A massive data breach involving infostealer malware has exposed approximately 149 million accounts, including those of cryptocurrency users. This breach highlights the increasing need for robust security measures in the crypto space.

Uncovered Data: A Closer Look

Cybersecurity expert Jeremiah Fowler uncovered the breach, revealing millions of stolen credentials, including crypto exchange Binance accounts. The exposed database contained login information for major platforms like Facebook, Instagram, and Netflix, with 420,000 credentials linked to Binance users.

Understanding the Infostealer Threat

Infostealer malware silently extracts login data from compromised devices. Unlike a direct breach of Binance’s systems, this malware collects data from users’ devices, posing a significant risk to crypto wallets and online accounts. Binance emphasized that their internal systems were not compromised.

The breach included 48 million Gmail accounts, 17 million Facebook accounts, and 3.4 million Netflix accounts, among others. This incident underscores the global threat posed by credential-stealing malware, which can target financial services and government-linked domains.

Preventive Measures for Users

To combat the infostealer threat, users should employ antivirus software and conduct regular security scans. Binance advises users to use hardware-based multi-factor authentication (MFA) and maintain secure password practices to safeguard their accounts.

In response to such threats, Binance actively monitors dark web activities, alerts affected users, and initiates security measures like password resets.

Infostealer Malware Escalates

Originally reported by Kaspersky, this malware variant disguises itself as game cheats, targeting cryptocurrency wallets and browser extensions. It has attacked accounts on over 80 crypto exchanges, including Coinbase and Crypto.com.

To mitigate risks, users should keep their software updated and be cautious about suspicious downloads, especially those related to gaming or cryptocurrency apps.

As cyber threats evolve, staying informed and proactive is crucial for safeguarding digital assets.

The post Infostealer Data Breach: 149M Accounts Exposed – Critical Alert appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

This announcement came on June 6th, where Armstrong recognized the issue of account freezes as a persistent problem and a matter of utmost priority for the company to rectify.

He stated, “We’ve managed to decrease the issue by 82% as of now, with additional improvements in the pipeline. We promise to keep our customers posted on further advancements.”

Armstrong also encouraged customers with frozen accounts to reach out to Coinbase Support for assistance. Account restrictions have been a point of contention for Coinbase users over the years, with many reporting abrupt freezes lasting several months, prompting them to leave the platform.

This progress is attributed to Dor Levi, a member of Coinbase’s product team, who joined the company nine weeks ago with the specific task of addressing the account freeze issue. Levi has been instrumental in making “significant investments” in Coinbase’s machine learning models and infrastructure.

However, Levi admitted that the user experience surrounding account restrictions still falls short of his expectations.

Despite these improvements, Coinbase will continue to enforce account restrictions as mandated by court orders and sanctions to maintain legal compliance.

Customer trust was also recently shaken by a significant data breach that revealed the details of over 70,000 customer accounts. The company is now making efforts to enhance its security measures, particularly after some of its overseas customer service agents were bribed to access sensitive customer information.

Despite these setbacks, Coinbase remains one of the world’s largest cryptocurrency exchanges, boasting over 100 million users and being the largest custodian of spot Bitcoin exchange-traded funds.

The post Coinbase CEO Announces 82% Reduction in Unwarranted Account Suspensions appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

Post-retirement, Suman ventured into the world of cryptocurrency investing. Over time, he amassed 17.5 Bitcoin (BTC) and 225 Ether (ETH). This substantial crypto portfolio represented the majority of his retirement savings. Suman kept these assets in a Trezor Model One, a popular hardware wallet used by crypto enthusiasts to mitigate the risk of exchange hacks.

However, in March, Suman received a text message seemingly from Coinbase, alerting him about unauthorized access to his account. He responded and was subsequently contacted by a man claiming to be Brett Miller, a Coinbase security officer. The impersonator demonstrated a deep understanding of Suman’s financial setup, accurately pointing out that his funds were stored in a hardware wallet.

Convincing Suman that his hardware wallet was at risk, the scammer guided him through a “security procedure” which involved inputting his seed phrase into a website that appeared to be Coinbase’s platform. Nine days after this incident, a second scammer posing as a Coinbase representative repeated the process. By the end of this call, Suman’s entire cryptocurrency savings had been stolen.

This scam unfolded in the wake of a significant data breach at Coinbase, which was publicly acknowledged recently. The breach involved attackers bribing customer support staff based in India to gain access to sensitive user data, including customer names, account balances, and transaction histories. Coinbase verified that roughly 1% of its monthly transacting users were affected by this breach.

Among those impacted was Roelof Botha, a managing partner at Sequoia Capital. There’s no evidence suggesting that Botha’s funds were compromised, and Botha has chosen not to comment on the matter. Coinbase’s Chief Security Officer, Philip Martin, has announced that the customer service agents involved in the breach, based in India, have been dismissed. Additionally, Coinbase has committed to paying between $180 million and $400 million in remediation and reimbursement to the affected users.

The post Renowned Retired Artist Falls Prey to $2M Crypto Scam by Coinbase Impersonator appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

How Does Cthulhu Stealer Compromise macOS?

Cthulhu Stealer starts its attack by using osascript, a macOS tool, to extract passwords from the system’s Keychain. This stolen data, which includes information from various cryptocurrency wallets like MetaMask, Binance, and Coinbase, is compiled into a zip archive labeled with the user’s country code and attack timestamp. The malware also steals data from:

• Chrome extension wallets
• Minecraft user information
• Wasabi wallet
• Keychain passwords
• SafeStorage passwords
• Battlenet game, cache, and log data
• Firefox cookies
• Daedalus wallet
• Electrum wallet
• Atomic wallet
• Harmony wallet
• Enjin wallet
• Hoo wallet
• Dapper wallet
• Coinomi wallet
• Trust wallet
• Blockchain wallet
• XDeFi wallet
• Browser cookies
• Telegram Tdata account information

Additionally, it collects system information, such as IP address, system name, and OS version, which is then sent to a command and control (C2) server. This enables attackers to further refine their malicious activities.

Scammers Profit by Selling Cthulhu Stealer for $500/Month

Scammers exploit this malware by selling it as a service for $500 per month. They employ various tactics to deceive users into downloading the malware, such as posing as employers offering jobs that require software installation. These offers often create a sense of urgency, prompting users to quickly download and install the malware.

Protecting Against Cthulhu Stealer

To avoid falling victim to this threat, macOS users should install reliable antivirus software specifically designed for their system. It’s also crucial to be skeptical of job offers or other opportunities that demand immediate software downloads. Regularly updating your software can further mitigate the risk of malware infection.

The post Cthulhu Stealer: A Serious Threat to Cryptocurrency Wallets on macOS appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.