Swindlers who used a bitcoin Ponzi scheme to rob around 56,000 people of over 21.2 billion won ($18.7 million) were arrested last Thursday.
The swindlers lured people with scant knowledge about the digital currency, mostly elderly people, housewives and retirees, with recruitment bonuses and free cryptocurrency.
(source: Korea JoongAng Daily)
Singapore-based DragonEx, one of the top 50 cryptocurrency exchanges by trading volume, estimated that the value of the funds stolen in the hack on March 24 is around USD 7 million (Source). Funds were stolen and landed on these wallets
Stolen were 20 assets among other bitcoin (BTC), ether (ETH), XRP, litecoin (LTC), EOS and tether stablecoin (USDT)
Below is a text version of the list of wallets shared by the DragonEx exec.
EOS: worldfoxprin whatagoodeos
A 18-year-old hacker has been referred to prosecutors in Utsunomiya, Japan for stealing crypto running into millions of Yen. He hacked Monappy: a digital wallet that can be installed on smartphones. The 18-year-old stole 15 million yen ($134,196) in crypto. The heist occurred between August 14 and September 1, 2018. The hack affected 7,700 Monappy users. Source: Japan Today
Per the post-mortem, the still-anonymous attacker was able to breach a third-party software used by LocalBitcoins, but was quickly shut down. Interestingly, Vera claimed that six cases have been all but confirmed, contradicting the five incoming transactions on the suspicious address. This discrepancy wasn’t addressed, so it can be assumed that the hacker managed to siphon funds into another address.
@LocalBitcoins has apparently been compromised. Users are claiming its forums were redirecting them to a login page that was a phishing website.
— Francisco Memoria (@FranciscoMemor) January 26, 2019
The attack begins January 5th at 19:58:15 UTC. Days pass before anyone notices. The attacker dupes several exchanges in the process including Coinbase, Bitrue, and Gate.io. the attack is simple
- Make a deposit,
- make a withdrawal.
Attacker was having the hashpower to ensure that the transactions he wants to exist exist (deposit) and that the ones he’d rather be forgotten are (withdrawal).
Two addresses certainly involved in the attack possess over 53,000 ETC
A scary scheme by hackers recently successfully lifted Bitcoin from Electrum wallet owners to the tune of approximately $750,000.
The attackers added anywhere between 33 and 50 malicious servers to the Eletrum wallet network. When legitimate owners of Electrum Bitcoin wallets initiated a Bitcoin transaction after December 21, 2018, if the transaction was routed through a malicious server, the user received an error message surging the user to download a wallet app update coming from an unauthorized GitHub depository. Once they download the malicious update, the app asks the user for a two-factor authentication code, which is then used by the thief to steal the user’s funds and transfer the funds to the hacker’s Bitcoin address.
The attacks were reportedly successful because the server messages were delivered as rich-formatted texts, which made the popup alert look authentic and conveniently provided a link for users to click on to apply the update. Following discovery of the heist, Electrum reportedly updated the Electrum wallet app so the messages urging users to download the update no longer appear in rich HTML text. Still, one of the issues with cryptocurrency is the fact that it is not protected by the government and it is unclear what, if anything, these Electrum wallet users can do to get their stolen Bitcoin back.
Turkish investor called Kerem Albayrak, lost $170,000 because he lost his password and wallet recovery information.
“My wallet was newly transferred onto a Blockchain wallet created on the iMac after I had an incident with an offline wallet and got scared. I used an auto generate password by Apple with no iCloud to backup the keychain. When creating the assword, I took a screenshot on the iMac of the recovery phrase which is also now gone.”