Multiple users have reported to have lost their classic ether approx. $300,000 on reddit on June 29th and June 30th.
An unknown hacker convinced 1&1 staff using social engineering techniques and got hold of https://www.myetherwallet.com/ and tricked the users sending money to the hacker wallet.
The hacker tricked the users and redirected the main domain after hijacking to his own server thereby altering the transactions. He obtained the secret key for anyone who tried to perform transactions and transferred the money to his wallet. The details of the hack is not known however the domain compromise was discovered when the developers of ether classic crypto currency requested users not perform any transactions on twitter.
After the initial hack, there was no way for the authors gain hold of their domain. Hence they reached out to cloud flare to mark this domain as suspicious as reported on bleepingcomputer. ( screenshot below)
After the domain was obtained the domain was taken offline for almost 3 days and informed the users not to panic as long their have the secret keys. They also informed users not to perform any kind of transactions nor post the secret key anywhere online.
The ultimate losses will be faced by its users who lost their Ether however the liability still falls on 1&1 domain company who allowed this to happen without proper verification.
Bitcoin cryptocurrency value is at its peak and the world is looking closely anything and everything around Bitcoin. Hackers are also trying to get a closer look at entry an exit points to find a way to break it and steal some bitcoins. Changelly is a cryptocurrency exchange service between digital currencies and hackers have targeted their […] Continue reading →
One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users. The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be […] Continue reading →
After Guardian’s post early on Whats App vulnerability was published last week, security experts from all over the word have been discussing the validity of this vulnerability and intensions behind it. Facebook denied this as a vulnerability going against Guardian and the intension behind it as design decision. However some of the most respected security […] Continue reading →
Its hardly been two weeks since release of iphone 7 and a security researcher claims that he has already jailbroken in less than 24 hours. Motherboard,a online news portal mentioned that “one teenage hacker has already had success in jailbreaking the iPhone 7 running iOS 10. In fact, the 19-year-old developer, Luca Todesco, claims to […] Continue reading →
The two names “Blackhat” & “Defcon” rings the bell as the scariest hacker conference for people around the world. People from various disciplines in security with their best researches are invited to speak at the event with room full of security savy folks. Its often said that these two conferences receive 1000’s of applicants and […] Continue reading →
The Office of Personnel Management and the Department of Defense are analyzing a data breach which has resulted in stealing of around 5.6 million fingerprint records of federal workers. Initial reports put the number at 4.5 million, however the latest report released on Wednesday 23rd September suggests that the number is as high as 5.6 […] Continue reading →
WD My Cloud or Western Digital My Cloud is an efficient Network Attached Storage system. The objective of the WD My Cloud NAS is to provide a cloud storage system for private applications such as home based cloud storage or a small business storage. The data on this private cloud can be accessed by the […] Continue reading →
If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […] Continue reading →
A malware has always been a major threat to devices, data and user accounts; but the threat increase manifold when a malware is more subtle and deep rooted like the one in an app creation tool! Such threats are real and already exist. XcodeGhost is an example of such malware. The counterfeit Xcode, termed as […] Continue reading →