Major Indian Bitcoin Exchange Unocoin Offline After Discovering Major Security Flaw

Unocoin, an industry leader among India’s bitcoin exchanges, went offline on Monday night following the discovery of a serious security vulnerability. Also Read: Indian Bitcoin Adoption Responds to Government Signalling for Regulation The Vulnerabilities Have Surfaced Just Weeks After a Unocoin Customer’s Account Was Hacked Major Indian bitcoin exchange, Unocoin, went offline late Monday night

The post Major Indian Bitcoin Exchange Unocoin Offline After Discovering Major Security Flaw appeared first on Bitcoin News.

Unocoin, an industry leader among India’s bitcoin exchanges, went offline on Monday night following the discovery of a serious security vulnerability.

Also Read: Indian Bitcoin Adoption Responds to Government Signalling for Regulation

The Vulnerabilities Have Surfaced Just Weeks After a Unocoin Customer’s Account Was Hacked

Major Indian bitcoin exchange, Unocoin, went offline late Monday night following the discovering of a significant security flaw. Unocoin CEO and co-founder, Sathvik Vishwanath, is anticipating that Unocoin will return to regular operations by the “end of day Tuesday”. “We identified that there was an issue with the way the files were being stored and are resolving that part. We are also moving the servers to a more secure location,” Vishwanath told the Economic Times India in a recent interview.

The company has stressed that all customer funds are safe, but has mandated that users change passwords upon logging into their accounts. Technical specifications pertaining to the security vulnerability and its discovery have not been publicly disclosed.

The vulnerabilities have surfaced just weeks after a data scientist from Bengaluru had his Unocoin account hacked. The hacking victim, who concealed his identity, reported that upon logging into his account, he immediately received an email with a link for a password reset, and then an email confirming that his password had been changed.

Many Are Speculating That the Discovered Vulnerabilities May Have Been Linked to the Customer’s Account Getting Hacked

Upon realizing that his account was being hacked, the individual then became aware that two transactions had been initiated moving approximately 0.3 and 0.4 bitcoin from his account. The data scientist quickly sent an email to Unocoin, before driving to their local Bengaluru headquarters. Unocoin was able to lock his account and prevent a third unauthorized transaction from occurring, but unfortunately had already processed the first two transactions.

Major Indian Bitcoin Exchange Unocoin Offline After Discovering Major Security Flaw

Many within the cryptocurrency community are speculating that the vulnerabilities discovered by Unocoin may have been exploited by those who hacked the data scientist’s account, although Unocoin has not made a statement addressing said speculation.

Unocoin has seen an increase in transactions, account verification requests and customer support queries following the increased media exposure of bitcoin heading into June. Along with the increase in customer base, Unocoin has also seen an increase in reported wallet hacks – with the company claiming that it saw nine cases last month, more than double the monthly average of just 3 or 4. As a precautionary measure, the company has temporarily reduced its automatic transaction approval threshold to 0.1btc, as opposed to the normal limit at 0.5btc.

Have you ever had your wallet hacked? Share your experience in the comments section below!


Images courtesy of Shutterstock and Unocoin


Need to calculate your bitcoin holdings? Check our tools section.

The post Major Indian Bitcoin Exchange Unocoin Offline After Discovering Major Security Flaw appeared first on Bitcoin News.

Shifr Ransomware-as-a-Service Portal Only Takes a 10% Cut From Every Payment

TheMerkle Shifr RaaSThe world has seen multiple ransomware-as-a-service tools over the past months. Even though one could argue the market is on the brink of getting saturated, that does not appear to be the case. More specifically, a new RaaS variant has been discovered, which goes by the name of Shifr. As is to be expected, this portal lets anyone create their own ransomware strain regardless of previous technical background. Shifr RaaS Is a Cause for Concern Finding even more convenient ways for criminals to create new types of ransomware is never positive under any circumstances. We have seen an influx of

TheMerkle Shifr RaaS

The world has seen multiple ransomware-as-a-service tools over the past months. Even though one could argue the market is on the brink of getting saturated, that does not appear to be the case. More specifically, a new RaaS variant has been discovered, which goes by the name of Shifr. As is to be expected, this portal lets anyone create their own ransomware strain regardless of previous technical background.

Shifr RaaS Is a Cause for Concern

Finding even more convenient ways for criminals to create new types of ransomware is never positive under any circumstances. We have seen an influx of ransomware types over the past few years already. It appears this situation will only grow worse over time, as a new ransomware-as–a-service portal has been discovered. This particular project goes by the name of Shifr, and succeeds in lowering the barrier to entry for aspiring cybercriminals.

More specifically, one could argue a three-year-old could use Shifr and create their own type of ransomware within minutes. That is not a positive development by any means. The last thing we need is more convenient ways for criminals to create new types of ransomware regardless of their coding experience. Although it is not uncommon for RaaS services to lower the barriers to entry, Shifr seems to take things to a whole new level right now.

It is also worth mentioning any type of ransomware developed through this portal is written in the Go language. In most cases, Go would not necessarily be the programming language of choice for ransomware, but it is a language most people can pick up with relative ease. This also means aspiring developers should be able to make modifications to their creations with relative ease.

Accessing the Shifr portal can only be done through the darknet, which will not come as a surprise to anyone. Do keep in mind interested parties will need a Bitcoin address, as this address will be used to collect payments from ransomware victims. It also appears the Shifr developers will take a 10% cut of all profits generated by ransomware developed on this platform. That is a fair amount, and one most criminals will not mind paying whatsoever.

As is to be expected from a RaaS portal, the customers can determine how large their ransom demand needs to be. Smaller amounts will often result in more payments, albeit some developers could get away with asking a large sum. We recently saw a Korean web hosting service provider pay $1m worth of Bitcoin to get rid of a ransomware attack. Those types of payments are rather an exception, but it is still something most aspiring developers would hope to replicate.

The bigger question is whether or not Shifr is a scam or not. The service is very cheap, doesn’t hide its tracks all that well, and the ransomware strains it can create are not overly sophisticated either. Most of these RaaS portals are potential scams, since they know the owner’s Bitcoin address. Moreover, platforms like these often collect payments first and foremost, and then forward the remainder to the customer.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.