Attacks on various crypto projects and ecosystems brought millions of dollars to hackers and scammers.
According to the recent findings by the Atlas VPN team, blockchain hackers netted nearly $1.3 billion in 78 hack events throughout Q1 2022. In addition, hacks on Ethereum and Solana’s ecosystems attributed to over $1 billion in losses alone during this quarter.
The Ethereum ecosystem lost nearly $636 million to attackers in 18 hack events throughout Q1 2022. The biggest hack of the quarter happened just at the end of March when the Axie Infinity sidechain Ronin Network experienced a security breach. Attackers stole 173,600 Ethereum and 25.5 million USDC worth $610 million.
The Solana ecosystem suffered 5 hack events and lost $397 million in 2022 Q1. Wormhole, a communication bridge between Solana and other DeFi networks, experienced the second most significant hack of the quarter and lost about $334 million.
Cybercriminals hacked projects in the Binance Smart Chain ecosystem 14 times, accumulating nearly $100 million in losses.
Other types of hacks on blockchain caused almost $57 million in losses throughout 10 events. IRA Financial Trust, which provides self-directed retirement accounts, lost $36 million to a crypto hack.
NFTs were the top target among cybercriminals with 20 hacks and nearly $49 million in losses. Many scammers are launching NFT projects, which turn out to be rug pull scams.
Exchanges were hacked out of $42 million in just 3 events.
Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on blockchain-related hacks:
“Blockchain project security should be one of the primary concerns for a person looking to invest in cryptocurrency. Most blockchain-related hack events happen because cybercriminals exploit flaws in the project code. A successful hack could cause significant losses to the creators and investors of the crypto platform.”
Blockchain hacks reach an all-time high
The growing market of cryptocurrencies entices not only legit people interested in the technology but also cybercriminals who want to exploit it.
Cryptocurrency projects experienced only 5 blockchain-related hack events in Q1 2018. Next year, in the first quarter of 2019, hacks increased by 1140% to 62. While in Q1 2020, hacks decreased to 13, in Q1 2021, blockchain-related breaches and scams jumped up by 154% to 33.
Blockchain-related hack events have reached an all-time high of 78 in Q1 2022. It represents a 136% increase in hacks compared to the first quarter of 2021.
To read the full article, head over to: https://atlasvpn.com/blog/blockchain-hackers-stole-nearly-700-million-in-q1-2022
Researchers Spot A New Malware Strain…. It’s Called Borat
Posted in Commentary with tags Security on April 4, 2022 by itnerdSecurity researchers at Cyble have spotted a new malware strain in the wild, dubbed Borat. Yes, as in the movie character. This malware includes features such as DDoS attacks, UAC bypass, ransomware deployments and much more. The malware is available on the darknet markets and enables threat actors to choose their compilation options to create small payloads that feature exactly what they need to tailor attacks to the threat actor’s use case.
Saryu Nayyar, CEO and Founder, Gurucul had this to say:
“Once again we see a variation of an existing attack put together as a new toolkit that uses various tactics and techniques to get their malware or ransomware evade existing security controls. It also shows that misusing privileged access controls is an emerging trend where identity monitoring and analytics is critical for emerging and modern security operations teams to combat compromised credentials and abuse of identity. However, the overall campaign shows the need for advanced analytics that leverage non-rule-based machine learning (ML) that can adapt to new threats and emerging variants, similar to this attack. Current XDR and SIEM solutions are mostly rule-based Artificial Intelligence and ML are unable to detect unknown, newer and emerging attacks without relying on updated models from vendors. We know that vendors are slow to disclose an attack let alone provide meaningful patches or updates in time to protect organizations. A change is needed to stay ahead of attackers.”
Clearly the threat actors behind this are clearly pretty crafty. Which is bad news for everyone else. Hopefully now that this has been exposed, defences can be built to stop this malware from being a huge problem.
UPDATE: I have additional commentary. First from Rob Shaughnessy, VP, Federal for GRIMM
“The recently disclosed malware variant being called BORAT RAT, named and initially reported by security research firm Cyble, Inc., appears to be a multi-purpose malware platform including remote access tools, spyware including platform accessory access, and the ability to crypto lock content and provide customizable ransom messaging. Although the individual elements of BORAT do not seem particularly novel, the availability of a prepackaged suite of malicious tools with integrated management and control capabilities is an emerging trend. The past few months have seen an acceleration in widespread reels of malware tools and techniques globally. We are likely to see more prepackaged malware sets like BORAT in the near future as more and more individuals and organizations take advantage of the wealth of malicious software now available for profit.”
Next I have commentary from Chris Olson, CEO, The Media Trust:
“Borat is a trojan built to order and sold through an organized campaign which exposes the role that darknet markets play in cybercrime today. They are one of many reasons we are seeing a rise in Web and Java-based malware with sophisticated features like polymorphic and obfuscated code, rapid URL shifting and more. It takes little expertise for attackers to target consumers and organizations through digital surfaces – only the money and inclination to acquire the right code from malicious actors who design it for a living.”
Leave a comment »