Army of Bitcoin Hackers
Ransomware isn’t the only form of cyber attack allegedly deployed by the state-sponsored hackers of North Korea. Security researchers from the US, UK, and South Korea have all pointed a finger at the country in recent months as the main source of hacking attacks against popular South Korean bitcoin exchanges, stealing data and cryptocurrency.Beyond just the monetary gains, which can be substantial for the poverty-stricken North Koreans, holding bitcoin can help the pariah nation bypass Western economic sanctions crippling its economy. Cyber attacks in general are also a winning asymmetric warfare strategy for North Korea, allowing it to harass, harm, and appear equal to its much stronger adversaries south of the 38th Parallel, Japan, and the US.
Bitcoin is increasingly seen as a tool in the arsenal of state actors conducting cyber warfare. Last month it was speculated that a ‘cyber war’ between Russia and Ukraine was the underlying cause of the massive Bitcoin ransomware attack which affected banks and energy companies, among others.Now a new report is pointing to North Korea as a growing source of cyber attacks, this time targeting the cryptocurrency ecosystem itself in an effort to simply steal funds. This perhaps might help explain why the U.S. sees the hacking of Bitcoin exchanges outside its jurisdiction as a national security threat worthy of employing investigators from the Secret Service, Homeland Security and FBI.
Sean Everett wasn’t sure how his bullish bet on cryptocurrency would turn out. But he definitely didn’t expect it to be over so soon.In March, he sold all his stocks, including Apple and Amazon, and used a chunk of the proceeds to buy Bitcoin and Ethereum on a site called Coinbase. The decision made Everett, the CEO of artificial intelligence startup Prome, almost instantly richer, as the blockchain-based currencies’ value rocketed up exponentially over the next several weeks. But then, while he was out walking the dog after 10 p.m. on Wednesday, May 17, Everett got the call. It was T-Mobile, ringing him to confirm that it was switching his phone number to a different device.It was a suspicious move that Everett had most certainly not requested. But even as he pleaded with the agent to block the switch, it was too late. Less than five minutes later, Everett’s cell service abruptly shut off, and as he rushed to his computer, he saw himself being robbed in real time. A raft of email notifications confirmed that someone had taken control of his main Gmail account, then broken into his Coinbase “wallet.” They’d gotten in with the help of his switched-over phone number: Everett’s account required him to log in with a two-factor authentication code sent by text message, as a second safeguard—and now the text had gone straight to the thief.
But hackers have never breached Coinbase’s own virtual fortress, and that impenetrability has earned it a reputation as the safest place to buy Bitcoin, helping it attract more than 9 million customers who store at least $3 billion in cryptocurrency there, and who have traded $25 billion to date on its retail brokerage as well as its institutional exchange, GDAX. The five-year-old Coinbase just raised $100 million in new funding, valuing the company at $1.6 billion—making it the blockchain industry’s first “unicorn.” “If you look at what they are world-class at, it’s security, trust, safety … all these things that, frankly, banks are good at,” Fred Wilson, the venture capitalist and one of Coinbase’s earliest and largest backers, said at a conference in March. “They’re like JPMorgan or Goldman Sachs for blockchain.” But Coinbase’s individual customers do get burglarized—with surprising and unsettling frequency. Even Wilson himself was in for a rude awakening: While vacationing in Europe in early June, the VC woke up to the same telltale emails that Everett saw, signaling that an intruder was trying to get inside his Coinbase account. Wilson managed to lock it down before anything was stolen, but in a rare public chastising of a company in his own portfolio, he wrote in a blog post: “I am still a bit shaken up from the experience and a fair bit more paranoid from it.”Since then, Fortune has spoken with more than a dozen victims, including tech CEOs and well-known blockchain proponents, whose Coinbase accounts have been targeted and hacked in almost exactly the same fashion; still more have been attacked on other exchanges. The day after Everett’s robbery, Los Angeles entrepreneur Adam Dachis’s account was wiped out of what was then $10,000. On July 7, thieves emptied $18,000 from the Coinbase wallet of blockchain adviser Mike Costache, during the four hours he slept one night while traveling overseas. Since Christmas, there have been months when Coinbase users have been robbed as often as 30 times—a rate of one robbery every single day. In each case, the same blindsiding realization arrives, bringing the inherent paradox of blockchain into focus. The quintessential strength that sets cryptocurrency apart from traditional money—that transactions are instant and irreversible—is also its fatal flaw. “One of [Bitcoin’s] reasons for existence is that it’s censorship-resistant,” says Tom Robinson, cofounder and chief data officer of Elliptic, a London-based blockchain intelligence firm. That means no one, not even a government or central bank, can stop a digital currency transaction from happening. And therefore the fraud protections traditional bank depositors rely on are mostly unavailable. “Any kind of charge-back and reversibility would be the antithesis of what Bitcoin was created to achieve,” says Robinson.That’s one reason that, when criminals want to pull a heist, they’re increasingly choosing cryptocurrency over real dollars. In 2016, $28 million in losses from crimes involving virtual currency were reported to the FBI’s Internet Crime Complaint Center, more than triple the 2015 total. And that figure is based heavily on voluntary reports by individual victims. It doesn’t include large-scale thefts from exchanges like the Bitfinex hack, so it likely underestimates the true damages by many orders of magnitude.
South Korea-based Bithumb has said that it believes personal details of more than 30,000 of its customers were stolen as a result.It appears the data was subsequently used to fool users into letting thieves steal funds from their accounts.Bithumb has promised compensation.But the Korea Internet and Security Agency, a local government-empowered watchdog, has launched an inquiry into the matter, according to the Yonhap news agency.
Scam calls
Bithumb allows its members to buy and sell the virtual currencies Bitcoin and Ethereum. It is South Korea's biggest cryptocurrency exchange, based on recent trading volumes, and one of the five largest in the world.The breach is reported to have occurred in February, and is said to have involved an employee's home PC rather than computer servers at the firm's headquarters.Bithumb is reported to have discovered the breach only on 29 June and reported it to the authorities the next day.Although a notice posted to the company's site said the leaked data did not contain passwords, dozens of customers have reported receiving follow-up scam calls and texts in June that persuaded them to share their accounts' authentication codes.Bithumb has promised initially to cover losses of up to 100,000 won ($86; £67) per customer, and to add to this once it has been able to verify individual losses.But it is unclear whether victims will be compensated in full.An unverified local report said one member claimed to have lost 1.2bn won ($1.04m; £806,000).At present, virtual currencies are not regulated by South Korea's financial authorities and efforts to address the matter have made little progress.
helpful post
omg