Unpatched Ethereum Clients Pose 51% Attack Risk, Says Report

Unpatched Ethereum Clients Pose 51% Attack Risk, Says Report

Ethereum clients that still haven’t patched known vulnerabilities pose a security risk to the entire network, according to new research. A report from Security Research Labs that used ethernodes.org data, indicates that a large number of nodes using the most popular clients Parity and Geth have been left exposed for “extended periods of time” after patches for security flaws have been released.
Nym Technologies Raises $2.5 Million to Anonymize Crypto Apps

Nym Technologies Raises $2.5 Million to Anonymize Crypto Apps

A privacy-centric startup has turned to a private token sale to raise $2.5 million. The seed round in Nym Technologies involved NEO Global Capital, Lemniscap, Edenblock and others. Binance Labs, where Nym completed a 10-week incubation program late last year, is also an investor.
Uphold Integrates Ledger Tools to Boost Crypto Storage Solution

Uphold Integrates Ledger Tools to Boost Crypto Storage Solution

Payments startup Uphold is partnering with hardware provider Ledger to beef up its security processes when storing different cryptocurrencies. Through its Ledger Vault wing, Ledger will provide new tools to Uphold, letting the latter to better protect its customers’ funds from hacks, while also adding new user access controls, the companies announced at CoinDesk’s Consensus 2019. Uphold will also implement a new “strong, multi-authorization governance model, ensuring there are no single points of failure in the management of customer funds,” a press release stated.
Binance Hacked for $40M, CEO Backpedals on Recoup Via Block Reorganization

Binance Hacked for $40M, CEO Backpedals on Recoup Via Block Reorganization

Chinese crypto exchange Binance suffered a major hack on Tuesday, which the company’s CEO responded to by proposing a rollback of the Bitcoin blockchain to rectify — a suggestion that riled up the community. The company formally notified the public via an announcement on the evening of May 7, 2019, claiming that the hackers had employed a diverse range of tactics from outright viruses to social engineering techniques such as phishing scams.
Crypto Hacks Are on Track to Eclipse $1 Billion in Lost Funds This Year

Crypto Hacks Are on Track to Eclipse $1 Billion in Lost Funds This Year

Crypto security and intelligence firm CipherTrace has published its Q1 2019 Cryptocurrency Anti-Money Laundering Report, revealing that exchange platforms all over the world have lost nearly $400 million as a result of hacks and thefts. Hacks Are Making Bank According to the firm, the report is based on an analysis of 164 million Bitcoin-based transactions.
Ether Thief Found Stealing Funds With Weak Private Keys

Ether Thief Found Stealing Funds With Weak Private Keys

An unknown entity has been taking advantage of weak private keys to gather up tens of thousands of ETH, according to a new study. The study — “Ethercombing: Finding Secrets in Popular Places” — was undertaken by Independent Security Evaluators (ISE), a security consulting firm, and published Tuesday. The company’s findings were also covered in a story by Wired’s Andy Greenberg.
US Energy Department Eyes Blockchain to Prevent Power Plant Cyberattacks

US Energy Department Eyes Blockchain to Prevent Power Plant Cyberattacks

The U.S. Department of Energy is exploring blockchain technology as a line of defense against cyberattacks on power plants. The department’s National Energy Technology Laboratory (NETL) unit announced Wednesday that phase two of an electric grid security project has been launched in partnership with decentralized cybersecurity startup Taekion, formerly Grid7. The laboratory provided a grant of $1 million to Taekion last year, and now as part of the second phase of the project, the startup will research on how blockchain technology can be used to secure a power plant, by keeping all sensor, actuator and device transactions on a distributed ledger.
Next Bitcoin Core Release to Finally Connect Hardware Wallets to Full Nodes

Next Bitcoin Core Release to Finally Connect Hardware Wallets to Full Nodes

It’s a moment true bitcoin nerds have been waiting for. In the coming release of Bitcoin Core, the 18th major version of the cryptocurrency’s most widely used software, the code will finally, natively allow users to connect bitcoin full nodes to hardware wallets. It sounds technical, but it’s a big step for the security for users. Bitcoin full nodes allow users to verify that transactions actually took place, meanwhile, hardware wallets are considered one of the most secure ways to store bitcoin.
Binance Partners With IdentityMind for Enhanced Compliance and Security

Binance Partners With IdentityMind for Enhanced Compliance and Security

Binance has partnered with Medici Ventures’ portfolio company IdentityMind, a risk management and regulatory-technology compliance platform, in a bid to enhance its fraud protection and compliance protocols. The companies announced the deal on March 26, 2019, calling it “a joint mission to help raise the industry’s standard.
VeriBlock’s Bitcoin-Backed Security Protocol Goes Live

VeriBlock’s Bitcoin-Backed Security Protocol Goes Live

After a year on its testnet, the VeriBlock blockchain went live yesterday on the Bitcoin mainnet, allowing exchanges, wallet providers, merchants and other crypto businesses to leverage Bitcoin’s robust blockchain security. Now that it’s live on the mainnet, VeriBlock’s model extends the Bitcoin blockchain’s security protection from 51-percent attacks to non-Bitcoin blockchains by linking them to the Bitcoin blockchain, offering it as a security backstop.
What Meltdown and Spectre Flaws Mean for Crypto

What Meltdown and Spectre Flaws Mean for Crypto

Recently leaked computer vulnerabilities Meltdown and Spectre offer yet another reminder of how hard the digital age makes it to keep private information – even cryptocurrency private keys – safe. Unveiled Wednesday, the widespread hardware vulnerabilities simultaneously impact Intel, ARM and AMD computer chips, which power the vast majority of the world’s computers, mobile devices and servers, making it possible to steal private data such as passwords, financial information or just about anything stored on any device that uses one of these chips.

Security Researchers Reveal Wallet Vulnerabilities On Stage at 35C3

In a demonstration titled “Wallet.fail,” a team of security researchers hacked into the Trezor One, Ledger Blue and Ledger Nano S. Unfortunately, it appears as if their findings were first put on display at the 35th Chaos Communication Congress (35C3) in Leipzig, Germany, rather than through accepted Responsible Disclosure practices, which would have allowed the manufacturers to patch the vulnerabilities and protect their customers from any potential attack.
New Exchange Security Scoring Model Offers Insurance Rates for Coin Holders

New Exchange Security Scoring Model Offers Insurance Rates for Coin Holders

International cybersecurity solutions provider Group-IB has come up with a scoring model to grade crypto exchanges based on their level of security. The scoring model was created by Group-IB in conjunction with Swiss-based Cryptolns (which is operated by Swiss insurance broker APIS AS), and the grading is intrinsic to CryptoIns’ new cryptocurrency exchange insurance, which will allow exchange users to cover up to 15 BTC worth of digital assets held in their exchange accounts.
Investor Lawsuit Brought Against AT&T, T-Mobile for SIM Swapping Hacks

Investor Lawsuit Brought Against AT&T, T-Mobile for SIM Swapping Hacks

Leading cryptocurrency investor law firm Silver Miller Law has filed suit against cell phone giants AT&T and T-Mobile on behalf of several digital asset investors who were victims of the identity-theft tactic known as “SIM swapping.” The suit alleges that both companies possessed flaws in their security systems and failed to properly train their employees to work against hackers seeking to gain access to users’ smartphones.
Telefónica and Rivetz Add Civic’s Identity Verification for Mobile Users

Telefónica and Rivetz Add Civic’s Identity Verification for Mobile Users

Civic has entered into a tripartite agreement with cybersecurity protection solution company, Rivetz, and Telefónica's cybersecurity unit, ElevenPaths, to provide secure identity verification that incorporates added hardware protections for mobile users. With presence in five countries, Civic uses blockchain technology to secure and protect the transfer of personal information, while allowing people to decide how they share their information.

The Electrum Personal Server Will Give Users the Full Node Security They Need

The Electrum Personal Server promises a resource-efficient, secure and private way to use bitcoin with hardware and software wallets, connected to full nodes. Developed by open-source programmer Christian Belcher, best known for his contributions to JoinMarket, the Electrum Personal Server directly addresses vulnerabilities with the popular Electrum Bitcoin wallet, while sparing users the significant resource usage of an Electrum server.

Following Massive Cryptocurrency Hack, Coincheck Pledges to Improve Operations, Refund Losses

Following one of the largest hacks in the history of cryptocurrency, Japanese cryptocurrency exchange Coincheck has announced that it will comply with an order from Japan’s Financial Services Agency to improve its business operations.
DressCode Android Botnet Remains Active 16 Months After Its Discovery

DressCode Android Botnet Remains Active 16 Months After Its Discovery

Botnets have proven to be a major pain in the rear for both security researchers and consumers. DressCode, one of the oldest Android botnets in existence, is still operational 16 months after it was initially discovered. This is a very real problem, as the malware opens a direct connection to infected phones. It is unclear why this solution still thrives in 2018, especially considering that most of the infected Google Play apps were removed over a year ago. DressCode Botnet is Still a Problem In the world of internet security, there are still plenty of things which need to change sooner rather than later.
SpriteCoin Infects Cryptocurrency Users’ Computers with Ransomware

SpriteCoin Infects Cryptocurrency Users’ Computers with Ransomware

Cryptocurrency users have become a favorite target of cybercriminals over the past few years. With the value of all these currencies increasing exponentially, it is evident that criminal entities want their share of the cake. As a result, we have seen an influx of new malware-laden applications and tools, all of which are designed to obtain Bitcoin or altcoins. In the case of SpriteCoin, a wallet application is actually a delivery platform for a new type of ransomware. Beware of the Fake SpriteCoin Application In the wide world of useless altcoins, a name like SpriteCoin doesn’t stand out as potentially malicious.
Evrial Malware Steals Bitcoins by Changing Clipboard-Copied Addresses

Evrial Malware Steals Bitcoins by Changing Clipboard-Copied Addresses

Cryptocurrency users have learned firsthand how destructive Trojans can be these days. It seems a new threat has emerged which goes by the name of Evrial. What makes this particular Trojan so annoying to deal with is that it can change a Bitcoin address copied to one’s clipboard. As a result, a lot of money will eventually be sent to the wrong Bitcoin address, which is a very worrisome development. Beware of the Evrial Bitcoin-stealing Trojan This is neither the first nor the last time Bitcoin users will be confronted with a Trojan.

Cornell IC3 Researchers Propose Solution to Bitcoin’s Multisig “Paralysis” Problem

Owning cryptocurrency comes with its own set of challenges. One of the biggest of those challenges is managing the private keys that enable you to spend funds. Lose your private keys, and your money is gone. In a business environment, a common way to manage funds owned by multiple people is via what’s called a multisignature (multisig) address, a type of smart contract requiring two or more parties to sign off on a transaction to move the funds.
Dark Caracal Malware Is a Threat to All Mobile Device Users

Dark Caracal Malware Is a Threat to All Mobile Device Users

The electronic devices we use on a daily basis are very prone to hacks, theft, and other software-related issues. One particular security bug uncovered by the Electronic Frontier Foundation has researchers greatly concerned. A new type of malware designed to look like popular social messaging applications has already stolen gigabytes worth of data. This puts smartphones and some tablets at risk, but finding a solution to this threat may prove far more difficult than anyone would like. Lebanese Malware has Researchers Concerned Any type of tool that is designed to steal sensitive information is of great concern to security researchers.

Making Voting, Elections Both Secure and Accessible with Blockchain Technology

Voatz, a startup based in Boston, MA, promises to dispel some of the biggest challenges associated with voting: access, security, transparency and efficiency. The company plans to achieve this goal by combining internet-based voting with blockchain technology. What is Voatz? Voatz enables voters to make their voices heard conveniently by allowing mobile voting via any smartphone or tablet connected to the internet.

SEC/NASAA Ring in 2018 by Hinting at Need for (More) Cryptocurrency Regulation

Yesterday, January 4, 2018, the three prominent figures of the U.S. Securities and Exchange Commission (SEC) endorsed the concerns raised in the North American Securities Administrators Association (NASAA)’s cautionary directive on cryptocurrencies, ICOs, and other “Cryptocurrency-Related Investment Products.
A Monero Mining Bot Is Spreading Through Facebook Messenger

A Monero Mining Bot Is Spreading Through Facebook Messenger

If you’ve interacted with Facebook, you may have had run-ins with spam bots that infest your profile (or your friends’ profiles) and post links or advertisements without your permission. Well, the same malware that tells your friends to “Check out this link for 90% off a BRAND NEW pair of Ray-Bans. WOW!” is now being used to mine cryptocurrency. A downloaded client runs mining software that contributes hashing power to the malware’s source server. Unaware Facebook users may have downloaded this bot through links shared on Facebook Messenger.