Вернуться   DarkNets.Ru - Ethical Hacking - Cyber Security - Penetration Testing > UNDERGROUND > International Zone > The Darknets News

The Darknets News Hacker News - leading source of Information Security, latest Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events.

Опции просмотра Поиск в этой теме Опции темы  
Старый 30.01.2018, 01:28   #1
Модератор lvl1
Аватар для Mishlen
Группа: Moder
Регистрация: 08.12.2017
Адрес: antichat.ru
Сообщений: 166
Репутация: 43
По умолчанию Coincheck: Stolen $534 Mln NEM Were Stored On Low Security Hot Wallet

Japanese cryptocurrency exchange Coincheck, one of the largest in the country, was the victim of a massive hack resulting in a loss of 523 mln NEM coins, worth approximately $534 mln.

The coins were stolen via several unauthorized transactions from a hot wallet at 3:00 am local time on Friday, Jan. 26.

Following the hack, the Coincheck exchange has hosted a press conference to provide the details of what has happened and what’s coming next.
NEM stored on hot wallet, private key stolen

The hack only involved NEM. No other cryptocurrencies, including Ripple (XRP), were stolen, contrary to the early reports covered by Cointelegraph.

According to the exchange’s representatives, the hackers have managed to steal the private key for the hot wallet where NEM coins were stored, enabling them to drain the funds.

All the stolen money belonged to the customers of the exchange. The ‘inappropriate’ movement of the funds was reported by Coincheck to Japan’s Financial Services Agency, as well as the police later on the same day.

Shortly after the breach, the company halted all withdrawals from the site, hoping to stop any further damage to its funds. When asked whether they will begin allowing “at least” fiat currency withdrawals soon, Coincheck replied that that will be done after they have determined the best way to proceed.

It has come to light that the funds were being stored on a simple hot wallet rather than a much more secure multisig wallet.

Coincheck’s representatives have claimed that the security setup differs between various coins on the exchange.

Other cryptocurrencies on the site are currently stored in multisig wallets, but the NEM was not. When pressed by the media, the company insisted that “security standards were not low,” however the lack of multisig protection for NEM may indicate the opposite.

The company made clear that they use various wallet types for housing different assets. Specifically, Bitcoin and Ether are stored in cold storage wallets, with Bitcoin additionally having a multisig address. Ether, “given its nature,” is not stored on a multisig wallet.

According to their statement, more than half of Coincheck’s 80 permanent employees work on systems development, including security.
What comes next?

Going forward, Coincheck claimed that it knows the address where the stolen NEM is currently being stored by the hackers, and is hoping to be able to track the culprits.

While the company cannot currently disclose how many users were affected, they have expressed a desire to refund all the money that was lost.

When asked whether they are going to resume operations or will have to declare bankruptcy, Coincheck said that ‘in principle’ they plan to keep operating.

While the exchange has expressed a desire to refund all lost funds, they nevertheless are still considering how to approach the situation. Per the press conference, the “worst-case scenario” would be that the funds can never be returned.

When asked whether they have any words for the customers, Coincheck representatives have said that they “deeply regret” what happened.

Mishlen вне форума   Ответить с цитированием

Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы можете отвечать в темах
Вы не можете прикреплять вложения
Вы можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход


Текущее время: 22:28. Часовой пояс GMT +4.

Использование файлов cookie & Политика конфиденциальности
Внимание! Все материалы, находящиеся на сайте, выложены исключительно в образовательных целях. Владельцы сайта не несут ответственность за использование информации в незаконных целях.
Мы не несём никакой ответственности за предоставленные материалы. При копировании информации обратная ссылка обязательна.
При использовании программ с форума, рекомендуем проверять на hybrid-analysis.com & virustotal.com!
Powered by: vBulletin Version 4.x.x
Copyright ©2000 - 2017, vBulletin Solutions, Inc ~ Перевод: zCarot
Remix fluid style from X1mer@ for darknets.ru Взлом и Безопасность
Время генерации страницы 0.14720 секунды с 11 запросами