Customer data of bankrupt crypto exchange FTX and lender BlockFi have been compromised due to a hack of a third-party agent, raising concerns of potential misuse of personal information, although passwords and sensitive data were unaffected.
A hacker group, suspected to be Lazarus with ties to the North Korean government, stole $37.3 million in cryptocurrency from Estonia's CoinsPaid after tricking an engineer with a fake job offer.
North Korea-linked hackers have stolen over $200 million worth of cryptocurrency this year, accounting for more than 20% of all stolen crypto, in order to fund the regime's nuclear weapons programs, according to blockchain intelligence firm TRM Labs.
Chinese hackers breached senior US officials' emails by first stealing sensitive data from a Microsoft engineer, giving them access to a cryptographic key used to break into the officials' email accounts.
The FBI has determined that the $41 million hack of crypto gambling site Stake was carried out by North Korean hackers Lazarus Group, who have stolen over $200 million in cryptocurrency this year.
Ethereum creator Vitalik Buterin's Twitter account was hacked, resulting in the theft of $691,000 from users who clicked on a malicious link and connected their wallets, raising concerns about Twitter's security and the compensation for victims.
Hackers stole over $691,000 from Ethereum founder Vitalik Buterin's followers by posting a malicious phishing link that provided access to their wallets, with the majority of the stolen value being non-fungible tokens (NFTs).
Hackers stole customer data from the loyalty program of Caesars Entertainment through a social engineering attack, highlighting cyber threats faced by the Las Vegas hospitality and casino industry; meanwhile, MGM Resorts is recovering from its own cyberattack.
Notorious North Korean hacking group Lazarus, which has been increasingly active, is responsible for five major crypto hacks in the past three months, including the recent $54 million hack of global cryptocurrency exchange CoinEx, bringing their total theft to almost $240 million in just 104 days, according to a report by blockchain surveillance firm Elliptic.
The University of Minnesota confirmed a data breach in which a hacker gained unauthorized access to sensitive information of applicants, students, and employees, including Social Security numbers and passport information, dating back to 1989.
Hong Kong-based crypto company Mixin announced that hackers breached its cloud service provider and stole approximately $200 million, leading to the temporary suspension of deposit and withdrawal services while the vulnerabilities are fixed. The company has engaged the help of Google and SlowMist to investigate the incident. The hack on Mixin is the largest theft in the crypto world this year, surpassing the previous record set by Euler, a crypto lending platform.
Genomics company 23andMe confirmed that user data was stolen through a recycled password attack, with a leaked sample containing 1 million data points being offered for purchase, although the legitimacy of the data is still being investigated.
Hackers are selling leaked user data from 23andMe accounts on the dark web, but the company claims its security systems have not been breached and the data was likely obtained from leaked usernames and passwords from other platforms.
Hackers stole and posted for sale the data of 23andMe users, using a technique called "credential stuffing" to guess logins and gather more information through an opt-in feature, with a particular focus on Ashkenazi Jews and users of Chinese descent, although the sample data has not been verified by the company.