Justin Sun offers 5% deal to $120M Poloniex crypto-robbers The Register

The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday. Justin Sun, who also founded the Tron Foundation currency system, offered a so-called "White hat bounty" to those who siphoned the exchange's wallet dry, in return for the rest of the stolen funds being repaid. "We are offering a five percent white hat bounty to the Poloniex hacker," Sun wrote. "Please return the funds to the following ETH/TRX/BTC wallets. We will give you 7 days to consider this offer before we engage law enforcement." The founder made the announcement shortly after the exchange said it had disabled its wallet, citing "Maintenance" as the reason. "The Poloniex team has successfully identified and frozen a portion of the assets associated with the hacker's addresses," Sun alleged. "At present, the losses are within manageable limits, and Poloniex's operating revenue can cover these losses." "Additionally, the team have restored Poloniex's systems, preserved relevant evidence, and in the coming days, we will work diligently to gradually resume deposits and withdrawals on Poloniex, ensuring 100 percent security. Apologize for any inconvenience this may have caused." Blockchain security company SlowMist has compiled all of the data related to the attack on Poloniex into a publicly accessible spreadsheet. At the time of writing, the attack had led to the theft of $130 million worth of cryptocurrency assets across hundreds of transactions. Cyvers, another blockchain security company, was among the first to alert the public to the woe at Poloniex at 1055 UTC on November 10, saying multiple suspicious withdrawals were made from the exchange's hot wallet. About an hour later, Sun confirmed the exchange was aware of the issues and was investigating. According to SlowMist's data, the attacker drained myriad types of tokens. Scans of the Ethereum and Sun-owned Tron blockchains revealed a wallet titled "Poloniex hacker" is offloading the assets en masse in exchange for Ethereum and Tron tokens. Poloniex's incident is the latest in a long line of high-profile wallet-draining attacks in the blockchain community. The Monero Project announced last week that one of its wallets reserved for community crowdfunding initiatives was drained of XMR worth more than $400,000. A sub-group of North Korea's state-sponsored Lazarus offensive cyber operation, tracked as "BlueNoroff" is believed to be behind at least some of the attacks that have been ongoing since April. Speaking to The Register, cybersecurity expert Dominic Alvieri said that although key facts are yet to be established, the attack on Poloniex appears to share the same MO as Lazarus' previous work. As for how the Monero Project was drained, the lead maintainers are still without answers. Industry experts pointed to LastPass's 2022 breach as a possible method of stealing wallet seeds, an idea that LastPass has refuted.

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Justin Sun offers 5% deal to $120M Poloniex crypto-robbers The Register

Justin Sun offers 5% deal to $120M Poloniex crypto-robbers The Register - The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday. Justin Sun, who also founded the Tron Foundation currency system, offered a so-called ...
1 year ago Theregister.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2007-2764 - The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) ...
5 years ago
CVE-2011-2263 - Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows local users to affect confidentiality via unknown vectors. Per: ...
13 years ago
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com
CVE-2007-1681 - Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via ...
6 years ago
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
1 year ago Bleepingcomputer.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2021-47130 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
Crypto wallet-draining attacks necessitate security rethink The Register - Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Introduced in 2019, CREATE2 is seen as a significant advancement for Ethereum, allowing for more efficient ...
9 months ago Go.theregister.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
11 months ago Bleepingcomputer.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
11 months ago Bleepingcomputer.com
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
11 months ago Infosecurity-magazine.com
Android/SpyNote Moves to Crypto Currencies - Affected Platform: AndroidImpacted Users: Android users with mobile crypto wallet or banking applicationsImpact: Financial LossSeverity Level: Medium. It has grown into one of the most common families of malware for Android, with multiple samples, ...
10 months ago Feeds.fortinet.com
Cybersecurity M&A Roundup: 25 Deals Announced in December 2023 - Twenty-five cybersecurity-related merger and acquisition deals were announced in December 2023. Audit, cybersecurity and IT training firm ACI Learning has acquired Infosec Learning, a company that provides virtual labs and cyber ranges for ...
11 months ago Securityweek.com
Hackers Stole Cryptocurrency Worth $2 Billion in Year 2023 - As per crypto security firms, this was the first time since 2020, that the trend has been declining. Based on dozens of cyberattacks and thefts this year, hackers stole over $2 billion in cryptocurrency, according to De.FI, the web3 security company ...
11 months ago Cysecurity.news
Massive Data Breach at Gokumarket: Over a Million Users' Information Exposed - Several days before the leak, the GokuMarket team found an unprotected MongoDB instance, which was storing information about its users, namely those who bought and sold crypto on the exchange. In GokuMarket's case, it is the details of more than a ...
1 year ago Cysecurity.news
Best Platform To Catch Up on Crypto News? - That is why crypto publications such as InsideBitcoins.com are getting a lot of traction. These guides give a complete analysis of new and old cryptocurrencies through multiple perspectives. Crypto price predictions are where InsideBitcoins.com's ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)