Crypto owners can be excused for twitching displays of PTSD when checking the latest Bitcoin and crypto news.
With respected digital exchanges Cryptopia and QuadrigaCX already dead and buried within the first few months of 2019, world number 1 exchange Binance relieved of $40million in a hack last month, and desktop wallet Electrum still under siege from a 150,000 computer-strong botnet, it appears to be the year of living dangerously if you still keep your money on centralized exchanges and software-based crypto wallets, and on a hardware wallet.
Here are 4 crypto horror stories from the last week that should give you the heebie-jeebies. Grab your significant other, heat up some popcorn and read on.
Tale 1: Crypto platform Komodo “hacks” its own wallets to prevent $13million theft
Blockchain company Komodo has just released a shocking press statement
After one of its users found a major security flaw in one of its wallets, the crypto startup decided on an unprecedented course of action, choosing to “hack” its own Agama wallets before malicious actors got the jump on them.
The Komodo security team liquidated over 8 million Komodo (KMD) virtual assets and nearly 100 BTC from user wallets in an effort to thwart any potential hacker attempt to steal the vulnerable wallets. The estimated value of the retrieved crypto involved in the “rescue operation” is estimated at $13 million.
The statement mentioned the following:
“After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker.”
This Youtube video shows how hackers would’ve been able to access and steal the private keys of Komodo wallets.
In a couple of Twitter posts, Komodo has promised to return users’ funds by June 15th and urged users to complete a retrieval process in order to claim their assets back as soon as possible.
While Komodo has been praised by some for their quick-thinking actions that likely foiled another major crypto heist, the incident still raises a lot of security issues for both the company and crypto owners at large.
In particular, it is worrying that it took an external party to alert them to the threat. Secondly, it raises eyebrows that the company was able to gain access and move user assets within such as short time.
Users can track the temporary homes of their assets at these company wallets for the time being:
Tale 2: Super Mining Malware BlackSquid infecting US & Thailand computer networks
With the Electrum DoS attack still ongoing, the last week brought a major new cybersecurity threat with the ominous name “BlackSquid”.
Trend Micro researchers have discovered a new “crypto jacking” malware family which combines both server exploits and brute force techniques to penetrate computers and install malware in order to mine the notorious privacy coin Monero (XMR).
At the end of last month, BlackSquid (as named by the discovering team) was most active in Thailand and the United States, researchers said, with the majority of its attacks hitting Thailand and the US, according to the researchers. The malware family includes a cutthroat list of feared exploits that include EternalBlue and DoublePulsar.
How does BlackSquid infect a system?
Blacksquid is extremely sophisticated and uses advanced techniques to avoid sandboxing, virtualization and debugging before it installs itself. The malware behaves like a worm, infecting other network systems after it has breached the defenses of the initial computer.
The malware gains system access through compromised web pages and servers, as well as USB or network drives.
Incredibly, the malware only installs itself if it thinks that it has not been noticed by computer security software. It then also targets users GPU’s if possible.
Worryingly, it seems that the hacking software is still in only a testing phase, with a full-scale invasion possible in the future. Trend Micro allayed users’ fears in its report by stating that while the malware is very sophisticated and powerful, most of the exploits utilized are already known and have patches available. The security company urged users to keep their computer security up to date with all the requisite patches at all times.
There are indications that this could be the summer of security threats. Leading anti-virus security firm Malwarebytes said last month that its software was used to block over 1 million requests to cryptojacking service CoinLoot, which allows website owners to use their visitors’ computers to mine cryptocurrencies.
Tale 3: FBI looking for Quadriga scam victims
After Canadian exchange QuadrigaCX’s CEO Gerald Cotten mysteriously died earlier this year in India and purportedly took the private keys to $250 million of his customers’ crypto assets with him to the grave, speculation was rife that it was part of an elaborate exit scam.
With the formerly respected trading platform filing for bankruptcy soon after, multiple US government agencies are now looking into the demise of the exchange.
In an FBI press release this week, it seems that the Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), US Attorney General and Department of Justice’s Computer Crime and Intellectual Property Section are coordinating their efforts to bring the culprits responsible to justice.
The FBI is still collecting information from victims. If you or any acquaintance were victims of the Quadriga scam, please complete this official FBI questionnaire.
QuadrigaCX is alleged to still owe as much as $160 million to affected users, with no solution in sight.
Tale 4: Ex- Mt.Gox CEO says Bitcoin security needs to be upgraded
This week, Mark Karpeles, disgraced former boss of hacked exchange Mt.Gox came out of the woodworks to weigh in on the crypto industry’s overall security ( and promote his new “solution”).
Karpeles talked about the intense pressure and work schedule he suffered under that lead to the hack and subsequent demise of Mt.Gox. He had the following warning for digital exchanges:
Perhaps now, the people in charge of operating the virtual currency exchange centers have learned to manage this pressure. However, human error cannot be prevented as long as risk is covered manually…it is still impossible to eliminate risk. Innovation of cryptographic technology is a must.”Mark Karpeles
Karpeles went on to highlight specific flaws in Bitcoin technology that he felt needed updating, and which you can read here.
That’s all for this edition. Sleep tight!
CoolWallet S Team