Cybersecurity Highlights: CoinStats Wallet Breach and the Hype Around the ‘Fed Hack’

We have compiled the most significant cybersecurity news of the week.

1,590 CoinStats Crypto Wallets Compromised

On June 22, the CoinStats team reported a cyberattack affecting 1,590 crypto wallets hosted on the platform (1.3% of the total). The damage amounted to $2 million.

Update on the Security Incident

The attack has been mitigated, and we have temporarily shut down the application to isolate the security incident. 

1. None of the connected wallets and CEXes were impacted.

2. Thanks to the immediate incident reponse from the CoinStats team,…

— CoinStats (@CoinStats) June 22, 2024

The company shared a list of compromised addresses, but it soon became clear that some affected users were not included. The attack did not impact users’ external connected wallets or accounts on centralized exchanges.

Attackers attempted to exploit the CoinStats breach to promote fake fund recovery programs.

On June 28, six days after the incident, the team restored the service and announced compensation for those affected. 

Preliminary data suggests the North Korean hacker group Lazarus may be involved in the attack.

FBI Warns of Fake Cryptocurrency Recovery Services

Cybercriminals increasingly pose as law firms offering cryptocurrency recovery services to victims of investment scams, subsequently stealing their funds and personal information. The FBI issued a warning about this.

To gain trust, attackers may claim partnerships with government agencies or reference real banks and exchanges.

In executing the scheme, victims are asked for personal or banking information and required to pay an advance for ‘legal services’ or other fees. 

The FBI reminded that private organizations are not authorized to issue orders to seize cryptocurrencies, and federal agencies and local authorities capable of tracking stolen digital assets do so free of charge for victims. 

US Offers $10 Million Reward for Russian Hacker

The US authorities charged 22-year-old Russian citizen Amin Stigal with conducting cyberattacks on computer networks in Ukraine and other countries for the GRU.

According to the case materials, in January 2022, Stigal spread the pseudo-ransomware WhisperGate in the systems of dozens of Ukrainian government agencies. The attacker demanded a ransom of $10,000 in bitcoin, but the malware effectively damaged all disk partitions beyond recovery. The Russian also resold stolen data on the darknet.

Since August 2022, Stigal and his accomplices expanded the scope of their attacks: they breached the transport infrastructure of a Central European country and attacked government institutions in the US and other NATO member states.

The US Department of State announced a $10 million reward for information on the hacker’s whereabouts. He faces up to five years in prison.

LockBit Claims ‘Fed Leak’ but Releases Data from One Bank

On June 23, the hacker group LockBit claimed to have breached the Federal Reserve of the US, stealing 33 TB of confidential banking information. The cybercriminals threatened to release the data if a ransom was not paid within 48 hours.

On June 25, LockBit posted 21 links to files, but all were related to the third-party bank Evolve Bank and Trust. Researchers examined the dump but initially found no secret information. 

? #CyberAttack Update: ?

To summarize briefly, here’s what’s in the LockBit leak in the claimed attack on the US Federal Reserve:

They have apparently breached the American bank Evolve Bank & Trust.

For now, there is still no trace of ‘secret’ files, but the analysis is… https://t.co/bkL3x0NUH2 pic.twitter.com/49rUW4ilT4

— HackManac (@H4ckManac) June 25, 2024

Representatives of Evolve Bank & Trust confirmed the incident. The bank is in dialogue with affected users and continues the investigation with law enforcement.

Experts agreed that LockBit’s bold claim was an attempt to ‘stay relevant.’

Linux and Chrome Vulnerabilities for Sale for Thousands in Cryptocurrency

A user named Cas posted an advertisement on a hacker forum for the sale of a zero-day vulnerability UAF in the Linux kernel, which can be used to execute privileged code in one of the OS versions.

The source code is priced at $150,000 in Monero or bitcoin. IntelBroker acts as an intermediary in the deal — previously, he claimed leaks at AMD, Apple, Atlassian, and T-Mobile.

Another user, ctf, is selling a Sandbox Escape RCE bug in the Chrome browser. It potentially allows arbitrary code execution in affected systems.

The seller claims that testing confirmed the vulnerability’s effectiveness in Windows operating systems.

The item is priced at $1 million in Monero or bitcoin. 

Russian Exchange to Acquire BitOK’s AML/KYT Solution

The international service BitOK won an open tender to supply an AML/KYT solution, organized by the Kazan-based cryptocurrency exchange RSI GARANT.

Over a month, six major AML providers in the CIS underwent a thorough functionality analysis. BitOK was recognized as the best in three categories:

• data annotation quality;
• risk diversity;
• tracing mechanism.

Additionally, the client portfolio and market recognition of the service standard were evaluated. 

RSI GARANT will purchase the solution from BitOK and integrate it into its services on a permanent basis. 

Also on ForkLog:

• In Q2, losses from hacks and scams in crypto projects rose to $572 million.
• An expert called AI a tool for government surveillance.
• Binance blocked 297 ‘sybils’ in the Megadrop program.
• The Metallica X-account was hacked to promote a fake fan token.
• Study: Among US crypto brands, scammers most often choose Coinbase.
• The Ethereum Foundation warned of email phishing.
• The TON ecosystem was hit by a large-scale phishing attack.
• A MakerDAO delegate lost $11.1 million in crypto assets.
• The EigenLayer team implemented security measures against Sybil attacks.
• Experts estimated losses from the hack of the Turkish exchange BtcTurk at $54 million.

Weekend Reading Suggestions

In the News+ format, we discuss cyber threats created using generative AI.