Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies...
Crypto and Blockchain
The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies...
Although FIOD didn't reveal the name of the Tornado Cash engineer, The Block identified him as Alexey Pertsev ...
"Intrusions begin with a large number of spearphishing messages sent to employees of cryptocurrency companies—often working in system administration or software development/IT operations (DevOps)—on a variety of communication platforms," a joint advisory published on Monday reads.
"The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the DPRK's use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime," the intelligence and law enforcement agency said in a statement.
"By signing the transaction, an atomicMatch_ request would be sent to the attacker contract," Check Point researchers explained. "From there, the atomicMatch_ would be forwarded to the OpenSea contract," leading to the transfer of the NFTs from the victim to the attacker.
Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users.
The shell script (hash: b46764c046e0db26e6f43f46364ac0acad173541e7134611cb64e091db7b7ced) in this mining campaign starts with setting the SELINUX mode to permissive. This disables SELinux temporarily using setenforce 0 2>/dev/null command
The exchange about suspicious activity hours ago that bypassed 2FA protection on his account resulting in a loss of 4.28 ETH ($13,769)..