Cybersecurity Bulletin: IRS offers $1.25 million to crack privacy-focused crypto Monero
Other online breaches last month included the major U.S hospital chain & a well-known Crypto exchange
It was only a few weeks ago that CipherTrace — a leading cryptocurrency intelligence company announced that it had developed forensic tools for the U.S. Department of Homeland Security to trace and visualize Monero transaction flows for criminal investigations. For those of you, who are not familiar with Monero, it the most well-known privacy-focused cryptocurrency. And according to a recent survey, 45% of the darknet markets using Monero — just behind Bitcoin.
Financial regulators have always been wary of how the decentralized cryptos are structured — giving them limited ability to track them, especially when it comes to privacy features built-in crypto coins like Monero. Keeping the focus on Monero, now another U.S government institution, namely the Internal Revenue Service (IRS) has offered a bounty of $1.25 million to data mining companies to develop Monero-tracing tools. I guess CipherTrace’s forensic tools weren’t good enough.
Moving on to some of the significant data breach incidents that took place last month…
Universal Health Services
A major U.S hospital chain Universal Health Services — which operates more than 250 hospitals and other clinical facilities in the country experienced a computer outage that was apparently caused by a cyberattack. The Fortune 500 company, with 90,000 employees was in a mad scramble as workers reverted to paper-based systems to provide healthcare to patients in a system that is already burdened by the Coronavirus pandemic.
Healthcare institutions have been increasingly under threat from ransomware attacks during the pandemic. According to data compiled by the cybersecurity firm Emsisoft, 764 healthcare providers in the U.S were victimized in 2019 alone with causing $9 billion a year in terms of recovery and lost productivity.
Argentina’s Immigration Agency
A few weeks before the prior incident, The official government agency of Argentina — Dirección Nacional de Migraciones, suffered the so-called Netwalker ransomware attack that temporarily halted border crossing into and out of the country. Along with healthcare facilities, cities, and local agencies have also become a hotspot for such cyber-attacks recently.
Argentina’s cybercrime agency first reported the incident on the morning of August 27th, when several border checkpoints advised the agency of the issue — leading to a temporary suspension of border crossings for four hours. Bleeping Computer found out from the Netwalker Tor payment page (pictured below) that the hackers demanded a ransom of $4 million (or 355 bitcoins at the time). This was the first known attack against a federal agency that has interrupted the operations of an entire country.
KuCoin Crypto Exchange
Crypto exchanges are one of the most favorite destinations of attacks for hackers. The Singapore-headquartered digital asset exchange KuCoin was deprived of over $150 million in a security breach. According to the statement published by the digital exchange, the hackers got hold of the private keys to the exchange’s hot wallets.
According to data from blockchain explorer Etherscan, two Ethereum wallets belonging to KuCoin have sent more than 11,480 ETH to the hacker associated Ethereum wallet address worth more than $150 million. According to blockchain explorers Blockchair and Tronscan — other wallets identified in the heist received 14,713 BSV, 26,733 LTC, 18,495,798 XRP and 999,160 USDT, along with over 1,008 BTC, 9,588,383 XLM and 199,038,936 TRX.
In another related incident, the European crypto exchange ETERBASE suffered a hack resulting in $5 million of loss from its hot wallets. The following six addresses were published by the exchange as being compromised, but the amounts were not revealed. According to The Block research, the amount totaled just over $5 million.
DeFi Protocol bZx
And finally, the decentralized lending protocol bZx reported multiple exploits — in the most recent third incident, the attackers got over $8 million in cryptocurrency by duplicating assets. The DeFi space has become a juicy target for nefarious players as it recently crossed $10 billion in locked assets. The attackers employed the flawed code to duplicate assets or increase their balance of interest-bearing tokens on bZx, dubbed iTokens.
The attackers got away with 2139,199.66 LINK, 4,500.7 ETH, 1.75 million USDT, 1.41 million USDC, and 667,988.8 DAI — the sum of which amounted to over $8 million. According to the company blog, a detailed security audit was conducted to address the vulnerability and that all funds have been recovered from the attacker.