$72 Million Worth of Bitcoins Stolen in Bitfinex Exchange

This week we hear about how $72 Million Worth of Bitcoins Stolen in Bitfinex Exchange and how a New Gozi Trojan Can Bypass Some Behavioral Defenses in Financial Attacks.

Breach

$72 Million Worth of Bitcoins Stolen in Bitfinex Exchange

The largest exchange platform for Bitcoin, Bitfinex, was recently breached, and had nearly 120,000 bitcoins worth approximately $72 million stolen in Hong Kong. Bitfinex has confirmed that the breach only affected bitcoin wallets, and that other cryptocurrencies traded on the platform were unaffected. All trading, digital token deposits and withdrawals have been halted, and Bitfinex’s website is offline, and will remain that way during the investigation and while they secure their environment.    

References: Hackers have stolen £49 million worth of bitcoins | Bitfinex bitcoin exchange offline after potentially costly security breach | Bitcoin Worth $72M Was Stolen in Bitfinex Exchange Hack in Hong Kong

 

Mitigation Strategies:

Malware

Delilah Trojan Used to Recruit Insider Threat Victims

The latest version of Gozi has become more sophisticated and is targeting financial companies and banks, such as PayPal, ING Bank, and Bank of Tokyo.

The way it works is Gozi uses web injection attacks that shows a fake page on top of the original banking portal page. The unsuspecting user unknowingly enters their key to send their money to a "mule" designated by the malware operators. In addition, biometric information, such as how long the user takes to move from an input field to the next or the time between keystrokes are sent to its control panel to bypass detection from systems based on user behavior.

References: New Gozi Trojan Version Can Bypass Some Behavioral Biometrics Defenses | Gozi Ups Its Game in Global PayPal, Bank Attacks

Mitigation Strategies:

Top 20 IP Addresses

13.95.146.117 46.109.168.179
118.170.130.207 116.31.116.51
81.183.56.217 114.44.192.128
119.1.234.251 188.118.2.26
185.129.148.19 60.13.249.204
114.135.72.211 111.121.192.90
116.71.128.85 121.18.238.32
58.135.87.16 190.167.253.239
1.161.87.86 182.162.89.145
120.25.205.181 111.123.225.114

*IP addresses provided by Recorded Future.