Crypto lending provider BlockFi reported on Tuesday that it suffered a data breach that may put some of its clients in physical danger. According to its incident report, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees. The attackers successfully stole the email account and phone number used for the employee's account verification procedure, which allowed them to access BlockFi’s records. SIM swapping attacks are the result of network operator vulnerabilities and are usually performed through co-conspirators with access to the phone network’s equipment — though external intrusion techniques …

The major cryptocurrency, Bitcoin (BTC), continues to be actively used for illicit activity. Anonymous hackers have taken the data of over 129 million Russian car owners to expose it on the darknet in exchange for cryptocurrency. The leaked information includes the full names, addresses, passport numbers and other data belonging to millions of Russian car drivers, Russian news agency RBC reported May 15. The stolen data is claimed to be leaked from the registry of Russia’s patrol jurisdiction, the General Administration for Traffic Safety of the Ministry of Internal Affairs of Russia. The authenticity of data has reportedly been confirmed …

North Korean leader, Kim Jong-un, is reportedly backing a group of hackers. Their goal? Stealing cryptocurrencies like Bitcoin (BTC) using phishing scams. Sources indicate that the country has ramped up these efforts in an attempt to prevent a financial meltdown amid the COVID-19 crisis. A report published on May 13 by the U.K. Mirror claims that the Lazarus group, a hacking syndicate with alleged ties to the North Korean state, could be launching a cybercrime campaign of advanced persistent threat, or APT, attacks. Experts from Seoul-based firm, ESTsecurity, state that Lazarus is “increasingly engaging” in cybercrime activities in and out …

Crypto funds associated with Upbit’s $50 million hack in November 2019 have continued to move. Soon after hitting the world’s biggest crypto exchange, Binance, large sums of the stolen funds continued to be transferred to a little-known crypto exchange as well as major exchanges like OKEx. On May 14, Whale Alert — a service dedicated to tracking major crypto transactions — reported on a series of new transactions involving funds from Upbit’s 2019 hack. According to Whale Alert, a large portion of the stolen Ether (ETH) has also hit a number of unknown wallets. Addresses of little-known exchange Byex.com receive …

International crime-fighting organization, Interpol, joined forces with cybersecurity firm, Kaspersky, to launch a campaign called “Anti-Ransomware Day”. The date is set on the third anniversary of the most significant ransomware attack on record, WannaCry. According to the announcement, the May 12 holiday will raise awareness about the effects of ransom-centric cyberattacks which continue to affect people and businesses all over the world. A study revealed by Kaspersky reported that until October 2019, WannaCry held the title of the most significant ransomware attack ever executed. Companies affected by WannaCry attacks suffered losses averaging $1.46 million. Other expenses affect the targeted companies …

An address associated with the $50 million hack of South Korean crypto exchange, Upbit, has moved some of the stolen Ethereum (ETH) to Binance. The world's biggest exchange immediately froze these funds on its platform, and has initiated an investigation. On May 13, Whale Alert tweeted that a 137 ETH ($27,164) transaction was moving funds derived from hacked Upbit exchange to Binance. According to the transaction details, the transfer occurred at 12 p.m. EST. Less than one hour after the transaction was flagged, Binance CEO Changpeng Zhao, or CZ, stepped in to the tweet thread to report that the transferred …

While thousands of companies and entities look to grab people's data for various reasons, the commonly stated idea that folks don't care about privacy is untrue, according to the Electric Coin Company, the entity behind privacy-focused crypto asset Zcash. Citing inconvenience and other excuses, some people claim they do not care about privacy, Electric Coin Company Product marketing staff Elena Giralt said in a presentation at CoinDesk's digital Consensus 2020 conference. She added, however: If you take a step back, it's helpful to understand that billions and billions of dollars go into developing technology platforms and systems to harvest data …

A security researcher has discovered another 22 Google Chrome web browser extensions built to steal their users' cryptocurrencies. Cybersecurity news outlet Naked Security reported on Friday that Harry Denley, a security researcher specializing in cryptocurrencies, discovered 22 more malicious Google Chrome extensions. The extensions he discovered impersonated well-known crypto firms such as Ledger, KeepKey, MetaMask and Jaxx. Their purpose is to trick users into giving away the credentials needed to access their wallets. Most of the phishing extensions have already been taken down as of press time. Per the report, most were down within 24 hours of Denley reporting them. …

Hackers infected the IT infrastructure of the largest private hospital in Europe with ransomware. Cybersecurity news outlet, KrebsonSecurity, reported on May 6 that hackers compromised the IT systems of Germany-based private hospital, Fresenius. An anonymous source reportedly informed the outlet that the hospital’s systems were infected by the ransomware known as Snake. The ransomware in question was discovered earlier this year, and is being actively used to target large businesses. Fresenius spokesperson, Matt Kuhn, reportedly confirmed to KrebsonSecurity that the hack took place: “I can confirm that Fresenius’ IT security detected a computer virus on company computers. [...] As a …

The “hack” of the DAO runs deep into the collective memory of the cryptocurrency community. After an extremely successful crowdfund in May 2016, the DAO lasted a little over a month before an attacker started to drain funds from the smart contract, taking around $70 million worth of Ether (ETH). However, as some pointed out at the time, the DAO incident was not a hack at all. The attacker simply exploited a vulnerability in the underlying smart contract code to make it behave in a way that the programmers didn’t expect. Nevertheless, the incident divided the Ethereum community after a …

What better way to celebrate World Password Day (May 7) than with a new solution from the cryptoworld to get around insecure passwords and phishing attacks? The lnurl-auth protocol allows users to sign into various accounts by receiving a QR code with a special message. This allows them to use a public key associated with their wallets to derive a unique key that is only compatible with the domain they’re trying to access. This key would authenticate that they are the owner of the account. Podcaster Marty Bent said the system meant websites no longer had to look up your …

A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet. Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data: “The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during …