CVE-2010-5140

wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins associated with Bitcoin transactions that have zero confirmations, which allows remote attackers to cause a denial of service invalid-transaction flood by sending low-valued transactions without transaction fees...

CVE-2010-5139

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction...

The vulnerability of the library for handling Bitcoin transactions and blocks in Libbitcoin Explorer (BX) allows a hacker to expose the protected information.

The vulnerability of the Libbitcoin Explorer BX for processing Bitcoin transactions and blocks is related to the use of a insecure random number generator program. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose sensitive information...

CVE-2023-37192

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing...

Code injection

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing...

CVE-2023-37192

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing...

CVE-2023-37192

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing...

CVE-2023-37192

Bitcoin Core (v22) is affected by a memory management/protection issue that allows an attacker to modify the stored sending address in the application’s memory, potentially redirecting transactions to wallets of the attacker’s choosing. The vulnerability concerns the core wallet handling path and...

CVE-2023-37192

Removed by vendor...

DeadBolt ransomware gang tricked into giving victims free decryption keys

Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards

An international law enforcement operation has resulted in the dismantling of WT1SHOP, an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking...

SSNDOB stolen data marketplace shut down by global law enforcement operation

The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information PII. Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the...

VHD Ransomware Linked to North Korea’s Lazarus Group

Cryptocurrency thief Lazarus Group appears to be widening its scope into using ransomware as a way to rip off financial institutions and other targets in the Asia-Pacific APAC region, researchers have found. Financial transactions and similarities to previous malware in its source code link a...

De-anonymizing Bitcoin

Andy Greenberg wrote a long article -- an excerpt from his new book -- on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring. Within a few years of Bitcoins arrival, academic security researchers -- and then companies like Chainalysis -- began to tear...

Dark Web Site Taken Down without Breaking Encryption

The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in communications systems, but by analyzing the bitcoin transactions and following the money: Welcome to Video ma...

Feds Dismantle Dark Web Credentials Market

Law-enforcement agencies across the world have taken aim at Dark Web denizens this week, with the takedown of a credentials marketplace as well as continued action against former users of the Webstresser.org DDoS-for-hire site. An international law-enforcement operation has dismantled the xDedic...

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments. Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of...

Design/Logic Flaw

The penny-flooding protection mechanism in the CTxMemPool::accept method in bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 before 0.6.0.11rc1, 0.6.1 through 0.6.5 before 0.6.5rc1, and 0.7.x before 0.7.3rc1 allows remote attackers to determine associations between wallet...

CVE-2013-2272

Removed by vendor...

CVE-2010-5141

wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors...