fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Bitcoin.org Hackers Steal $17,000 In ‘double your cash’ Scam

Bitcoin.org Hackers Steal $17,000 In ‘double your cash’ Scam

This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for.

Although the hack lasted for less than a day, hackers seem to have walked away with a little over $17,000.

Bitcoin.org hacked to run ‘double your money’ scam

As shown below, on September 23rd, the home page of bitcoin.org stated:

“The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years,” encouraging users to send Bitcoins to the attacker’s displayed wallet address.

“Send Bitcoin to this address, and we will send double the amount in return!”

Further, to add appeal to the claim, scammers wrote that the offer was limited to the first 10,000 users.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

bitcoin.org hacked
Bitcoin.org home page displaying a scam (BleepingComputer)

The attacker’s wallet address users were encouraged to send funds to is:1NgoFwgsfZ19RrCUhTmmuLpmdek45nRd5N

Shortly after the hack, Bitcoin.org’s site operator(s) who use the name Cøbra, also issued a public warning with regards to the incident:

https://t.co/OsFgRFRRZb has been compromised. Currently looking into how the hackers put up the scam modal on the site. May be down for a few days.— Cøbra (@CobraBitcoin) September 23, 2021

Although Bitcoin is assumed to be created by a pseudonymous identity, “Satoshi Nakamoto,” the author of the research paper that gave birth to the cryptocurrency, a newer identity “Cøbra” is lately seen managing the Bitcoin.org website, social media, and community channels.

Attackers stole over $17,000 from scam

After Cøbra’s announcement, Bitcoin.org’s domain registrar Namecheap also promptly disabled the domain until the issue was remedied:

Hello, Thank you for reporting this matter. We have temporarily disabled the domain.— Namecheap.com (@Namecheap) September 23, 2021

Still, unfortunately, some cryptocurrency enthusiasts may have fallen for the scam as evident from the attacker’s wallet balance. The transaction history shows multiple deposits made from different Bitcoin addresses to the attacker’s wallet.

The last updated balance of the wallet was at 0.40571238 BTC or approximately US$17,000.

Bitcoin.org hacker's wallet
Attacker’s wallet balance and transaction history (Blockchain.com)

Bitcoin.org has now been restored. But, the root cause of the website hijack remains unconfirmed, although some have suspected this to be a DNS hijack [12].

Giveaway scams have become a common theme in the cryptocurrency realm as attackers who set up these lures have found much success. Just a few days ago, BleepingComputer reported on the “Elon Musk Mutual Aid” circulating via email.

It’s tempting to dismiss these scams thinking no one falls for them, but, similar crypto scams have been hugely successful and generated hundreds of thousands of dollars in the past.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

For example, scammers made $180K in a single day in 2018, Twitter suffered a massive attack where crypto scammers earned $580K in a week in January 2021, and then another scam stole $145K in February.

And, not too long ago, someone sent three bitcoin, or $150,074 at the time, to a known crypto giveaway scam.

As such, users should remain vigilant for cryptocurrency scams and emails.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us