Monero Project admits thieves stole $437k in mystery breach
www.theregister.com
It's the latest in a string of unusual wallet-draining attacks that began in April
  • HurlingDurling@lemm.eeEnglish
    214·
    11 months ago

    I’m just making a wild guess, but it was probably the North Korean Cyberattack Force. They have been behind some of the largest crypto heists before in order to get clams in the goverments coffers.

    The blockchain analytics provider attributed the attack to the North Korean state-sponsored Lazarus Group, which it says has stolen more than $2 billion across several heists.

    ( ͡° ͜ʖ ͡°) Nailed it

  • AutoTL;DR@lemmings.worldBEnglish
    2·
    11 months ago

    This is the best summary I could come up with:

    The project’s maintainers have “taken additional precautions” to secure the other wallets associated with Monero, such as enabling multisig so more than one individual is required to sign off on any given transaction.

    In response to the attack, Atomic Wallet contacted victims to gather information about their setups in an attempt to determine the source of the breach, but has not yet publicized its findings.

    In October, Atomic Wallet revealed it was able to work with leading cryptocurrency exchanges to freeze $2 million in stolen funds related to the earlier incident.

    Tracking the wallet-draining attacks, Taylor Monahan, lead product manager/owner at cryptocurrency wallet software company MetaMask, said the profile of victims “is the most striking thing” and they’re all “reasonably secure” and reputable organizations.

    There is a wide diversity of cryptocurrencies and blockchains that have been successfully targeted, including Bitcoin, Monero, and Ethereum, and wallets with seed lengths of 12 and 24 words have both been breached.

    LastPass CEO Karim Toubba told The Register that there is no current evidence linking the company’s breach to the ongoing wallet-draining attacks.

    The original article contains 863 words, the summary contains 179 words. Saved 79%. I’m a bot and I’m open source!

  • Saki@monero.townEnglish
    0·
    11 months ago

    The linked article (and so AutoTL;DR) is not very accurate. If you’re interested in this incident, read the original post, which is short and compact. General media articles are only quoting or re-quoting this thread, typically with some misunderstanding.

    Specifically (about this post): Among other things, multisig is only suggested; nothing has been decided yet.

    Generally (in many similar articles): Probably a specific local machine was hacked, though no one really knows yet what happened. It’s unlikely that the Monero network itself was hacked.

    Since I’m a Monero supporter, obviously I tend to say good things about it, but frankly, the ironical fact here is, Monero is so privacy-focused that when something like this happens, it’s difficult to identify the attacker—i.e. by design Monero also protects the identity of the attacker. Some Monero users are having this weird, paradoxical feeling: it would be nice if we could catch this evil attacker, but being able to catch the attacker would be in a way very bad news for Monero (if you know what I mean) 😕

    • KᑌᔕᕼIᗩ@lemmy.mlEnglish
      0·
      11 months ago

      I used to be an old school supporter of cryptocurrency too, until that is when the scammers got their mitts into it and it went from a funny little technical hobby worth nothing to an overinflated shitfight that’s robbed many people of their life savings.

      Honestly, the entire cryptocurrency ecosystem is a parody of its former self and nothing the original inventors of it wanted it to become.

      • Saki@monero.townEnglish
        0·
        11 months ago

        Exactly, except not “the entire”, but “almost entire”?

        Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

        For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

        • KᑌᔕᕼIᗩ@lemmy.mlEnglish
          0·
          11 months ago

          I know exactly what Monaro is and you’re not looking at it objectively but as a holder and fan. But that’s okay I guess, as long as you’re not involved in the scams and just like it for what it is. However, you sound a lot like someone preaching about some religion to others and you should be aware of that.

          • Saki@monero.townEnglish
            1·
            11 months ago

            Sorry if I sounded unpleasant. I’m not holding Monero, I actually use it (just like one may use Paypal), is all. Still, as you can see I’m from Monero.town, so obviously I’m a fan. Guilty as charged!

            I’ve actually been “preaching” about privacy to my friends, but they’re typically like “Google is fine. I have nothing to hide.” Or about PGP (in vain). But I wouldn’t preach about (recommend) the privacy coin to regular people. Like you pointed out, it’s controversial and risky. As a long time user, I know too well about both sides of this.

    • brambledog@lemmy.todayEnglish
      01·
      11 months ago

      As you yourself out it, the issue with monero is that it is designed to protect attackers.

  • Flying Squid@lemmy.worldEnglish
    510·
    11 months ago

    Someone had imaginary money on a computer and someone else stole the imaginary money and that’s bad because the imaginary money has value in real money and I hate this timeline.

    • jarfil@lemmy.worldEnglish
      8·
      11 months ago

      Someone had real gold in their coffer full of gold coins, then someone convinced them that credit written down as a number on some slips of paper had the same value, that they could trust the bank’s computers with keeping track of the total value, and everyone clapped.

      • Flying Squid@lemmy.worldEnglish
        53·
        11 months ago

        Banks are usually backed by federal governments, which can control trade. I’d say that’s a huge difference. Money deposited in banks is also often the product of skill or labor. It takes neither to generate crypto. I feel sorry for whoever lost their money, but right now, this is a get-rich-quick scheme for most people involved in it.

        • jarfil@lemmy.worldEnglish
          72·
          11 months ago

          Banks are allowed to use fractional reserve to lend several times more than they are required to warrant themselves, governments only force banks to have an entity who will pinky swear to write down up to a certain amount in everyone’s accounts in case the banks can’t. Neither skill nor labor produce money, central banks produce money as a loan with a repayment obligation, skill and labor only shift around the fractional obligations created by banks from thin air. Crypto is actually generated as an effect of the skill and labor required to secure its own ledger. People use golf courses to claim carbon offsets they sell in get-rich-quick schemes, or stamp collections, or digital collectibles, or natural gas extraction plants, or a thousand other schemes; everything can be, and is being used to scam someone somewhere at every moment, doesn’t mean everything is a scam.

        • Linkerbaan@lemmy.worldEnglish
          42·
          11 months ago

          Banks are a giant scam. Have you learned nothing from 2008? It’s not that long ago.

          Your fiat money is way faker than crypto.

    • fosforus@sopuli.xyzEnglish
      5·
      11 months ago

      Well, it’s Monero. It has clear value in buying drugs safely. Almost all darknet sites support it… I’ve been told.