Cryptohack Roundup: Private Key Compromise Led to CoinEx HitAlso: Mark Cuban Hot Wallet Hack; Crypto Regulation
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, hackers stole $70 million from CoinEx, FTX resumed online claims, Balancer suffered a breach, Celsius creditors are targets of phishing, nearly $900,000 was stolen from Mark Cuban's hot wallet, Malta prepares for crypto regulation and Hong Kong cracked down on illicit crypto exchanges.
Hong Kong-based crypto exchange CoinEx revealed that hackers had stolen more than $70 million in tokens due to compromised private keys. The exchange suspects the involvement of North Korean Lazarus Group and has opened communication channels with the hackers to seek a resolution.
Affected users will be compensated for their losses, the exchange said. CoinEx suspended withdrawals and patched vulnerabilities but said Wednesday that it plans to resume deposit and withdrawal services for bitcoin and litecoin on Thursday.
FTX Resumed Claimant Platform After Kroll Cyberattack
Bankrupt cryptocurrency exchange FTX on Sunday reopened its customer claims portal with enhanced security measures following a cyberattack that initially caused its closure. The breach affected FTX's appointed bankruptcy claims agent Kroll, exposing nonsensitive customer data of specific claimants. FTX said account passwords and funds remained unaffected. The U.S. Bankruptcy Court for the District of Delaware on Sept. 13 approved the sale of FTX's digital assets in weekly batches.
Balancer Website Hijacked
Balancer, an ethereum-based automated market maker, on Tuesday suffered a security breach that resulted in a loss of $238,000. Balancer attributed the compromise to a social engineering attack on the domain registrar EuroDNS. Balancer's decentralized autonomous organization resolved the issue, securing their domain and subdomains -
balancer.fi - on Wednesday.
Celsius Creditors Phished Again
Creditors of the bankrupt crypto lender Celsius Network are facing a fresh wave of phishing attacks as the lender's bankruptcy proceedings near their conclusion.
Victims have reported receiving phishing emails impersonating Celsius and malicious links mimicking Stretto, the bankruptcy services platform for Celsius and its creditors. The attacks, which surged as the voting deadline for Celsius' proposed settlement plan approached in mid-September, appear to be linked to previous data breaches. Celsius Network has been dealing with customer data leaks and a halt in withdrawals since June 2022, when the Terra ecosystem collapsed, ultimately leading to the lender's bankruptcy filing.
Roni Cohen-Pavon, the former chief revenue officer of Celsius, pleaded guilty Sept. 14 in the U.S. District Court for the Southern District of New York to charges related to fraud and price manipulation. She agreed to cooperate with prosecutors.
Mark Cuban's Hot Wallet Hacked
Billionaire investor Mark Cuban had nearly $900,000 in crypto stolen from one of his hot wallets. The hack was initially spotted by a blockchain analyst on Sept. 15, who noticed unusual activity in a wallet Cuban hadn't used for months. Cuban moved remaining assets to Coinbase Custody. "I’m pretty sure I downloaded a version of MetaMask with some shit in it," Cuban told DL News.
Malta Aims to Align with MiCA
The Malta Financial Services Authority on Monday initiated a public consultation on proposed changes to its cryptocurrency regulations intended to align it with the European Union's Markets in Crypto-Assets Regulation.
Key proposed changes include removing the systems audit requirement, reducing capital requirements for Class 3 and 4 license holders, removing professional indemnity insurance requirements, updating outsourcing requirements and incorporating MiCA's service-specific rules into the VFA rulebook. These modifications aim to facilitate a seamless transition for VFA license holders to comply with MiCA-based laws and obtain EU licenses. France has made similar adjustments to its crypto regulations in preparation for MiCA.
Hong Kong Steps Up Crypto Regulation Enforcement
Hong Kong authorities intensified efforts to crack down on the illicit crypto market following the arrest of six individuals in connection with the unlicensed crypto exchange JPEX, The Associated Press reported Tuesday. The Securities and Futures Commission had received more than 1,600 complaints about the involving transactions worth $153 million. JPEX allegedly promoted its services through online celebrities and money changers. Many users found themselves unable to withdraw funds, leading to increased scrutiny. Hong Kong has sought to establish itself as a crypto-friendly hub, but unlicensed platforms such as JPEX have raised concerns prompting authorities to call for the use of licensed platforms.