Infosec Round-Up Aug 27th

Play Video

Bug Bounty, Crypto Heist & $2.3 Million BEC Scam

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

$500,000 Bug Bounty

The hacker responsible for the recent Poly Network hack, has been gifted $500k following the return of over $600 million worth of digital currency.

With the incident occurring on the 10th of August, it was not originally known by the company that the funds would be repaid, though in light of its return, the Chinese-based blockchain network has stated no intention of holding the hacker legally accountable – even going as far to offer him a role as Chief Security Advisor.

The hacker, known only as ‘Mr. White Hat’, received the half a million dollar “thank you” without publicly responding to the job offer, nor providing any comment on the bounty.

Whether the decision to return the funds was motivated by claims of the security company SlowMist that it had tracked the hacker’s email and IP addresses, is unknown, though many remain sceptical.

In a public statement, Poly Network explained, “At this point, Poly Network has completed the recovery of all affected user assets… Other advanced functions will be gradually restored to the Poly Network after completing the necessary security requirements.”

Japanese Crypto Heist

The Japanese cryptocurrency exchange Liquid has been attacked by cyber criminals, reportedly loosing almost $100 million worth of tokens in the incident.

First announcing the loss late last week, Liquid was founded in 2014, operates in over 100 countries, and is one of the world’s top 20 exchanges by daily trading volume.

Having assured customers that there will be no impact to user balances, the funds were stolen from so-called ‘hot-wallets’, digital accounts which, contrary to ‘cold-wallets’, are usually based online and are designed to allow users easier access to their assets.

Additionally noting that no personal data is believed to have been compromised during the attack, the incident comes hot on the heels of the much publicised Poly Network hack.

In a public announcement, the organisation has stated: “Deeper investigation into the attack and the identification of the responsible parties is ongoing. We are in contact with the relevant authorities in both Japan and Singapore regarding the incident.”

$2.3 Million BEC Scam

A US town has lost around $2.3 million after Business Email Compromise (BEC) scammers managed to intercept several bank transfers with forged documents.

Affecting Peterborough, a small New Hampshire town, the increasingly common form of social engineering attack was discovered late last month when the ConVal School District notified the town’s finance department that a $1.2 million monthly transfer had not been received.

Discovering several weeks later that two other bank transfers had been misdirected, with total losses rising to $2.3 million, officials have stated that they do not believe funds will be recovered given the sophistication of the attack and that it originated from overseas.

In a public statement the town noted: “The U.S. Secret Service Cyber Fraud Task Force immediately began tracing the funds through transactions that ultimately converted them to cryptocurrency.”

Adding, “These criminals were very sophisticated and took advantage of the transparent nature of public sector work to identify the most valuable transactions and focus their actions on diverting those transfers.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


Infosec Round-Up Aug 20th

Infosec Round-Up Aug 20th - Hut Six

48 million T-Mobile customers' data breached. Secret 'no-fly' list exposed on internet. Brazil Government hit with another ransomware attack.

Infosec Round-Up Aug 13th

Infosec Round-Up Aug 13th - Hut Six

Apple responds to CSAM scanning criticism. Crypto hacker returns over $300 million worth of tokens. Crytek game developer confirms data leak hack.

Infosec Round-Up Aug 6th

Infosec Round-Up Aug 6th - Hut Six

Zoom to pay $86 million on privacy lawsuit. LockBit 2.0 cyber criminals recruiting insider threats. Isle of Wight schools hit with ransomware attack.

InfoSec Round-Up July 30th

InfoSec Round-Up July 30th - Hut Six

Israeli government raids NSO Group offices. Biden warns cyber breach could lead to "hot-war". Irish DoH data leak.

InfoSec Round-Up July 23th

InfoSec Round-Up July 23th - Hut Six

NSO responds to international criticism. Saudi Aramco hacked for a second time. Chinese government denies involvement with Microsoft Hack.

InfoSec Round-Up July 16th

InfoSec Round-Up July 16th - Hut Six

UK Police seize £180 million in money laundering investigation. REvil ransomware website mysteriously disappears. Iran targets British academics in phishing attack.

InfoSec Round-Up July 2nd

InfoSec Round-Up July 2nd - Hut Six

Member of public finds Ministry of Defence (MoD) documents. Salvation Army loses data in cyber attack. Denmark's Central Bank affected by SolarWinds hack.

InfoSec Round-Up June 25th

InfoSec Round-Up June 25th - Hut Six

Prolific phishing scammer arrested for 25k SMS messages. Scotland's EPA announces 4 thousand files were stolen. Security icon John McAfee found dead.

InfoSec Round-Up June 11th

InfoSec Round-Up June 11th - Hut Six

New York Time, the Guardian, Reddit and more unavailable. JBS pays $11 million ransom to attackers. FBI created fake end-to-end encrypted chat app.

InfoSec Round-Up June 4th

InfoSec Round-Up June 4th - Hut Six

Meat Supplier JBS grinds to a halt. The ICO fines Conservatives £10K. Swedish Public Health Agency hacked.