The phishing attempt has already led to $440,000 worth of crypto being stolen.
Kronos Research Halts Operations After Losing $26 Million In Security Breach
Kronos Research, a Taipei-based market maker, trading firm, and venture capital fund, witnessed the withdrawal of significant amounts of crypto assets due to a breach of its security system.
Kronos Breach: Investigation Underway
On Sunday, November 19, Kronos Research disclosed – via a post on X (formerly Twitter) – a security incident that involved unauthorized access to its API keys. Consequently, the company lost a significant amount of crypto funds and has halted all trading operations in a bid to launch a full investigation into the incident.
In the interest of transparencyAround 4 hours ago, we experienced unauthorized access of some of our API keys. We paused all trading while we conduct an investigation. Potential losses are not a significant portion of our equity and we aim to resume trading as soon as possible.
— Kronos Research
(@ResearchKronos) November 18, 2023
A map of funds outflow by on-chain sleuth ZachXBT summed Kronos’ losses to over $25 million in Ether. In a follow-up post on X, the company also confirmed that the losses are about $26 million in crypto assets.
In its initial announcement, Kronos revealed that the potential losses are not a significant portion of its equity. Meanwhile, the trading firm said in its latest update that all losses will be covered internally, and no partners will be affected.
Although Kronos has yet to provide an update on its resumption process, the company did say that it aims to resume trading as soon as possible.
This $26 million attack on Kronos Research represents the third most significant crypto theft in November 2023. Before this latest incident, data from blockchain security firm Certik revealed that about $173 million had been lost to crypto attacks in November, with Poloniex’s $113 million hack being the most notable yet.
How Did This Hack Affect WOO X?
Interestingly, Kronos is not the only one affected by this security incident, as WOO X is another cryptocurrency entity that has had to pause its operations momentarily. WOO X is an exchange on which Kronos functions as the market maker for its spot and perpetual futures markets.
In an address on the X platform, WOO X acknowledged Kronos’ security situation and announced a temporary pause on all trading to protect users’ positions from a lack of liquidity. The exchange, however, emphasized that all customer funds are safe.
As of this writing, WOO X has resumed trading in both the spot and perpetual futures markets. Meanwhile, the exchange claims that clients can now make withdrawals for all assets.
Nevertheless, the trading platform has faced some backlash from the online crypto community, with some people pointing to its unclear relationship with Kronos.
Crypto exchange CoinSpot reportedly suffers $2M hot wallet hack
Blockchain security firm CertiK believes the $2.4 million draining of a CoinSpot hot wallet is likely the result of a “private key compromise.”
Fake Ledger Live app sneaks into Microsoft’s app store, $588K stolen
The $588,000 was stolen across 38 transactions, with the largest transfer totaling $81,200.
Crypto thief steals $4.4M in a day as toll rises from LastPass breach
Estimates in September revealed that at least $35 million in crypto has been stolen from victims of the LastPass breach since 2022, with the latest hack adding to the toll.
DeFi Protocol Balancer Says Web Front End Is ‘Under Attack’
On-chain data appears to show the attacker has stolen over $200,000 from users.
Vitalik Buterin’s X account hacked, draining $691K+ from victims: Report
Following the reported breach of Ethereum co-founder Vitalik Buterin’s X (formerly Twitter) account, victims suffered losses exceeding $691,000 due to a malicious link that falsely promoted a free NFT.
Crypto casino Stake reopens withdrawals just 5 hours after $41M hack
The online crypto casino reported unauthorized transactions from its hot wallets on Sept. 4 with blockchain security firms estimating at least $41 million pilfered from hackers.
Machi Big Brother withdraws defamation lawsuit against ZachXBT
Jeffrey Huang withdrew the lawsuit after ZachXBT edited his article that Huang claimed to be defamatory.
Alphapo payment provider hack now estimated at over $60M — ZachXBT
The on-chain sleuth ZachXBT claims to have found an additional $37 million in losses suffered from the unconfirmed attack.
ZachXBT’s research cited in Canadian NFT rug pull class action lawsuit
According to court documents, the Boneheads team has been accused of breach of contract, misappropriating funds and misleading investors.
Over $765K worth of NFTs stolen after SIM swap attack on GutterCatGang
The bad actors utilized a fake GutterCatGang airdrop scam to drain people’s wallets, with at least $700,000 worth of NFTs being stolen from a single address.
CZ, Powell and more rally to fund legal fees for on-chain sleuth ZachXBT, surpassing $1M
ZachXBT fears legal fees to defend himself in the defamation lawsuit could “easily exceed” $1 million.
On-chain sleuth ZachXBT sued for libel after claiming plaintiff drained funds from project
Plaintiff Jeffrey Huang claims his reputation was damaged when ZachXBT allegedly falsely accused him of embezzlement.
Scammers steal nearly $1M after hijacking 8+ prominent crypto twitter accounts
The group of scammers have recently taken over accounts belonging to the founder of Pudgy Penguins, the CTO of OpenAI and even crypto hater Peter Schiff.
Pixel Penguins, an NFT Charity Scam, Shows Dangers Of NFT Influencer Culture
Behind every PFP with thousands of followers on Twitter is a person. And in Web3, it’s not always best to trust one person’s word on whether or not to mint into an NFT collection.
One crypto wallet launched 114 dodgy memecoins in two months
According to ZachXBT, one alleged scammer in particular launched around 114 projects in the past 45 days alone.
FBI seizes $100K in NFTs from scammer following ZachXBT investigation
The seized property included a Bored Ape Yacht Club and Doodles NFT, 85.6 Ether and a flashy Audemars Piguet watch which ultimately helped ZachXBT identify the alleged scammer.
Lazarus Group Transfers $64M ETH From Harmony Bridge Hack
During the weekend, the notorious North Korean hacking gang Lazarus Group started transferring stolen money in the Harmony Bridge attack. Notably, the organization transferred over $63.5 million, or approximately 41,000 ETH.
On January 16, blockchain detective ZachXBT published information about the transfer of a significant amount of Ethereum. The cryptocurrency assets which originated from Tornado Cash were transferred via Railgun. Railgun is a private smart contract platform that uses zero-knowledge proofs to hide financial transactions.
According to the analyst who followed the trail of more than 350 addresses, some 41,000 ETH worth about $63.5 million were sent through Railgun and deposited on three different exchanges.
1/2 North Korea’s Lazarus Group had a very busy weekend moving $63.5m (~41000 ETH) from the Harmony bridge hack through Railgun before consolidating funds and depositing on three different exchanges. pic.twitter.com/huDumaJeSh
— ZachXBT (@zachxbt) January 15, 2023
Funds Frozen By Binance And Huobi
Binance’s CEO, CZ, tweeted that the exchange had previously uncovered suspicious money transfers from the Harmony One hackers when they attempted to launder money through Binance. As a result, the accounts were frozen by the exchange.
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU!
— CZ
Binance (@cz_binance) January 16, 2023
The Group had been keeping its money in Tornado Cash, a service that helps keep people’s identities secret and is used by criminals to launder money in the crypto industry.
The experts followed the funds through more than three hundred addresses. They concluded that Railgun had spread around 41,000 ETH among multiple receivers before the cryptocurrencies were deposited at various exchanges. He did not name the exchanges, but he did say that the Lazarus Group routinely makes rapid withdrawals from such platforms.
Connections Between Lazarus And Harmony’s Attack
Lazarus is now quite skilled at hiding their movements from law enforcement agencies while transferring illegal cryptocurrencies. For example, they were suspected of being behind the attack on Harmony Bridge in June 2022. In-depth information about the attack was published by Elliptic, a blockchain analytics service, at the time it occurred.
Multiple large crypto heists, totaling over $2 billion, have been linked to the Lazarus Group. DeFi and cross-chain bridges became a new target in 2022, and the group was also suspected of being behind the $600 million Ronin Bridge attack.
According to a recent report by cybersecurity firm Kaspersky, another North Korean hacker group BlueNoroff has expanded its illegal activities by posing as venture capitalists looking to invest in cryptocurrency startups.
Kaspersky’s report shows the global attacks by BlueNoroff against cryptocurrency businesses were uncovered in January 2022 but slowed down until the fall.
Theft of cryptocurrency has become a profitable business for North Korean hackers. According to information about their operations, South Korean spying services estimate that over $1.2 billion in cryptocurrency has been stolen from the global community since 2017. In 2022, numerous companies, including FTX, were victims of cyberattacks.
At the time of writing, Bitcoin is trading around $20,800, up 21% in the last week. It is currently trading above its 50-day Simple Moving Average (SMA), which indicates that the price will remain bullish in the short term.
Featured image from Euronews, Chart from Tradingview.com.
3Commas API leak victims demand refunds and apology for ‘gaslighting’ users
3Commas finally admitted there was an API leak after months of refuting community reports that it had occurred. Users were not happy about being “gaslighted.”
