones en el Exchange centralizado, haciendo que sus usuarios se sientan más tranquilos si querían retirar.

Además, para poder devolver esos ETH robados de sus clientes, el Exchange tenía que reponer de algún modo, Es por ello que la plataforma empezó a recibir prestamos de otros Exchanges centralizados y /o ballenas, así como también comprar ETH (OTC) para tener lo que necesitaba. Finalmente se sabe que ya pagó sus préstamos sin intereses.

Queda en investigaciones y esperar los reportes de empresas de seguridad para conocer como pudo vulnerarse las billeteras del Exchange centralizado, así como también la intervención de reguladores para saber si los fondos de los clientes están totalmente seguros en la plataforma. Además, también está el seguir el rastro de los fondos robados, esto con el fin de poder congelarlos o identificarlos plenamente para que no los puedan mover. En el mercado cripto nunca te aburres. Be safe.

👉Mas actualizaciones cripto ...
Comparte y sigueme para más 👈😎
$ETH

A U.S. appeals court has revived investor Michael Terpin’s lawsuit against telecommunications company #AT&T concerning the theft of $24 million in cryptocurrency following a SIM swap hack. This decision allows Terpin to continue his legal claims under the Federal Communications Act (#FCA ).
Key Claims Reconsidered
A Ninth Circuit Court of Appeals panel reinstated a key claim in the case, in which Terpin alleges that AT&T allowed hackers to take over his phone account, leading to the loss of his #Cryptocurency portfolio. This ruling reinstates part of the lawsuit that had been previously dismissed and allows Terpin to continue his claims based on federal laws protecting telecommunications data.
Fraud and Negligence by AT&T
The court ruled that Terpin presented enough evidence to show that AT&T's failure to protect his account resulted in hackers gaining access to his phone number through a fraudulent SIM swap. They then used this number to access his personal data and change his passwords, ultimately stealing $24 million worth of cryptocurrency.
The 2018 SIM Swap Hack
The hack occurred in January 2018, when a group of #hackers , led by 15-year-old Ellis Pinsky, allegedly paid AT&T employees to transfer Terpin’s phone number to a SIM card under their control. Despite new security measures implemented after a previous breach, the hackers found a way to bypass the protection. Once they gained access to his phone number, they changed his passwords and stole the cryptocurrency.
Legal Battles with Hackers
Pinsky returned his portion of the stolen funds, but another hacker, Nicholas Truglia, was ordered by a Los Angeles court to pay Terpin $75.8 million in damages. This case highlighted the vulnerability of cryptocurrency accounts during SIM swap attacks.
AT&T and Hacking Incidents
Around the same time, AT&T faced another issue with hackers allegedly stealing customer information, such as call logs and text messages. AT&T reportedly paid $400,000 in bitcoin to hackers to remove the stolen data, although the company officially neither confirmed nor denied the payment.
What’s Next?
The reinstatement of Terpin’s claim allows the lawsuit to proceed, with Terpin seeking $24 million in damages, plus interest and legal fees. His legal team believes this verdict may pave the way for other consumers to sue telecommunications companies for insufficient protection during SIM swaps.
AT&T has apologized to Terpin but noted that most of the allegations against the company were dismissed, and they remain confident in defending the remaining claims. This case has attracted attention from blockchain experts, as the number of #HackingIncidents related to cryptocurrency continues to rise.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“