Encrypted currency trading platform encountered Log4Shell (CVE-2021–44228) vulnerability attack and refused to pay 5 million ransom

lunaray
1 min readJan 5, 2022

--

Our Intelligence Team reported that ONUS, Vietnam’s largest cryptocurrency trading platform, was running a vulnerable Log4j version of its payment system that suffered a cyber attack. The attackers demanded that ONUS pay a ransom of 5 million U.S. dollars and threatened to publish user data.
The attackers demanded that ONUS be required to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market. The attacker claimed to have 395 ONUS database tables containing customer personal data and hashed passwords. The sample data includes the customer’s ID card image, passport, and video clips submitted by the customer during the KYC process.
Lunaray security team reminds everyone to pay attention to the protection of assets and information to avoid damage.

Log4j
Cve 2021 44228
Cryptocurrency
Ransom
Kyc

--

--

lunaray

Written by lunaray

201 Followers

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from lunaray

See all from lunaray

Recommended from Medium

Lists

Modern Marketing

33 stories139 saves

Generative AI Recommended Reading

52 stories244 saves
A search field with results below. In the background are book covers.

Now in AI: Handpicked by Better Programming

266 stories153 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams