Hackers to Steal $2.3M Worth Crypto in Q2 2018

This is stated in the newest security firm Kaspersky Lab's report
15 August 2018   954

Kaspersky Lab experts report that cybercriminals managed to steal $ 2.3 million worth cryptocurrency in the second quarter of 2018. 

According to the information from security experts, in the second quarter of this year Kaspersky Lab prevented more than 60 thousand clicks to phishing Internet pages. Similar sites pretend to be popular cryptocurrency wallets and exchanges to steal user data and passwords. Also, scammers create fake ICO and tokensales.

It is noted that some users are not aware of the existence of phishing sites.

The permanence of attacks targeting financial organizations reflects the fact that more and more people are using electronic money. Still, not all of them are sufficiently aware of the possible risks, so intruders are actively trying to steal sensitive information through phishing.
 

Nadezhda Demidova

lead web content analyst, Kaspersky

Also researchers had created statistics on countries, reflecting the global scope of phishing. Cybercrimes are committed around the world, and the most active regions are South America and Asia. Thus, in the second quarter, 15.5% of attacks were committed in Brazil. It is followed by China and Georgia (14.4% each), Kyrgyzstan (13.6%) and Russia (13.27%).

Recently Kaspersky Lab announced that over the past year cybercriminals managed to get more than 21 000 ETH with the help of social engineering.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   964

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.