Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

HTX exchange loses $13.6M in hot wallet hack: Report

HTX, formerly Huobi Global, suffered an estimated loss of $13.6 million as part of a $86.6 million exploit against the HECO Chain bridge on Nov. 22. According to a report from blockchain security firm Cyvers, the losses stem from three compromised hot wallets, with users and exchange assets swapped for Ether. Distributed to various Ethereum addresses thereafter. Among other coins and tokens, Cyvers said that 1,240 ETH, 7.3 million USDT , 1.78 million USD Coin , and 62,200 LIN were drained during the attack. Justin Sun, de-facto owner of HTX and founder of Tron and BitTorrent - both related entities - stated shortly after the exploit, "HTX Will Fully Compensate for HTX's hot wallet Losses. Deposits and Withdrawals Temporarily Suspended. All Funds in HTX Are Secure, and the Community Can Rest Assured." We are investigating the specific reasons for the hacker. Earlier in the day, the HECO Chain bridge, a cross-chain bridge created via the merging of the Tron and BitTorrent ecosystem in 2020, was drained of $86.6 million due to an allegedly compromised blockchain operator. In September, HTX was hacked for $8 million in another hot wallet exploit. At the time, Sun also claimed that "All user assets are SAFU and the platform is operating completely normally." The hack took place less than one month after its rebranding from Huobi Global to HTX, as announced during Token2049 in Singapore. Data from Nansen shows that wallets identified as belonging to HTX hold a combined $2.08 billion in user and corporate assets. Within the past 24 hours, the exchange had $1.3 billion in spot trading volume. A weekly pulse of the business behind blockchain and crypto.

This Cyber News was published on cointelegraph.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000

Cyber News related to HTX exchange loses $13.6M in hot wallet hack: Report

HTX exchange loses $13.6M in hot wallet hack: Report - HTX, formerly Huobi Global, suffered an estimated loss of $13.6 million as part of a $86.6 million exploit against the HECO Chain bridge on Nov. 22. According to a report from blockchain security firm Cyvers, the losses stem from three compromised ...
1 year ago Cointelegraph.com

Microsoft: Exchange 2016 and 2019 reach end of support in six months - This week's warning comes after Microsoft reminded IT admins in January that Exchange Server 2016 and Exchange Server 2019 will no longer receive technical support starting in October. The Exchange Server Engineering Team also shared guidance for ...
4 months ago Bleepingcomputer.com

The ticking time bomb of Microsoft Exchange Server 2013 - This is, of course, a common issue since 2021 or so, due to Exchange Server security woes- however there has been an abnormally high increase in the past few months, making me think there was some kind of Exchange Server zero day perhaps. In my own ...
1 year ago Doublepulsar.com

Microsoft: Exchange Server Subscription Edition now available - As the company explained, the Exchange Server SE RTM build released this week can be installed as a cumulative update (CU) on servers running Exchange Server 2019 CU15 or CU14, and it can also be joined to existing Exchange Server 2019 or Exchange ...
2 months ago Bleepingcomputer.com

Lazarus hacked Bybit via breached Safe{Wallet} developer machine - While investigating the attack, crypto fraud investigator ZachXBT discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address previously ...
6 months ago Bleepingcomputer.com Lazarus Group

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled - It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum in the last 24 hours, using the coin mix-up service ...
1 year ago Cysecurity.news Lazarus Group

Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
5 months ago Bleepingcomputer.com

North Korean hackers linked to $1.5 billion ByBit crypto heist - Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously ...
6 months ago Bleepingcomputer.com Lazarus Group

Justin Sun offers 5% deal to $120M Poloniex crypto-robbers The Register - The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday. Justin Sun, who also founded the Tron Foundation currency system, offered a so-called ...
1 year ago Theregister.com

Nest Wallet CEO Loses $125,000 in Wallet Draining Scam - The co-founder and CEO of a startup cryptocurrency wallet said he lost $125,000 in crypto in a scam, becoming among the latest victims of the growing threat of wallet drainer malware that one cybersecurity firm stole almost $300 million from more ...
1 year ago Securityboulevard.com

Navigating the Perilous Waters of Crypto Phishing Attacks - Key Highlights: Check Point Research Unveils Rise in Sophisticated Crypto Phishing: An investigation reveals an alarming increase in advanced phishing schemes targeting a variety of blockchain networks, employing wallet-draining techniques. ...
1 year ago Blog.checkpoint.com

Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
11 months ago Aws.amazon.com

Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds - Meanwhile, Coin98 Wallet contained a vulnerability allowing attackers to send crafted messages with isDev:true parameter to the Content Script, making the Background Script believe commands came from the legitimate Wallet UI rather than a malicious ...
4 months ago Cybersecuritynews.com CVE-2023-40580

Crypto wallet-draining attacks necessitate security rethink The Register - Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Introduced in 2019, CREATE2 is seen as a significant advancement for Ethereum, allowing for more efficient ...
1 year ago Go.theregister.com

Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
1 year ago Darkreading.com CVE-2024-21410 CVE-2024-2140 CVE-2024-21412 CVE-2024-21351 Fancy Bear

Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
1 year ago Gbhackers.com

Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
1 year ago Bleepingcomputer.com

Bybit Hack - Sophisticated Multi-Stage Attack Details Revealed - The malicious code contained an activation condition targeting specific contract addresses, along with transaction validation tampering designed to bypass security checks. Sygnia researchers identified that the earliest malicious activity began on ...
5 months ago Cybersecuritynews.com Lazarus Group

FreeDrain Phishing Attack Users to Steal Users Financial Login Credentials - Cyber Security News - These initial lure pages-typically a single large image of a legitimate wallet interface-redirect users through a series of hops before eventually reaching a phishing page designed to steal wallet seed phrases. This sophisticated campaign leverages ...
4 months ago Cybersecuritynews.com

Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms | The Record from Recorded Future News - The cryptocurrency exchange Bybit was hacked for more than $1.4 billion worth of Ethereum on Friday in what cybersecurity experts are calling the largest-ever theft targeting a cryptocurrency platform. Zhou speculated that the source of the ...
6 months ago Therecord.media Lazarus Group

Lazarus Group hackers appear to return to Tornado Cash for money laundering - North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November. Investigators at blockchain research company Elliptic said on Friday that in the last day they had ...
1 year ago Therecord.media Lazarus Group

FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist - Since the incident, crypto fraud investigator ZachXBT discovered multiple links to the infamous North Korean threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address used in the Phemex, BingX, and Poloniex hacks ...
6 months ago Bleepingcomputer.com APT3 APT38 Lazarus Group

Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
2 years ago Therecord.media

Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com

Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks - Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. The mail systems run a software version that is currently unsupported and no longer ...
1 year ago Bleepingcomputer.com CVE-2021-26855 CVE-2021-27065