Ledger claimed that recently uncovered vulnerabilities in its hardware wallets are not critical in an official Medium blog post on Dec. 28. Yesterday at the 35C3 Refreshing Memories conference in Berlin, researchers claimed that they were able to hack the Trezor One, Ledger Nano S and Ledger Blue cryptocurrency wallets. In the post, the company explains that there appeared to be “three attack paths which could give the impression that critical vulnerabilities were uncovered,” but according to them “this is not the case.” The reason Ledger says that the vulnerability is not critical is that “they did not succeed to …

Researchers have reportedly shown how they were able to hack the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference. The demonstration of the hacks was published in a video on Dec. 27. The research team behind the dubbed “Wallet.fail” hacking project is made up of hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher and former submarine officer Josh Datko. During the conference, the researchers announced that they have been able to extract the private key out of a Trezor One hardware wallet after flashing — overwriting existing data …

A reportedly ongoing hack against cryptocurrency wallet Electrum has seen a malicious party steal almost 250 Bitcoin (BTC) (about $937,000), commentators reported on social media Dec. 27. Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information. “The hacker setup a whole bunch of malicious servers,” Reddit user u/normal_rc explained: “If someone's Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.” Affected users …

Cryptojacking, the unauthorized use of another’s hardware to mine cryptocurrency, has become the biggest cyber threat in many parts of the world, Bloomberg reported Dec. 14. According to research from cyber security research firm Kaspersky Lab, cryptojacking overtook ransomware as the biggest cybersecurity threat particularly in the Middle East, Turkey, and Africa. In Afghanistan and Ethiopia over one out of four detected malware are cryptocurrency miners, according to Kaspersky’s data. As cited by the Bloomberg, Kaspersky’s research “shows crypto mining attacks have risen almost fourfold in the region, from 3.5 million in 2017 to 13 million this year.” The cybersecurity …

A fresh wave of hacks targeting Ethereum (ETH) holdings continues, despite the altcoin’s price trailing at 18-month lows, tech magazine ZDNet reported Dec. 10. Citing research by cybercrime monitoring company Bad Packets LLC, the publication revealed that the downturn in ETH/USD has failed to stop malicious parties attempting to steal funds from miners and investors. Scanning the network, hackers are trying to identify mining rigs and wallets with an exposed port 8545, which ultimately allows them to gain control and redirect ETH funds elsewhere. “Despite the price of cryptocurrency crashing into the gutter, free money is still free, even if …

United Kingdom-based cryptocurrency payment platform Cubits has filed for administration following a sudden outage that locked customer funds, a company press release revealed Dec. 11. The act of filing for administration means that an insolvent company has appointed an external administrator in order to act on behalf of its creditors. Cubits, the trading name of legal entity Dooga Ltd., claimed it had lost funds worth €29 million ($32.8 million) to “fraudsters” in February 2018 that it was unable to reclaim. Now, Dooga has brought in administrators “to work with those who are owed money by the Company and to collect …

The CEO of cybersecurity firm Cuvepia declared that his company detected over 30 attacks on crypto-bearing individuals probably carried out by North Korean hackers, English-language media site South China Morning Post reports Nov. 29. Kwon Seok-Chul, the CEO of the aforementioned South Korean cybersecurity company, said that the new targets of the suspected North Korean cyberattacks “are just simple wallet users investing in cryptocurrency.” He then added that many cases probably haven’t been detected, and that there may have been well over 100 attacks. As the article states, the “targeting of individuals holding virtual currencies such as Bitcoin (BTC) marks …

The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin (BTC) ransomware scheme SamSam, the Treasury reported in an official press release today, Nov. 28. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken action on Wednesday against two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who are accused of exchanging Bitcoin into Iranian rials (IRR). This is also the first time that Bitcoin addresses have been publically attributed to “designated individuals” on the OFAC’s sanctions list. According to the report, SamSam ransomware breaks into companies’ computer networks, allowing criminals to take over …

Bulgarian Gendarmerie forces and specialized prosecutors have arrested three hackers allegedly involved in stealing $5 million in crypto, Sofia-based newspaper 24 Chasa reports Monday, Nov. 26. Bulgarian police reportedly seized cryptocurrencies worth around $3 million, as well as the equipment allegedly used by the thefts, including computers, flash drives, and a hardware portfolio for storage of crypto data. Apart from notebooks containing crypto accounts, the prosecutors have also seized a car that was allegedly purchased with stolen funds and worth about 60,000 in Bulgarian Lev (BGN) (about $35,000). According to prosecutors, the suspects implemented new hacking methods and performed advanced …

Tech Bureau, the company that formerly operated hacked Japanese cryptocurrency exchange Zaif, has completed its handover to buyer Fisco Cryptocurrency Exchange (FCCE), Cointelegraph Japan reported Nov. 22. FCCE, which agreed to take over proceedings in October, will now assume responsibility for compensating users who lost money in the hack, which occurred Sept. 20 and involved funds worth around $60 million at the time. According to a press release from FCCE, compensation proceedings should begin before the end of this month. No timeframe has yet been set for deposits and withdrawals at Zaif to resume. Confirming the move, Tech Bureau said …

Authorities in the U.S. state of California have arrested a 21-year old New Yorker for the alleged theft of $1 million in crypto using “SIM-swapping,” U.S. broadsheet the New York Post reported Nov. 20. SIM-swapping — also known as a “port-out scam” — involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms use automated messages or phone calls to handle customer authentication. The arrested suspect, Nicholas Truglia, is accused of having targeted wealthy Silicon Valley executives in the Bay Area, and of successfully persuading …

On November 7, a security news and investigation blog KrebsOnSecurity published an interview with REACT Task Force, a California-based law enforcement group dedicated to fighting cybercrime. As per the article, members of REACT consider “SIM swapping” one of its “highest priorities” in a bid to fight cryptocurrency fraud. Here is how fraudsters use 99 cent SIM cards bought off eBay to steal millions worth of crypto with just one call. “SIM swapping”: what is it? SIM swapping is the process of making a telecom provider like, say, T-Mobile, transfer the victim’s phone number to a SIM card held by the …