❌

Reading view

Critical Zcash Vulnerability Found and Fixed

If you’re a userβ€”owner?β€”of this cryptocurrency, this is important:

On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to be embarrassing.

The Orchard pool is the newest and most advanced shielded transaction system in the cryptocurrency Zcash. Introduced in 2022, it allows users to send and receive ZEC while keeping transaction details private. It uses zero-knowledge proofs to validate transactions without revealing amounts or participants. The bug: a specific check that was supposed to validate transaction inputs wasn’t actually enforcing the rules it appeared to enforce. An attacker could have exploited the flaw to feed false inputs into that check and generate ZEC from nothing, with the zero-knowledge proof system blessing the fraudulent transaction as valid.

It’s fixed; that’s the good news. The bad news is that there’s no way of knowing if anyone exploited the vulnerability to steal money. And this fragility is the fundamental problem that makes blockchain such a bad idea.

  •  

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data.

The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42.

  •  

Is β€œSatoshi Nakamoto” Really Adam Back?

The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back.

I don’t know. The article is convincing, but it’s written to be convincing.

I can’t remember if I ever met Adam. I was a member of the Cypherpunks mailing list for a while, but I was never really an active participant. I spent more time on the Usenet newsgroup sci.crypt. I knew a bunch of the Cypherpunks, though, from various conferences around the world at the time. I really have no opinion about who Satoshi Nakamoto really is.

  •  

Russische hacksoftware voor iPhones blijkt uit de Verenigde Staten te komen

Het lijkt wel een soap rondom de iPhone-hacksoftware Coruna. Langzamerhand komt boven water wie het inzet, bij wie het gebruikt wordt en wie de mogelijke ontwikkelaar is. En het ziet ernaar uit dat de Verenigde Staten het zichzelf erg lastig hebben gemaakt.

  •  

Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)

CryptoCore is an attack campaign against crypto-exchange companies that has been ongoing for three years and was discovered by ClearSky researchers. This cybercrime campaign is focused mainly on the theft of cryptocurrency wallets, and we estimate that the attackers have already made off with hundreds of millions of dollars. This campaign was also reported by additional companies and organizations, including JPCERT/CC[1], NTT Security[2] and F-SECURE[3]. The campaign is also known as CryptoMimic, Dangerous Password and Leery Turtle. In this report we attributed this campaign to a specific actor – North Korea’s LAZARUS APT Group, known also as Hidden Cobra.

Read the full report: Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)

In this report, we based our attribution with two stages of research:

  1. First stage– connecting all research documents to the same campaign: Β a comparative study of all the research documents trying to prove they are all referring to the same campaign.
  2. Second stage – Attribution to Lazarus: We adopted F-SECURE’s attribution to LAZARUS. Then we reaffirmed this attribution by comparing the attack tools Β found in this campaignΒ  to other Lazarus campaignsΒ  and found strong similarities.

Our research shows a MEDIUM-HIGH likelihood that Lazarus group, a Β North-Korean, state-sponsored APT group, is attacking crypto exchanges all over the world and in Israel for at least three years. This group is has successfully hacked into numerous companies and organizations around the world for many years. Until recently this group was not known to attack Israeli targets.

We would like to thank NTT Security Japan for sharing malware samples with us, and for their feedback on this research.


[1] https://blogs.jpcert.or.jp/en/2019/07/spear-phishing-against-cryptocurrency-businesses.html

[2] https://vblocalhost.com/uploads/VB2020-Takai-etal.pdf

[3] https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf

  •  

Intro to Cryptocurrency and How to Secure Your Coins

Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am […]

The post Intro to Cryptocurrency and How to Secure Your Coins appeared first on Black Hills Information Security, Inc..

  •  

WEBCAST: A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems

Mike Felch and Beau Bullock// Cryptocurrency conversations are everywhere you look! Mike Felch and Beau Bullock were so interested they started their own podcast about the topic. We’re excited to […]

The post WEBCAST: A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems appeared first on Black Hills Information Security, Inc..

  •  
❌