The notorious crypto hacking group known as Pink Drainer has wreaked havoc in the DeFi sector. Recent findings by PeckShield reveal that Pink Drainer-affiliated addresses have staked a substantial 12 million DAI into the DeFi lending protocol Spark, constituting nearly 1.194% of the total sDAI tokens. This alarming revelation essentially means that Pink Drainer is...Read More
Phishing scams have wreaked havoc in the digital asset ecosystem and are making a comeback amidst market-wide recovery. These attacks have grown increasingly sophisticated, leading to high-profile crypto investors, whales, and prominent industry figures becoming victims, ultimately resulting in substantial financial losses. In its latest update on March 21st, CertiK identified a deposit of 3,700...Read More
X (formerly known as Twitter) has been a popular hook for scammers for over a decade now. However, the tactics employed in these schemes continuously evolve. What’s concerning is that many victims are still falling for scams because of misleading comments made by fake X accounts, leading them to phishing websites. X Fakes Fuel Phishing...Read More
The Angel Drainer phishing group reportedly pilfered over $400,000 from 128 crypto wallets using a new tactic. A recent analysis suggests that the notorious entity exploited Etherscan’s verification tool to mask the malicious nature of a smart contract. Blockaid, a popular blockchain security company, disclosed on X (formerly Twitter) that the attack kicked off at...Read More
According to Scam Sniffer, scammers stole $55 million worth of cryptocurrency in January alone and set up more than 11,000 phishing websites. Notably, most of these thefts occurred on the Ethereum mainnet, with Arbitrum, BNB, Optimism, and Polygon closely behind. Crypto Phishing Attacks Surged in January In a recent Feb. 9 thread on X, Scam...Read More
Phishing attacks have wreaked havoc in the crypto industry. In a recent move to combat cyber fraud, the National Fraud Intelligence Bureau (NFIB) in the United Kingdom announced the blocking of 43 web domains associated with fraudulent activities. Spearheaded by the City of London Police, this crackdown follows the discovery of a spoof email address...Read More
The SlowMist Security team revealed receiving numerous reports of theft. Upon investigation, they found that a significant portion of these thefts were facilitated by deceptive comments under tweets from well-known projects. As such, approximately 80% of comments under tweets from such projects were identified as phishing scam accounts. SlowMist Exposes Phishing Tactics SlowMist also observed...Read More
Hardware wallet provider Trezor has acknowledged that its third-party email provider was compromised, leading to a series of malicious emails sent to users in the last 12 hours. The deceptive emails, appearing to be from “noreply@trezor.io,” prompt recipients to upgrade their “network” or risk losing their funds. The message includes a harmful link redirecting users...Read More
An unidentified individual recently suffered a significant loss of aEthWETH and aEthUNI, totaling $4.2 million, falling victim to a crypto phishing attack that leveraged a falsified ERC-20 permission signature. According to the Web3 security firm Scam Sniffer, the victim unwittingly signed approvals for multiple transactions using an ERC-20 authorization manipulated by an opcode contract to...Read More
As phishing scammers continue to evolve and employ more sophisticated tactics to evade security measures, a relatively new form of malware associated with crypto has experienced considerable “success” in the past year. Dubbed, “Wallet Drainers,” Scam Sniffer’s discoveries regarding this new malware demand the complete attention of the industry. Crypto Malware Wars: 2023 According to a...Read More
Prominent blockchain security firm CertiK’s X account (previously Twitter) was hacked on January 5th. The compromised account, with a follower count of 342,900, stole crypto from users’ wallets through carefully disguised phishing links. One of the links posted falsely asserted that a vulnerability had been identified in Uniswap’s router contract. The misleading tweet urged users...Read More
Bill Lou, the CEO and co-founder of Nest Wallet, has shared on X that he had fallen victim to a crypto phishing attack, resulting in the loss of 52 stETH, equivalent to $125,000. The security-focused crypto wallet app co-founder asked for help with the attack from ZackXBT, a crypto sleuth, and others who could help....Read More
A phishing scam targeting the Stargate Snapshot platform resulted in significant financial losses. A Discord Moderator of LayerZero, the underlying network of Stargate, revealed that a scammer effectively carried out a deceptive proposal vote, utilizing a phishing link to manipulate users into staking STG tokens. Scammer Misleads Token Holders in Fake Proposal Vote The scam...Read More
On Nov. 15, Scott Melker, aka “The Wolf of All Streets,” said that one of his followers was hacked in the latest scam targeting Ledger users. While checking his Nano S hardware wallet, the user reported seeing a 503 HTTP API error when it attempted to synchronize, “which in and of itself terrified me.” The...Read More
Blockchain security firm SlowMist has cautioned about a surge in phishing attacks carried out by impostors posing as journalists on the recently launched decentralized social network friend.tech. It was first flagged on October 14, when Twitter user Masiwei reported a malicious code targeting friend.tech for account theft. As per the SlowMist Security Team’s investigation, the...Read More
Stablecoin issuer and fintech firm Circle announced a strategic partnership with Philippines-based digital asset provider Coins.ph to improve the existing remittance landscape of the region. The partnership seeks to promote the use of USDC-denominated remittances as a safe, affordable, and nearly instantaneous method for international money transfers among Coins.ph’s 18 million Filipino user base. Circle...Read More
Zero-transfer phishing scams have continued to plague the crypto space, with bad actors siphoning millions of digital assets from unsuspecting victims. Blockchain analytics platform Bitrace revealed that the damage scale for zero-transfer phishing scams has increased significantly, with market participants losing more than 451 million Tether (USDT) on the Tron network. Investors Lose $451M USDT...Read More
Sam Curry, a security engineer at Yuga Labs, was at the center of a federal investigation conducted jointly by the Internal Revenue Service’s Criminal Investigation Division (IRS-CI) and the Department of Homeland Security (DHS). The investigation traces back to Curry’s involvement in uncovering a cryptocurrency phishing website in December 2022. Sam Curry’s Encounter with Federal...Read More
In yet another successful phishing scheme, an unsuspecting user suffered a multimillion-dollar loss in Tether. Etherscan data revealed that $4.46 million worth of Tether (USDT) was siphoned from an unsuspecting Kraken wallet user. The stolen funds were subsequently transferred to an address concluding with “ACa7.” Another Successful Phishing Attack Details are thin about how the...Read More
NONE, a top-tier suite of trading tools for cryptocurrencies and NFTs, will cease operations, partly due to an exploit on Sept. 18 in which the None deployer lost 41.52 ETH in addition to NONE tokens. According to CertiK Alert, a blockchain security firm, the incident appears to be a phishing incident. The exploit involved the...Read More
Retool, a prominent software development company, has recently revealed that 27 of its cloud customers fell prey to a targeted SMS-based phishing attack. The breach has raised concerns about the security of cloud synchronization features, particularly Google Authenticator’s cloud sync. Retool Falls Prey to Targeted SMS Phishing Attack The Aug. 27 attack began with a...Read More
Blockchain-based metaverse company – The Sandbox – has warned its users about a security breach through a malware application. According to the official blog post, an unauthorized third party managed to gain access to the computer of one of its employees and used the information it found to send an email falsely claiming to be...Read More
The cryptocurrency industry has long been a target of phishing attacks, and it seems that hackers are finding new and more clever ways to scam their victims. This time, it was the website of an anticipated event that was entirely faked in an attempt to trick victims out of their crypto. ETH Denver is advertised...Read More
Circle, the firm behind USDC stablecoin, issued a warning about an active phishing campaign attempting to lure users into transferring tokens to malicious addresses. As per the tweet, the threat actors masquerading to work for Centre, which is a consortium founded by Coinbase and Circle. Circle’s Statement Circle said there is no new version of...Read More
Monkey Drainer has wreaked havoc yet again after stealing $800k worth of seven Crypto Punk and twenty Otherside NFTs, according to on-chain sleuth ZachXBT. Blockchain security firm, PechShield, also confirmed that the theft was carried out by a wallet tagged as Monkey Drainer. The stolen funds were then transferred to the coin mixer Tornado Cash....Read More
A phishing scammer who goes by the name – Monkey Drainer – has reportedly stolen 700 ETH worth over $1 million, as per on-chain sleuth ‘ZachXBT.’ The two largest victims – 0x02a and 0x626 – collectively lost $370k after signing transactions on malicious phishing sites operated by the perpetrator. One of the victims, 0x02a, reportedly...Read More
The cryptocurrency platform FTX will distribute approximately $6 million to reimburse victims affected by a recent phishing attack. CEO Sam Bankman-Fried revealed this is a one-off decision, underlining that the company will not compensate such customers in the future. Only This Time Last week, hackers targeted several FTX users and drained $1.26M worth of cryptocurrencies....Read More
The Twitter account of Indian crypto exchange CoinDCX remained compromised for hours on Tuesday. Hackers posted a fake XRP giveaway scheme through the exploited Twitter handle @CoinDCX to the exchange’s over 230,000 followers. The giveaway message was interspersed with a phishing link. CoinDCX Twitter Account Exploited As CoinDCX tried to take control of its compromised...Read More
The “Lazarus Group,” a notorious North Korea-backed hacking syndicate, has been identified as the culprit of an attempted cyber-attack on deBridge Finance. The co-founder of the cross-chain protocol and project lead, Alex Smirnov, alleged that the attack vector was via an email wherein several team members received a PDF file named “New Salary Adjustments” from...Read More
The hacker targeted the liquidity providers of the Uniswap v3 protocol to execute an elaborate phishing campaign. More than $8 million in ETH was believed to бе lost so far in the attack. Uniswap v3 Protocol LPs Targeted Metamask security analyst Harry Denley was the first one to detect the incident. He observed that 73,399...Read More