Encrypted currency trading platform encountered Log4Shell (CVE-2021–44228) vulnerability attack and refused to pay 5 million ransom

Our Intelligence Team reported that ONUS, Vietnam’s largest cryptocurrency trading platform, was running a vulnerable Log4j version of its payment system that suffered a cyber attack. The attackers demanded that ONUS pay a ransom of 5 million U.S. dollars and threatened to publish user data.
The attackers demanded that ONUS be required to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market. The attacker claimed to have 395 ONUS database tables containing customer personal data and hashed passwords. The sample data includes the customer’s ID card image, passport, and video clips submitted by the customer during the KYC process.
Lunaray security team reminds everyone to pay attention to the protection of assets and information to avoid damage.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.