This hasn't been the best week for WikiLeaks, to put it mildly. Coinbase has shut off the WikiLeaks Shop's account for allegedly violating the cryptocurrency exchange's terms of service. In other words, the leak site just lost its existing means of converting payments like bitcoin into conventional money. While Coinbase didn't give a specific reason (it declines to comment on specific accounts), it pointed to its legal requirement to honor "regulatory compliance mechanisms" under the US' Financial Crimes Enforcement Network. This doesn't prevent WikiLeaks from accepting cryptocurrency, but it will have to scramble to find an alternative if it wants to continue taking digital money from customers buying shirts and coffee cups.
A hacker has stolen $7.7 million worth of EOS cryptocurrency after one of the 21 maintainers of an EOS blacklist failed to do its job. The hack came to light on Saturday, February 23, in a Telegram public post by EOS42, a web-based community of EOS cryptocurrency owners. EOS42 (also known as EOS Go) said that one of its users had their EOS account compromised by a hacker on February 22. After discovering the hack, the unnamed user followed a normal security procedure that was hard-coded inside the EOS blockchain code to allow the blacklisting of malicious accounts. The procedure implied notifying the top 21 "block producers" (a term used to describe the most efficient miners of new EOS cryptocurrency) of the malicious account's EOS address.
The compromised Denarius cryptocurrency client --which node operators run on their servers to support the Denarius blockchain-- was spotted earlier today by a security researcher named Misterch0c, who alerted ZDNet. ZDNet independently confirmed the researcher's findings with the help of RiskIQ threat researcher Yonathan Klijnsma. Carsen Klock, the top dev behind the Denarius cryptocurrency, said the incident occurred because he reused an older password to secure his GitHub account. This allowed a hacker to silently access his GitHub account and upload a backdoored version of the Denarius Window client --version 3.3.6, According to Misterch0c and Klijnsma, this file (VirusTotal link) was a modified Denarius client installer that installed a version of the AZORult malware.