Ledger customers impacted by third-party Global-e data breach

Ledger is informing some customers that their personal data has been exposed after hackers breached the systems of third-party payment processor Global-e. In a statement for BleepingComputer, the blockchain company underlines that its network has not been impacted and that the platform’s hardware and software systems remain secure. “Some of the data accessed as part of this incident pertained […]

New GlassWorm malware wave targets Macs with trojanized crypto wallets

A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. Extensions in the OpenVSX registry and the Microsoft Visual Studio Marketplace expand the capabilities of a VS Code-compatible editor by adding features and productivity enhancements in the form of development tools, language support, or themes. […]

Hackers drain $3.9M from Unleash Protocol after multisig hijack

The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. According to the team behind the blockchain project, the attacker obtained enough signing power to act as an administrator of Unleash’s multisig governance system. “Our initial investigation indicates that an […]

Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). The operation started on November 2nd and employed a persistence mechanism that extended mining operations and hindered incident responders. The threat actor used a Docker […]

Malicious NPM packages abuse Adspect redirects to evade security

Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. The purpose of the attack is to lead victims to cryptocurrency scam sites, according to an analysis from researchers at application security company Socket. All malicious packages were published under the developer […]

US announces new strike force targeting Chinese crypto scammers

U.S. federal authorities have established a new task force to disrupt Chinese cryptocurrency scam networks that defraud Americans of nearly $10 billion annually. The Scam Center Strike Force team, supported by agents from the U.S. Attorney’s Office, the Department of Justice, the FBI, and the Secret Service, investigates and prosecutes criminal groups operating large-scale cryptocurrency investment […]

Fake LastPass death claims used to breach password vaults

LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. The activity started in mid-October, and the domains and infrastructure used point to a financially motivated threat group called CryptoChameleon (UNC5356). CryptoChamemelon employs a phishing kit specializing in cryptocurrency theft, targeting multiple […]