$610 million worth of crypto tokens was returned to Poly Network in exchange for a $500k bounty and a job offer to the purported white hat hacker. In other cyber security news, AT&T contests claims of a data breach affecting 70 million customers, though independent researchers say the leaked info appears valid.
BEC Scammers take millions from Peterborough, New Hampshire
Over the summer, it was discovered that several financial transfers from the City of Peterborough, New Hampshire were directed to an unauthorized bank account. While investigating a $1.2 million bank transfer that was not received by the local school district, officials also found that several contractors for a recent bridge project had also not been paid. It is believed that scammers sent multiple fraudulent emails to the city, impersonating various construction companies to identify high-value transactions. From there, they were able to route the high payments to their own accounts.
Bounty paid to Poly Network hacker
Following the largest theft of cryptocurrency to date, the hacker has since worked with the victim, Poly Network, to return the $610 million worth of stolen tokens. The hacker claims they acted solely to prove a point about security and always intended to give the stolen funds back. In exchange for returning the funds, the hacker gained a $500k bounty from Poly Network and a job offer to join their security team. Up to this point, the previous largest heist was of $538.4 million, taken from a Japanese cryptocurrency exchange.
Medical IV vulnerability found and fixed
Researchers have been working with medical manufacturer B. Braun to identify and resolve a vulnerability in some medical IV pump devices that could allow for remote attackers to alter dosages for patients. The vulnerability rests on the device not requiring proper authentication when receiving new or updated commands. Fortunately, this vulnerability has been resolved after several crucial changes.
70 million customers involved in possible AT&T data breach
Shortly after a known hacker group claimed they stole data on over 70 million AT&T customers, officials for the telecom company released a statement saying the hacker’s claim is fraudulent. While several third-party researchers have noted that the leaked info appears to be valid, the hacker hasn’t yet revealed how or when they obtained the data trove. Despite AT&T’s claims, the hackers remain confident that they have a high-value commodity.
Conti ransomware targets SAC Wireless
The Conti ransomware group posted over 250GB of stolen data from SAC Wireless, following an initial attack and data encryption on June 16. They state they are ready to leak all their remaining stolen data if the ransom isn’t paid on time. SAC has already started working to better secure their own systems, and though they haven’t confirmed the use of ransomware in their cyber-security incident, the Conti group aren’t being shy about the role they played.