White hat hackers have earned $32,000 in bounties over the last two months by reporting security holes in crypto and blockchain projects, according to a report by Hard Fork on May 20. This lump sum of over $30,000 was distributed by 15 firms from March 28 to May 16 and documented in 30 public bug reports, per the article. The rewards for a single discovery can differ depending on how damaging the exploit is. Hardfork noted that most of the bounties awarded by blockchain-driven firm OmiseGo were around $100; EOS company Block.one and the blockchain startup Aeternity, however, issued $10,000 …

United States blockchain and crypto investor Michael Terpin has won $75.8 million in a civil case against 21-year-old Nicholas Truglia, who reportedly defrauded him of crypto assets. Reuters reported the news on May 10. Per the report, the California Superior Court last week ordered Manhattan resident Truglia to pay the amount above in compensatory and punitive damages. The amount is reportedly one of the largest court judgments awarded to an individual in the crypto space thus far, Reuters notes. As previously reported, Terpin filed the complaint against Truglia in particular in late December, after first filing a lawsuit against AT&T …

Binance, one of the world's largest cryptocurrency exchanges, experienced a “large scale” data breach on May 7. The hackers reportedly stole around 7,000 Bitcoin (BTC), worth more than $40 million as of press time. As the platform explained via a public statement, the fraudsters had managed to steal users’ application programming interface (API) keys, two-factor authentication (2FA) codes and other information, which supposedly helped them to orchestrate the attack. Binance has announced that it will use its reserves “to cover this incident in full,” hence “no user funds will be affected.” The attack: 7,074 BTC stolen, details are still sketchy …

Proceedings from yesterday’s hack of cryptocurrency exchange Binance have been moved to seven addresses, crypto news outlet The Block reports on May 9. The breach resulted in about 7,074 bitcoins (BTC) — worth nearly $42.8 million at press time — being stolen from the exchange’s hot wallet. The transaction had 44 outputs, 21 of which were native Segregated Witness addresses, and those addresses received 99.97% of the funds. According to The Block, the funds from those 44 addresses have been reportedly since moved to seven addresses, six of which hold 1,060.6 BTC, while one holds 707.1 BTC. Previously, anti-money laundering …

Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …

The Tron Foundation disclosed a fixed critical vulnerability which could have crashed its blockchain on vulnerability disclosure platform HackerOne on May 2. The disclosure explains that with enough malicious requests, an attacker could have filled up all the available memory and effectively perform a Distributed Denial of Service attack on the TRX network by employing malicious code in a smart contract. The disclosure further explains the impact of such an attack: “Using a single machine an attacker could send DDOS attack to all or 51% of the SR node and render Tron network unusable or make it unavailable.” The cybersecurity …

The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …

In worsening news for users of Microsoft’s email services like Outlook, Hotmail and MSN, several cryptocurrency holders affected by a recent hack allege that the hackers responsible stole their crypto, as reported by Vice’s Motherboard on April 29. One victim claimed on a Dutch tech forum to have lost just over 1 bitcoin (BTC), or almost $5,400 at press time, when hackers used his email account to reset his password and gain access to his Kraken account on March 31st. Several Reddit users attested to similar experiences. According to Microsoft, the initial breach took place between January 1st and March …

The number of infected Electrum bitcoin (BTC) wallets has reached 152,000 following an ongoing Denial-of-Service (DoS) attack on its servers. The development was reported by anti-malware software firm Malwarebytes in a blog post on April 29. Malwarebytes discovered that the number of infected machines in the botnet has amounted to as high as 152,000, with the volume of stolen funds increasing to $4.6 million. The company managed to pinpoint a loader dubbed Trojan.BeamWinHTTP, which is also involved in downloading the previously-detected Electrum DoSMiner. The largest concentration of the bots is reportedly located in the Asia Pacific region, Brazil and Peru, …

Earlier this week, United States-based security consulting firm Independent Security Evaluators (ISE) published a report on private keys for the Ethereum blockchain. Despite establishing around 700 weak private keys that are being regularly used by multiple people, the researchers found a “blockchain bandit” who has managed to collect almost 45,000 ether (ETH) by successfully guessing those frail private keys. Cointelegraph interviewed Adrian Bednarek, a senior security analyst at ISE, to find out more about what they describe as “ethercombing.” Research background and chief findings Bednarek says he discovered the hacker by accident. At the time, he was doing research for …

American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …

At least 95% of cryptocurrency crimes investigated by law enforcement involve bitcoin (BTC,) the co-founder and COO of Chainalysis told Fortune on April 24. Jonathan Levin, whose company offers investigation software for law enforcement to pursue bad actors, said BTC is “by far the favorite” for hackers and criminals. He revealed that law enforcement needs to take more sophisticated approaches to tackle darknets — and warned that the crypto industry was starting to see the beginnings of terrorism financing. Levin said the records left behind by crypto transactions has led to many arrests, as officials in the United States tackle …