2020 has been a year few of us will soon forget, and as businesses clamored to stay afloat or weather the storm that the COVID-19 pandemic caused – not to mention everything else that has happened in the past 12 months. – in the criminal underground, business is booming.
Of particular interest to cyber attackers in recent years is cryptocurrency. An alternative to traditional bank-controlled fiat currency, cryptocurrency has evolved from the Wild West in speculative trading to something more like a stable financial structure, whose projects are supported by blockchain technologies, an area now being explored by the giants of technology including IBM, Google and Microsoft.
However, many technologies related to blockchain and cryptocurrencies are still experimental and speculative; vulnerabilities can lead to the compromise of wallets and cryptocurrencies within, and there are still cases of exit scams and fraudulent coin flips, known as Initial Coin Offerings (ICO).
Cases of data breaches, thefts and investor losses are still very frequent. Below are the worst accidents recorded, month by month, during 2020.
January:
- Poloniex: Poloniex disclosed a data breach and forced a mass password reset for users after credentials were leaked on social media.
February:
- Helix: A man from Ohio was arrested for running the Helix Bitcoin mixing service. It is estimated that $ 300 million has been laundered through the mixer.
- Microsoft Engineer Theft: A software engineer was convicted of stealing over $ 10 million from Microsoft.
- IOTA: The IOTA Foundation shut down the entire network due to a hacker exploiting a vulnerability in the IOTA wallet app.
- Altsbit: The Italian cryptocurrency exchange has closed following an alleged cyber attack in which most of users’ funds were stolen.
March:
- Prometei: Researchers have discovered a botnet that leverages Microsoft Windows’ SMB protocol to mine cryptocurrency.
- YouTube: YouTube accounts were hacked to promote a Bill Gates-themed Ponzi cryptocurrency scam.
TechRepublic: How Remote Working Poses Security Risks for Your Organization | How Phishing Attacks Leverage Google’s Tools and Services | Linux and open source: the biggest problem in 2020
April:
- Lendf.me: $ 25 million in cryptocurrency has been stolen from the Lendf.me platform.
- Bisq: Over $ 250,000 has been stolen from Bisq Bitcoin exchange users.
May:
- Supercomputer: Supercomputers across Europe have been hacked to mine cryptocurrency.
CNET: Russian and North Korean Hackers Are Targeting COVID-19 Vaccine Researchers | Best Outdoor Home Security Cameras for 2020 | Android and iPhone are now all about privacy, but OSOM startup thinks it can do better
June:
- BTC-e: New Zealand law enforcement has frozen $ 90 million in BTC-e assets as part of a money laundering investigation.
- CryptoCore: Researchers claimed that the CryptoCore hacker group stole at least $ 200 million in cryptocurrency from online exchanges.
- Coincheck: A hacker infiltrated the cryptocurrency exchange’s domain registration service, causing a hiatus in deposit and withdrawal services.
July:
- Twitter: High-profile Twitter profiles belonging to figures like Joe Biden, Bill Gates and Elon Musk have been compromised to advertise a cryptocurrency scam.
- Coinbase: Coinbase blocked an attempt by attackers to steal $ 280,000 in Bitcoin.
- VaultAge Solutions: CEO went into hiding after allegedly defrauding investors for $ 13 million.
- AT&T: AT&T was dragged to court over a $ 1.9 million SIM hijacking and cryptocurrency theft case.
- GPay Ltd: UK regulators have shut down GPay for scamming cryptocurrency investors using fake celebrity endorsements.
August:
- FritzFrog: A cryptocurrency mining botnet has been discovered that has compromised at least 500 corporate and government servers.
- Arrests in Ukraine: Ukrainian law enforcement officers arrested suspected members of a gang that laundered $ 42 million in cryptocurrencies for ransomware groups.
- 2 together: 1.2 million euros in cryptocurrency was stolen by the exchange.
- PlusToken: Chinese police arrested over 100 people suspected of being involved in the PlusToken cryptocurrency investment scam.
- Lazarus: Researchers discovered a new Lazarus campaign targeting a cryptocurrency company via LinkedIn job postings.
September:
- KuCoin: Around $ 150 million worth of cryptocurrency was stolen by a cyber attacker after being stored in hot wallets.
- Cryptocurrency Phishing: Two Russians have been accused of stealing nearly $ 17 million in cryptocurrency-themed phishing campaigns.
- Eterbase: The cryptocurrency exchange lost $ 5.4 million, stolen from hot wallets by unknown attackers.
October:
- Kik: The US SEC issued Kik a $ 5 million fine for an allegedly illegal stock offering.
- Harvest Finance: Hackers stole $ 24 million, but later returned $ 2.5 million. A $ 100,000 reward has been posted for information leading to the recovery of funds.
November:
- GoDaddy: GoDaddy has admitted that its staff became the victim of a social engineering campaign that led to email and DNS record based attacks against Liquid.com and NiceHash.
- Akropolis: Akropolis suffered a flash loan attack and $ 2 million in cryptocurrency was stolen. The company later offered the hacker a “bug bounty payment” in exchange for the stolen funds.
- Operation Egypto: US and Brazilian law enforcement has seized $ 24 million in cryptocurrency from individuals allegedly linked to an online investor fraud scam.
- Silk Road: The United States Department of Justice has seized $ 1 billion in Bitcoin, which is said to come from the now defunct Silk Road market.
December:
- As new cybersecurity incidents occur, we will update for the month of December.
Previous and relative coverage
Do you have a suggestion? Get in touch securely via WhatsApp | Signal on +447 713 025 499 or in addition to the key base: charlie0