Showing posts with label hack. Show all posts
Showing posts with label hack. Show all posts

Multiple Crypto Companies Affected By GoDaddy Security Breach - "Several Employees Fell For A Scam"...

The Liquid exchange and NiceHash mining are among those affected by a scam that ended with GoDaddy employees giving their passwords over to the malicious actors.  GoDaddy is one of the most popular services to register .com's and other popular domain name extensions.

Liquid's CEO Mike Kayamori says they used those employees access to partially breach the site's infrastructure, change their DNS records, and take possession of several internal email accounts. They also believe they downloaded copies of several 'important documents'.

The company recommended that its users change passwords and take additional security measures to prevent leakage of their data . He added that he had controlled the attack before hackers had access to his clients' accounts and assets.

The staff at Liquid noticed this on November 15th, just 4 days later the crypto mining service NiceHash also reported it was the victim of a security breach.

The company said that after detecting unauthorized changes to the configuration of its web domain registered with GoDaddy, it decided to freeze all client funds for 24 hours, a move that seems to have worked in protecting all funds.

Additional Companies Involved May Be Staying Silent...

No company in the crypto space wants their name connected to any type of security breach, and cyber security expert Brian Krebs's report shows there may be more crypto companies with GoDaddy domains, showing the same altered information as the confirmed victims.

This includes Bibox, Celsius, and Wirex - none have announced any issues, and none are responding to requests for comments.

GoDaddy spokesperson Dan Race says that the company identified the unauthorized changes to its customers' domains, and immediately blocked the accounts and reversed the changes.

------- 
Author: Adam Lee 
Asia News Desk

Verge tries to downplay second hack in 2 months...

It happened again - and this time, even worse than the last.

This time the hackers managed to funnel 35 million XVG to themselves (worth $1.7 million) - last time was only 250,000 XVG.

The hack was pointed out by the same Bitcointalk user ''ocminer'' who pointed out the first one - he says the hackers are using a slightly updated version of the same old exploit, which was never fully fixed...

"Since nothing really was done about the previous attacks (only a band-aid), the attackers now simply use two algos to fork the chain for their own use and are gaining millions:

Both algos, scrypt and lyra2re can be rented easily for a few bucks at nicehash, they simply send one block scrypt, after that a block lyra2re and so on and all with manipulated timestamps thus lowering diff to lowest possible mining several blocks per minute like this".

The most disturbing part in my opinion - Verge isn't even acknowledging what happened - they're lying to their followers by labeling this a "DDOS" attack (which is a simple way to bring down servers by overloading them with requests). Nothing about this even resembles a DDOS attack.  Yet Verge still tweeted the following:

"it appears some mining pools are under ddos attack, and we are experiencing a delay in our blocks, we are working to resolve this."

No further update from Verge has been provided since this tweet 24hrs ago. 

A tip for the folks at Verge - handle a hack with honesty.  The only thing that can make it worse, is lying about what happened.  People would much rather know you found the problem, understand it, and are fixing it.

------- 
Author: Adam Lee
Asia News Desk

@Bitcoin hacked on Twitter - but the owner says it's a conspiracy and Twitter's CEO Jack Dorsey is part of it...

The Twitter username @Bitcoin has taken a lot of heat in the past - that's because the anonymous owner doesn't use it to actually talk Bitcoin, but is instead a heavy promoter of BCH (aka Bitcoin Cash or BCash) an alternative coin to the original Bitcoin.

Hackers in both Russia and Turkey claimed credit for the hack, but the account owner is going as far as claiming the Twitter CEO Jack Dorsey was part of an inside-job conspiracy against him.

"...Jack disabled this account, gave it to someone else, only to return it in the face of public backlash with 750,000 fewer followers. #censorship" he said in a Tweet shortly after gaining back control of the account.

Twitter CEO Jack Dorsey has been an advocate of the original Bitcoin, recently stating "The world ultimately will have a single currency, the internet will have a single currency. I personally believe that it will be bitcoin."

Unfortunately, the truth behind the hack is likely much less interesting, and we highly doubt this was an 'inside job'.  A more likely and simple explanation such as malware or a keylogger installed on a device of the owner is probably how this and most twitter 'hacks' occur.
-------
Author: Adam Lee
Asia News Desk

NiceHash founders criminal family associations comes to light following today's $62 Million hack...


Conspiracy theories are flooding Nicehash discussion groups as the criminal past of their CTO and Co-founder's family comes to light. 

Matjaz Skorjanc was arrested in 2010, for money laundering, and creating the "Mariposa botnet" which at one point infected 12.7 million computers - he is the son of the owner of NiceHash.

To top off today's strange events, he's scrubbing the internet for traces of his existence, his LinkIn profile that was active yesterday, is now deleted. A facebook profile active earlier today is also gone.
Matjaz's LinkedIn
Matjaz was also credited for creating the darknet forum "Darkode" - which was eventually raided and lead to over 70 arrests around the globe. 

What's missing from the conspiracy is a clear motive. Nicehash was making good profits, running what seemed to be a legitimate business. But maybe that wasn't enough.

Just a reminder, we're reporting on the speculation that's occurring, at this point, we are not accusing anyone of a crime.

*Article updated 12/7/18 to correctly reflect the family relationship.
-------
Author: Ross Davis
San Francisco News Desk