Last month, the crypto space experienced $313 million in losses due to over ten different hacks. Of the total stolen funds, 93.5% were lost in two large phishing attacks that occurred during that time. August Cases According to a post by blockchain security firm PeckShield, the two incidents combined for a loss of about $293.4...Read More
On Tuesday, a cryptocurrency whale suffered a loss, with approximately $55.4 million worth of Dai stablecoin stolen in a phishing attack. According to the blockchain security firm CertiK, the attacker likely used a phishing tool known as Inferno Drainer to gain access to the whale’s externally owned account (EOA). Inferno Drainer Phishing Attack The incident...Read More
The Australian Federal Police (AFP) has uncovered that over 2,000 cryptocurrency wallets owned by locals were compromised by offshore scammers, putting millions of dollars in digital assets at risk. This discovery emerged from Operation Spincaster, a global initiative against crypto fraud spearheaded by Chainalysis and locally managed by the AFP-led Joint Policing Cybercrime Coordination Centre...Read More
Private key leaks were identified as the leading cause of crypto thefts in the second quarter of 2024 by cybersecurity firm SlowMist’s investigative branch, MisTrack. The report highlighted many instances wherein users stored their private keys or mnemonic phrases in cloud storage services like Google Docs, Tencent Docs, Baidu Cloud, and Shimo Docs. Private Key...Read More
Amidst increased network activity and the price rally of its native token, TON, The Open Network ecosystem is seeing a surge in phishing attacks. Unassuming users’ TON wallets are being lured through airdrops and other deceptive methods by attackers. Telegram Users With Anonymous Numbers At Risk Yu Xian – the founder of blockchain security firm...Read More
Ethereum core developer Tim Beiko reported that the Ethereum Foundation’s mailing list was leaked due to a vulnerability in SendPulse, the email automation service used by the foundation. An attacker exploited this to send phishing emails from updates@ethereum.org to subscribers. The foundation has since restricted access to the mailing list, according to the latest update...Read More
The notorious crypto hacking group known as Pink Drainer has wreaked havoc in the DeFi sector. Recent findings by PeckShield reveal that Pink Drainer-affiliated addresses have staked a substantial 12 million DAI into the DeFi lending protocol Spark, constituting nearly 1.194% of the total sDAI tokens. This alarming revelation essentially means that Pink Drainer is...Read More
Phishing scams have wreaked havoc in the digital asset ecosystem and are making a comeback amidst market-wide recovery. These attacks have grown increasingly sophisticated, leading to high-profile crypto investors, whales, and prominent industry figures becoming victims, ultimately resulting in substantial financial losses. In its latest update on March 21st, CertiK identified a deposit of 3,700...Read More
X (formerly known as Twitter) has been a popular hook for scammers for over a decade now. However, the tactics employed in these schemes continuously evolve. What’s concerning is that many victims are still falling for scams because of misleading comments made by fake X accounts, leading them to phishing websites. X Fakes Fuel Phishing...Read More
The Angel Drainer phishing group reportedly pilfered over $400,000 from 128 crypto wallets using a new tactic. A recent analysis suggests that the notorious entity exploited Etherscan’s verification tool to mask the malicious nature of a smart contract. Blockaid, a popular blockchain security company, disclosed on X (formerly Twitter) that the attack kicked off at...Read More
According to Scam Sniffer, scammers stole $55 million worth of cryptocurrency in January alone and set up more than 11,000 phishing websites. Notably, most of these thefts occurred on the Ethereum mainnet, with Arbitrum, BNB, Optimism, and Polygon closely behind. Crypto Phishing Attacks Surged in January In a recent Feb. 9 thread on X, Scam...Read More
Phishing attacks have wreaked havoc in the crypto industry. In a recent move to combat cyber fraud, the National Fraud Intelligence Bureau (NFIB) in the United Kingdom announced the blocking of 43 web domains associated with fraudulent activities. Spearheaded by the City of London Police, this crackdown follows the discovery of a spoof email address...Read More
The SlowMist Security team revealed receiving numerous reports of theft. Upon investigation, they found that a significant portion of these thefts were facilitated by deceptive comments under tweets from well-known projects. As such, approximately 80% of comments under tweets from such projects were identified as phishing scam accounts. SlowMist Exposes Phishing Tactics SlowMist also observed...Read More
Hardware wallet provider Trezor has acknowledged that its third-party email provider was compromised, leading to a series of malicious emails sent to users in the last 12 hours. The deceptive emails, appearing to be from “noreply@trezor.io,” prompt recipients to upgrade their “network” or risk losing their funds. The message includes a harmful link redirecting users...Read More
An unidentified individual recently suffered a significant loss of aEthWETH and aEthUNI, totaling $4.2 million, falling victim to a crypto phishing attack that leveraged a falsified ERC-20 permission signature. According to the Web3 security firm Scam Sniffer, the victim unwittingly signed approvals for multiple transactions using an ERC-20 authorization manipulated by an opcode contract to...Read More
As phishing scammers continue to evolve and employ more sophisticated tactics to evade security measures, a relatively new form of malware associated with crypto has experienced considerable “success” in the past year. Dubbed, “Wallet Drainers,” Scam Sniffer’s discoveries regarding this new malware demand the complete attention of the industry. Crypto Malware Wars: 2023 According to a...Read More
Prominent blockchain security firm CertiK’s X account (previously Twitter) was hacked on January 5th. The compromised account, with a follower count of 342,900, stole crypto from users’ wallets through carefully disguised phishing links. One of the links posted falsely asserted that a vulnerability had been identified in Uniswap’s router contract. The misleading tweet urged users...Read More
Bill Lou, the CEO and co-founder of Nest Wallet, has shared on X that he had fallen victim to a crypto phishing attack, resulting in the loss of 52 stETH, equivalent to $125,000. The security-focused crypto wallet app co-founder asked for help with the attack from ZackXBT, a crypto sleuth, and others who could help....Read More
A phishing scam targeting the Stargate Snapshot platform resulted in significant financial losses. A Discord Moderator of LayerZero, the underlying network of Stargate, revealed that a scammer effectively carried out a deceptive proposal vote, utilizing a phishing link to manipulate users into staking STG tokens. Scammer Misleads Token Holders in Fake Proposal Vote The scam...Read More
On Nov. 15, Scott Melker, aka “The Wolf of All Streets,” said that one of his followers was hacked in the latest scam targeting Ledger users. While checking his Nano S hardware wallet, the user reported seeing a 503 HTTP API error when it attempted to synchronize, “which in and of itself terrified me.” The...Read More
Blockchain security firm SlowMist has cautioned about a surge in phishing attacks carried out by impostors posing as journalists on the recently launched decentralized social network friend.tech. It was first flagged on October 14, when Twitter user Masiwei reported a malicious code targeting friend.tech for account theft. As per the SlowMist Security Team’s investigation, the...Read More
Stablecoin issuer and fintech firm Circle announced a strategic partnership with Philippines-based digital asset provider Coins.ph to improve the existing remittance landscape of the region. The partnership seeks to promote the use of USDC-denominated remittances as a safe, affordable, and nearly instantaneous method for international money transfers among Coins.ph’s 18 million Filipino user base. Circle...Read More
Zero-transfer phishing scams have continued to plague the crypto space, with bad actors siphoning millions of digital assets from unsuspecting victims. Blockchain analytics platform Bitrace revealed that the damage scale for zero-transfer phishing scams has increased significantly, with market participants losing more than 451 million Tether (USDT) on the Tron network. Investors Lose $451M USDT...Read More
Sam Curry, a security engineer at Yuga Labs, was at the center of a federal investigation conducted jointly by the Internal Revenue Service’s Criminal Investigation Division (IRS-CI) and the Department of Homeland Security (DHS). The investigation traces back to Curry’s involvement in uncovering a cryptocurrency phishing website in December 2022. Sam Curry’s Encounter with Federal...Read More
In yet another successful phishing scheme, an unsuspecting user suffered a multimillion-dollar loss in Tether. Etherscan data revealed that $4.46 million worth of Tether (USDT) was siphoned from an unsuspecting Kraken wallet user. The stolen funds were subsequently transferred to an address concluding with “ACa7.” Another Successful Phishing Attack Details are thin about how the...Read More
NONE, a top-tier suite of trading tools for cryptocurrencies and NFTs, will cease operations, partly due to an exploit on Sept. 18 in which the None deployer lost 41.52 ETH in addition to NONE tokens. According to CertiK Alert, a blockchain security firm, the incident appears to be a phishing incident. The exploit involved the...Read More
Retool, a prominent software development company, has recently revealed that 27 of its cloud customers fell prey to a targeted SMS-based phishing attack. The breach has raised concerns about the security of cloud synchronization features, particularly Google Authenticator’s cloud sync. Retool Falls Prey to Targeted SMS Phishing Attack The Aug. 27 attack began with a...Read More
Blockchain-based metaverse company – The Sandbox – has warned its users about a security breach through a malware application. According to the official blog post, an unauthorized third party managed to gain access to the computer of one of its employees and used the information it found to send an email falsely claiming to be...Read More
The cryptocurrency industry has long been a target of phishing attacks, and it seems that hackers are finding new and more clever ways to scam their victims. This time, it was the website of an anticipated event that was entirely faked in an attempt to trick victims out of their crypto. ETH Denver is advertised...Read More
Circle, the firm behind USDC stablecoin, issued a warning about an active phishing campaign attempting to lure users into transferring tokens to malicious addresses. As per the tweet, the threat actors masquerading to work for Centre, which is a consortium founded by Coinbase and Circle. Circle’s Statement Circle said there is no new version of...Read More
