article thumbnail

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

Schneier on Security

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

article thumbnail

Signal Adds Cryptocurrency Support

Schneier on Security

According to Wired , Signal is adding support for the cryptocurrency MobileCoin, “a form of digital cash designed to work efficiently on mobile devices while protecting users’ privacy and even their anonymity.” End-to-end encryption is already at risk. ” I think this is an incredibly bad idea. .”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

article thumbnail

The GitVenom campaign: cryptocurrency theft using GitHub

SecureList

stealer that collects information such as saved credentials, cryptocurrency wallet data and browsing history, packs it into a.7z com/Dipo17/battle ) and execute them. These components were as follows: A Node.js 7z archive and uploads it to the attackers via Telegram. Notably, the attacker-controlled Bitcoin wallet ( ID: bc1qtxlz2m6r[.]yspzt

article thumbnail

Using Hacked LastPass Keys to Steal Cryptocurrency

Schneier on Security

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

article thumbnail

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. This is a covert miner able to mine multiple cryptocurrencies (ETH, ETC, XMR, RTM and others) using various algorithms. Its configuration is Base64-encoded and encrypted with AES-CBC. ” concludes the report.

article thumbnail

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing 339