If you have been reading the security news, you will no doubt have seen the enormous crypto-asset heist from Chinese Blockchain outfit Poly. Initially relieving them of about $600 million worth of crypto goodies 2 weeks ago.
There have been many interesting reports of coins being returned, then not returned, reward and job offers. It is a truly intriguing story which we will attempt to summarise and hypothesise what might really be going on.
On the 9th/10th of August Poly announced that the $600 million had been swiped by a Hacker they dubbed ‘Mr White Hat’, presumably either attempting to flatter or after initial communications.
Customers of Poly including services like Tether which converts blockchain assets into real monies froze assets to stop conversion by the perp.
Poly pleaded with the mysterious hacker to return the funds or face the wrath of not only Law Enforcement in pretty much every country in the world, but also ‘the community’ who use Bitcoins. If ever there was a ‘swimming with the fishes’ backhand threat, that is up there.
And so it came to pass that Mr White began returning bunches of coins. A casual $200 million here, $300m there. You get the picture. At this point, many beady eyes on sage old heads started looking deeper into this matter having smelt the whiff of the male cow ordure. Some very cynical observations were made. Well worth a read.
It was then reported that Poly had offered Señor Hacker $500 million for ‘helping improve security’. This was followed more bizarrely by ‘cordially inviting Herr White to be Poly’s Chief Security Advisor’. That offer really is worth reading and will no doubt spur on a generation of script-kiddies.
Now, we don’t know about you, but if we had (perish the thought), pulled off the largest ever digital heist from a Chinese business, the last thing we would want to do was to perpetuate a relationship that might lead to our identification, swiftly followed by the aforementioned swim.
The best human readable write up we have found about the whole thing is in The Irish Times.
But that it seems not the end of it. Today it has been reported that Monsieur Hacker is demanding that $33 Million of stable coins are unfrozen, which is more like it – when compared with the slightly unbelievable, or at least fraught with risk, Poly suggested alternatives. $33 million is very much easier to hide, isn’t it?
If you have picked up on the fact that Spidey Senses at Tiberium HQ are tingling, you would be right. Watch this space.
We have been talking about ‘hybrid working’ (including announcements from Microsoft, Cisco, all the big players), ‘zero trust’ and ‘password-less access’ for some time now and a couple of announcements this week got our attention.
The first is that GitHub has, as it announced in April 2021, stopped accepting passwords for authentication ‘too easy to steal etc.’, demanding token/two factor instead. With so many repositories being the source of supply chain attack and malice, this can only be a good thing and will no doubt become standard in the repository game. Hopefully, this will be the way online authentication is performed, everywhere, as we hoped and still do.
Promising to keep your data safe from the scourge and cost of ransomware, this can only be a good thing. Tiberium will be looking at the proposed integration with Azure and supporting the technology in our managed security service products, FROST and MYTHIC.
Tiberium’s Managed Security Services already configure your systems to best practice, significantly reducing the risk of a ransomware event. We also detect and automatically protect you in the event of a successful infiltration for the majority of incidents. Powered by Azure Sentinel and other elements of the Microsoft stack, and collaborating using Teams, this is well worth a gander.
We would very much like to show you our warez. Please contact us for a chat, a demo or if we can help you.
Now the song.
Polly is by Nirvana. The first line is ‘Polly wants a cracker’. You couldn’t make this stuff up.