Bittrex bans North Korea, Iran, Syria, Cuba, Crimea clients from exchange

The ban kicks in March 9th, but some say their accounts—and their funds have already been frozen without a heads-up.

Last year, the US signed into law the politically controversial bill titled, “Countering America’s Adversaries through Sanctions Act,” which aims “to provide congressional review and to counter aggression by the Governments of Iran, the Russian Federation, and North Korea.” Under the bill, as part of “combating terrorism and illicit financing, accounts belonging to citizens and residents of North Korea, Iran, and the Crimean region of Ukraine will be added to the restricted territories list banned from accessing US finance services—including cryptocurrency exchanges.

While Cuba was not part of this new bill, a series of embargoes has been imposed against the country for decades, starting in 1958 with succeeding broader sanctions stretching to this day. Similarly, the US has enforced sanctions against Syria since 1979, labelling the country as a “state sponsor of terror.” And the same ban applies to citizens and residents of the two countries.

To comply with the new bill, Bittrex has released a revised terms of service document.

“You may not use the Services if you are located in, or a citizen or resident of any state, country, territory or other jurisdiction that is embargoed by the United States or where your use of the Services would be illegal or otherwise violate any applicable law. You represent and warrant that you are not a citizen or resident of any such jurisdiction and that you will not use any Services while located in any such jurisdiction. You also may not use the Services if you are located in, or a citizen or resident of, any other jurisdiction where Bittrex has determined, at its discretion, to prohibit use of the Services. Bittrex may implement controls to restrict access to the Services from any jurisdiction prohibited pursuant to this Section 2.2. You will comply with this Section 2.2, even if Bittrex’s methods to prevent use of the Services are not effective or can be bypassed,” Bittrex wrote on their website.

The embargo would supposedly start on March 9. But some users are saying that Bittrex started freezing accounts since last year—along with the funds in them. Complaints claim that shortly after the bill was signed last year, the exchange closed down thousands of accounts belonging to Iranians, Indians, Pakistani, Russian, Syrian, Turkish nationals, as well as some from American, French, and German nationals without a proper heads-up. And worse, no recourse was provided to users on how they can take out their funds from the exchange before they were closed.

In December last year, in an article by news.Bitcoin.com, Yasser Ahmadi of Lioncomputer says Bittrex failed to give Iranians a proper exit from the exchange, and has been ignoring support tickets from locked out users.

“We’re having difficulties for a long time now, it started around two years ago. Poloniex and Bitfinex announced that Iranian users should withdraw their funds and leave the exchange and now we’re having trouble with Bittrex. Bittrex started closing Iranian accounts without any heads up or announcements from Oct 12 and haven’t responded to our support tickets and emails since.”

Ahmadi added that the bill was a political manipulation and a violation of Bitcoin and the blockchain’s principle.

“I think Bitcoin should not be limited by the regulation process and that’s exactly what the United States is doing. They’re using the fluidity of bitcoin to control the needs of people around the world and reach their own political interests – that is not what bitcoin and blockchain is about, it’s against the spirit of this system.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korea pins 2017 crypto theft on North’s hackers

Despite being set back by heavy regulation and privacy fines from its government, South Korean exchanges continue to operate and accommodate the increasing number of cryptocurrency users in the country. In Reuters report, South Korean intelligence officials accused North Korean hackers of infiltrating its exchanges and stealing cryptocurrency worth billions of won in 2017.

Kim Byung-kee, member of South Korea’s parliamentary intelligence committee, was quoted saying, “North Korea sent emails that could hack into cryptocurrency exchanges and their customers’ private information and stole (cryptocurrency) worth billions of won.” The government official did not disclose which South Korean exchanges were hacked.

With the rise of digital currency initiatives around the world, North Korea has been reported to have been covertly developing and mining a rival cryptocurrency in a bid to bolster its economy with the technology amid heavy international sanctions. According to the South Korean government’s intelligence agency, North Korea has continued to engage in related cybercrime attacks, with mounting evidence pointing to a specific unit called “Lazarus.”

North Korea’s offensives in cyberspace is escalating, according to cybersecurity experts. Information security firm Recorded Future said North Korea has engaged in hacking offensives in late 2017 right before the North-South dialogue began.

The backdoor malware employed in the exchange attacks were used against Sony Pictures Entertainment (2014) and the first WannaCry ransomware victims in February 2017. The hacking unit responsible for these methods has been identified as the “Lazarus” group, after affinities in code execution and malware infrastructure were noted to be indicative of a certain manner of intrusion.

The group has also been identified by security firm Symantec as the unit responsible for other financially-related cybercrimes, linking it to an attack to a bank in the Philippines in 2016, a theft of at least $81 million from the Bangladesh central bank, as well as an attempt to steal over a million U.S. dollars from Vietnam’s Tien Phong Bank in 2015.

Kim said the Lazarus group primarily used phishing campaigns to propagate its malware, socially engineering its targets and luring them into its propaganda. The campaigns specifically targeted South Korean college students interested in foreign affairs, or other South Korean citizens researching about North Korea’s history and politics.

In an analysis by infosec research firm AlienVault, an app compiled on the Christmas Eve of 2017 was found to be an installer for cryptocurrency mining software. The application mined Monero and sent all of its profits to Kim Il Sung University in Pyongyang, North Korea. AlienVault notes that the file is likely based on software called xmrig, adding that the app’s internal password indicated as “KJU” might be a possible reference to Kim Jong-un, North Korea’s leader since 2011.

In a tweet by Simon Choi, director of South Korean security solutions company Hauri, a zero-day vulnerability based on Adobe’s Flash Player was found to be hidden in the infected files. The vulnerability is present in Adobe Flash versions 28.0.0.137 and earlier. The flaw allows attackers to perform remote code execution on most operating systems. Here’s a hash of the incident response  for full reference.

With these threats posing risks for South Korean cryptocurrency investors and exchanges, Kim said the government was “doing its best” to protect the interests of its people. As security flaws are continually discovered by researchers and security analysts, threats like North Korea’s Lazarus hacking unit will continue to exploit and steal from different cryptocurrency exchanges. For users of leading cryptocurrencies like Bitcoin Cash, it’s best to adhere to best practices in crypto security such as making use of hardware wallets that support Bitcoin Cash, keeping up-to-date with standard address formats, and actively monitoring where funds originate from and where they go.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

South Korean exchanges blame North Korea for recent crypto-heists

North Korea is making its mark on the cryptocurrency sphere, and in a nefarious way.

Last Tuesday, South Korean exchange Youbit suffered their second hacking for the year, losing 17% of its total assets and ultimately declaring bankruptcy.

Being only one of several exchange heists recently, cybersecurity firm CrowdStrike’s CEO George Kurtz told CNBC that this recent robbery of Youbit, along with that of Bithumb in July were all perpetrated by North Korean hackers.

In an interview with CNBC, Kurtz says North Korea’s threat in the cryptocurrency space is something to be taken seriously.

“I certainly think it highlights the capabilities that North Korea has in cyber… It’s something a lot of companies should be concerned about, particularly those companies that are dealing in Bitcoin and cryptocurrencies,” he said.

Kurtz isn’t the only cybersecurity expert pointing fingers at North Korea for cryptocurrency heists. Earlier this week, SecureWorks senior security researcher Rafe Pilling issued a warning about a fake job advert targeting cryptocurrency industry professionals through email—a seemingly harmless Microsoft Word attachment triggers the installation of a Remote Access Trojan (RAT) that snoops around the victim’s system to assess if it’s worth looting before installing additional malware to aid the robbery. The attack was attributed to the Lazarus Group—the same group said to be responsible for the WannaCry ransomware, which blackmails users into depositing cryptocurrency tokens lest their files be wiped or publicized, as well as a botched attempt on a $1 billion loot from the Bangladesh Central Bank.

According to Pilling, this attack also originates from North Korea and is highly likely “state-sponsored” considering the fact that such an operation will not go unnoticed in the tightly controlled rogue state—making it highly probable that the spearphishing campaign had at least a certain level of approval from the government.

In an article, FireEye senior cyber threat intelligence analyst Luke McNamara outlines incidents of suspicious activity observed from North Korea which they began observing in 2016. McNamara says that North Korea’s monopoly of criminality in the cryptocurrency space, however, may probably be short-lived, and they might soon have to compete with even more groups with similar intentions.

“…it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise. While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” he concluded.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.