Encrypted currency trading platform encountered Log4Shell (CVE-2021–44228) vulnerability attack and refused to pay 5 million ransom

Our Intelligence Team reported that ONUS, Vietnam’s largest cryptocurrency trading platform, was running a vulnerable Log4j version of its payment system that suffered a cyber attack. The attackers demanded that ONUS pay a ransom of 5 million U.S. dollars and threatened to publish user data.
The attackers demanded that ONUS be required to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market. The attacker claimed to have 395 ONUS database tables containing customer personal data and hashed passwords. The sample data includes the customer’s ID card image, passport, and video clips submitted by the customer during the KYC process.
Lunaray security team reminds everyone to pay attention to the protection of assets and information to avoid damage.

--

--

--

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Canon Mp250 Ink Reset Software

{UPDATE} CirQuiz Hack Free Resources Generator

Fortress Announcement (2022.1.11)

Just Social: A Social Media Revolution by NuGenesis

What is Penetration Testing?

Cyberthreats listed as one of the biggest Global Risks for 2022 — here’s what can you do to help?

How To Scan Multiple Organizations With Shodan and Golang (OSINT)

Introducing SpinADA : First IDO on Cardence platfrom

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
lunaray

lunaray

Lunaray takes a leading position in smart contract auditing and consulting service for blockchain security.

More from Medium

Lunaray Security Scan Report

Knownsec Blockchain Lab | meter.io attack analysis

Fairyproof’s Review of Risks Associated with the Recently Airdropped Tokens

Blockchain Security — Blockchain Roadmap