Connect with us

Hackers

Hacker Returns All Stolen Assets From $643,000,000 Crypto Heist

Published

on

After suffering a massive $643 million hack in early August, decentralized finance (DeFi) protocol Poly Network just retrieved all the stolen funds from the crypto hacker.

On August 10th, Poly Network suffered a large hack involving 59 different crypto assets.

The hack was allegedly conducted by a pseudonymous attacker known as Mr. White Hat. Shortly after the incident occurred, Poly Network began working with the hacker to retrieve the stolen crypto assets.

Advertisement

After receiving the last $33 million that was locked up in the stablecoin Tether (USDT), Poly Network announced it had successfully recovered all of the stolen funds.

“Yay! PolyNetwork has completed the recovery of all PolyNetworkExploit affected user assets.

PolyBridge has now restored cross-chain functionality for a total of 59 assets. Other advanced functions will be gradually restored.”

Advertisement

Tether also took to Twitter to confirm that funds had been safely redistributed.

“After working closely with PolyNetwork through the strict protocols to unfreeze the funds involved in the recent hack, Tether can confirm that the funds have been released today to the legitimate owners.”

Following the hack, Mr. White Hat allegedly left a personal message encoded in the Ethereum transaction history, apologizing for the inconvenience to the project and stressing that the hacking saga was a learning experience for the DeFi community.

Advertisement

“DEAR POLY TEAM,

KEEP CALM AND THIS IS THE HAPPY ENDING! I HAVE TO ADMIT THAT MY WILD OR MAD BEHAVIORS HAVE LED CRISES TO YOUR PROJECT, YOUR TEAM, AND EVEN YOUR LIVES. SORRY FOR THE INCONVENIENCE! IT MUST BE ONE OF THE MOST WILD ADVENTURES IN OUR LIVES…

WHY DO WE FALL? SO WE CAN LEARN TO PICK OURSELVES UP. THIS INCIDENT MUST BE A SERIOUS LESSON TO MANY OF US, OR EVEN THE WHOLE DEFI COMMUNITY. PERSONALLY, I HAVE LEARNT AND PRACTISED A LOT. AND I TRIED TO POINT OUT SOME CRUCIAL FACTS ABOUT THIS CRAZY DEFI WORLD (PLEASE IGNORE MY BAD JOKES SINCE THE BEGINNING), AND HOPEFULLY, MY PHILOSOPHY COULD BE INSPIRING, ESPECIALLY TO THOSE GEEKS WHO HAD MISBEHAVED ACCIDENTALLY.”

Advertisement

Poly Network thanked the hacker for returning the funds back.

“Dear ‘Hacker’,

Thank You! We are ready for a new journey.”

Advertisement

News Source

Hackers

London High Court Orders Binance To Hunt and Seize Assets of Crypto Hackers

Published

on

London’s High Court is ordering major crypto exchange Binance to track down and freeze the accounts of crypto hackers behind an alleged $2.6-million security breach.

The order, which was made public last week, grants the requests by artificial intelligence (AI) company Fetch.ai for Binance to find and freeze the allegedly stolen assets.

Fetch.ai claims that on June 6th hackers obtained access to its Binance accounts that held several crypto assets, including Bitcoin (BTC), Binance Coin (BNB), Tether (USDT) and its own Fetch.ai (FET) token among others.

Advertisement

The hackers allegedly traded the stolen cryptocurrencies at a massive discount to a third party.

Judge Pelling QC describes the order in a transcript of the court proceedings.

“A worldwide freezing order is sought against those who were knowingly involved in the fraud for the purposes of freezing their assets worldwide, in order to ensure to the best that can be achieved that the claimant is able to freeze assets, which will enable any judgment of the court to have real effect.”

Advertisement

Syedur Rahman, a partner at the Rahman Ravelli law firm that represents Fetch.ai, tells Reuters that the missing assets are recoverable.

“We need to dispel the myth that crypto assets are anonymous. The reality is that with the right rules and applications they can be tracked, traced and recovered.” 

A Binance spokesperson says that the exchange is helping to recover the stolen assets.

Advertisement

“Binance routinely freezes accounts that are identified as having suspicious activity occurring in line with our security policies and commitment to ensuring that users are protected while using our platform.”

News Source

Advertisement
Continue Reading

Hackers

T-Mobile ‘Hackers Want BTC 6’ for Data, US Offers Dark Web USD 10M in Crypto

Published

on

The telecoms heavyweight T-Mobile appears to have suffered a data breach involving the personal and financial data of 100m users, with hackers ready to hawk out the data in exchange for bitcoin (BTC) – while the American State Department is planning to hand out crypto payments to a more benevolent type of Dark Web user.

Vice’s Motherboard media arm reported that T-Mobile had claimed the firm was “aware of claims made” on a web forum, where a hacker is reportedly asking for BTC 6 (around USD 284,000 at the time of writing) in return for a portion of the data haul (data on 30m users).

Data on the remaining 70m was already changing hands in “private” sales, the purported hacker claimed when approached by Motherboard – with the media outlet likely posing as an interested buyer.

Advertisement

The alleged hacker, in an “online chat,” told Motherboard that they thought T-Mobile “already found out” about the hack “because we lost access to the backdoored servers.” But the damage appears to have already been done, with the vendor claiming that they had already downloaded the data and “backed it up” in “multiple places.”

T-Mobile said in the article that it was “actively investigating” the validity of the alleged hackers’ claims. Cryptonews.com reached out to the company for comment.

But Motherboard wrote that it had gained access to “samples of the data, and confirmed they contained accurate information on T-Mobile customers.” The would-be vendor stated that the data in question, “includes social security numbers, phone numbers, names, physical addresses, unique IMEI [International Mobile Equipment Identity] numbers and driver’s licenses information.”

Advertisement

The network has been dogged by data breaches in recent years, with breaches reported in 2018, 2019, 2020 and at the turn of this year. In March 2020, The Register reported that T-Mobile had explained how hackers broke into its employees’ email accounts before making off with customer account information in its “third security whoopsie in as many years.”

Data breaches are on the rise in almost all parts of the world this year, and much has been made of the role of crypto in the attacks. Ransomware raiders have demanded crypto payments in exchange for returning companies access to data they have been frozen out of, while other hackers have sought to auction off stolen data for crypto. This has led, in parliaments all over the world, to the vilification of the crypto world, with some calling tokens the tools of shadowy underworld villains.

But this kind of messaging has not always gone down well among younger, tech-savvy folk. And that, perhaps, is why the American State Department has decided to take another track altogether – by handing out crypto, sponsored by the Treasury’s coffers, to informants who tip it off on “state-based hackers.” And in a further surprise move, Uncle Sam wants to do the whole thing on the Dark Web.

Advertisement

CNN reported that as part of a campaign advertised at last week’s Black Hat security conference “informants” can “elect to receive payments in cryptocurrency and reach out to the US government with sensitive information through a secure portal on the Dark Web.”

On a page promoting the campaign, the State Department wrote that it has “set up a Dark Web (Tor-based) tips-reporting line to protect the safety and security of potential sources. Possible relocation and rewards payments by cryptocurrency may be available to eligible sources.”

The department advertised the fact that it would pay “up to USD 10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure.”

Advertisement

News Source

Continue Reading

Hacked

Cybersecurity firm identifies 167 cryptocurrency and trading apps used by attackers

Published

on

  • As cryptocurrencies adoption continues to grow, attackers have turned to cryptocurrency and trading apps to steal from investors.
  • Sophos has identified over 167 Android and iOS apps that attackers are using to lure and steal money.

British cybersecurity firm Sophos has identified 167 Android and iOS trading and cryptocurrency apps being used by attackers to steal from investors. As the market frenzy grows, unsuspecting traders are downloading disguised financial trading, banking or cryptocurrency apps expecting to use these to make money. Attackers have found it easy with a majority of traders flocking the cryptocurrency industry with little knowledge of its working and huge expectations after an exemplary performance in the first few months of the year.

According to Sophos, attackers have deployed different tactics to get around firewalls and bypass iOS and Android. This includes creating a fake iOS App Store download page, and an iOS app-testing website. In other instances, the developers leveraged social engineering through dating sites to lure in victims. The attackers in one case befriended a user on a dating site before enticing them to download and add funds to one of the fake trading apps.

The scammers befriended the victim, and shifted communications to a messaging app. They avoid requests for face-to-face meetings, citing the Covid-19 pandemic. After gaining trust, they then convinced the victim to download a cryptocurrency trading app, sending the victim a link.

Fake cryptocurrency apps linked to the same group

Interestingly, the researchers identified a single server that hosted all the 167 apps which suggested to them that all these fraudulent apps belong to the same group.

The researchers advise investors to be keen on where they download apps. “Users should only install apps from trusted sources such as Google Play and Apple’s app store”, they added. They further advised against getting involved with projects that promised unrealistic returns in a short time.

If something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.

Banks intervene

Recently a number of UK banks halted payments to crypto exchanges in a bid to crack down on rising crypto scams. According to some reports, UK investors have lost over $65 million in the last year due to scams with nearly half of them involving cryptocurrencies. The banks included Barclays and digital challenger banks, Monzo and Starling.

The banks have made it clear that this is a temporary measure but one that will be reversed once they introduce additional measures to curb fraud. Bank of England Governor Andrew Bailey has in the past warned about engaging with cryptocurrencies stating that anyone holding Bitcoin should be prepared to lose all their money.

News Source

Continue Reading

Trending