Bitcoin News Thebittimes.Com

A flaw in the two-factor authentication (2FA) security system used by crypto and derivatives exchange OKX has apparently been discovered after two users reported that their accounts had been hacked and their funds drained in a suspected SIM-swapping attack. The founder of blockchain security firm SlowMist, Yu Xian, reported that the users received SMS risk notifications from Hong Kong before a new API key was created as part of their account authentication process.   Following up on these reports, security analysts Dilation Effect (DE) claims to have found a flaw in OKX’s authentication system. It said that users are able to switch from 2FA to ‘lower security verification methods,’ like SMS verification, during OKX’s sensitive user operations.  两个不同的受害者，今天凌晨遭遇的交易所账号被盗币事件的手法及一些特征居然是相似的，除了 @AsAnEgg 提到的共性，还包括短信风险通知来自“香港”这个特征、创建了新的 API Key（有提现、交易权限，这也是为什么之前怀疑有对敲意图，目前看来可以排除了）。… https://t.co/pqIjqLhmkB — Cos(余弦)‍️ (@evilcos) June 9, 2024 Founder of SlowMist reporting on the ...

A ransomware group that has reportedly extorted more than $100 million in bitcoin ransom s since 2022 claims that it has hacked a large UK water firm and is holding it to ransom . Black Basta announced via its Tor site this week that it had stolen 750 gigabytes of sensitive data, including passports, driving licenses, employee information, and corporate documents from Southern Water.  As reported by Computing, Black Basta has given Southern Water six days to pay a ransom or it will publish the stolen data on February 29 . The firm says it’s aware of the leak and noted it “previously detected suspicious activity, and had launched an investigation, led by independent cyber security specialists.” We're aware of a claim by cyber criminals that data has been stolen from some of our IT systems. We currently have no evidence customer relationships or financial systems have been affected. Our services are operating normally and we've notified regulators https://t.co/jdR...

Security analysts have warned crypto traders using MacOS to exercise caution when downloading bootleg apps, as newly discovered malware steals their bags. On Monday, Kaspersky published its report detailing how bad actors are spreading infected versions of popular software that tricks traders into opening infected versions of their crypto wallets. An Apple device running MacOS Ventura 13.6 or later is at risk. The report outlines how an ‘Activator’ program, added to the files of pirated apps, forces the installation and launch of malware that gives Hack ers access to the device. “Once the malware installs itself, it’ll begin checking for the presence of Bitcoin and Exodus cryptocurrency wallets,” Kapersky said. “If found, the malware will then secretly replace the wallet with its own infected version to loot the user’s digital currency .” ‘Activator’ requests the user’s login credentials so that the app can gain admin p...

Just 12 days into 2024, X (formally Twitter) has experienced a myriad of hacked accounts that post crypto scams — a trend spilling over from 2023. High-profile accounts, from government agencies to celebrities, have all been targeted by hackers to promote scams, crypto tokens, or just troll followers unaware of the misinformation at play.  Here’s a series of Crypto -related hacks that have already taken place this year.  SEC posts fake bitcoin ETF approval  On January 10, the X account of the Securities and Exchange Commission (SEC) claimed it had approved spot bitcoin ETFs — a highly anticipated event in bitcoin history that sent its price momentarily rocketing. However, minutes later, the SEC clarified the post was fake and that its account was compromised, bringing BTC’s price down. Investigators at X claimed that an “unidentified individual” had access to the account’s associated phone number and that two-factor authentication wasn’t set up.  The @SECGov twitter...

Cypher Protocol recovered nearly 50% of the stolen funds, worth approximately $600,000. On Aug. 7, the company suffered an exploit attack that reportedly wiped $1 million off its accounts. On Aug., 17, Cypher Protocol announced via its X account that it had frozen nearly half of the stolen funds on different CEX. update from cypher ~$600k has been frozen across CEXs, the return of these funds will be predicated on the cooperation of these CEXs and seizure warrants being issued by law enforcement — cypher ️ (@cypher_protocol) August 17, 2023 The hacker attacked some of the DEX vulnerabilities by using different accounts to take the funds in different cryptocurrencies, such as USDT, SOL, and wETH, among others. You might also like: Cypher Protocol freezes smart contract amid $1m exploit On Aug. 10, the company contacted the attacker and offered him a 10% white hat bounty worth around $120,000. Later on, the company said that the hacker didn’t return the fund...