We round up the week’s most important cybersecurity news.
- Hackers breached Liquid, the exchange’s hot wallets. Elliptic estimates the losses at $97 million in cryptocurrency.
- End-to-end encryption for voice and video calls has landed in Facebook Messenger. Personal messages in Instagram are next.
- The United Russia party unveiled the ‘Digital Manifest’.
The Poly Network saga continues: hacker threatens to delay repayments
The Poly Network hack saga is far from over.
After the hacker began returning the stolen assets, the protocol developers published a roadmap for asset restitution and announced the launch of a bug-bounty program with a total fund of $500,000.
However, due to the prior freezing of $33 million in USDT, the hacker threatened to delay the repayment completion, saying he ‘feels distrust’.
In August, the hacker withdrew $611 million in cryptocurrency from Poly Network, and later said that he hacked the protocol ‘for fun’.
Liquid cryptocurrency exchange hacked
This week, the Japanese cryptocurrency exchange Liquid was hit by a hack. Hackers targeted the platform’s hot wallets.
Initial losses were estimated at $80 million, but Elliptic later reported the crypto stolen at $97 million.
The United Russia party unveiled the ‘Digital Manifest’
The United Russia party presented the ‘Digital Manifest’. Its authors urged against digital discrimination, ‘total digital surveillance’, and emphasised the importance of freedom of speech online as well as personal data protection.
It also states that the Russian Internet segment should operate reliably ‘under any sanctions and outages from abroad’, but this does not mean the introduction of a ‘digital iron curtain’.
Personal data of FBI terrorism suspects exposed online
A copy of the FBI’s confidential terrorism suspect list leaked online.
Cybersecurity researcher Bob Diachenko reported that he found a database with 1.9 million records in July on a server with a Bahrain IP address. It contained sensitive information, including the names and passport numbers of suspects in terrorism cases.
The list is also referred to as a ‘no-fly list’ — a list of people who are not allowed to board planes, notes Bleeping Computer. Diachenko noted that it could include people suspected of terrorism but not necessarily accused of any crime.
The discovered server was indexed by search engines Censys and ZoomEye — indicating that others besides the researcher could access the database.
On the same day he notified the Department of Homeland Security, the server was taken offline only after three weeks.
In the wrong hands, this list could be used to harass, intimidate or persecute the individuals involved and their families, Diachenko said.
Facebook rolled out end-to-end encryption for voice and video calls in Messenger
Facebook Messenger rolled out end-to-end encryption for voice and video calls. The company also announced the start of testing protection for private messages with end-to-end encryption in Instagram among a limited group of users.
Earlier we explained why governments dislike this technology and whether it can be banned.
Brazil’s National Treasury hit by ransomware
Brazil’s National Treasury was hit by ransomware, ZDNet reports. Initial assessments suggested no damage to its systems.
As noted, according to Comparitech’s study, Brazil lost $26 billion in 2020 due to hacker attacks.
The closed darknet marketplace AlphaBay announces revival
One of the administrators of the closed darknet platform AlphaBay, under the alias DeSnake, announced the marketplace’s revival.
As reported by Bleeping Computer, to prove his identity he provided the original PGP public key used during AlphaBay’s operation.
DeSnake said he plans to build a ‘professionally run, anonymous, secure market’ and to create an autonomous decentralized network of marketplaces where anyone can set up a trading platform.
From the description, this looks like the Amazon for the darknet, allowing sellers and buyers to move from one store to another, using a single account and not entrusting anyone with their cryptocurrency, notes Bleeping Computer.
Also on ForkLog:
- Since the start of the year, experts have found more than 1,500 fraudulent sites, aimed at crypto investors.
- A white-hat hacker prevented a potential $350 million theft from the SushiSwap DeFi project.
- T-Mobile opened an investigation into a potential data breach of 100 million users.
- The darknet-checking service for ‘dirty’ Bitcoin suspended operations.
- A Moscow court fined Google 20 million rubles for failing to remove content banned in Russia.
What to read this weekend?
There have already been several major hacks of cryptocurrency platforms in 2021. Last year, hackers were not idle either. We remember the most significant attacks of 2020.
Read ForkLog’s Bitcoin news on our Telegram channel — cryptocurrency news, prices and analysis.