Coinbase fixes 2FA log error making people think they were hacked

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. As BleepingComputer first reported earlier this month, Coinbase had mistakenly labeled failed login attempts with incorrect passwords as two-factor authentication failures in the Account Activity logs. When a threat actor attempted to access someone’s account […]

Hackers abuse Zoom remote control feature for crypto-theft attacks

A hacking group dubbed ‘Elusive Comet’ targets cryptocurrency users in social engineering attacks that exploit Zoom’s remote control feature to trick users into granting them access to their machines. Zoom’s remote control feature allows meeting participants to take control of another participant’s computer. According to cybersecurity firm Trail of Bits, which encountered this social engineering campaign, […]

Fake Microsoft Office add-in tools push malware via SourceForge

Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. SourceForge.net is a legitimate software hosting and distribution platform that also supports version control, bug tracking, and dedicated forums/wikis, making it very popular among open-source project communities. Although its open project submission model […]

Six arrested for AI-powered investment scams that stole $20 million

Spain’s police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people. The scam was very successful, defrauding 19 million Euros ($20.9M) from 208 victims worldwide. The police operation, codenamed “COINBLACK – WENDMINE,” started two years ago following the submission of […]

Coinbase to fix 2FA account activity entry freaking out users

Coinbase is fixing a misleading account activity message that has caused confusion and anxiety, making users think their credentials were compromised. Over the past couple of weeks, numerous people have contacted BleepingComputer about concerns that they think Coinbase has a serious security issue. After receiving Coinbase phishing emails or texts, they logged into their accounts […]

PoisonSeed phishing campaign behind emails with wallet seed phrases

A large-scale phishing campaign dubbed ‘PoisonSeed’ compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. According to SilentPush, the campaign targets Coinbase and Ledger using compromised accounts at Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho. The researchers link the campaign to recent incidents, such as the case of Troy Hunt’s […]

New Crocodilus malware steals Android users’ crypto wallet keys

A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company […]

U.S. seized $8.2 million in crypto linked to ‘Romance Baiting’ scams

The U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via ‘romance baiting’ scams. Previously referred to as ‘pig butchering,’ in this type of financial fraud victims are manipulated into making investments on fraudulent websites/apps that showcase massive returns. Convinced they’re making a profit, the victims invest […]