Latest news with #ZachXBT
Yahoo
a day ago
- Business
- Yahoo
Taiwanese crypto exchange BitoPro confirms estimated $11.5 million hack
BitoPro, a Taiwanese crypto exchange, confirmed on Monday that it was 'attacked by hackers' during a recent system upgrade after a crypto sleuth brought attention to $11.5 million worth of suspicious withdrawals from the platform. An old hot wallet—a crypto wallet that is connected to the internet, as opposed to a cold wallet, which is not—had been targeted by hackers during a 'recent wallet system upgrade and asset transfer operation,' BitoPro announced via Telegram on Monday. The revelation came hours after ZachXBT, a pseudonymous crypto investigator, reported on Telegram that the exchange 'was likely exploited for ~$11.5 million on May 8, 2025.' While BitoPro did not disclose how much money was stolen in the breach, the statement said that the platform has 'sufficient virtual asset reserves' to maintain customer funds and company operations. 'Since the incident, user top-up, withdrawal and transaction functions have maintained normal operation,' the company said in the statement. BitoPro did not immediately respond to a request for comment from Fortune. Since the company's announcement on Monday, trading volume on the exchange has fallen 21%, according to crypto data platform CoinGecko. The news of BitoPro's hack follows a separate announcement from Coinbase last month that criminals had stolen the personal data of tens of thousands of its customers. In an SEC filing about the incident, Coinbase estimated that the incident could cost as much as $400 million in 'remediation costs and voluntary customer reimbursements.' These recent breaches add to an already historic year for crypto exchange hacks. In February, hackers stole a record $1.5 billion from Dubai-based crypto exchange ByBit. Not only was it the largest hack of a crypto exchange, it was the largest heist of all time. The ByBit hack and many others have been traced back to a collective of North Korean hackers that present a growing threat to companies and governments worldwide. The hacker group, whose goal is to pilfer enough money to support the country's economy in the face of sanctions, has successfully infiltrated multiple crypto companies using techniques ranging from social engineering—like impersonating an IT worker—to technological exploitations and installing malware. This story was originally featured on
Yahoo
3 days ago
- Business
- Yahoo
Taiwanese Crypto Exchange BitoPro Likely Hacked for $11M in May, ZachXBT Says
Taiwanese cryptocurrency exchange BitoPro is suspected to have lost over $11.5 million worth of tokens in a May 8 exploit, widely-followed blockchain sleuth ZachXBT said in his Telegram group on Monday. The exploit involved unauthorized access to BitoPro's hot wallets across multiple blockchains, including Ethereum, Tron, Solana, and Polygon. The stolen assets were then sold on decentralized exchanges, with proceeds laundered through privacy protocols such as Tornado Cash and Thorchain, and eventually moved to Wasabi Wallet, a Bitcoin mixing service. BitoPro has not issued any public statements acknowledging the breach since the supposed explicit. Users were informed of a temporary service suspension due to "system maintenance' last month, and there was little social chatter in popular crypto X circles around the incident at the time. 'BitoPro has yet to formally disclose the incident on X or Telegram and told users the exchange was just offline for "maintenance,' ZachXBT said. BitoPro has been based in Taiwan since 2018 and is operated by BitoGroup. It is mostly focused on the local market and mainly supports Taiwanese dollar (TWD) fiat pairs for major tokens such as bitcoin BTC, ether ETH and others. It processed over $20 million in trading volumes in the past 24 hours, data shows, and is the top locally-focused exchange by that metric. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
27-05-2025
- Business
- Yahoo
Ripple CTO addresses concerns around firm's leadership
Ripple, the blockchain technology and payments firm, is one of the largest crypto companies in the world. Brad Garlinghouse, The firm's billionaire CEO is a popular industry face who is well-known for his public utterances. However, the public nature of the payments firm seems to have raised an interlinked question of Ripple's centralized leadership and XRP's supposed decentralized model. A user asked on X why Ripple CEO Brad Garlinghouse is the face of XRP, given XRP's claim to being a decentralized cryptocurrency. "I don't see the same arrangement with BTC," they wondered. Ripple CTO David Schwartz was quick to jump in and offer a detailed explanation to address the concerns. Schwartz highlighted that Garlinghouse is the CEO of Ripple, which is a company. But "XRP has no issuer," he continued and added that all XRP tokens were created around the launch of the XRP Ledger. The payments firm's CTO also addressed the question of decentralization, which is a defining concept in the crypto ecosystem. Decentralization means no single individual or group controls a blockchain or a cryptocurrency. To put it simply, decentralization makes sure that a cryptocurrency is not controlled by a centralized entity. Those concerned about XRP Ledger's decentralized model should care less about definitions and more about what they expect from decentralization, Schwartz added. Nonetheless, XRP faces an acute centralization issue. As per its Q1 2025 markets report, Ripple owned 4.56 billion XRP tokens and held 37.13 billion XRP tokens in the escrow. Garlinghouse has a reported 6.3% stake in Ripple and himself owns an undisclosed number of XRP tokens. Ripple co-founder Chris Larsen held 2.7 billion XRP tokens, as per the on-chain investigator ZachXBT. The total XRP supply is capped at 100 billion tokens. As per Kraken, XRP was quoted at $2.33 at the time of writing. Ripple CTO addresses concerns around firm's leadership first appeared on TheStreet on May 27, 2025 Sign in to access your portfolio
Business Mayor
17-05-2025
- Business
- Business Mayor
Preventing Phishing Attacks on Cryptocurrency Exchanges
Cryptocurrency exchanges are intensifying security measures in 2025 to focus on preventing phishing attacks, as these scams reach alarming levels and have caused millions in losses for investors. As digital assets continue gaining mainstream adoption, cybercriminals deploy increasingly sophisticated techniques to compromise exchange accounts and steal funds. While exchanges implement advanced security features, experts emphasize that user vigilance remains crucial in preventing successful attacks. The first quarter of 2025 has witnessed unprecedented phishing activity targeting cryptocurrency holders. Coinbase users reportedly lost over $46 million to phishing scams in March alone. Blockchain analyst ZachXBT tracked several significant thefts, including a notable incident on March 27 when 400.099 Bitcoin, valued at approximately $34.9 million, was stolen from a Coinbase user. A widespread phishing campaign targeting Coinbase users emerged in mid-March. The campaign involved fake notifications about a mandatory wallet migration following a supposed class action lawsuit. The scammers sent emails through a compromised SendGrid account from Akamai, providing victims with 'recovery phrases' that, when imported into Coinbase Wallet, allowed attackers to drain funds without requiring additional phishing links. Coinbase warned users after discovering the attack, 'We will never send you a recovery phrase, and you should never enter a recovery phrase given to you by someone else. ' Modern crypto phishing attacks employ various sophisticated techniques. Standard methods include creating fraudulent websites that mimic legitimate exchange login pages, sending deceptive emails or SMS messages appearing to come from exchanges, and using social engineering to trick users into revealing sensitive information. 'Phishing scams are one of the oldest tricks in the book, and they are expected to remain prevalent in 2025,' notes a recent report from OSL. These attacks often use 'wallet spoofing' and 'address poisoning,' where scammers deceive users into sending money to addresses that closely mimic legitimate ones. Major cryptocurrency exchanges have deployed sophisticated security measures to protect users in response to the escalating threat. Binance, recognized as one of the safest exchanges in 2025, offers robust account-level security features, including two-factor authentication, whitelisted withdrawal addresses, and an anti-phishing code system. These measures helped recover over $9.1 million in scammed funds and prevented approximately $129 million from being scammed annually. 'The evolving nature of cyber threats in the crypto industry reinforces the need for exchanges and custodians to continuously strengthen their security frameworks,' explained Binance CMO Rachel Conlan. 'As threats continue to grow in sophistication, so must our defenses.' Kraken has implemented phishing-resistant Passkeys, which are bound to a website or app's identity and use biometric authentication like fingerprint or face scans. 'The browser and operating system ensure that a Passkey can only be used with the website or app it was created for so you can never be tricked into using your Passkey to sign into a fraudulent app or website,' explains Kraken's support documentation. While exchanges strengthen platform security, experts emphasize that users must take personal responsibility for protecting their assets. The Federal Trade Commission recommends four key protection strategies: using security software on computers with automatic updates, configuring cell phones for automatic software updates, implementing multi-factor authentication for accounts, and regularly backing up data. Crypto security specialists further advise users to: Verify email authenticity by checking sender addresses and looking for personalized anti-phishing codes Access exchange websites only through bookmarked links rather than search engines or email links Never share private keys, passwords, or recovery phrases with anyone Enable multiple two-factor authentication methods Maintain separate email accounts exclusively for cryptocurrency activities Regulatory bodies are also taking action. In February 2025, the Securities and Exchange Commission created the Cyber and Emerging Technologies Unit (CETU) to protect retail investors against fraud. The unit focuses on emerging technology-related fraud, including cryptocurrency assets and blockchain, replacing the previous Crypto Assets and Cyber Unit. 'The unit will not only protect investors but will also facilitate capital formation and market efficiency by clearing the way for innovation to grow,' stated Mark Uyeda, the SEC's acting chair. As cryptocurrency adoption grows, exchanges, users, and regulators will need to be vigilant against phishing scams. While technological solutions like anti-phishing codes and passkeys provide necessary protective layers, user education remains fundamental to stemming the tide of successful attacks. 'In a rapidly evolving world of innovation, freedom can be misunderstood, taken for granted, and exploited by bad actors who abuse honest users,' notes a recent Binance security assessment. The most effective defense combines advanced security technology with informed, cautious user behavior.
Yahoo
16-05-2025
- Business
- Yahoo
DOJ Charges 12 With $263M Crypto Theft Linked to Genesis Creditor
U.S. Department of Justice (DOJ) has charged 12 individuals for stealing over $263 million in crypto. The individuals are linked to an earlier investigation where scammers were able to siphon off over $243 million from a Genesis creditor. According to blockchain sleuth ZachXBT, last year one of the creditor of defunct trading firm Genesis was spoofed by a group of scammers, who were able to steal $243 million worth of digital assets and then redirect it through crypto mixers. Several of the individuals charged, which includes U.S. nationals and foreign, were arrested in California this week, the DOJ said in a press release on Thursday. The remaining two individuals live abroad. The charges on the individuals range from racketeering, wire fraud to money laundering, and obstruction of engineering scams are being increasingly used by scammers to steal crypto. Scammers obtain certain personal information and then trick the user into sending them their crypto. On Thursday, Coinbase revealed that scammers were able to bribe some of their overseas employees and stole important user data from their database. The exchange expects to voluntarily pay users between $180 million to $400 million for the data breach.U.S. Department of Justice (DOJ) has charged 12 additional individuals in a racketeering conspiracy involving over $263 million in crypto fraud, money laundering, and home break-ins. The individuals are linked to an earlier investigation where scammers were able to siphon off over $243 million from a Genesis creditor. According to blockchain sleuth ZachXBT, last year one of the creditor of defunct trading firm Genesis was spoofed by a group of scammers, who were able to steal $243 million worth of digital assets and then redirect it through crypto mixers. Several of the individuals charged, which includes U.S. nationals and foreign, were arrested in California this week, the DOJ said in a press release on Thursday. The remaining two individuals live abroad. Social engineering scams are being increasingly used by scammers to steal crypto. Scammers obtain certain personal information and then trick the user into sending them their crypto. On Thursday, Coinbase revealed that scammers were able to bribe some of their overseas employees and stole important user data from their database. The exchange expects to voluntarily pay users between $180 million to $400 million for the data breach.
