Your Tech Story

Hacked

BlockTower Investment Firm Suffers Losses in Major Crypto Hack

BlockTower Investment Firm Suffers Losses in Major Crypto Hack

In a troubling development for the cryptocurrency industry, BlockTower Capital, a prominent investment firm, has become the latest high-profile victim of a cyberattack. According to individuals familiar with the incident, who requested anonymity due to the sensitivity of the information, BlockTower’s main hedge fund has been compromised and partially drained by fraudsters. This significant breach highlights the increasing sophistication of cybercriminals targeting the digital asset sector.

BlockTower Capital, which manages $1.7 billion in assets, discovered the hack recently and has since engaged blockchain forensics analysts to trace the stolen funds. Despite these efforts, the missing assets have yet to be recovered, and the hacker remains unidentified. The firm has communicated the breach to its limited partners but has refrained from making any public comments on the matter. Bloomberg’s requests for comments from BlockTower were declined.

Impact on the Crypto Industry

BlockTower Investment Firm Suffers Losses in Major Crypto Hack

Image Source: u.today

The incident with BlockTower Capital underscores the persistent vulnerabilities within the cryptocurrency industry. Retail investors have frequently suffered from hacks and scams, but this attack marks a significant blow to a major institutional player. According to TRM Labs, a research firm specializing in blockchain analysis, fraudsters stole approximately $1.7 billion from various crypto projects in the past year alone. This alarming statistic reflects the ongoing challenges faced by the industry in securing digital assets against increasingly sophisticated cyber threats.

BlockTower Capital, founded in 2017, operates out of offices in Miami and New York and has a notable investment portfolio. Its investments include well-known entities like non-fungible token (NFT) developer Dapper Labs, gaming studio Sky Mavis, and Terraform Labs, the creator of the now-defunct TerraUSD stablecoin. In 2022, the firm successfully raised a $150 million venture fund, demonstrating its significant influence and reach within the digital asset space.

However, this is not the first setback for BlockTower. Last year, the company had to wind down its “market-neutral” crypto fund, which once managed over $100 million. The decision was made after the firm found diminishing investment opportunities for the strategy, indicating the volatile and rapidly changing landscape of the cryptocurrency market.

The breach at BlockTower serves as a stark reminder of the critical need for enhanced security measures in the crypto industry. As digital assets continue to grow in popularity and value, the sophistication and frequency of cyberattacks are likely to increase, necessitating ongoing vigilance and advanced protective strategies from all market participants.

Italian spyware

Apple And Android Phones Hacked By Italian Spyware Confirmed By Google.

Google, a subsidiary of Alphabet Inc., revealed on Thursday that Apple Inc. and Android mobile devices in Italy and Kazakhstan were spied on by Italian Spyware using hacking tools manufactured in Italy. The story claims that tools to eavesdrop on the private messages and contacts of the targeted devices were developed by the Milan-based RCS Lab, whose website identifies European law enforcement agencies as clients.

With
more businesses manufacturing intercepting technology for law
enforcement, the worldwide spyware market is growing.

Anti-surveillance
campaigners accuse them of assisting governments, which in some
circumstances employ such instruments to suppress human and civil
rights.

Italian spyware
Image source: www.reuters.com

Google’s
findings on RCS Lab come as European and American regulators consider
additional restrictions on the selling and import of spyware.

These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” Google mentioned.

Source: indianexpress.com

Apple,
as well as the governments of Italy and Kazakhstan, did not respond
immediately to requests for comment.

RCS
Lab claims that its products and services conform with European
regulations and help law enforcement organizations in their
investigations.

“RCS Lab workers are not exposed, nor do they participate in any activities conducted by the relevant customers,” the company told Reuters in an email, adding that any misuse of its goods was unacceptable.

Source: gadgets360.com

Google
claimed to have taken security measures to safeguard Android users
and to have made them aware of the spyware.

The
global spyware market for governments is expanding, with more and
more companies developing intercepting tools for law enforcement
agencies. Anti-surveillance campaigners accuse them of assisting
governments that, in some situations, utilize such tools to repress
human and civil rights.

The
Israeli spy agency NSO’s Pegasus malware, which was used by multiple
nations to spy on journalists, activists, and dissidents, brought the
industry into the public eye in recent years.

Bill Marczak, a security researcher at Citizen Lab, claims that although RCS Lab’s application isn’t as stealthy as Pegasus, it can still read messages and view passwords. He added, “This shows that even though these devices are ubiquitous, there’s still a long way to go in securing them against these powerful attacks,”

Source: indianexpress.com

RCS
Lab presents itself as a supplier of “lawful interception”
equipment and services, including voice, data collection, and
“tracking devices,” on its website. It states that it can
find 10,000 targets every day in only Europe.

According to Google researchers, RCS Lab previously collaborated with the contentious, now-defunct Italian Spyware firm Hacking Team, which also created surveillance software for foreign agencies to hack into phones and computers. After being the target of a large hack in 2015 that led to the disclosure of numerous internal documents, Hacking Team filed for bankruptcy.

Billy
Leonard, a senior researcher at Google, claims that in some
instances, Google implied that it believed hackers using RCS spyware
worked along with the target’s ISP, suggesting connections to actors
with government backing.

Bored Ape Yacht Club

Hackers Use Instagram To Steal $3 Million In Bored Ape Yacht Club NFTs.

On Monday, the non-fungible-token (NFT) collection of the Bored Ape Yacht Club (BAYC) was hacked on Instagram. Users were sent a phishing link that was designed to steal NFTs. Three million dollars worth of cryptocurrency was stolen from the victims, according to Gizmodo.

According to a BAYC spokesperson, “rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC [Bored Ape Kennel Club], as well as assorted other NFTs, estimated at a total value of $3 million.”

After gaining access to the Instagram account, the hacker created a fake airdrop link for the company’s upcoming Otherside metaverse project, which is set to launch later this week. The primary goal of a crypto airdrop is to raise awareness for new projects or services. The idea is to send tokens or NFTs to thousands of crypto addresses in the hopes that more people will become interested in the project and promote it. Users must connect their crypto wallet where their NFTs are stored in order to receive an airdrop.

Bored Ape Yacht Club
Image source: www.dexerto.com

When users did so, however, the scam site stole their digital assets and transferred them to the hacker’s wallet. “This morning, the official BAYC Instagram account was hacked,” BAYC said in a tweet. Users were prompted to sign a safe transfer from’ transaction after clicking on a fraudulent link to a copycat of the BAYC website with a fake Airdrop. “As a result, their assets were transferred to the scammer’s wallet.”

The BAYC team removed the fake links from the compromised Instagram account after discovering the hack.  “We will also never announce mints on the BAYC or Otherside Instagram accounts first, ever. Only obtain information from our official Twitter accounts,” BAYC noted in a tweet.

It’s unclear how the hacker gained access to the BAYC Instagram account at this time. According to the ape avatar platform, the “hack occurred even when two-factor-authentication was enabled on the account,” as one of Yuga Labs’ founders, Gargamel, tweeted. “On Yuga’s end, the security practices surrounding the IG account were tight. “I’m never going to post anything important on Instagram again.”

The blockchain investigator @zachxbt on Twitter dug into the wall hacker’s wallet address and discovered 4 Bored Apes, 7 Mutant Apes, and 3 Bored Ape Kennel Club NFTs among the highly valuable NFTs stolen. Celebrities such as basketball legend Steph Curry, musician Post Malone, and even American TV host Jimmy Fallon own BAYC NFT.

Scams involving Bored Ape Yacht Club NFTs have become quite common. Last month, a bored ape holder known as’s27′ lost $567k worth of bubble gum ape and matching mutants after swapping NFTs at an exchange known as “Swap. Kiwi.” Direct NFT swaps between collectors are possible on this platform, with lower transaction fees.

Yuga Labs, the company behind the popular ape avatar collection, has announced its entry into the metaverse. Otherside is the name of this company’s metaverse project, which aims to connect its massively multiplayer role-playing game to the larger NFT universe.