Week 30, 2019

QuickBit | YouHodler | FumbleChain | Kraken

This week had several data leak incidents involving millions of records by two cryptocurrency companies - QuickBit and YouHodler. Leaked data included credit card numbers, names, wallet addresses, and other PII. On a more positive side, Kudelski Security released a blockchain security wargame called FumbleChain and What Bitcoin Did podcast hosted an interesting interview with Kraken’s CISO.

Hacks:

  • Stock market listed cryptocurrency retailer QuickBit exposes over 300,000 records - More than 300 thousand records were leaked from a Swedish cryptocurrency exchange, QuickBit. The leak included customer names, payment data, date of birth, and other sensitive data. The exposed MongoDB database was originally mapped by Shodan on June 28th and locked down 5 days later after a notification by Comparitech and Bob Diachenko.

  • YouHodler Breach Exposes Data for Thousands of Cryptocurrency Users - 86 million records were exposed by a cryptocurrency lender, YouHodler. Exposed data contained names, credit card numbers, banking details, wallet addresses, and other sensitive information. The leak was discovered by security researchers at vpnMentor as part of their project to search for open databases on the Internet. YouHodler has closed database access within 24 hours after being notified.

Research:

Media:

  • Nicholas Percoco on Defending the Crypto Honeypot - an interesting interview with a Kraken CISO on different threats in the cryptocurrency ecosystem, shares some details on how Kraken defends its users and employees. Nicholas has a particularly fun background coming from early hacking, doing security research at SpiderLabs, and being a part of the “I am the Cavalry” movement.

Malware:

See you all next week in another edition of Blockchain Threat Intelligence!