Connect with us

Technology

Hackers Stole And Transferred ‘DragonEx Funds’ To 20 Crypto Wallets

Published

on

Hackers Stole And Transferred 'DragonEx Funds' To 20 Crypto Wallets

The unregulated realm of cryptocurrencies has been criticized for the security and safety of the funds that people invest in it. There were multiple breaches in the past to prove that cryptocurrency and blockchain technology can be hacked.

And it has happened again. A Singapore-based crypto exchange company has announced Monday that hackers have stolen an undisclosed amount of crypto money.

DragonEx, a crypto exchange company based in Singapore sent a message through Telegram saying that the company fell victim to a cyber attack and noted that cryptocurrency funds owned by users and the exchange were “transferred and stolen.” The company did not disclose the total value of the losses and the amount of the stolen cryptocurrency funds yet.

The breach was first discovered on Sunday, March 24, after the crypto exchange company took its platform offline saying it was upgrading its systems; before finally disclosing that it had been hacked yesterday.

“Part of the assets were retrieved back, and we will do our best to retrieve back the rest of stolen assets,” DragonEx said in Monday’s Telegram announcement. Coindesk first reported about the said cryptocurrency theft.

The crypto company further said in the announcement message that it had already informed authorities including judicial administrations in Estonia, Thailand, Singapore, and Hong Kong about the attack.

“We’re assisting policemen to do an investigation. All platform services will be closed, and the accurate assets loss recovery situation will be announced in a week. For the loss caused to our users, DragonEx will take responsibility no matter what.”

Earlier today, the DragonEx admins updated its users and provide wallet addresses for 20 cryptocurrencies to which the stolen funds had apparently been transferred. The list included the top five cryptos by market capitalization: Bitcoin (BTC), ether (ETH), XRP, litecoin (LTC) and EOS, as well as the tether stablecoin (USDT) for which six destination addresses were provided.

“We earnestly request help from all our fellow exchanges and other industry strength, please help us to investigate and traced the assets, freeze them and stop the assets flows,” the exchange said.

The admin added that stolen crypto assets transferred by the hackers to the Huobi and gate.io exchanges have already been blocked.

CRYPTO TECH IS HACKABLE

In the past man cryptocurrencies and blockchain technologies have been compromised either by hacking or sheer recklessness of the company. Virtual currency exchanges suffered at least five significant attacks last year. Japan has hosted two of the biggest known crypto hacks: the Mt. Gox debacle of 2014 and the theft of nearly $500 million in digital tokens from Coincheck Inc. last January.

An article published by the MIT Technology Review, a magazine wholly owned by the United States Massachusetts Institute of Technology (MIT), argues that the security-touted blockchain tech is still vulnerable to hacks and other attacks.

In the article, the MIT Technology Review stressed that the blockchain technology including cryptocurrencies is a complex economic system that is overly dependent on unpredictable human behavior. With this, the review pointed out that numerous security breaches and cyber attacks have been increasingly emerging in cryptocurrency and smart contract platforms. The review cited several incidents including the recent double spending vulnerability that was found on a significant U.S. crypto exchange Coinbase on Jan. 7.

Read more: MIT TECHNOLOGY REVIEW SAYS THAT BLOCKCHAIN AND CRYPTO TECHS ARE STILL HACKABLE

“In short, while blockchain technology has been long touted for its security, under certain conditions it can be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it’s more of a gray area — the complicated result of interactions between the code, the economics of the blockchain and human greed.”

Nonetheless, there are programs and rewards provided by blockchain and crypto companies to incentivize white hat hackers to report specific systemic flaw on a given platform. According to TheNextWeb, white hat hackers earned a total of $878,000 by identifying crypto bugs and deficiencies in 2018 alone. Just recently, Coinbase handed out $30,000 reward, the most massive bounty ever given, to HeckerOne for reporting a critical bug on its system.

There are also some incidents that security-touted technology becomes problematic aside from hacking. Recently, blockchain wallet Quadriga is slapped with a $200 million problem after their CEO and founder died without turning over intellectual resources like encryption data and passwords.

Read More: A $200 MILLION PROBLEM: CRYPTOCURRENCY CEO TOOK DIGITAL ASSETS TO HIS GRAVE

The death of QuadrigaCx’s CEO in December last year sparked an investigation on what happened to the funds that Cotten has allegedly placed in cold storage that the company is now unable to recover, leaving them with a multi-million debt.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Hackers Can Manipulate Media Files Sent Through WhatsApp And Telegram With A Zero-Day

The vulnerability is dubbed as “Media File Jacking.”

Published

on

Photo: Microsiervos | Flickr | CC BY 2.0

Popular instant messaging apps WhatsApp and Telegram contain an unpatched zero-day vulnerability that can be exploited by threat actors and hackers to manipulate files shared across the messaging platform.

Security researchers from Symantec Modern OS Security team found out that there is an existing vulnerability that can allow hackers and cybercriminals to manipulate images, audio files, documents, and other forms of data sent from one user to another.

Both WhatsApp and Telegram, along with other instant messaging platforms, have end-to-end encryption — which makes the message safe to send and receive. End-to-end encryptions only allow the sender and the receiver to read the contents of the images, and even the company has no human-readable copies of the messages sent.

However, according to the researchers, the vulnerability, dubbed as “Media File Jacking” can bypass the end-to-end encryption in the said apps and works on Android by default for WhatsApp and on Telegram if certain features are enabled.

“It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge,” wrote Yair Amit, VP & CTO, Modern OS Security in a blog post together with Alon Gat, a software engineer.

“If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or wreak havoc.”

End-to-end encryption does not make an app immune to threat actors

The researchers said that users of instant messaging platforms are particularly vulnerable in this instance because of the assumptions that because these apps have end-to-end encryption, they are automatically immune from hacking. But that is definitely not the case, as illustrated by Symantec’s discovery.

“As we’ve mentioned in the past, no code is immune to security vulnerabilities. While end-to-end encryption is an effective mechanism to ensure the integrity of communications, it isn’t enough if app-level vulnerabilities exist in the code,” they added.

How the exploit works. Photo: Symantec

The problem comes from how these apps store media files as end-to-end encryptions don’t work if the files were saved externally. When files are stored on external storage, other apps can access and manipulate them. On WhatsApp, data are stored externally by default, while on Telegram, the vulnerability is present if “Save to Gallery” is enabled.

Additionally, the Media File Jacking vulnerability, as the researchers said, points to a more significant issue of app developers’ non-secure use of storage resources.

Impact of the exploits

Researchers from Symantec raised the alarms as malicious actors can use the discovered vulnerability in different ways. Hackers can fundamentally alter images in a near real-time manner as sent by one user to another just by exploiting the zero-day. In a demo video released by Symantec, the researchers were able to change the faces of two men in an image to that of Nicolas Cage as the picture was being sent from one test account to another.

Furthermore, threat actors can also exploit the vulnerability by altering numbers in invoices in a bid to rewire payments to a different bank account number. To make matters worse, researchers said that the invoice-jacking modus can also be carried out without a specific target and could be broadly distributed, looking for any invoices to manipulate, affecting multiple victims who use IM apps like WhatsApp to conduct business.

“As in the previous scenario, an app that appears to be legitimate but is, in fact, malicious, watches for PDF invoice files received via WhatsApp, then programmatically swaps the displayed bank account information in the invoice with that of the bad actor. The customer receives the invoice, which they were expecting to begin with, but has no knowledge that it’s been altered. By the time the trick is exposed, the money may be long gone,” the report said.

The exploitation of the vulnerability may also come in the form of audio-spoofing where an attacker exploits the relations of trust between employees in an organization a the attacker can also program the new and manipulated file to mimic the voice of another person.

At the end of the day, Symantec is encouraging IM users to by disabling the feature that saves media files to external storage in order the mitigate the possible attacks using the exposed vulnerability.

Continue Reading

Technology

Huawei Exec Backtracks: Hongmeng OS Is Not For Smartphones

Liang Hua said they prefer Android as the OS of their smartphones.

Published

on

Photo: Kārlis Dambrāns | Flickr | CC BY 2.0

When Chinese smartphone giant, Huawei, was caught off-guard by Google’s revocation of its Android license following the ban imposed by Washington against the company, the smartphone maker made people believe that they are ready for such situation, and announced that they are developing an alternative operating system called Hongmeng.

However, in an interview, Liang Hua, an executive from the tech superpower, backtracks and says that Hongmeng was developed not as an alternative for Android but for the development of their IoT products instead.

Liang Hua said at a Friday press conference in Shenzhen that the operating system, which was rumored to be 60% faster than android, was not developed for smartphones and that the company still prefers Android as their “first choice” for a smartphone OS.

“The Hongmeng OS is primarily developed for IoT devices that will reduce latency… In terms of smartphones, we are still using the Android operating system and ecosystem as a “first choice.” We haven’t decided yet if the Hongmeng OS can be developed as a smartphone operating system in the future,” said Liang Hua.

Earlier reports revealed that Huawei has been developing Hongmeng since 2012. The company has been testing the new OS on selected devices under a closed door and closed environment. The source also said that the testing was accelerated for the new operating system to be ready for situations such as the latter.

Nonetheless, it is still unclear whether Hongmeng will be the official name of the OS coming from Huawei. Experts note that even if Huawei can successfully launch its operating system, the company will still be faced with the challenge of establishing an app ecosystem. It would take Huawei a lot of time to build apps that are compatible with the new operating system.

When Huawei was subjected to a witch hunt by the US government for allegedly aiding the Chinese government in its efforts to spy on the country, and as a pivotal player to potentially economically sabotage the country, an executive order was launched against the China-based tech giant that effectively forced U.S. tech companies to sever ties with Huawei.

The ban from Google has brought Huawei’s future into limbo; making it uncertain for users, especially concerning security updates for their Huawei and Honor phones —or the general idea whether their devices will still be able to run altogether. Following the announcement, Huawei assured its users that all phones that were sold ahead of the banning and those that are already in stock would continue receiving updates from Android.

Now, Huawei’s backtrack follows the bilateral meeting between Trump and China’s Xi Jinping in the recently concluded G-20 Meeting held in Tokyo; the American president announced that American companies could already resume in selling their products to Chinese companies.

The two presidents, in a closely watched sit-down with each other, have agreed for a truce and cease-fire over the long-disputed trade wars between the two superpowers.

“U.S. companies can sell their equipment to Huawei. We’re talking about equipment where there’s no great national security problem with it. I said that’s O.K., that we will keep selling that product, these are American companies that make these products,” Donald Trump said after his meeting with the Chinese president. “That’s very complex, by the way. I’ve agreed to allow them to continue to sell that product so that American companies will continue.”

While the relief is what Huawei has been looking forward to from the G-20 meeting today, it seems like it could be a temporary relief as negotiations regarding the matter is bound to continue, and the ad hoc decision of Trump may still be overturned at some point of the negotiations. Nonetheless, it’s time for the Chinese smartphone superpower to breathe better.

Washington officials are reportedly holding meetings on how they will implement the new orders from Trump. However, special attention has to be given on how to deal with Huawei and its presence on the “entity list,” as the relief does not explicitly remove Huawei from the said list.

Continue Reading

Technology

This App Uses AI To Track Dogs By Their Unique Nose Prints

Authorities can also use it to monitor “uncivilized dog keeping.”

Published

on

Photo: Soumyaroop Chatterjee | Flickr | CC BY-ND 2.0

There’s no denying: facial recognition and biometrics identification is everywhere. They are in airports to help passengers board faster, in smartphones to allow users to unlock their devices automatically, in conservation reservoirs to track endangered animals, and in law enforcement agencies to help catch criminals.

And the development of artificial intelligence (AI) that allows facial recognition technology to evolve is moving faster every day. This time, a China-based start-up has developed an AI that has the capability of identifying and recognizing dogs through their nose prints.

Similar to how human fingerprints are unique to every human, dog nose prints are also unique to every dog. That is why, Megvii, a Chinese start-up, who is also an independent surveillance system contractor for the Chinese government, have developed and trained an AI to recognize dogs using their nose prints.

Photo: Megvii

The identification system is available through the Megvii app, and users need to scan their dog’s noses from multiple angles — same as how users register their fingerprint credentials to use the biometric unlock system of a smartphone.

The company says, that unlike previous identification methods like chip implants to pets the Megvii nose print identification app is much cheaper and is less invasive.

Apps that could identify and recognize animals like dogs aren’t new in the market at all. An app called Finding Rover uses facial recognition and machine learning to match photos of dogs submitted by owners of lost pets to a massive database of shelters and dog homes to recognize and find lost dogs.

Moreover, using nose prints to identify and recognize dogs and other pets aren’t new as well. Kennel clubs around the world are known to use nose prints to match lost dogs with shelter dogs. One primitive way to take a nose print is by coating the nose with ink and pressing it against white cardboard.

What’s new with Megvii’s market offering is the method by which dog prints are collected. In the new app, coating dog’s nose isn’t necessary anymore, as the AI only need photos of dog noses to locate key identifying markers — creating a unique profile of a dog in the database.

The company claims that amidst the differences in camera resolution, their identification system can verify a dog’s identity against an existing record with 95% accuracy. It also says that the system could identify a dog with “high precision” by checking it against records from a larger database, although the company didn’t elaborate on the accuracy rate in that scenario.

Aside from identifying lost dogs, Megvii says that their apps can also be used to track inappropriate pet-owner behaviors, and authorities can monitor “uncivilized dog keeping.” In China, actions, like walking a dog in public without a leash and not scooping after a dog has pooped, are considered uncivilized, and in some instances in several cities, are considered illegal.

Biometrics identification tech application on animals

The advent of facial recognition and biometric identification technology has not only helped pet owners in keeping track of their beloved pets. The technology has also been known to be used by conservators in China to track the movement of endangered animals like the endemic panda population.

A group of researchers from the China Conservation and Research Centre for Giant Pandas have developed an app that could recognize individual pandas using facial recognition technology. The app will draw from more than 120,000 images and video clips of giant pandas to identify the animals that are living in the wild.

Camera traps in China have captured images and video footage of giant pandas that are often difficult to see in the wild. The photographs and video are some of the most amazing photos ever of pandas and other species in their remote habitat, which were caught on film as part of long-term wildlife monitoring projects set up in panda nature reserves by the Chinese government and WWF.

The development of the new facial recognition app will presumably help conservationist monitor their programs by keeping track of how many pandas are left. It will also provide significant insight regarding the breeding program that conservationist has been implementing to encourage an increase in the panda population.

Continue Reading

Trending