DomZlonamjerni softver i prijetnjeCryptohack Roundup: M2, Metawin Exploits

Cryptohack Roundup: M2, Metawin Exploits

Objavljeno na

spot_img

In the latest roundup of cybersecurity incidents in the digital assets space, various notable events have unfolded, including the M2 and Metawin hacks, a supply chain attack on LottieFiles, hackers targeting npm developers using Ethereum smart contracts, Craig Wright facing contempt of court, Alameda suing KuCoin, Binance seeking dismissal of SEC charges, and Immutable receiving a Wells Notice.

The first incident involved a hack on the centralized crypto exchange M2, where hackers managed to steal $13.7 million in assets, including Bitcoin, Ether, and Solana. M2 promptly restored customer funds and implemented enhanced security measures to safeguard user interests.

The second major incident was the theft of over $4 million from crypto casino Metawin’s Ethereum and Solana hot wallets. The hacker exploited a “frictionless withdrawal system,” leading to funds being transferred to KuCoin and a HitBTC service. While Metawin temporarily disabled withdrawals, they have since resumed, with CEO Richard Skelhorn mentioning personal coverage of the loss.

A supply chain attack targeted LottieFiles’ npm project Lotti-Player, allowing threat actors to inject a crypto wallet drainer into websites, potentially resulting in a significant loss of Bitcoin for at least one user. LottieFiles took swift action to address the issue and revert to a safe version of its platform.

Hackers have been targeting npm developers using Ethereum smart contracts to distribute cross-platform malware. The campaign, flagged by cybersecurity firms Checkmarx, Phylum, and Socket, utilizes typosquatted packages to trick developers into installing malicious code, highlighting the importance of vigilance in the software supply chain.

In a legal development, Craig Wright, who claims to be Bitcoin’s creator, is facing a contempt of court case over a $1.2 billion lawsuit against Bitcoin Core developers and Jack Dorsey’s Square. The case has been temporarily halted pending a contempt application hearing in December.

Alameda Research has filed a lawsuit against KuCoin to recover over $50 million in frozen assets. The dispute revolves around KuCoin’s refusal to release the funds, citing suspicious activities, prompting legal action to reclaim the assets.

Binance and its former CEO Changpeng Zhao have filed a motion to dismiss SEC charges questioning the classification of crypto assets as securities. Binance’s legal team argues that the SEC’s claims are unfounded and should be dismissed.

Lastly, Immutable, a blockchain gaming platform, has received a Wells Notice from the SEC, indicating potential enforcement action for alleged securities law violations related to its IMX token listing and private sales in 2021. Immutable is currently assessing the situation and preparing to address any regulatory concerns.

These incidents underscore the ongoing challenges and risks in the digital assets space, highlighting the importance of robust cybersecurity measures and regulatory compliance to protect investors and stakeholders in the evolving landscape of cryptocurrency and blockchain technology.

Link na izvor

Najnoviji članci

JFrog Identifies Critical Vulnerabilities In Machine Learning Platforms

JFrog, a software supply chain company, has recently uncovered a concerning trend in the...

Vulnerability in Cisco System Allows Attackers to Execute Commands as Root User

A critical vulnerability has been found in Cisco Unified Industrial Wireless Software, specifically impacting...

Potential Cisco Vulnerability May Result in Command Injection Threats

Cisco has issued a warning regarding a potentially critical bug discovered in its Unified...

Protecting Small Businesses from Holiday Cyber Threats

The holiday season can be a joyous time for small-to-midsize businesses, with the potential...

Još ovako

JFrog Identifies Critical Vulnerabilities In Machine Learning Platforms

JFrog, a software supply chain company, has recently uncovered a concerning trend in the...

Vulnerability in Cisco System Allows Attackers to Execute Commands as Root User

A critical vulnerability has been found in Cisco Unified Industrial Wireless Software, specifically impacting...

Potential Cisco Vulnerability May Result in Command Injection Threats

Cisco has issued a warning regarding a potentially critical bug discovered in its Unified...
hrCroatian