AVAX blockchain explorer to shut down as Etherscan fees draw controversy

October 30, 2023 Coin Telegraph

Avalanche

Annual subscription fees for Etherscan's EaaS service has reportedly grown to $2 million per year.

Snowtrace.io, a popular blockchain explorer tool for Avalanche (AVAX), will shut down its website, powered by Etherscan's Explorer-as-a-Service (EaaS) toolkit, on November 30. The Snowtrace team clarified that only its explorer powered by Etherscan will be shut down.

According to the October 30 announcement, Snowtrace users are required to save their backup information, such as private name tags and contact verification details, before the said date. While the team did not explicitly state the reason for shutting down the explorer, some have pointed to Etherscan's service fees for its EaaS toolkit. Mikko Ohtama, co-founder of tradingprotocol, claims that an annual subscription to EaaS can cost between $1-$2 million per year. Ohtama wrote:

"EtherScan is a very good product, but smart contract verification is something that needs to be decentralised. Regulators and other are not going to be kosher with, how do you check this? The source code is hosted by a private company in Malaysia"

Phillip Liu Jr., head of strategy and operations at Ava Labs, also commented that the protocol is "moving onto something better" and is "absolutely not" cease operations. For a fee, Etherscan's EaaS service provides blockchains with a block explorer and application programming interface (API) solution. A block explorer may be discontinued due to non-renewal of an EaaS service agreement, insufficient bandwith, or limited traffic. In such instances, users are recommended to save their data, such as private name tags, transaction notes, contract verification details, etc., prior to shutting down.

The instance of Snowtrace by @etherscan will be discontinued on 30th November (00:00 UTC)

Thank you @avax and the community for the last 2 years of support and we wish you the best moving forward pic.twitter.com/WdBOzIWOz9
— Snowtrace.io (@SnowTraceHQ) October 30, 2023

Magazine: Ethereum restaking: Blockchain innovation or dangerous house of cards?

Scammers create spoof Blockworks site to drain crypto wallets

October 27, 2023 Coin Telegraph

blockworks

Phishing scammers have been spreading fake news of a $37 million dollar Uniswap exploit using a convincing fake Blockworks website.

Phishing scammers have cloned the websites of crypto media outlet Blockworks and Ethereum blockchain scanner Etherscan to trick unsuspecting readers into interacting with a phishing site.

A cloned Blockworks site displays a fake "BREAKING" news report of a supposed multimillion-dollar “approvals exploit” on the decentralized exchange Uniswap and encourages users to a faked Etherscan website to rescind approvals.

*The fake Blockworks website (left) shows a fake breaking news story of a Uniswap exploit compared to the legitimate website (right).*

The fake Etherscan website, displaying a purported token and smart contract approval checker, instead contains a smart contract that would likely drain a crypto wallet when connected.

*The phishing website (left) compared to the legitimate Etherscan website (right).*

An age check of the domains shows the fake Etherscan site — approvalscan.io — was registered on Oct. 25, with the faked Blockworks site — blockworks.media registered a day later.

Magazine: Ethereum restaking — Blockchain innovation or dangerous house of cards?

Vitalik Buterin Sends 600 Ethereum (ETH) Worth Over $1,000,000 to Coinbase As Crypto Markets Continue To Bleed

August 21, 2023 The Daily Hodl

Etherscan hides zero-value token transfers to deter address poisoning attacks

April 10, 2023 Coin Telegraph

Coin Telegraph

Address poisoning is a phishing scam that can affect users who have received unwanted tokens and don't check their addresses carefully when sending crypto.

According to an Apr. 10 post from Etherscan, the blockchain explorer has disabled the display of zero-value token transfers on its website by default. From now on, users must manually switch on the display from the website's setting page. Etherscan says it made the update to deter "address poisoning" attacks that have phished and spammed unsuspecting users.

"Preventing scams and attacks in a neutral and scalable way is an infinite cat-and-mouse game… please feel free to share your feedback as we continue to improve."

Address poisoning is a type of crypto scam where an attacker sends a token with near-zero or no value to a user's address to "poison" it. Afterward, the transaction will be recorded in the soft or hard wallet's history and can be selected when making transfers. The purpose of the scam is to trick the user into sending coins to the scam address by mistake. To do this, hackers use sophisticated software to create scam addresses that look very similar to "poisoned" addresses, with the same few beginning or ending characters.

That said, the scam is only classified as phishing. Neither the unwanted coins nor the addresses receiving such tokens can compromise users' funds. However, unwanted nonfungible tokens, or NFTs, can potentially compromise an address through interactions, such as moving it to different accounts.

*Sample of zero value tokens that will be hidden by Etherscan*

Blockchain hardware wallet firm Ledger suggests users hide their unsolicited NFT collections upon receipt. While address poisoning cannot be stopped, Ledger recommends users refrain from retrieving deposit or destination addresses from their transaction history and always double-check that each character of the destination address matches the input address when sending crypto.

Magazine: Here’s how to keep your crypto safe

OpenSea collector fat fingers a 100 ETH bid for a free NFT

April 6, 2023 Coin Telegraph

Blur

Some pundits have argued the trader mistakenly put up a bid for 100 ETH which was quickly snapped up, while others believe the sale was a wash trade.

A nonfungible token (NFT) trader has seemingly fat-fingered a bid for a free NFT, buying it for 100 Ether (ETH), currently valued at $191,239, instead of nothing.

The token was part of NFT marketplace OpenSea’s Gemesis NFT collection — free NFTs intended to commemorate the launch of OpenSea Pro on April 4. The trader's bid is a 250,000% increase on the floor price of 0.04 ETH.

OpenSea Pro is a marketplace aggregator tailored to professional users by providing them with what OpenSea calls “a vastly improved” suite of features such as live cross-marketplace data and advanced orders.

*A record of the transaction on an Ethereum blockchain explorer. Source:* *Etherscan*

While some have argued the sale was wash trading, Twitter user “0xSun” believed the sale — which occurred on the NFT marketplace Blur — happened because the trader wanted to bid $100 as an amount, but accidentally bid 100 ETH instead.

Yeah someone else put the 100ETH bid by mistake (He probably want to bid 100 as amount) and it got accepted by another one with 1500+ gwei gas
— 0xSun (@0xSunNFT) April 5, 2023

A Reddit user who posted about the sale also cast doubt on the wash trading theory, arguing it was an open offer that was available to anyone, making it too risky to be a wash trade as another trader or bot would quickly snap up an offer so far above the floor price.

“I know what you guys are thinking it was a wash trade but this was an open offer that could have been accepted by anybody, so it would be a pretty big risk hoping you were faster than anybody else looking at the offers at that moment.”

Wash trading is a form of market manipulation in which a trader buys and sells an asset to feed misleading information to the market. The practice is illegal in traditional stock markets but is very prevalent in NFT trading.

OpenSea acquired NFT aggregator Gem for an undisclosed amount on April 25, 2022, and refined the platform in order to create OpenSea Pro.

Only users who bought at least one NFT on Gem prior to March 31 are eligible to mint a Gemesis NFT, with the minting window set to close on May 4.

NFT Creator, Sarah Zucker: The Sarah Show’s analog past meets dizzying digital future

Vitalik dumps $700K worth of shitcoins that he never asked for

March 8, 2023 Coin Telegraph

Vitalik dumps 0K worth of shitcoins that he never asked for

Coin Telegraph

As Vitalik Buterin’s holdings represented a large portion of the circulating supply for some of the tokens, the sales resulted in huge price drops.

Ethereum co-founder Vitalik Buterin has gone on a shitcoin selling spree, exchanging nearly $700,000 worth of tokens previously airdropped to him for Ether (ETH).

According to Etherscan, a wallet belonging to Buterin on March 7 offloaded 500 trillion SHIKOKU (SHIK) for 380.3 ETH ($595,448), nearly 10 billion Cult DAO (CULT) for 58.1 ETH ($91,021), and 50 billion Mops (MOPS) for 1.25 ETH ($1,950).

*A screenshot of token transactions from Vitalik’s wallet. Source: Etherscan*

Due to the low liquidity of the tokens the sales had a huge effect on their prices. The largest price drop from the tokens was SHIK, which recorded an 86% drop following Buterin’s sale according to CoinMarketCap data.

#PeckShieldAlert $SHIK (SHIKOKU) has dropped -95.8%
Vitalik Buterin-labeled address has dumped ~5T $SHIK, and gained ~164 $ETH (~260k) and transferred 214 $ETH ($337k) to EthDevhttps://t.co/Uw6TA1RDKP pic.twitter.com/FuIbgGgrdA
— PeckShieldAlert (@PeckShieldAlert) March 7, 2023

The total circulating supply of SHIK is 1 quadrillion, with the 500 trillion previously held by Buterin representing 50% of the current supply.

In May 2021 the Ethereum co-founder initiated a similar offload selling tokens such as Shiba Inu (SHIB) and Dogelon Mars (ELON) that resulted in price drops of 40% and 90% respectively.

While some within the cryptocurrency community shared their frustration at Buterin’s decision to sell considering the outsized effect it had on the tokens, others suggested it was motivated by the tax implications of receiving airdrops, which are subject to income tax in most countries.

Seems like a strange move, he is more than aware this would tank prices and drain liquidity. My one assumption is that his accountant warned him these tokens would count as income on his tax sheet. Selling to cover the expense
— SecureZero  (@securezero) March 7, 2023

Buterin confirmed he owned the wallet in a 2018 tweet after he was accused of hoarding 75% of the supply of Ether with fellow Ethereum co-founder Joe Lubin during the token's pre-mining sale.

Hackers takeover Azuki’s Twitter account, steal over $750K in less than 30 minutes

January 28, 2023 Coin Telegraph

Azuki

The majority of the funds stolen were from a single wallet which had $751,321.80 USDC drained from the malicious link.

Azuki, a popular nonfungible token (NFT) project, had its Twitter account compromised on Jan. 27 leading to hackers stealing over $750,000 worth of USD Coin (USDC) by posting a malicious “wallet drainer link” posed as a virtual land mint.

Hackers stole $751,321.80 USDC from a single wallet within half an hour of the malicious links being tweeted, according to Etherscan data provided to Cointelegraph by crypto wallet security firm Wallet Guard.

The data also revealed that hackers stole a further $6,752.62 worth of USDC from various wallets holding 11 NFTs and over 3.9 Ether (ETH).

Wallet Guard stated that the total amount stolen was $758,074.42.

Emily Rose, community manager for the anime-inspired NFT project confirmed via Twitter on Jan. 27 that the Azuki account was hacked, warning users not to click any links from Azuki’s Twitter account.

AZUKI OFFICIAL TWITTER ACCOUNT IS HACKED.

DO NOT CLICK LINKS FROM OUR ACCOUNT.

PLEASE RETWEET.
— Rose | | ⛩️NGL (@emilyrosemcg) January 27, 2023

Azuki’s head of community and product manager Dem explained on a Twitter Space hosted by Wallet Guard on Jan. 27 that scammers were able to “post a wallet drainer link,” after gaining control of Azuki's Twitter account.

Dem urged users to “stay safe and stay suspicious” while the team attempted to regain control of the account.

Several hours later Azuki stated that it had regained control of its Twitter account via a tweet:

1/ The @AzukiOfficial Twitter was compromised today. A series of malicious tweets were posted during the morning of Friday, Jan 27th (Pacific Time).

The team has regained control of the @AzukiOfficial Twitter.

Details below
— Azuki (@AzukiOfficial) January 27, 2023

This was confirmed by Rose and Dem retweeting the announcement.

Liz Yang, head of growth at Chiru Labs, the company behind Azuki, told Cointelegraph that the team is “currently in contact with Twitter and investigating the breach,” noting that Azuki “will provide an update once we have more information.”

Ohm Shah, co-founder of Wallet Guard, told Cointelegraph that “it does not matter” if an account is official or verified, users should treat everything as suspicious until proven otherwise. Shah noted:

“Don’t be the first person that clicks the link. It’s better to be paranoid in Web3 than not.”

Upon Azuki regaining control of the account, it emphasised to its followers in a tweet to always “go out on several channels” to confirm announcements.

It also noted to reach out to the Azuki "mod team" on Discord when in doubt.

This news comes after stock trading platform Robinhood’s Twitter account was compromised on Jan. 25.

The hackers pushed Robinhood’s followers to each pay $0.0005 for a token called “RBH” on the BNB Smart Chain.

Conor Grogan, the head of product business operations at Coinbase, tweeted that at least 10 people had purchased approximately $1,000 worth of the scam token before the tweet was removed.

How to avoid getting hooked by crypto ‘ice phishing’ scammers — CertiK

December 21, 2022 Coin Telegraph

BAYC

Ice phishing is a type of scam that exists only in Web3 and is a “considerable threat” to the crypto community, said the firm.

Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year.

In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens.

This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on the exchange.

#CertiKSkynetAlert

1/ Ice phishing is a considerable threat to the Web3 community

Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.

We’ll outline below what to look out for, and how to protect yourself!
— CertiK Alert (@CertiKAlert) December 20, 2022

A Dec. 17 scam where 14 Bored Apes were stolen is an example of an elaborate ice phishing scam. An investor was convinced to sign a transaction request disguised as a film contract, which ultimately enabled the scammer to sell all of the user's apes to themselves for a negligible amount.

The firm noted that this type of scam was a “considerable threat” found only in the Web3 world, as investors are often required to sign permissions to decentralized finance (DeFi) protocols they interact with, which could be easily faked.

“The hacker just needs to make a user believe that the malicious address that they are granting approval to is legitimate. Once a user has approved permissions for the scammer to spend tokens, then the assets are at risk of being drained.”

Once a scammer has gained approval, they are able to transfer assets to an address of their choosing.

*An example of how an ice phishing attack works on Etherscan. Source: Certik*

To protect themselves from ice phishing, CertiK recommended that investors revoke permissions for addresses they don’t recognize on blockchain explorer sites such as Etherscan, using a token approval tool.

Additionally, addresses that users are planning to interact with should be looked up on these blockchain explorers for suspicious activity. In its analysis, CertiK points to an address that was funded by Tornado Cash withdrawals as an example of suspicious activity.

CertiK also suggested that users should only interact with official sites they are able to verify, and to be particularly wary of social media sites like Twitter, highlighting a fake Optimism Twitter account as an example.

*Fake Optimism Twitter account. Source: Certik*

The firm also advised users to take a couple of minutes to check a trusted site such as CoinMarketCap or Coingecko, users would have been able to see that the linked URL was not a legitimate site and should be avoided.

Tech giant Microsoft was the first one to highlight this practice in a Feb. 16 blog post, saying at the time that while credential phishing is very predominant in the Web2 world, ice phishing gives individual scammers the ability to steal a chunk of the crypto industry while maintaining “almost complete anonymity.”

They recommended that Web3 projects and wallet providers increase the security of their services on the software level in order to prevent the burden of avoiding ice phishing attacks being placed solely on the end-user.

Alameda tried to redeem 3,000 wBTC days before bankruptcy: BitGo CEO

December 15, 2022 Coin Telegraph

Alameda Research

The CEO of Bitgo stated that the Alameda representative failed the security verification process required to convert Wrapped BTC into BTC.

Mike Belshe, the CEO of digital asset custodian BitGo has confirmed that Alameda Research attempted to redeem 3,000 Wrapped Bitcoin (wBTC) in the days before FTX’s bankruptcy filing on Nov. 11.

During a Dec. 14 Twitter Spaces hosted by decentralized finance (DeFi) researcher Chris Blec, Belshe confirmed the firm knocked back the redemption request because the unknown Alameda representative involved didn’t pass Bitgo’s security verification process and seemed unfamiliar with how the wrapped Bitcoin burning process worked.

Full convo here. This part starts at 1:09:30. https://t.co/0KQg6bzd8k
— Chris Blec (@ChrisBlec) December 14, 2022

“[The security details] didn't match the process. So we held it up and we said no, no, no, no. This is not what the burn looks like. And we need to know who this person was.”

“So we held it and while we were holding it, waiting for a response on those issues [Alameda] went bankrupt and of course, once they went bankrupt, everything halted,” Belshe added.

The Bitgo CEO also said that Alameda’s 3,000 BTC mint request remains “stuck” on the platform’s dashboard, adding that the firm would most likely leave the tokens where they are until they’re dealt with by the trustees taking on Alameda's bankruptcy case.

*Alameda’s failed mint transaction request of 3,000 wBTC in exchange for 3000 BTC. Source: wBTC Network Dashboard.*

Alameda’s attempt to unwrap the 3,000 wBTC was also confirmed on the Ethereum transaction aggregator Etherscan.

While this would have ordinarily triggered the redemption of BTC, Bitgo has a security mechanism set in place before the conversion takes place, which is what Alameda failed.

It is not understood what the motive was for attempting to redeem the $50 million worth of wBTC, but it is understood that FTX executives were attempting to raise funds from a variety of sources to stave off bankruptcy up until the last minute.

Analysis from Arkham Intelligence on Nov. 25 found that Alameda pulled $204 million from eight different addresses from FTX.US five days before its parent firm eventually filed for Chapter 11.

wBTC is a tokenized version of BTC, which can be redeemed for BTC when it is sent to a burn address, triggeringthe release of BTC. The conversion is made at a 1:1 ratio.

The tokenization of wrapped Bitcoin enables Bitcoin holders to interact with Ethereum-based smart contracts and decentralized applications.

Bitgo co-developed wBTC in 2019 alongside blockchain interoperability protocol Ren and multi-chain liquidity platform Kyber. wBTC is also managed by the decentralized autonomous organization wBTC DAO, which comprises over 30 members.

The wBTC dashboard currently shows that BitGo now holds 202,255 BTC in custody against 199,238 wBTC in circulation, amounting to an overcollateralization rate of 101.51%.

Mysterious Whale Moves 1,296,926,801,221 Shiba Inu (SHIB) in Massive Crypto Transaction

December 1, 2022 The Daily Hodl

Etherscan

Share this video