CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them. The companies behind the ATMs, at best, do not care about the harm they cause; the profits are just too good.

Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: > Bybit officials disclosed the theft of more than 400,000 ethereum and staked > ethereum coins just hours after it occurred. The notification said the digital > loot had been stored in a “Multisig Cold Wallet” when, somehow, it was > transferred to one of the exchange’s hot wallets. From there, the > cryptocurrency was transferred out of Bybit altogether and into wallets > controlled by the unknown attackers. > > […] > > …a subsequent investigation by Safe found no signs of unauthorized access to > its infrastructure, no compromises of other Safe wallets, and no obvious > vulnerabilities in the Safe codebase. As investigators continued to dig in, > they finally settled on the true cause. Bybit ultimately said that the > fraudulent transaction was “manipulated by a sophisticated attack that altered > the smart contract logic and masked the signing interface, enabling the > attacker to gain control of the ETH Cold Wallet.”...

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post.

The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.