Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining
Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service (DDoS) attacks.
Cryptocurrency Users Lose Nearly $2 Billion to Scams, Rug Pulls and Hacks in 2023, Despite Improved Security Protocols
According to a report by security app De.Fi, cryptocurrency users lost nearly $2 billion to scams, rug pulls, and hacks in 2023, which is roughly half of the amount lost in the previous year. The reduction is largely attributed to improved security protocols, increased awareness within the community, and decreased activity in the market. However, the industry remains susceptible to security risks, as evidenced by the losses incurred by Ethereum, BNB Chain, zkSync Era, and Solana, among others. The most damaging attacks were access control exploits, followed by flash-loan attacks and exit scams.
Hackers stole around $2 billion in crypto this year, but trend is downwards
According to crypto security firms, hackers have stolen around $2 billion in crypto this year, which is a decrease from previous years. The thefts occurred across dozens of cyberattacks and thefts, with the largest incident being the breach of the Ronin network in 2022, where hackers stole more than $600 million in crypto. Despite the decrease in thefts, the persistent vulnerabilities and challenges within the DeFi ecosystem are still evident. With poor security implemented by many crypto and web3 projects, it is expected that hackers will continue to target the growing industry.
Telcoin was hacked and lost about US$1.3 million
According to BlockBeats news on December 26, Telcoin, a blockchain payment application, suffered a vulnerability attack and lost approximately $1.3 million. Its token TEL fell by 43.25% in 24 hours. Currently, Telcoin has temporarily frozen the use of the application.
Nearly $2.4 billion stolen in crypto attacks in 2023
According to data from blockchain security and analysis company Certik, cryptocurrency hacks have resulted in nearly $2.4 billion in stolen funds this year alone. The third quarter was the most active period for hackers, with 184 known attacks resulting in almost $700 million in stolen funds. The report states that the losses caused by hackers in the third quarter alone were greater than the total for the first and second quarters combined. While these numbers are alarming, they are significantly lower than last year's total of over $3.5 billion. According to SlowMist, there have been 450 confirmed hacking incidents as of 2023, with decentralized protocols on the Ethereum and BNB smart chains being the most common targets.
The official X account of chain game SERAPH is suspected to have been stolen
Chain game SERAPH: In the Darkness X platform account is suspected to have been hacked, please do not interact.
Cyvers Alerts: Suspected white hat hacker attacked Pine Protocol and has claimed a bounty of 20 ETH
Cyvers Alerts posted on X platform, stating that the system detected multiple suspicious transactions related to Pine Protocol. The attacker appears to be a white hat hacker who has requested a bounty of 20 ETH. The attacker has already deposited the 20 ETH into Tornado cash.
Curve Finance: Poll results for Vyper security incident fund recovery performed, covering all affected users
On December 22, Curve Finance announced that the voting results for the Vyper security incident fund recovery have been executed, covering all affected users. The specific compensation includes: distribution of the 7.2 million USD worth of ETH recovered by white hat hackers to the DAO; compensation of the unrecovered portion of the 42 million USD worth of CRV; and recovery of funds from other white hat hackers who received them prior to the vote.
Top Crypto Hacks of 2023: Analyzing the Biggest Crypto Security Breaches – Research Report
2023 has been a pivotal year for the cryptocurrency industry, witnessing various security challenges and cyber threats. This report delves into the intricate details of the hacks and security breaches that have marked the year, offering a comprehensive analysis of trends, patterns, and the evolving nature of cyber threats in the crypto world. We aim to provide valuable insights for industry stakeholders, enhancing their understanding of the security landscape and facilitating informed decision-making.
Binance's Law Enforcement Request Panel Being Sold on Darknet for $10,000 in Crypto
A poster on Breach Forums is selling access to Binance's law enforcement request panel for $10,000 in cryptocurrency, which seems to be obtained through compromised email accounts belonging to law enforcement officials. The panel provides lawful access to account data and is facilitated by a third-party service called Kodex. The vulnerability of email accounts belonging to law enforcement organizations worldwide is being exploited by hackers, and Binance has encountered fraudulent requests in the past. The Digital Authenticity for Court Orders Act has been introduced in the Senate to prevent the illegal use of forged court orders, but it only covers the U.S. and not other law enforcement agencies globally.
