Cryptohack Roundup: Worldcoin Worries and Lazarus HackingAlso: Cryptojacking Record, Apple Malware, and DOJ Crypto Crime Unit Is No More
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, Worldcoin set off security and privacy alarms; hackers stole $60 million, $100 million, $3.4 million and $3.2 million from AlphaPo, CoinsPaid, Era Lend and Conic Finance, respectively; threat actors set a new record for cryptojacking; Apple users became the target of a new crypto-stealing malware and the DOJ announced the merger of its computer crime and cryptocurrency crime units.
OpenAI CEO Sam Altman's latest project is setting off security and privacy warning bells for the crypto community and regulators. Dubbed Worldcoin, the project is a decentralized iris-scanning identity verification solution and an associated cryptocurrency for verified individuals. Part of an intended "world's largest identity and financial public network," Worldcoin requires users to install an app and scan their irises via a device called the Orb. The Orb verifies that the user is human and creates a hash for that person's unique iris, setting up a World ID for each user to allow them to authenticate themselves without having to reveal their specific identity.
Ethereum founder Vitalik Buterin responded by raising a slew of concerns. True, the system currently stores hashed versions of iris scans and uses cryptographic techniques. But that data can still be misused or leaked, he said. The lack of verification of the Orb's hardware leaves room for the installation of backdoors and creation of fake human identities. Buterin also said it's susceptible to phone hacking and selling or renting of IDs.
U.K. data regulator the Information Commissioner's Office reportedly launched an inquiry into the project to determine its compliance with data protection requirements. Worldcoin told The Block that it complies with local laws, including Europe's General Data Protection Regulation.
Hackers stole more than $60 million from centralized crypto payment provider AlphaPo on Sunday, popular crypto investigator ZachXBT said in a Wednesday tweet. He said that the attackers were likely linked to North Korea, as the tactics in the hack had "a very distinct fingerprint on-chain," typical of Pyongyang-based Lazarus Group. The stolen amount was previously estimated to be worth about $31 million. The company has not addressed the incident yet.
The Lazarus Group likely stole more than $100 million from hot wallets hosted by cryptocurrency payment processing gateway and wallet provider CoinsPaid. Blockchain Intelligence Group's analysis detailed "significant connections" between the AlphaPo, Atomic Wallet and CoinsPaid hacks, indicating the involvement of potentially the same bad actors. CoinsPaid said its systems were getting back one by one and no customer funds were affected. The incident compelled the company to suspend its operations for four days.
Decentralized lending protocol Era Lend became the victim of a cyberattack on Tuesday, losing $3.4 million, security company BlockSec said. Acknowledging the theft, Era Lend said that the attack is under control and that the threat actor could "no longer continue their actions." The company paused its borrowing operations and urged its users to not deposit tokens into the compromised USDC pool.
Hackers exploited two separate vulnerabilities in as many days to steal more than $3.2 million from Conic Finance. The decentralized finance platform suspended services after the second attack on Saturday but said in a Monday blog post that it will continue to allow customers to withdraw funds.
Hackers stepped up their cryptojacking efforts by nearly 400% in the past year, setting a record for maliciously using digital devices without their owners' permission to mine cryptocurrencies, SonicWall said on Wednesday in its midyear cyberthreat report. Threat actors shifted focus from traditional ransomware attacks to stealthier crimes such as cryptojacking, likely due to "increased law enforcement activity, heavy sanctions and victims' refusal to pay ransom demands," the report said.
A new malware, dubbed Realst, is targeting Apple macOS users to steal their cryptocurrency, stored passwords and browser data, SentinelOne said in a Tuesday blog post. The hackers distribute the malware via malicious websites promoting fake blockchain games, initially contacting victims via social media, the report said. The security company detailed additional information, including indicators of compromise, in its blog post.
NCET Merged With CCIPC
The U.S. Department of Justice on Thursday announced the merger of its Computer Crime and Intellectual Property Section and the National Cryptocurrency Enforcement Team.
The crypto crime department, established in 2021, is expected to double its staff and increase the number of acting prosecutors on the team, Principal Deputy Assistant Attorney General Nicole Argentieri said in the statement. Employees will now have access to computer crime and intellectual property work. The agency also changed leadership, as inaugural Director Eun Young Choi stepped down to make way for former U.S. Assistant Attorney for the Northern District of California Claudia Quiroz. Quiroz served as the NCET's deputy director since its inception.