Latest news with #Chainanalysis
BBC News
15-05-2025
- Business
- BBC News
Crypto exchange Coinbase faces up to $400m hit from cyber attack
Cryptocurrency exchange Coinbase has warned a recent cyber attack will cost it up to $400m (£301m) to firm said it was contacted by hackers who claimed to have gained access to customer information, obtained by making payments to Coinbase contractors and a blog post, Coinbase said the criminals had gained access to "less than 1%" of its customer data, which they then used to impersonate the firm and trick people into handing over their group then demanded $20m from Coinbase to keep it quiet - but it refused to pay the bribe and instead promised to pay back every person who got disclosure prompted the firm's share price to fall by 4.1%. The cyber attack comes days before the US company is set to join the benchmark S&P 500 index - a landmark moment for the crypto also reflects how, as it grows, the industry has increasingly become a target for cyber criminals.A report from research firm Chainanalysis suggests funds stolen from crypto businesses totalled $2.2bn in 2024."Security remains a challenge for the crypto industry despite its growing mainstream acceptance," said Nick Jones, founder of crypto firm Zumo."As our nascent industry grows rapidly, it draws the eye of bad actors, who are becoming increasingly sophisticated in the scope of their attacks." 'Harshest penalties' The company says it received an email from an "unknown threat actor" on May 11."We will reimburse customers who were tricked into sending funds to the attacker," it said in its statement."We're cooperating closely with law enforcement to pursue the harshest penalties possible and will not pay the $20 million ransom demand we received. "Instead we are establishing a $20 million reward fund for information leading to the arrest and conviction of the criminals responsible for this attack."In a filing with the US Securities and Exchanges Commission, it estimated costs between $180m and $ said this figure came from "remediation costs and voluntary customer reimbursements", however this figure could change as a result of "potential losses, indemnification claims, and potential recoveries".The staff members who shared customer information with the hackers have been fired. Coinbase told its customers to expect further attempts from scammers in the future, and advised them to be vigilant."Coinbase will never ask for your password, 2FA codes, or for you to transfer assets to a specific or new address, account, vault or wallet," it said. And it warned customers they should lock their accounts if they are suspicious."To the customers affected, we're sorry for the worry and inconvenience this incident caused," it said. "We'll keep owning issues when they arise." Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Forbes
31-03-2025
- Business
- Forbes
Chinese People Continue Buying More Bitcoin, Despite Strict Bans
Bitcoin was "banned" in China in 2021 - so how is it that there's still demand for Bitcoin in China these days? And how are these markets for Bitcoin affecting Bitcoin prices? There is continued demand for Bitcoin from Chinese Mainlanders (Chinese people outside Hong Kong and Macau). To understand this more deeply, you must understand the nature of the bans in the Chinese Bitcoin context. While Hong Kong offers futures and spot Bitcoin ETFs, mainlanders are forbidden from investing in these instruments - part of a general trend towards an exchange ban and the ban of public CNY-BTC pairings that make it challenging to track precisely how much Bitcoin is transacted. However, over-the-counter trade ("OTC") allows people to skirt these restrictions. Sometimes, OTC desks and services are more like private banks - and others are collections of merchants willing to take the legal risk of selling Tether and Bitcoin for Yuan. Chainanalysis has previous relationships with some of the large OTC desks. Through this data, an increase in trading demand for Bitcoin is observed. As Chainanalysis's media team has commented: "OTC services provide over-the-counter sales for people within China and across the region. Although some OTCs operate distinct on-chain infrastructure, many are nested businesses within other larger exchanges, where they can leverage existing infrastructure and liquidity to support the trading activity of their customers. The use of OTC channels in China reflects one of two things - first, the ban is loosely enforced, or how challenging it is to fully prohibit crypto activity." There are also large desks that trade in Tether, a US dollar backed stablecoin - which Chinese people use in large quantities. While there are rumors that OTC trade involves physical peer-to-peer trade, most people use exchanges, especially those with China-based roots. There, anything from putting in an address outside of the Mainland (such as a Hong Kong address) to using OTC services allows people to buy Bitcoin/Tether for local Yuan wires. There are also active signs of cryptocurrency trade all over the Internet, including the Western Internet, with, for example, active X rooms in Mandarin openly discussing the trade of different tokens. Bitcoin Asia 2024 reported a large contingent of mainland Chinese attendees. In an interview with Nino Feng, a former exchange executive from China, she relayed that most people she knew were buying Bitcoin from over-the-counter services that operated with major exchanges as a sort of collection of informal merchants that paid an escrow fee to be listed on a major exchange to sell Bitcoin and Tether at a spread. They would ask for money to be wired to local Chinese bank accounts (usually registered with a relatively unknown rural bank) - and there were many more desks that sold Tether rather than Bitcoin (since the spread on USDT/RMB is lower than BTC/RMB). Nino also indicated that many people take their Tether and trade down on second-tier exchanges with more crypto trading pairs, which was confirmed anecdotally by listening to X rooms filled with Chinese traders livestreaming their activity. An outside possibility is the Chinese government getting involved with buying and/or mining Bitcoin - though that's unlikely to happen systematically. However, Chinese officials and professors have cautioned against China's ban on cryptocurrencies as an unwise decision, along with the mining ban. While it seems unlikely that the Chinese government will adopt Bitcoin rather than its fascination with "blockchain", it also seems doubtful that it will further restrict Bitcoin more than it already is in the Mainland - with Chinese courts consistently upholding its use as property. It may also be the case that the Chinese party-state might hold onto the rumored 15,000 Bitcoin it still might hold from PlusToken seizures. With the e-CNY, China's central bank digital currency, progressing in the pilot stage but stalling out when it comes to momentum (especially among the average Chinese user - who still vastly prefers to keep with WeChat Pay and Alipay for the moment), the future of Bitcoin and China looks like an important bridge to explore - one which will provide insight into Bitcoin's future as well as its price level. With people being arrested for trading in Tether and demand for altcoin trading, the story is mixed with Bitcoin adoption. Yet this need to drive funds outside China may continue despite short-term respite. Tether is also an interesting geopolitical trendmaker - the Secretary of Commerce, responsible for setting Trump's tariff strategy, is Tether's primary Treasuries dealer. Every Chinese person who buys USDT essentially helps support buying Treasury reserves - even if the Chinese government itself is trying to move away from Treasury debt. As Bitcoin in Hong Kong becomes more regulated and the over-the-counter trading desks become the default way for most people to trade, Hong Kong can serve as a bridge between China and Bitcoin. Yet it's clear that Hong Kong is trying to position itself as a Web3 hub - and while these steps would have been something the central authorities would step out and veto if it were genuinely concerning, the position of Hong Kong and the Chinese Mainland doesn't allow for the easy conclusion that Hong Kong is China's experimental backdrop. The future of Bitcoin is still tied up with China. Chinese companies manufacture mining chips shipped to the United States, which is caught up in import restrictions. China's people continue buying Bitcoin and Tether despite bans, leading to dramatic geopolitical consequences - and a hidden yet continued demand factor for Bitcoin.
Yahoo
05-02-2025
- Business
- Yahoo
Law enforcement, victim resilience lead to 35% year-over-year drop in ransomware payments
Feb. 5 (UPI) -- Payments for ransomware declined year-over-year through 2024 for the first time since 2022, according to data shared by blockchain analysis firm Chainanalysis on Wednesday. The total volume of ransom payments decreased year-over-year by approximately 35%, according to the Chainanalysis 2025 Crypto Crime Report, which highlighted Russian ransomware group LockBit and Iran-based ransomware strains, Akira/Fog, and INC/Lynx, as bellwethers of the year's trends. "The market never returned to the previous status quo following the collapse of LockBit and BlackCat/ALPHV," Lizzie Cookson, senior director of incident response at ransomware response firm Coveware, wrote Wednesday. Ransomware attackers, however, have gotten faster with negotiations often starting within hours of data exfiltration. Attackers have ranged from "nation-state actors" to ransomware-as-a-service operations, lone characters and data theft extortion groups. "We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share, as we had seen happen after prior high-profile takedowns and closures," said Cookson. In 2024, ransomware attackers gained more than $813 million via victim payments. It was a 35% decrease from a record $1.25 billion in 2023. A decline in ransomware payments was driven by "increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay," which expanded a gap between payments versus demands, tech experts wrote. Data leak sites posted more victims in 2024 than any year prior, the New York City-headquartered Chananalysis added, but experts say on-chain payments declined which suggested more online victims were targeted but fewer paid digital criminals. LockBit claimed in June last year to have breached the U.S. Federal Reserve and threatened to release 33 terabytes of sensitive data, including "Americans' banking secrets." "The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands," Cookson said. LockBit previously conducted a number of high-profile ransomware attacks on companies, banks and government departments around the world since 2019, including the U.S. Department of Justice, Japan's Port of Nagoya, Boeing, British Royal Mail and Fulton County in Georgia. Dmitry Yuryevich Khoroshev, a Russian national accused of leading LockBit, was indicted and sanctioned last year in May by the U.S. and its allies. It came with a $10 million bounty for Khoroshev's arrest. Since March 2023, Akira targeted more than 250 entities and was the only H1 top 10 ransomware strain to "have ramped up its efforts" in 2024. The U.S. State Department announced early last year a $15 million reward for information leading to the arrest of anyone involved in LockBit. Meanwhile, LockBit saw H2 payments decrease by roughly 79% after it was disrupted early last year by the FBI and Britain's National Crime Agency which showcased the "effectiveness of international law enforcement collaboration." It published as high as 68% repeat or straight-up fabricated victims on its data leak site, experts continued. "The LockBit operators played games to pretend to stay relevant and active after a law enforcement action called 'Operation Cronos,'" according to Corsin Carmichael, a threat researcher at eCrime. LockBit, he added, "re-posted many previously listed claims again or added attacks that happened a long time ago, some even over one year ago." In addition, ALPHV/BlackCat was among 2023's top-grossing ransomware strains before it exit scammed in January 2024 leaving a void in H2. The federal government last year in February offered a reward of up to $10 million for info on those who held a key leadership role in ALPHV or Blackcat. The Russia-based BlackCat ransomware group was responsible for cyberattacks against UnitedHealth, the company confirmed last year in February. But RansomHub, added Camichel, posted the highest number of victims last year. Yet despite only emerging in February 2024, it ranked in the top 10 strains. Fog, a new ransomware strain, entered the scene in September. "The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands," stated Coveware's Cookson. According to tech leaders, Fog demonstrated an ability to target critical vulnerabilities, like Akira did, by primarily focusing on exploiting VPN vulnerabilities which allow bad actors to gain unauthorized access to networks in order to deploy its ransomware strain. However, Akira and Fog both used identical money laundering methods. But Chainanalysis officials say malicious actors face increasing challenges in laundering online payments from victims. "Sustained collaboration and innovative defenses will remain critical to building on the progress made in 2024," the firm wrote.
