Poly Network Exploit Results in Billions of Nonexistent Tokens

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.

Mixin Network Suspends Services Amid $200 Million HackOn Monday, Mixin Network, a decentralized peer-to-peer network whose project team is based in Hong Kong, officially confirmed a substantial security breach that resulted in the loss of approximately $200 million in crypto assets from its mainnet.Photo by GuerrillaBuzz on UnsplashSeptember 23 hackThis incident, disclosed via an X (formerly Twitter) post, prompted the immediate suspension of all deposit and withdrawal services on Mixin Network until further notice.The project team outlined that the hack occurred on September 23, exposing vulnerabilities that allowed malicious actors to compromise the database of a third-party cloud service provider. Mixin Network has taken action to address the situation, enlisting the expertise of Singapore-headquartered blockchain security investigator SlowMist and the support of Google to conduct a thorough investigation and formulate a recovery plan.At the time of the breach, Mixin Network’s holdings included $94.48 million in Ether, $23.55 million in Dai, and $23.3 million in Bitcoin, as reported in an independent investigation by PeckShield. The total value of assets affected amounted to $141.32 million.Cyvers, an Israeli Web3 security firm, has also been looking into the matter on Monday. In a social media post, the firm stated:”Our internal investigation has uncovered suspicious funding transactions involving @MixinKernel hacker addresses. Two of hacker addresses received 51 $ETH from 0x1795F0eBDa5A836aE63F28CE546E72de069A8bd2 who was interacted with @HuobiGlobal and @binance.”The firm goes on to call on Binance and its CEO Changpeng Zhao (CZ) and Huobi to help identify the wallet address in question.Halting withdrawalsIn response to the security breach, Mixin Network has temporarily halted all deposits and withdrawals on its platform. These services will only resume once the vulnerabilities have been identified and fully resolved. On X, the project stated:”Deposit and withdrawal services on Mixin Network have been temporarily suspended. After discussion and consensus among all nodes, these services will be reopened once the vulnerabilities are confirmed and fixed. During this period, transfers are not affected.”Details regarding the plans to recover the lost assets for affected users have yet to be announced.Despite initial promises that Mixin Network’s Founder, Feng Xiaodong, would address the incident in a public Mandarin live stream on September 25, links to the live stream were not provided on the official social media channels or the website mixin.network.The incident has garnered criticism on the basis of a lack of decentralization. One commentator stated:”Some of those blockchain protocols are so decentralized that when their cloud database is hacked, coins are also gone.”Ongoing hacksThis security breach on Mixin Network is the latest in a series of high-profile crypto-related incidents. Ethereum Co-Founder Vitalik Buterin recently fell victim to a SIM swap attack, which resulted in the compromise of his X (formerly Twitter) account.In a statement, Buterin revealed that the hackers had successfully executed a SIM swap, a type of attack that targets the victim’s mobile phone number to gain unauthorized access to various online accounts, including social media, banking, and cryptocurrency platforms.The repercussions of the Mixin Network hack underscore the ongoing challenges faced by the crypto industry in ensuring the security and protection of digital assets. As investigations continue, affected users await further developments and the eventual resumption of deposit and withdrawal services.

Bithumb Introduces Crypto Data Service Amid Fight for ProfitabilityBithumb, one of the major cryptocurrency exchanges in South Korea, has announced the launch of a new service called Insight, aimed at providing real-time data and analytics about crypto trading. This strategic step is seen as part of Bithumb’s response to address its recent profitability challenges.Market patterns and trendsThe service, as reported by local news agency Yonhap News, leverages customers’ data to deliver market patterns in real time. By utilizing Insight, users can gain access to information such as the top three most-searched cryptos, rankings of price growth over specific periods, and price trends of major cryptos.In addition to these features, Bithumb offers insights into the trading behavior of the largest investors on the platform by showcasing the types and proportions of cryptocurrencies they purchased on the previous day. This functionality enables ordinary investors to gain a glimpse into the strategies employed by these influential players.Bithumb provides indicators that identify cryptos experiencing upward momentum or reaching their lowest points. Users can also access other data, including Bitcoin dominance, which indicates Bitcoin’s market capitalization relative to the overall crypto market cap. Additionally, the service presents information regarding the volatility of recently listed cryptos and those that have been flagged by the exchange as potentially concerning.Photo by Алекс Арцибашев on UnsplashDesktop and Android firstThe service is accessible today starting from 11:00 AM (Korea Standard Time) on desktop and Android. The iOS version is set to be released at a later time.Recent strugglesThe Korean crypto exchange’s move comes after Bithumb Korea, the exchange’s operator, has embarked on streamlining its businesses. Due to difficulties in generating profits, Bithumb Korea shut down its tech solution subsidiary Bithumb Systems, which was responsible for developing blockchain and exchange technology.Prior to that, the Bithumb exchange had closed its research center due to a decline in trading volume, even though the facility had significant value in aiding investors to make more knowledgeable choices.