Chainalysis data shows that 4068 criminal whales (roughly 4% of all whales) are hodling more than $25 billion worth of cryptocurrency between them. The blockchain analytics firm defines criminal whales as any private wallet that holds more than $1 million worth of crypto with over 10% of the funds received from illicit addresses tied to activity such as scams, fraud and malware. The data is from the “Criminal Balances” section of the Crypto Crime Report that explores criminal activity on the blockchain over 2021 and early 2022. The wide-ranging report also covers topics such as Ransomware, Malware, Darknet markets and …

Security was never the strong suit of browser-based crypto wallets to store Bitcoin (BTC), Ether (ETH) and other cryptocurrencies. However, new malware makes the safety of online wallets even more complicated by directly targeting crypto wallets that work as browser extensions such as MetaMask, Binance Chain Wallet or Coinbase Wallet. Named Mars Stealer by its developers, the new malware is a powerful upgrade on the information-stealing Oski trojan of 2019, according to security researcher 3xp0rt. It targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users’ private keys. MetaMask, …

Cryptojacking accounted for 73% of the total value received by malware related addresses between 2017 and 2021, according to a new malware report from blockchain analysis firm Chainalysis. Malware is used to conduct nefarious activity on a victim’s device such as a smartphone or PC after being downloaded without the victim’s knowledge. Malware-powered crime can be anything from information-stealing to denial-of-service (DDoS) attacks or ad fraud on a grand scale. The report excluded ransomware, which involves an initial use of hacks and malware to leverage ransom payments from vicitms in order to halt the attacks. Chainalysis stated: “While most tend …

Are there use cases beyond crypto? The issues facing hardware wallets are not exclusive to the crypto sector by any means. Across multiple sectors around the world, there are a number of industries that have critical systems. They face the same challenge: Remaining up to date and fortified against attacks from the people who are trying to infiltrate. Every government runs critical systems — alongside the military, hospitals, space agencies, nuclear plants, airports, chemical plants, unmanned train networks, banks and stock brokers. The ramifications if these critical systems are compromised can be severe. Lives can be put at risk if …

Israeli blockchain tech developer Kirobo is launching a decentralized P2P token swap solution. According to the company the protocol, dubbed “Atomic Safe Swap,” offers a decentralized peer-to-peer trading alternative to centralized marketplace exchanges or over-the-counter (OTC) desks, and is set to launch on July 27. The service is built on Ethereum and supports Ether (ETH) and ERC-20 tokens. Atomic Safe Swap is an extension of the firm’s retrievable transfer solution,“Undo Button” which enables users to cancel and retrieve crypto transactions. The Undo Button provides an authentication key that the receiving party must enter for the transaction to be fulfilled. The …

Revenue from crypto-related crime dropped by more than half in 2020 according to Chainalysis’ annual report on the subject. Cybercriminals netted around $5 billion less than the $10 billion plus they got away with in 2019, representing a 53% fall. Transactions involving illicit funds have decreased even more rapidly than the total volume of those funds, falling from 2.1% of all transactions analyzed in 2019 down to just 0.34% last year. Among the eight categories of transactions deemed “illicit” by Chainalysis, the dollar amount of crypto taken in by scams decreased the most, by 71% to $2.6B, largely due to …

Cybersecurity researchers at Unit 42, the intelligence team at Palo Alto Networks, have published a profile of a new malware campaign that targets Kubernetes clusters and can be used for the purposes of cryptojacking. "Cryptojacking" is an industry term for stealth crypto-mining attacks that work by installing malware that uses a computer’s processing power to mine cryptocurrencies — frequently Monero (XMR) — without the user’s consent or knowledge. A Kubernetes cluster is a set of nodes that are used to run containerized applications across multiple machines and environments, whether virtual, physical or cloud-based. According to the Unit 42 team, the …

Cyber security researchers have discovered a year-long malware operation that has targeted cryptocurrency users with the creation of a number of fake apps. Security firm Intezer Labs warned that ever increasing crypto prices have created heightened activity among hackers and malicious actors seeking financial gains. The malware has been disseminated over the past year, but was only discovered in December 2020. The new remote access trojan (RAT), dubbed ElectroRAT, has been used to empty the cryptocurrency wallets of thousands of Windows, macOS, and Linux users, the report added. Three cryptocurrency-related apps deployed in the attack — Jamm, eTrade/Kintum, and DaoPoker …

Since the end of August, cybersecurity researchers have identified increased activity on a crypto mining botnet called “Lemon Duck”. The botnet has been around since December 2018, however a big jump in activity over the past six weeks suggests that the malware has infiltrated many more machines in order to harness their resources to mine the cryptocurrency Monero. Research carried out by Cisco's Talos Intelligence Group, suggests that Lemon Duck infections are unlikely to have been detected by end users, however power defenders such as network administrators are likely to have picked it up. Crypto mining malware can cause physical …

Two offices of the United States Department of the Treasury have issued advisories on ransomware payouts, which they say pose a threat to national security. The Financial Crimes Enforcement Network, or FinCEN, reminded cryptocurrency processing companies of their duty to file suspicious activity reports when they have a reason to suspect that their services are being engaged for such payouts to sanctioned individuals: “Among these entities are digital forensics and incident response (DFIR) companies and cyber insurance companies (CICs). Some DFIR companies and CICs, as well as some MSBs that offer CVCs [convertible virtual currency], facilitate ransomware payments to cybercriminals, …

A newly discovered trojan, known as Alien, is attacking crypto apps on Android phones, including Coinbase, Blockchain.com, and Luno. This new malware strain is based on the notorious Cerberus trojan, which wreaked havoc in the Google Play store until the team responsible became complacent. Lack of continued distribution allowed Google Play Protect to almost completely eradicate Cerberus by August 2020. Alien targets 226 Android apps, mostly geared toward the banking industry. In addition to stealing user credentials, the malware can install and remove applications from the infected device, and even intercept notifications: “Most importantly, it offers a notifications sniffer, allowing …

According to a study published by cybersecurity firm, Aqua Security, cloud servers remain a major target for cryptojacking — a type of attack whose main motivation is to mine cryptocurrencies. The “2020 Cloud Native Threat Report” states that between the second half of 2019 and the first half of 2020, attacks of this nature surged by 250%. In total, 95% of the 16,371 attacks registered during this period were related to cryptojacking. The perpetrators of this type of exploit rely heavily on the use of XMRig, a well-known Monero (XMR) mining app, to deploy the attacks. Aqua Security explained: “Although …