The Week in Breach – Biggest Cryptocurrency Theft to Date

Make sure to add us or contact us for the latest news

Real-Time Service Alerts




Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch


KEY POINTS
  • Poly Network said all but $33 million of the $600 million worth of stolen tether digital coins have now been returned.
  • But $268 million of assets is locked in an account that requires passwords from Poly Network and the hacker.

Nearly all of the $600 million stolen in one of the biggest cryptocurrency heists ever has now been returned by hackers, according to the platform targeted in the hack.

Poly Network said Thursday that all of the funds except $33 million worth of the tether digital coin have been transferred back.

The issuer of tether, a so-called stablecoin pegged to the U.S. dollar, used a built-in failsafe to freeze the assets soon after the theft.

In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not known.

“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”

Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.

But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is locked in an account that requires passwords from Poly Network and the hacker to gain access.

“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.

In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”

Record ‘DeFi’ hack

Poly Network is what’s known as a “decentralized finance” system. DeFi projects aim to use blockchain — the technology which underpins most cryptocurrencies — to replicate traditional financial services like loans and trading.

In Poly Network’s case, the DeFi system allows users to transfer tokens from one blockchain to another.

Someone exploited a vulnerability in Poly Network’s code, allowing the hacker to transfer tokens to their own crypto wallets. The platform lost more than $610 million in the attack, according to researchers at security firm SlowMist.

Poly Network called it “the biggest in defi history.”

The self-proclaimed hacker claims they carried out the theft “for fun” and that it was “always the plan” to eventually return the funds.

Read more here

and here

Dark Web ID’s Top Threats This Week


 

Advanced Technology Ventures

https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/

Exploit: Ransomware

Electronic Arts (EA): Video Game Maker

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.207 = Extreme

Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.326 = Extreme

Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident

Customers Impacted: Unknown

How It Could Affect Your  Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.

IntegraMSP to the Rescue: What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>

SeniorAdvisor

https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/

Exploit: Misconfiguration

SeniorAdvisor: Senior Care Review Site

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.663 = Severe

Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.271 = Severe

This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.

Customers Impacted: 3 million

How it Could Affect Your Business Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.

IntegraMSP to the Rescue: Developing a strong security culture that is savvy about phishing is essential for maintaining security in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>


University of Kentucky

https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/

Exploit: Hacking

University of Kentucky: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.

Customers Impacted: Unknown

How it Could Affect Your Business Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.

IntegraMSP to the Rescue:  Organizations are safer when everyone is on the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! WATCH NOW>>

Reindeer

https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-people

Exploit: Misconfiguration

Reindeer: Digital Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.705 = Severe

New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.622 = Severe

PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.

Customers Impacted: Unknown

How it Could Affect Your Business Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.

IntegraMSP to the Rescue: Help your clients build their cyber resilience to insulate them from these pitfalls. Learn more about why cyber resilience is the ticket to a safer future for your clients. CONTACT US>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.