Cryptohack Roundup: It’s Raining Phishing Scams on X – Source: www.databreachtoday.com

Blockchain & Cryptocurrency
,
Cryptocurrency Fraud
,
Fraud Management & Cybercrime

Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack Stats

Rashmi Ramesh (rashmiramesh_) •
January 11, 2024    

Each week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4 million from Gamma, dYdX detailed post-hack steps, CertiK published 2023 hack stats, TRM Labs discussed North Korean hacking and Apple India blocked users from offshore crypto exchanges.

See Also: Live Webinar | Integrating Splunk and Panther for Real-Time Alerting and Custom Dashboarding

Hackers compromised three high-profile social media accounts – one belonging to the U.S. Securities and Exchange Commission, another to threat intelligence firm Mandiant and the third to crypto platform CoinGecko. The actors behind each of the hacks used their temporary access to tout crypto phishing scams.

The SEC said it is probing the “compromise” of its account on X, formerly known as Twitter. Google’s cybersecurity subsidiary was hijacked by a drainer-as-a-service gang in “likely a brute force password attack,” leading to the theft “hundreds of thousands of dollars worth of Solana cryptocurrency assets.” CoinGecko said it has secured its account after finding that one of its team members accidently clicked on a fraudulent Calendly link, granting unauthorized app access to a hacker who posted on the company’s behalf. There is no known connection between the three incidents.

The U.S. SEC approved the listing and trading of a number of spot bitcoin exchange-traded product shares on Wednesday, even as its chief, Gary Gensler, warned that the ETP approval does not imply the agency’s approval or endorsement of bitcoin or other cryptocurrency. Gensler advised investors to be cautious of the “myriad risks” associated with bitcoin and products whose value is tied to crypto. “Bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity including ransomware, money laundering, sanction evasion and terrorist financing,” he said.

Hackers stole $3.4 million from DeFi protocol Gamma Strategies, forcing the company to halt deposits while withdrawals remain open. The BlockSec said the vulnerability stemmed from the protocol’s accounting mechanism and allowed the attacker to manipulate prices, create excessive tokens and steal them, reported The Block. PeckShield said the exploiter has already transferred $2.2 million to designated crypto mixer Tornado Cash. Gamma identified the root cause of the attack and detailed mitigation strategies in a post on X, formerly known as Twitter.

Decentralized finance platform dYdX said it has uncovered the identity of the hacker whose attack against its insurance fund resulted in a $9 million loss in November and is in contact with them. The exchange said it is mulling legal action against the perpetrator of the “targeted attack.” It said no user funds had been affected and the attacker did not profit from the hack. The company also said it has improved its monitoring capabilities to prevent a future attack and upgraded its blockchain to automatically mitigate such risks.

Hackers stole 51% less cryptocurrency in 2023 than they did last year. CertiK pegged the total losses at $1.84 billion across 751 incidents. Each incident averaged $2.45 million in losses, and the top 10 added up to $1.11 billion. The highest-value theft occurred in November, with more than $363 million across 45 incidents. The third quarter dominated, with $686 million worth of losses from 183 hacks and scams.

Private key compromises made up for nearly 50% of the total losses across just 47 incidents, totaling $880 million.

Six of the 10 high-value incidents were due to private key compromises. Among them was the Multichain incident in July, in which the company’s CEO had exclusive control over private keys despite claiming that the platform had been decentralized.

North Korean hackers stole at least $600 million worth of cryptocurrency in 2023, contributing to 33% of all funds stolen in the past year, TRM Labs said. The number could be $100 million larger, but the crypto intelligence company could not confirm the North Korean connection to those thefts.

Pyongyang hackers have stolen about $3 billion worth of crypto between 2017 and November 2023. Hackers have been “constantly” evolving their money laundering methods to “evade international law enforcement pressure,” and they almost always compromise private keys or seed phrases to steal the money, TRM Labs said.

Apple India has blocked access to Binance, KuCoin, Bitget, Huobi, OKX, Gate.io and MEXC crypto exchange apps after the government issued a noncompliance notice against these off-shore crypto exchanges, Bloomberg reported. Kraken, Bitstamp, Bittrex and Bitfinex were also part of the Indian Ministry of Finance’s Financial Intelligence Unit notice, which was issued for exchanges illegally operating in the country, but they have not been removed from the App Store yet. All applications are still available on Google’s Play Store, and their websites are fully functional. The FIU notice said that crypto exchanges operating in India must register themselves as a “reporting entity” and file statements with the income tax department.