It is one of the biggest cryptocurrency hacks of all time and still remains the biggest Bitcoin (BTC) hack the world has ever seen. The 2011, a security breach on Mt. Gox’s platform, the now-defunct Japanese cryptocurrency exchange, saw 850,000 Bitcoin stolen. Although 200,000 BTC have since been recovered, the subsequent closure of the exchange in 2014 left 24,000 creditors in its wake. Eight years later, the story continues with its villainized ex-CEO, Mark Karpeles, at the forefront and creditors still in the dark as to what a payout agreement would look like. In early February 2019, Cointelegraph reported on …

Top Stories This Week Owner of ICO That Never Happened Attempts to Sell Project on eBay for $60,000 The owner of a crypto-related startup dubbed Sponsy, which never launched its initial coin offering (ICO), is attempting to sell the project on eBay for $60,000. The project is described as a blockchain-related identity that is able to launch both an ICO and a security token offering (STO), with the author of the posting claiming that the project was both audited by an investment firm and approved by several investment banks. Sponsy also claims to have a solid social presence, although its …

This article has been updated to provide further details on the hack. Today, March 30, crypto exchange Bithumb posted on Twitter that their cryptocurrency withdrawals and deposits have temporarily been paused. In an explanation linked to the tweet, the exchange writes that at 10:15 (time zone unknown) on the 29th, they detected what they describe as abnormal withdrawals through their monitoring system. The exchange notes that they have “secured all the cryptocurrency from the detection time with a cold wallet and checked them by blocking deposit and withdrawal service.” According to the translated note, the incident was an “accident involving …

A new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo, and Bank of America. The news was reported by technology news outlet The Next Web on March 28. Based on research from prominent cybercrime analytics firm Group-IB, this is reportedly the first time the Trojan — now named “Gustuff” — has been reported or analyzed. The malware is described as being designed for mass infection and is spread by SMS messages with links to load malicious Android package …

Cryptocurrency intelligence company Messari has claimed that Stellar (XLM) suffered an inflation bug in April 2017 that was exploited to create 2.25 billion XLM (worth about $10 million at the time), which were later burned. The news was revealed in a Messari report published on March 27. Per the report, the illicitly created XLM — which was equivalent to nearly a quarter of the circulating supply — was moved to exchanges and likely sold during the first half of 2017. An equivalent quantity of XLM was purportedly burned to preserve the intended supply and avoid the dilution of the value …

Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …

Alleged North Korea-sponsored cybercrime group Lazarus is still targeting cryptocurrencies and adopting new tactics, according to a new report from cybersecurity and anti-virus company Kaspersky Lab published on March 26. The report reveals that allegedly state-sponsored hacker group Lazarus has been active with a new operation since last November, wherein the group uses PowerShell that allows them to manage and control Windows and macOS malware. The Lazarus team has reportedly developed custom PowerShell scripts that interact with C2 malicious servers and execute commands from the operator. C2 server script names, in their turn, are misrepresented as WordPress files, and other …

Cryptocurrency mining is reportedly one of the most observed objectives of hackers attacking businesses’ cloud infrastructures, according to a report by AT&T Cybersecurity on March 14. The cybersecurity wing of United States telecoms firm AT&T stated that organizations of all sizes continue to face major crypto mining attacks despite the ongoing bear market. In the new report, AT&T examined the most significant forms of cryptojacking associated with mining attacks on organizations’ cloud infrastructure. AT&T outlined four major cryptojacking tactics used by hackers such as compromising container management platforms, control panel exploitation, theft of application programming interfaces (APIs), as well as …

A Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims, a security researcher reported in a blog post on March 14. The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB. Denley noted that hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking. “From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking …

An 18-year-old hacker was referred to prosecutors in the Japanese city of Utsunomiya for stealing cryptocurrency, local news outlet Japan Today reported on March 14. The cybercriminal allegedly hacked Monappy, a digital wallet which can be installed on a smartphone, and stole 15 million yen ($134,196) of cryptocurrency between Aug. 14 and Sept. 1 of last year. The hack reportedly affected more than 7,700 users. The hacker reportedly used the Tor software that enables users to anonymize web traffic. However, the police identified the hacker by analyzing the communication records stored on the website’s server. According to Japan Today, the …

White hat hackers have detected over 40 bugs in blockchain and cryptocurrency platforms over the past 30 days, tech news outlet The Next Web (TNW) reported on March 14. According to an investigation conducted by TNW, 13 blockchain- and cryptocurrency-related companies were hit with a total of 43 vulnerability reports from Feb. 13–March 13. In the blockchain field, e-sports gambling platform Unikrn reportedly got the most vulnerability reports, amounting to 12 bugs. Unikrn is followed by OmiseGo developer, Omise, having received six bug reports. In third place is EOS, with five vulnerability reports. Consensus algorithm and peer-to-peer (P2P) networking protocol …

Gatecoin, a crypto exchange that was hacked in May 2016, has announced on March 13 that it has received a winding up (compulsory liquidation) order from an unspecified court. The company wrote that Gatecoin will have to cease operation with immediate effect, noting that the exchange will assist in the liquidation process in order to distribute assets to the creditors. The Hong Kong-based exchange had suffered a major hack back in May 2016, with around $2 million in cryptocurrencies lost after the firm reported a security breach that gave hackers access to Gatecoin’s hot wallets. According to the team’s statement …