IT Security Professional
3462 stories
·
69 followers

DeFi Platform Qubit Finance Begs Hacker To Return $80 Million In Stolen Funds

3 Comments
Qubit Finance took to Twitter last night to beg hackers to return more than $80 million in stolen cryptocurrency this week. ZDNet reports: On Thursday, the DeFi platform said their protocol was exploited by a hacker who eventually stole 206,809 binance coins from Qubit's QBridge protocol, worth more than $80 million according to PeckShield. An hour after the first message, the company explained that they were tracking the exploiter and monitoring the stolen cryptocurrency. They noted that they contacted the hacker and offered them the maximum bug bounty in exchange for a return of the funds, something a number of other hacked DeFi platforms have tried to middling success. They shared multiple messages on Twitter that they purportedly sent to the hacker offering a bug bounty of $250,000 and begging for a return of the stolen funds. "We propose you negotiate directly with us before taking any further action. The exploit and loss of funds have a profound effect on thousands of real people. If the maximum bounty offer is not what you are looking for, we are open to have a conversation. Let's figure out a situation," the Qubit Finance Team wrote. The company later explained in a blog post that their Qubit protocol "was subject to an exploit to our QBridge deposit function." [...] Blockchain security company CertiK released a detailed explanation of how the attack occurred and has been tracking the stolen funds as the hackers move them to different accounts. "For the non-technical readers, essentially what the attacker did is take advantage of a logical error in Qubit Finance's code that allowed them to input malicious data and withdraw tokens on Binance Smart Chain when none were deposited on Ethereum," CertiK explained.

Read more of this story at Slashdot.

Read the whole story
josephwebster
240 days ago
reply
Apparently there's more than ones born every minute.
Denver, CO, USA
christophersw
242 days ago
reply
Thank goodness these deposits were FDIC backed … oh… wait…
Baltimore, MD
dreadhead
238 days ago
Who needs regulations!
Share this story
Delete
1 public comment
ReadLots
240 days ago
reply
If this happens a few more thousand times, people might begin to suspect the crypto scene of not being a utopian vision of technological paradise. Maybe.

Norton 360 Now Comes With a Cryptominer – Krebs on Security

1 Comment

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. Norton’s parent firm says the cloud-based service that activates the program and allows customers to profit from the scheme — in which the company keeps 15 percent of any currencies mined — is “opt-in,” meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, “Dude, where’s my crypto?”

Norton 360 is owned by Tempe, Ariz.-based NortonLifeLock Inc. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp., which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service).

According to the FAQ posted on its site, “Norton Crypto” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. The FAQ also says Norton Crypto will only run on systems that meet certain hardware and software requirements (such as an NVIDIA graphics card with at least 6 GB of memory).

“Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads. “The key to the wallet is encrypted and stored securely in the cloud. Only you have access to the wallet.”

NortonLifeLock began offering the mining service in July 2021, and early news coverage of the program did not immediately receive widespread attention. That changed on Jan. 4, when Boing Boing co-editor Cory Doctorow tweeted that NortonCrypto would run by default for Norton 360 users.

NortonLifeLock says Norton Crypto is an opt-in feature only and is not enabled without user permission.

“If users have turned on Norton Crypto but no longer wish to use the feature, it can be disabled by temporarily shutting off ‘tamper protection’ (which allows users to modify the Norton installation) and deleting NCrypt.exe from your computer,” NortonLifeLock said in a written statement. However, many users have reported difficulty removing the mining program.

From reading user posts on the Norton Crypto community forum, it seems some longtime Norton customers were horrified at the prospect of their antivirus product installing coin-mining software, regardless of whether the mining service was turned off by default.

“How on Earth could anyone at Norton think that adding crypto mining within a security product would be a good thing?,” reads a Dec. 28 thread titled “Absolutely furious.”

“Norton should be DETECTING and killing off crypto mining hijacking, not installing their own,” the post reads. “The product people need firing. What’s the next ‘bright idea’? Norton Botnet? ‘ And I was just about to re-install Norton 360 too, but this has literally has caused me to no longer trust Norton and their direction.”

It’s an open question whether Norton Crypto users can expect to see much profit from participating in this scheme, at least in the short run. Mining cryptocurrencies basically involves using your computer’s spare resources to help validate financial transactions of other crypto users. Crypto mining causes one’s computer to draw more power, which can increase one’s overall electricity costs.

“Norton is pretty much amplifying energy consumption worldwide, costing their customers more in electricity use than the customer makes on the mining, yet allowing Norton to make a ton of profit,” tweeted security researcher Chris Vickery. “It’s disgusting, gross, and brand-suicide.”

Then there’s the matter of getting paid. Norton Crypto lets users withdraw their earnings to an account at cryptocurrency platform CoinBase, but as Norton Crypto’s FAQ rightly points out, there are coin mining fees as well as transaction costs to transfer Ethereum.

“The coin mining fee is currently 15% of the crypto allocated to the miner,” the FAQ explains. “Transfers of cryptocurrencies may result in transaction fees (also known as “gas” fees) paid to the users of the cryptocurrency blockchain network who process the transaction. In addition, if you choose to exchange crypto for another currency, you may be required to pay fees to an exchange facilitating the transaction. Transaction fees fluctuate due to cryptocurrency market conditions and other factors. These fees are not set by Norton.”

Which might explain why so many Norton Crypto users have taken to the community’s online forum to complain they were having trouble withdrawing their earnings. Those gas fees are the same regardless of the amount of crypto being moved, so the system simply blocks withdrawals if the amount requested can’t cover the transfer fees.

Norton Crypto. Image: Bleeping Computer.

I guess what bothers me most about Norton Crypto is that it will be introducing millions of perhaps less savvy Internet users to the world of cryptocurrency, which comes with its own set of unique security and privacy challenges that require users to “level up” their personal security practices in fairly significant ways.

Several of my elder family members and closest friends are longtime Norton users who renew their subscription year after year (despite my reminding them that it’s way cheaper just to purchase it again each year as a new user). None of them are particularly interested in or experts at securing their computers and digital lives, and the thought of them opening CoinBase accounts and navigating that space is terrifying.

Big Yellow is not the only brand that’s cashing in on investor fervor over cryptocurrencies and hoping to appeal to a broader (or maybe just older) audience: The venerable electronics retailer RadioShack, which relaunched in 2020 as an online-focused brand, now says it plans to chart a future as a cryptocurrency exchange.

“RadioShack’s argument is basically that as a very old brand, it’s primed to sell old CEOs on cryptocurrency,” writes Adi Robertson for The Verge.

“Too many [cryptocurrency companies] focused on speculation and not enough on making the ‘old-school’ customer feel comfortable,” the company’s website states, claiming that the average “decision-making” corporate CEO is 68 years old. “The older generation simply doesn’t trust the new-fangled ideas of the Bitcoin youth.”

Read the whole story
josephwebster
256 days ago
reply
Remove Norton from any system you have. Burn it and bury it.
Denver, CO, USA
jogi
248 days ago
+1
Share this story
Delete

What does your faith exempt you from?

2 Shares
Comments
Read the whole story
josephwebster
330 days ago
reply
Denver, CO, USA
christophersw
330 days ago
reply
Baltimore, MD
Share this story
Delete

Stardew Valley’s creator announces pixel-art followup Haunted Chocolatier

1 Comment and 2 Shares

On Thursday, Stardew Valley creator Eric Barone dropped a two-minute teaser video for an entirely new game pretty much out of nowhere. The new game, titled Haunted Chocolatier, looks a lot like Stardew Valley, which means it's a refreshingly lovely homage to all things SNES and Squaresoft.

As Barone's first new video game since SV's 2016 launch, Haunted Chocolatier currently doesn't have a release date estimate of any kind. To avoid being "tied down to any particular concept of what the game is" before its eventual launch, Barone has not yet finalized Haunted Chocolatier's gameplay systems, either. HC's reveal came alongside a lengthy FAQ, whose site has been pounded by fans' immediate interest in the new game, and it clarifies that the game revolves around "a chocolatier living in a haunted castle" who must "gather rare ingredients, make delicious chocolates, and sell them in a chocolate shop."

If that sounds pedestrian to you, you clearly haven't gotten sucked into the addictive Harvest Moon homage that is Stardew Valley, which has sold millions of copies in its six years on PC and most console families. (There's also a board game version.) Like that game, Barone suggests that HC will be an entirely self-made project (programming, art, music, and more), with outside help only coming once the game is finalized and needs help with language translations and ports to other platforms. (As of press time, Barone is only committing to a launch on PC, with other platform announcements to come later.)

Today's announcement clarifies that HC and SV look similar for intentional reasons: they're similar enough mechanically to fit into Barone's self-described "town game" genre. But the newer HC will emphasize "action-RPG" systems, and the trailer shows melee and ranged combat in an outside-of-town wilderness that potentially resembles the SNES classic Secret of Mana. The teaser also shows a number of NPC interactions that hint to a bigger objective than merely collecting ingredients and making and selling treats. (Though if that's really HC this boils down to, we'll still bite.)

Barone's rise from game-making obscurity to beloved indie icon is chronicled at length in the 2017 book Blood, Sweat, and Pixels. In the chapter devoted to Barone, reporter Jason Schreier scrutinizes Barone's stubborn dedication to endlessly refining SV, even well after its retail launch. Today, Barone admits he is still not finished developing SV, in spite of the game never receiving a paid DLC update on any of its existing platforms. Work on HC, he adds, has been ongoing over "nights and weekends" since some time in 2020. Even wackier, he admits it's not the only game concept he's been tooling around with in his spare hours, though he estimates that HC is the one he will "finish first."

Haunted Chocolatier announcement trailer.

Read Comments

Read the whole story
josephwebster
340 days ago
reply
Stardew Valley rocks. I'll have to give this a try.
Denver, CO, USA
fxer
341 days ago
reply
Bend, Oregon
DMack
341 days ago
it would be just dope as hell to strike it rich in some way or another and then have time to do creative stuff... but, failing that, i will play this chocolatier game
dreadhead
340 days ago
Well there goes another 100 hours or so I assume...
Share this story
Delete

How To Make Absolutely Giant Skeletons For Halloween

1 Comment
How To Make Absolutely Giant Skeletons For Halloween

this skeleton is probably the biggest you've seen

The post How To Make Absolutely Giant Skeletons For Halloween appeared first on Make: DIY Projects and Ideas for Makers.

Read the whole story
josephwebster
342 days ago
reply
Hey all you pikers with "lifesize" skeletons: This will totally freak the neighborhood.
Denver, CO, USA
Share this story
Delete

Pink Floyd's Young Lust – explained and demystified

2 Comments
Comments
Read the whole story
josephwebster
348 days ago
reply
Those darn mixing engineers - always chopping up a loop to fit the music.
Denver, CO, USA
JayM
348 days ago
reply
Heh. Awesome.
Atlanta, GA
Share this story
Delete
Next Page of Stories