 Show Posts
|
|
Pages: [1] 2 3 4 5 »
|
According to Glassnode, super-majority of Bitcoin investors are now holding a $1.2T in unrealized profits. Following a recovery to $107k, a super-majority of Bitcoin investors are now holding unrealized profits. In total, the unrealized profit held across investors sits at a staggering $1.2T. https://insights.glassnode.com/the-week-onchain-week-26-2025/But the thing is, this super majority is not going to sell anytime. It might include the majority of us here who are just keep HODLing Bitcoin and perhaps the only time that we might want to sell is in the last quarter of the year when the price hits around $150k or higher. So I guess this numbers is a good sign for everyone that there are a lot of HODLers and gone are the days that their is panic around when there is a negative news or FUD. |
|
|
|
Cyber actors recently clone a famous anti-virus software, Bitdefender as reported.  As you can see, it's very hard to distinguished what's real or what's fake visually. The only difference is that the real Bitdender website uses the word "free" often as compare to the fake site. The fake URL is: https[:]//bitbucket[.]org/sadsafsadfsadf/dsfgdsgssdfgdsg/downloads/BitDefender.zip And it contains malware stealer VenomRAT + SilentTrinity and StormKitty. The inclusion of SilentTrinity and StormKitty (both open-source malware tools) indicates the attacker’s dual focus: rapidly harvesting financial credentials and crypto wallets during initial access, while also establishing stealthy, persistent access for potential long-term exploitation. The implications of long term access may include repeat compromise or selling access. https://dti.domaintools.com/VenomRAT/So it's really a dangerous world out there. Specially that cyber actors are now duplicating this anti-virus software and we might take our guard down thinking that we are downloading from the real site. And then later on loss our crypto because we unfortunately didn't verify everything first. We really need to be very vigilant moving forward as criminals groups are increasing their attacks with sophistication to steal from us. |
|
|
|
As per the article, In February, we uncovered a threat actor targeting over 35,000 websites with a malicious full-page hijack injection. We’ve continued to monitor this actor’s activities and have identified new tactics and techniques. They’ve scaled up their operations significantly, as we now estimate that approximately 150,000 websites have been impacted by this campaign. https://cside.dev/blog/over-150k-websites-hit-by-full-page-hijack-linking-to-chinese-gambling-sitesWe have seen how gambling has really proliferated in the last couple of years. But this one is a very aggressive tactic as this campaign infects websites that we could have visited already with malicious JavaScript and then redirect us to sites that promoted gambling platforms. And when we thought that ads that look legitimate are bad here comes the worst part of it. |
|
|
|
Microsoft just recently gave us a warning about StilachiRAT. One of it's target is crypto wallets amongst others, including data in the clipboard and other sensitive information (login and password). Here are the list of the targeted wallets by this malware.  And it can also extra text from the clipboard and search for this string, the Tron Cryptocurrency blockchain that is popular in Asia, especially in China.  The mode of infection is nothing new though, this malware disguises themselves as legitimate software or software updates. https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/ |
|
|
|
Taking this two recent gambling topics here, Gambling loss lead to suicide!Luck and skill, which is more important for gambling success?And obviously, @memehunter's poker tournament, we might have to look at one of the greatest poker player we have in history, Ungar is one of two people in poker history to have won the World Series of Poker Main Event three times. He is the only person to win Amarillo Slim's Super Bowl of Poker three times, the world's second most prestigious poker title of its time.[3] Additionally, Ungar is one of only four players in poker history to win consecutive titles in the WSOP Main Event, along with Johnny Moss, Doyle Brunson and Johnny Chan. https://en.wikipedia.org/wiki/Stu_UngarUngar really live up life to the fullest, he was not only a gambler, but he turns out to be a cocaine addict as well that took his life. Here is Ungar winning the 1997 World series of Poker  Truly a legend, but it's just unfortunate that even he put his kids as his inspiration to gamble and win tournament and obviously have the money for them, he didn't take care of his body and abuse it leading to his death. And he really has the skills, specially learning to gamble at a young age because of the influence of his environment and he is really good at math and has a photographic memory that's why he became a legend. |
|
|
|
It seems that the cyber criminals behind the banking trojan Grandoreiro is back, but this time it evolved and target crypto currency as well. What's dangerous is that it focus on Latin-American countries and now also on their list is Africa, Europe, and the Indo-Pacific. And in this campaign, the cyber criminals sent a email with a link to view an invoice or fee, account statement, make a payment, etc. depending on the impersonated entity.  Sample1 email that the targeted victim received. Or another email like this,  So initially, if will check if the machine is not on the sandbox and collects the following information: - Computer name
- Username
- OS version information
- Installed Antivirus solution
- Country of the victim’s public IP (via http://ip-api.com/json)
- List of running processes
And what a clever trick, they are going to bloat their payload by more than 100 MB so that AV will skipped it. After that, when it is fetches everything from the C2 server, their command and control, it will go and profile their victims including crypto related wallets and exchanges and accounts.  https://securityintelligence.com/x-force/grandoreiro-banking-trojan-unleashed/-So again the rule of thumb, do not click any links in your email, specially attachments and you don't know the source. -Update your AV and OS -And again, we should always protect our account/password/crypto wallets. There nothing more than educating ourselves from this kind of attacks as obviously we are the heavy target |
|
|
|
Anyone still remember this? ExxonMobil Running Pilot Project to Supply Flared Gas for Bitcoin Mining Oil giant ExxonMobil (XOM) is running a pilot project to use what would otherwise be wasted gas from its North Dakota oil wells to power bitcoin mining operations, Bloomberg reported Thursday, citing people familiar with the matter.
The excess natural gas would have otherwise been burned off, or flared, because of the lack of enough pipelines. https://finance.yahoo.com/news/exxonmobil-running-pilot-project-supply-192552868.htmlThis news is like two years ago, and it they continue to mine Bitcoin with those wasted gas, then most likely they could be in the profit now? Or at least this is a good news for miners as bitcoin has been heavily criticize for it's mining as they say it affected the environment. |
|
|
|
FTX to refund customers at Bitcoin's prices below $18,000 Crypto exchange FTX has decided against resuming its operations and instead will proceed with asset liquidation to refund its customers, Reuters reported on Wednesday. However, under US bankruptcy proceedings, repayments will be calculated based on Bitcoin’s value in November 2022, specifically when Bitcoin was trading below $18,000. https://cryptobriefing.com/ftx-refund-bitcoin-customers/Is this has been discussed already? What are your thoughts about this one? For sure those who lost money in the FTX collapse will have to find console in getting some from FTX itself. But I don't think this is fair to their customers if they will be calculated on Value of Bitcoin in November 2022, just saying. It should be in full and should be based on the numbers of Bitcoin they have in this exchange, in my opinion. |
|
|
|
There were reports of another scam attack thru impersonation, but this time it's different, they uses blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer to fabricate that there was such breaches on Uniswap and OpenSea. So to impersonate, this cyber criminals a Twitter name that resembles the legit ones. For example, ZachXBT has the account @zachxbt, while the criminals created and tweeted from @zacheryxbt.  And after you click, you will be redirected to two websites: Good that this website has been taken down and offline, but the criminals was able to run off initially with $50,000. And I felt sorry for those victims. So in any case that this kind of attacks resurfaces again, just be cautious though and check everything first before you go and click any link. https://www.bleepingcomputer.com/news/security/fraudsters-make-50-000-a-day-by-spoofing-crypto-researchers/ |
|
|
|
 https://twitter.com/MarathonDH/status/1707067548661928108Not sure what kind of experiments that they are running, but it good that the network rejected it. According to them they are doing some experiments to optimized their operations. But still though, you don't messed the network or the blockchain and it just shows that bitcoin's network architecture is so strong that it can withstand this kind of experiments and then continue to run 99.99% of the time without breaking. What are your thoughts on this one? Do you agree that they can simple run a experiment, what if they succeed here? what will be the repercussions? |
|
|
|
It seems that the Android Malware has evolved again, this time using phishing page and then attracting users to update their Chrome browser and then downloading the malicious code thru sample like this.  And the scope is bigger now, not just to steal banking informations, but also expanded to other other crypto currency apps. Highlighted in bold are the newly added targets:     It was first reported by @lovesmayfamilis here: Android malware targets 13 bitcoin wallets and 400 banks. But this time, the threat actors has expanded including United States and more crypto currency apps depending on the demographics.
These areas include Spain, Portugal, Italy, Canada, and Belgium.
However, this latest campaign also added plenty of financial institutions from the United States, together with multiple crypto-wallet applications, totaling more than 100 different targets per sample, each one using a specifically crafted overlay to steal precious PII from the victim's infected device.
Actors have put a lot of effort into modules that support Samsung and Xiaomi devices. This makes sense, considering that these two combined make up roughly 50% of the whole Android market share, according to recent data presented in multiple recent studies.
https://www.threatfabric.com/blogs/xenomorphSo again, this is just another warning to be very careful with those androids apps that you think it is safe to download. |
|
|
|
 https://twitter.com/nansen_ai/status/1705137387838574904I'm not sure if this has been shared in our community, but if you received this email, then it's real as it comes from their official twitter account. "These users had their email addresses exposed, a smaller portion also had password hashes exposed, and a last, smallest group also had their blockchain address exposed." So if you are part of those account holders that have been exposed as her Nansen, then you have to reset everything. It's not a direct data breached though, it was a third-party vendors that has been compromised. Nevertheless, it's best for them to inform everyone and should take precautions. |
|
|
|
What Happened: Cryptocurrency lender Celsius who filed of Chapter 11 bankruptcy in mid July 2022, and exposed thousands of it's investors to suffer a big lost. But in the last couple of days, there have been emails circulating pretending to be be the from Stretto, the Claims Agent for the Celsius bankruptcy proceeding. And claims to offer creditors a 7-day exit window to claim their frozen funds. Website: https://claims-stretto.com/ So do not enter your email address, because once you entered a email address, it will prompt you to connect your wallet. And you know that once your connect your wallet, a bot will swipe every crypto assets you have.  The website has just been registered: Domain Name: claims-stretto.com Registry Domain ID: 2815369272_DOMAIN_COM-VRSN Registrar WHOIS Server: WHOIS.ENOM.COM Registrar URL: WWW.ENOMDOMAINS.COMUpdated Date: 2023-09-19T21:45:26.00Z Creation Date: 2023-09-19T21:45:00.00Z Registrar Registration Expiration Date: 2024-09-19T21:45:00.00Z Registrar: ENOM, INC. Registrar IANA ID: 48 Domain Status: addPeriod https://www.icann.org/epp#addPeriodDomain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibitedRegistrant Name: Whois Agent (279306283) Registrant Organization: Whois Privacy Protection Service, Inc. Registrant Street: PO Box 639 Registrant Street: C/O claims-stretto.com Registrant City: Kirkland Registrant State/Province: WA Registrant Postal Code: 98083 Registrant Country: US Registrant Phone: +1.4252740657 Registrant Phone Ext: Registrant Fax: +1.4259744730 Registrant Email: Admin Name: Whois Agent Admin Organization: Whois Privacy Protection Service, Inc. Admin Street: PO Box 639 Admin Street: C/O claims-stretto.com Admin City: Kirkland Admin State/Province: WA Admin Postal Code: 98083 Admin Country: US Admin Phone: +1.4252740657 Admin Phone Ext: Admin Fax: +1.4259744730 Admin Email: Tech Name: Whois Agent Tech Organization: Whois Privacy Protection Service, Inc. Tech Street: PO Box 639 Tech Street: C/O claims-stretto.com Tech City: Kirkland Tech State/Province: WA Tech Postal Code: 98083 Tech Country: US Tech Phone: +1.4252740657 Tech Phone Ext: Tech Fax: +1.4259744730 Tech Email: Name Server: NS1.AMSTERDAM-HOSTING.TO Name Server: NS2.AMSTERDAM-HOSTING.TO DNSSEC: unsigned Registrar Abuse Contact Email: Registrar Abuse Contact Phone: +1.4259744689 URL of the ICANN WHOIS Data Problem Reporting System: http://HTTP://WDPRS.INTERNIC.NET/The legitimate website is: https://cases.stretto.com/celsius/claims/
|
|
|
|
Another variant of crypto stealers has been discovered lately, called Statc Stealer. It is defined as a sophisticated malware that targets Windows OS for now, steals sensitive information, including web browsers, crypto wallets and other social media platform passwords. It is so sophisticated that it was developed using C++ and so has a evading skills and sandbox detection. Mode of infection:
The Zscaler ThreatLabz team recently discovered Statc Stealer. This malicious software gains access to a victim’s data by appearing like an authentic Google advertisement. Once the victim clicks on the advertisement, their operating system is infected with malicious code that steals sensitive data like credentials from web browsers, credit card information, and cryptocurrency wallet details. Unauthorized access to a victim’s computer system can have enormous personal and professional repercussions. Victims become easy targets for identity theft, cryptojacking, and other forms of malware attacks. At the enterprise level, a Statc Stealer breach can result in financial loss, reputational damage, legal liabilities, and regulatory penalties. Attack Chain:
 So once you download it in your system, it will steal every information that it can find and then send it to a command and control server. So they will have total control of your system then. Targeted Browsers:
- Chrome - Microsoft Edge - Brave - Opera - Yandex - Mozilla Firefox Stealing auto-fill data:
- Usernames and passwords - Email - Credit card details - Personal addresses - Payment information Crypto related wallets:
- Cryptocom-Wallet - Petra-aptos-wallet - exodus-web3-wallet - bitkeep-crypto-nft-wallet - liquality-wallet - ethos-sui-wallet - suite-sui-wallet - tallsman-polkadot-wallet - Enkrypt-ethereum-polkadot - leap-cosmos-wallet - pontem-aptos-wallet - fewcha-move-wallet - rise-aptos-wallet - teleport-wallet - martin-wallet-aptos-sui - avana-wallet-solana-wallet - glow-solana-wallet-beta - solflare-wallet https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat
So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware. |
|
|
|
 Anyone downloaded Super Mario 3: Mario Forever game for Windows? If yes, then your crypto accounts are in danger right now, as the downloader has a trojan in it. It comes in 3 executables: super-mario-forever-v702e.exe
java.exe
atom.exe Once it has been installed, it will executes them to run an XMR (Monero) miner and a SupremeBot mining client. But not only that, they've used what is commonly known as Umbral Stealer, take advantage of that program, This stolen data includes information stored in web browsers, like stored passwords and cookies containing session tokens, cryptocurrency wallets, and credentials and authentication tokens for Discord, Minecraft, Roblox, and Telegram. The game itself is being propagated thru gaming forums, so most likely it might have been downloaded thousand times already. And if you think you are a victim, then - Users need to monitor their system performance and CPU usage regularly.
- Installing a reputable antivirus and internet security software package on all connected devices, including PCs, laptops, and mobile devices, is highly recommended.
- Scan your PC for any malware and remove it if detected.
- To ensure your safety, reset your passwords for sensitive accounts such as banking, financial, cryptocurrency, and email.
- Use a unique password for each account and store it in a password manager for added security.
- When downloading games or any software, only from official sources like the publisher’s website or trustworthy digital content distribution platforms.
- Always scan any downloaded executables with your antivirus software before launching them and ensure that your security tools are up-to-date.
https://www.bleepingcomputer.com/news/security/trojanized-super-mario-game-used-to-install-windows-malware/https://gridinsoft.com/blogs/trojanized-version-super-mario-malware/ |
|
|
|
What Happened: Fake 5000 BTC Gemini Airdrop Website: https://winkbit.net/gemini-giveaway/#last-news  I saw this in my twitter feed, unfortunately, it might have been deleted already. Nevertheless, since there is a big buzz about institutional money coming in in the last couple of days, this scammers created this kind of websites to attract and victimized unsuspecting crypto investors who think that they can double their bitcoins based on the comments by some so called "users". So just be careful if you see this one.
|
|
|
|
There is a new nformation-stealing malware called Mystic Stealer, which targets a lot of browsers and and web browsers extension that includes, our cryptocurrencies. So this malware extracts data from the host computer, and then it can also extracts cryptocurrency wallets, and then collects auto-fill data, browsing history, cookies and others.      Targeted Cryptocurrency Applications: - MyMonero
- Exodus
- Binance
- Raven
- Armory
- Dogecoin
- MultiBit
- Bitcoin
- DashCore
- Electrum
- Litecoin
- BitcoinGold
- WalletWasabi
- Atomic
- Guarda
- Electrum-LTC
- MyCrypto
- Bisq
- DeFi Blockchain
- Coinomi
- TokenPocket
Mode of infection is always the same, crack softwares, torrents and warez, unsolicited emails. So again, just a reminder to everyone just to be careful of anything you download in the web as it may contains a malware and might be too late once our crypto wallets have been drained. https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block |
|
|
|
|
