Category: cryptocurrency

In episode 406 of the "Smashing Security" podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls' safety online. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

It looks like a very sophisticated attack against the Dubai-based exchange Bybit:

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

[…]

…a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”

The announcement on the Bybit website is almost comical. This is the headline: “Incident Update: Unauthorized Activity Involving ETH Cold Wallet.”

More:

This hack sets a new precedent in crypto security by bypassing a multisig cold wallet without exploiting any smart contract vulnerability. Instead, it exploited human trust and UI deception:

  • Multisigs are no longer a security guarantee if signers can be compromised.
  • Cold wallets aren’t automatically safe if an attacker can manipulate what a signer sees.
  • Supply chain and UI manipulation attacks are becoming more sophisticated.

The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link. This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The industry needs to move to end to end prevention, each transaction must be validated.

From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are being warned about a swathe of scams hitting stadiums and arenas around the world. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Plus don't miss our featured interview with Cliff Crosland of Scanner.dev.

Over the years, we have witnessed numerous applications scanning smartphones for intelligence, extracting data, and transferring it to remote servers. However, cybercriminals appear to have taken their tactics a step further. Recent findings indicate that hackers have now developed malicious applications capable of analyzing screenshots and photos stored on mobile devices to extract sensitive seed phrases.

Kaspersky, a renowned Russia-based cybersecurity firm, has uncovered this alarming development. The company warns that cybercriminals are leveraging this technique to target cryptocurrency users, particularly as digital assets like Bitcoin continue to experience high volatility against the US dollar. The ability to extract and misuse seed phrases poses a significant threat, as it provides unauthorized access to cryptocurrency wallets, potentially leading to substantial financial losses.

According to Kaspersky’s security researchers, malicious actors are embedding these data-stealing functionalities into seemingly legitimate applications. These apps often masquerade as shopping, gaming, and utility-based software. However, rather than serving their stated purpose, they operate covertly, scanning images stored on users’ devices to identify and extract seed phrase information before transmitting it to remote servers.

One such software identified by researchers is Sparkcat, a crypto-stealing malware that has been found embedded within various applications. Kaspersky reports that its team has already detected over 18 different applications harboring such malware. Given that app stores host millions of applications, it is highly likely that many more fraudulent apps are lurking undetected among them.

To understand the severity of the issue, it is essential to comprehend the function of seed phrases. These phrases consist of a unique sequence of randomly selected words that serve as an access key to a cryptocurrency wallet. Essentially, the security of all digital assets within the wallet depends on this seed phrase.

Many cryptocurrency users, for convenience, choose to store their seed phrases by taking screenshots, photos, or digital notes on their mobile devices. Unfortunately, this common practice is precisely what cybercriminals are exploiting. Once malware gains access to the device’s gallery or storage folders, it can scan and extract these phrases, leading to unauthorized access and potential theft of funds.

To mitigate the risks associated with such cyber threats, cryptocurrency users must adopt safer practices. Instead of storing sensitive information in easily accessible locations, users should leverage secure password management applications or encrypted storage solutions specifically designed to safeguard confidential data, including cryptocurrency wallet credentials.

As cyber threats continue to evolve, it is crucial to remain vigilant and proactive in protecting sensitive information. By implementing better security measures and staying informed about emerging threats, users can significantly reduce their vulnerability to cyber-attacks and ensure the safety of their digital assets.

The post Mobile security alert as Google App Store apps start scanning for screenshot Seed Phrases appeared first on Cybersecurity Insiders.