Hackers used a vulnerability in NFT collection platform Premint to steal more than 300 blockchain entries, netting more than $421,000 in stolen proceeds, all has been deposited into Torando Cash. The incident is among the largest NFT thefts this year. Some Premint users also saw a Rickroll.
Crema Finance has published its compensation and recovery plans following last week's $8.8 million hack on the Solana blockchain-powered concentrated liquidity protocol. The hacker has returned the stolen funds in exchange for a bounty offered by the company.
The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hackers who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says the investigation is ongoing.
The U.S. Department of Justice is touting a string of indictments against accused cryptocurrency and NFT fraudsters, including against a Vietnamese man who is allegedly behind the Baller Ape rug pull, the largest such NFT fraud to date. Rug pulls are the largest form of cryptocurrency-based crime.
Cryptocurrency experts are fingering North Korea as likely responsible for the cryptocurrency theft of $100 million from the Harmony Horizon bridge. North Korea fuels its nuclear weapons program with stolen cryptocurrency used to dodge international sanctions that prevent ready access to cash.
Blockchain company Harmony has offered a $1 million bounty to hackers who stole $100 million worth of Ethereum tokens. It says it won’t push for criminal charges if the funds are returned. The exploit did not affect the trustless Bitcoin - BTC - bridge, the company says in its tweet thread.
A new Android malware that can steal financial data, credentials, crypto wallets, personal data and cookies; bypass multifactor authentication codes; and remotely control infected devices is targeting online banking customers and financial institutions, cybersecurity researchers at F5 Labs say.
A "technically sophisticated" threat campaign is cloning cryptocurrency apps to steal funds from web3 wallet users, security researchers at Confiant say. The campaign, dubbed SeaFlower, uses cloned wallet apps offered by MetaMask, Coinbase, imToken and TokenPocket to carry out the theft.
SSNDOB, a darknet marketplace selling stolen Social Security numbers and birthdates, has been shut down, says the U.S. Department of Justice. The takedown was the result of a multiagency effort involving the IRS-CI, the FBI, the DOJ, and law enforcement agencies of Cyprus and Latvia.
Billions of dollars have already been lost in crypto exchanges, and some of the some losses have been due to "basic" security failures, including third parties not implementing common controls, says Troy Leach, security executive in residence at Cloud Security Alliance.
Undisclosed attackers have likely stolen $1.7 million by deploying Clipminer, a cryptomining and clipboard hijacking malware, on compromised systems, says the Symantec Threat Hunter Team. According to the team, Clipminer is a copycat or an evolved version of cryptomining Trojan KryptoCibule.
Android spyware FluBot's infrastructure was disrupted by the Dutch police as part of a multinational law enforcement operation in May, rendering this strain of malware inactive, Europol says. The agency is continuing its probe into identifying the actors responsible for the malware campaign.
The FBI says in an alert that scammers have been posing as Ukrainian entities to fraudulently seek donations and other financial assistance for the war-torn country. The agency says scammers in the past have also used crises as opportunities to cash in with fraudulent donation schemes.
Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol says. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?
Financial services firms lose an average of $18.5 million per year through malicious activity like leaked credentials, payment fraud, money laundering, fake account registration, loyalty abuse, and more. Fraud prevention depends on effective intelligence gathering, and few firms have the tools or personnel to...