MediaMarkt Ransomware

European electronics outlet MediaMarkt is reportedly investigating a Hive ransomware attack launched on Sunday evening, with the attackers demanding a multi-million-dollar ransom in Bitcoin. MediaMarkt is Europe's largest consumer electronics retailer, with over 1,000 stores in 13 countries. While online sales continue to function as expected, cash registers cannot accept credit cards or print receipts at affected stores. The systems outage is also preventing returns due to the inability to look up previous purchases.

The Hive Ransomware operation is behind the attack and initially demanded a huge, but unrealistic, $240 million ransom amount to receive a decryptor for encrypted files.

Robinhood Hack

On Monday Robinhood announced it had suffered a data breach, in which hackers socially engineered a customer service representative to then gain access to the email addresses of more than 5 million customers, the full names of 2 million other customers, and other data from a smaller group of users. The hacker then tried to extort the company, according to the announcement.

Hackers behind the recent breach of customer data from app-based broker Robinhood had access to an internal tool that presented them the option of tampering with user accounts, including removing specific users’ multi-factor authentication protections.

“We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. We are in the process of making appropriate disclosures to affected people,”

Man Threatens to Burn Down Upbit Exchange

A man who threatened to set the offices of a cryptocurrency exchange ablaze says he acted out after losing money using the service.

The man was arrested late last week after dousing himself in highly flammable paint thinner and threatening to set himself alight at an Upbit cryptocurrency exchange office in Gangnam, southern Seoul.

The Suseo Police Precinct received a civilian call on Thursday reporting a man was threatening to set Upbit's customer service center on fire.

They arrived on the scene before the man set himself ablaze and arrested him for attempted arson.

He was upset about the fact that he lost money while on Upbit.

Blizzard Network Insider $1 Million Exploit

Telegram user @0xmurloc identified vulnerabilities in Blizzard’s contract on 28 September 2021. These vulnerabilities allowed the contractOwner to EmergencyWithdraw everyone’s accrued rewards. At the time of identification, the back-end developer could have exploited around $10 million worth of TVL using this vulnerability. Because the only party that could exploit this vulnerability was the back-end developer, the Blizzard team implemented a multi-signature wallet that restricted unauthorized function calls.

Some members of the Blizzard core team claim that two Blizzard insiders, including the back-end developer who was given access to the bug report, appear to have used the vulnerability in conjunction with another unreleased USDC SAS vault, to exploit Blizzard for approximately $1 million on November 13th, 2021.

ERC1155 Supply Vuln (Low Severity)

https://twitter.com/OpenZeppelin/status/1460333672389742594

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wmpv-c2jp-j2xg