On Tuesday, Binance disclosed a severe security breach, in which one or more hackers obtained a "large number" of user API keys and two-factor authentication codes, and used them to withdraw 7,000 bitcoin from a Binance hot wallet. Binance said that the affected wallet held only 2% of the exchange's holdings and that its other wallets are secure. The exchange will conduct a thorough security review that it expects to last one week; it will suspend all deposits and withdrawals during that time. Movement of the stolen funds on the Bitcoin blockchain is being tracked; but while the hacker's movements are apparent, as of yet no one has been able to identify who is behind them. The Binance theft will add to the $1.2 billion in cryptocurrency that, according the cybersecurity firm CipherTrace, has already been stolen from exchanges and through other fraud-related activities this year. That number is about 70% of the total amount stolen in all of 2018.
According to reports published earlier this month, a vulnerability in older versions of Confluence workspace productivity software was recently exploited by hackers, enabling them to secretly install and utilize crypto mining malware on affected systems. In another report, the Tron Foundation disclosed a substantial security vulnerability in its wallet that could have crashed the entire Tron blockchain. The vulnerability was found by a researcher who was then paid a $1,500 bounty by Tron. And Cointelegraph recently reported that 60% of bitcoin full nodes are running software that are vulnerable to the "inflation bug," which allows the potential for illegitimate minting of bitcoin.
Two U.S. prosecutors recently arrested and brought charges against two Israeli citizens (one living in Israel, the other in Brazil) for operating the darknet website "DeepDotWeb" (DDW). Prosecutors allege that the two individuals received kickbacks whenever their users accessed the site to visit various darknet marketplaces, in which vendors sold drugs, firearms, hacking tools and other contraband. The individuals allegedly used bitcoin to conceal more than $15 million in illegal proceeds, which they would transfer from their DDW wallet to other bitcoin and bank accounts that they controlled through shell companies. In Europe, Europol worked together with Spanish authorities to dismantle a money laundering ring that reportedly operated by exchanging fiat currency for crypto assets by using cryptocurrency ATMs and then splitting funds into smaller sums to introduce them into the regular financial system. Eight people have been arrested so far, and wallets containing about 9 million Euros have been frozen.
To read more about the topics covered in this week's post, see the following:
- Binance Security Breach Update
- Hackers Are Shuffling Binance's Stolen Bitcoin
- Binance hacker consolidates the stolen bitcoin into just seven addresses
- Cryptocurrency Thefts, Fraud Hit $1.2 Billion in First-Quarter Report
- CVE-2019-3396 Redux: Confluence Vulnerability Exploited to Deliver Cryptocurrency Miner With Rootkit
- Tron Discloses Critical Vulnerability Which Could Have Crashed Its Blockchain
- Research: 60% of All Bitcoin Full-Nodes Are Still Vulnerable to Inflation Bug
- DeepDotWeb Defendants Used Bitcoin to Hide Criminal Proceeds, Say Feds
- CRYPTOCURRENCY LAUNDERING AS A SERVICE: MEMBERS OF A CRIMINAL ORGANISATION ARRESTED IN SPAIN
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.