The illegal Finiko service started operating at the end of 2017. It was positioned as an automatic profit-making system. Currently, it is represented by Cyfron FNK LTD, registered in the state of Saint Lucia (no license is required to work with cryptocurrencies).

The site in the .ru domain zone is not available. There is a working mirror of “thefiniko” (in the .com zone). The user agreements on both sites are identical. What is noteworthy is that the platform offers gaming programs that mimic investment programs. And the internal CFR token is not an official currency and has no financial value. The company does not bear any responsibility.

This approach allows Finiko to work without loss since 2017. In November 2018, the platform launched an active advertising campaign. The scammers offered to buy an apartment or a car, pay off another loan for 35% of the cost. The peak of active use of the service occurred at the end of 2019. This was accompanied by the visibility of the accrual of funds to users. However, few users were able to withdraw real funds...

There are the main signs of a financial pyramid: lack of regulation, registration in an offshore company, short life (the cost of the CFR token is close to zero), very high profitability (promised more than 200% per year), enticing and expensive website design, a lot of good reviews.

Finiko, the only known cryptocurrency, has a huge number of wallets in Bitcoin and Ethereum. The largest crypto wallet received 12099.294 BTC (almost in 2.5 years). It may have been used for trading on the stock exchange. More than 129 thousand wallets involved in the activities of the illegal service have been identified. The main large (used for receiving / sending) wallets are monitored by the services of the SICP platform.

In the darknet, there is a forum where enthusiasts are working to identify large Finiko wallets and select private keys to them. In total, Finiko attracted more than $300 million from the population (according to SICP experts, more than $400 million)!..

Analysis of recent transactions shows that the funds are withdrawn mainly on the Asian cryptocurrency exchange, managed from Russia. If you or your loved one suffered from the activities of Finiko, please contact CryptoCERT (This email address is being protected from spambots. You need JavaScript enabled to view it.).

Source: sicp.ueba.su

Saturday, 26 December 2020 12:21

ADDED CUSTODIAN XAPO CRYPTOCURRENCY WALLETS

Written by

Users of the SICP platform have access to a pool of Xapo wallet addresses for analysis, with user marks of owners (the largest received 231,834.287 BTC), which was launched in the jurisdiction of Hong Kong in 2013. Already in 2014, support for debit cards for operations with cryptocurrencies was implemented. In 2015, the headquarters was moved from the USA to Switzerland.

In August 2019, Coinbase acquired the Xapo custodian (for about $ 55 million). Thus, Xapo came under the control of Coinbase Custody, making the relatively young custodian of the crypto exchange the world's largest storage of cryptocurrencies by capitalization. Today, he holds over $ 7 billion for over 120 large clients in 14 countries.

In 2020, the company moved its operations from California to Gibraltar, which offers a regulatory framework for cryptocurrency companies. The changes in Xapo come amid litigation after the custodian was accused of circulating stolen funds…

So, according to a lawsuit filed by German citizen D. Novak, Xapo and the Indodax cryptocurrency exchange contributed to the turnover of stolen cryptocurrencies. It also reveals that Xapo holds 19.99 BTC from the stolen assets, and the Indodax exchange has 476.69 BTC.

By the end of 2020, the crypto custodian (owned by crypto exchange Coinbase) plans to restructure its business and become a digital bank. Represented by legal entities in the United States (Xapo Blockchain Limited) and Gibraltar (Xapo Gibraltar Limited) and meets the regulatory requirements for financial services, virtual asset providers, electronic money and security.

Source: Xapo

SICP experts have identified another scammer using social media to cheat. Katrina Lucas from Los Angeles adds potential victims as friends on Facebook and starts a dialogue with them about cryptocurrencies and investments. She offers them up to 50% profit in the first week by investing her bitcoins in her services. The scammer mentions the cloud mining service Coincloudhashing, but this site is not available in the .com zone.

So, one of the scammer's wallets received 4 transactions worth 0.027 BTC. Subsequently, the funds were transferred to the consolidating wallet of the illegal service (in transit, with division into parts).

Associated with the profile is a bitcoin investment company page that leads to an inaccessible site in the domain zone in Nigeria (bitcoincom). From the information it follows that the illegal investment service allegedly charges $ 50,000 for 1 bitcoin. Here are trader Jennifer Smith's contacts and reviews of active users.

One of the wallets of the illegal service received 410 transactions in the amount of 5,669,312 BTC (over a period of about 3 months). It is linked to several other major wallets in the group in question.

The second scammer's wallet was launched a few days ago. Funds are withdrawn directly to the Huobi Global crypto exchange wallet. The wallet of the exchange user took 5 transactions for 0.034 BTC, which so far contain about 100 BTC. In total, the wallet received 14 785 129 BTC.

Katrina's Facebook page is currently unavailable, and messages from the correspondence have been deleted by the scammer (please take screenshots in advance). There are no active sites on the network.

Look before you jump!

Service: sicp.ueba.su

CoinPayments payment system was launched in Estonia in 2013. The electronic wallet of the payment system is used by a large number of sellers and buyers in more than 180 countries, as the wallet supports more than 2005 tokens. The payment system received a regional license to work. However, the withdrawal function to fiat currency is not available.

Over the past 2-3 years, information has been received that cybercriminals have discovered a vulnerability that allows them to withdraw more funds than were in the account. Then the administration of the service compensated for the damage to half of the victims. Also, the site stopped working, which affected a large number of complaints from users and led to problems in investment projects of clients.

CoinPayments also supports the issuance of prepaid cards with a deposit in cryptocurrencies (over 100 types). Such cards can be used in various jurisdictions and carry significant risks of money laundering. There is an official website in the TOR network.

Source: CoinPayments

On November 25, 2020, the long-awaited 5th issue of the SOC magazine was released. Special issue project: SICP platform for tracking suspicious transactions and ensuring blockchain security.

The article says that the field of cryptocurrencies is technically more complex than traditional finance, noticeably more decentralized and less controllable. Therefore, tools are required to help the use of cryptocurrencies in a legal manner and for legitimate purposes. At the same time, the main systemic problem associated with the use of cryptocurrencies is the possibility of their use for illegal operations, in particular for the legalization of criminal income, as well as for financing prohibited activities.

Also, the services of the Russian platform are considered, the peculiarities of their functioning in the Russian realities. The most detailed descriptions of the recently launched CryptoCERT service. Combined with the threats and risks inherent in digital assets...

Source: Information Security

Magazine: ITSec.ru

Friday, 27 November 2020 18:18

FRAUDERS USE NAME OF BIG PLAYERS

Written by

On November 2, 2020, the Polymetal international investment phishing site was launched. Its contents have been copied almost entirely from the original Polymetal International website. Most of the pages were copied and modified for the needs of the attackers. However, the link in the clone logo leads to the original site.

The home page of the fake site contains information about investment packages (5 types), with a profit of 5 to 50 percent in 8 days. The same information is available in the investor's personal account after registration. Investments can only be made in bitcoins.

 

In less than a month, the scammers sold 34 packages worth about 0.19 BTC. The criminals' consolidating crypto wallet received 250 transactions at 53.44 BTC. Most of the funds are withdrawn on the Hong Kong crypto exchange Binance.

It is noteworthy that on the same hosting in Phoenix (California, USA) there is another project of Lugwise Asset Management (Lugwiseinvest). The project was launched on October 5 and is positioned as a London-based asset management firm. Although the legal address on the site is listed in San Francisco (California, USA).

Judging by the activity and the amount of funds on the associated purses of the scammers, this is not a complete list of their illegal services and projects.

If you or your loved ones have suffered at the hands of fraudsters, please send notifications to the service mailbox of the CryptoCERT service (This email address is being protected from spambots. You need JavaScript enabled to view it.).

Original: Polymetal International

Scam: Polymetal International Investment

In 5 days, the conference on Information Technology Security (BIT St. Petersburg 2020) will take place in the Northern capital. The IX meeting will be devoted to information security and cybersecurity issues, the focus of attention will be on the discussion of CII and the implementation of the requirements of 187-FZ.

By tradition, Victor Minin (Chairman of the Board of ACISO) will deliver a welcoming speech and present a plenary report for the current year. In two sections (trends, practice), leading experts in the field of cybersecurity will share their experience. Among them, Natalia Manuylova (Chief Compliance Officer SICP) - Cryptocompliance for the security of CII, Alexander Podobnykh (CISO SICP, Special Development Department of Technopark St. Petersburg) - Digital financial assets and CII subjects, as well as other respected experts.

The conference will be held on October 15, in compliance with the requirements aimed at preventing the spread of the new coronavirus infection...

Source: BIT-Aciso

Tuesday, 06 October 2020 16:44

CRYPTOCOMPARE EXCHANGE BENCHMARK JULY 2020

Written by
Published on July 10, 2020. CryptoCompare Exchange Benchmark ranks more than 165 global spot exchanges to bring transparency and accountability to the cryptoasset exchange landscape by providing a framework for assessing risk. The Benchmark assigns a AA - F grade to help identify the lowest risk venues in the industry.
 
Key Highlights
 
The analysis reveals that US exchanges retained the top spots, with Gemini ranked first. Gemini is followed by Coinbase (2), Kraken (3), itBit (4) and Bitstamp (5).
  • Lower-Tier exchanges (grades C-E) have continued to lose market share to Top-Tier exchanges (grades AA-B), quarter on quarter.
  • Top-Tier exchanges (grades AA-B) accounted for 32% of global volumes in Q4 2019. In 2020, they accounted for 36% in Q1 and 40% in Q2.
  • The top three decentralised exchanges (DEXs) based on our refined DEX methodology are Binance DEX, Switcheo, and IDEX.
Friday, 04 September 2020 18:45

BUSINESS INFORMATION SECURITY SUMMIT 2020

Written by

The Business Information Security Summit will be held at the end of September, online (September 24-25). Topic of the event: Demo version of the new reality. Information security strategy for change management. The participants of the meeting will answer questions and tell about approaches: what strategy is chosen by information security for managing change, from the VUCA world to BISSEXTUS 2020, turbulence as a springboard or a struggle for survival.

Day 1. Discussion 1. Welcome, or No unauthorized entry is allowed. Experts: Natalya Kasperskaya (President of InfoWatch Group), Alexander Malkevich (Deputy Chairman of the Commission for the Development of the Information Community, Mass Media and Mass Communications of the Public Chamber of the Russian Federation), Alexander Maslyuk (expert on HR transformation in SAP CIS), Vladimir Dubrovin (Technical Advisor on Information Security Mail.ru Group).

Discussion 2. Information security in an era of change - here and now: risks, consequences, expectations. Speakers: Dmitry Manannikov (director of corporate security at Ozon), Mona Arkhipova (co-founder and COO at sudo.su (MIRTs), Roman Bondarenko (deputy head at SB FC Pulse), Stepan Deshevykh (head of InfoWatch product development department).

Discussion 3. Security of the digital future: what are digital assets and how to protect them. Speakers: Mikhail Smirnov (director of the InfoWatch expert and analytical center), Alexander Podobnykh (independent information security expert SICP), Vladislav Pak (IT director of Stoloto).

Day 2. Round table. Regulatory requirements 2020-2021. Speakers: Artyom Sychev (First Deputy Director of the IB Department of the Bank of Russia), Vitaly Lyutikov (Deputy Director of FSTEC of Russia), Dmitry Sytin (General Director of TEK-Torg CJSC), Evgeny Tsarev (Managing Director of RTM Group), Konstantin Samatov (Director of the Center Information Security Institute of Management and Information Technologies USUE).

Also, the opinions of vendors will be presented, taking into account new approaches, and a master class on the preparation of a Disaster Recovery Plan (DRP) will be organized. Closing discussion: Who should be “shot” for the incident? Lev Paley (head of the information security department of SO UES), Vasily Okulessky (deputy head of the information security service of Vozrozhdenie bank), Sergey Sherstobitov (general director of Angara), Kirill Ermakov (CTO QIWI).

Source: BIS Summit

The European Union Agency for Law Enforcement Cooperation, or Europol, 09/10/2019 released its annual Internet Organized Crime Threat Assessment (IOCTA) report for the year. And we weren’t surprised to find that ransomware, despite its palpable decline in volume these past few months—a trend we’ve also seen and documented—remains the most prominent threat in terms of prevalence and financial damage.

While the IOCTA report talks about online threats that both consumers and businesses face on a daily basis, it also puts data at the center of it all. We rely on it—often, all too much—and criminals know this. And yet, most threat actors behind attack campaigns rely on our data to make their attacks more successful, compelling us to take action. After all, nowadays an attack that doesn’t use data against its owners wouldn’t be much of a money-earning scheme.

Threat actors can deprive organizations and individuals’ access to their own files by encrypting and holding them for ransom, such is the case for ransomware. And they can also deny the average user access to an organization’s data (and services) through Distributed Denial of Service (DDoS) attacks. According to Europol, such attacks with an extortion element in them are the most prevalent.

Data also enables other forms of online crime like fraud. Criminals are primarily after financial data, such as credit card information, online banking credentials, and cryptocurrency wallet data. They are also after personally identifiable information (PII) and other login credentials. Such data fuels other profitable, targeted attacks like business email compromise (BEC) scams, spear phishing, and account takeovers.

There is also the challenge of data overload, particularly in the realm of child sexual exploitation (CSE) crimes. The staggering amount of material online detected by law enforcement and private companies continues to increase to the point that it’s putting a strain on law enforcement resources to investigate these crimes. One contributing factor to the increase of availability of CSE material online is that more underage users are accessing and using social media, thus, criminals reach and communicate with them via these platforms.

Other IOCTA findings:

  • The IOCTA report also noted that key infection vectors are phishing and remote desktop protocol (RDP) vulnerabilities. Simple patching can address vulnerabilities. As for phishing, did you know that you can be targeted on your desktop and smart phone?
  • Organizations are growing more concerned about sabotage performed by malicious insiders.
  • Ransomware tactics have shifted, from a scattergun approach of infecting systems to a more focused and refined targeting of profitable victims. This means that ransomware proponents target those with a greater ability to pay a ransom than the average, normal user.
  • BEC is evolving. There have been campaigns wherein threat actors used malware and network intrusion.
  • Self-generated explicit material (SGEM) is on the uptick. Young children now have access to high-quality smart phones, which enables them to produce and share SGEM, either voluntarily or under coercion. The rising number of SGEM victims will likely to continue. Parents and guardians: Please talk to your kids about this, and other online risks.
  • Jackpotting, also known as black-box attacks, against ATMs are becoming more widespread and accessible due to tools like Cutlet Maker being more available on the dark web.
  • Card-not-present (CNP) fraud and skimming continue to plague financial institutions. Don’t be a victim of skimming.
  • Due to law enforcement activity and extensive DDoS attacks against hidden services, many have grown distrustful of the onion router (Tor) environment. While underground market administrators are currently exploring alternatives, a migration to a new platform will not likely happen yet.

Source: Europol

Source: Malwarebytes Labs

Page 1 of 7

About SICP

Security Intelligence Cryptocurrencies Platform - Cybersecurity infrastructure of the blockchain and antifraud in the cryptocurrency sphere. SICP - antiscam, trust, compliance.

Get In Touch

Address: Russia St. Petersburg Marshal Tukhachevsky 22

Phone: +7 (812) 983-0483

Fax: +7 (812) 983-0483

Email: sicp@ueba.su

Website: www.ueba.su

Join Our Community

Sign up to receive email for the latest information.
© 2020 SICP. All Rights Reserved.                                                                                                                                     Grant BTC 1CdD6Xk9RDZ9wyeRqq1uXkktgdaPpGpt8f

Search