1. Home
  2. Phishing attack

Phishing attack

Phishing scam via fake Zoom link costs GIGA investor $6M

A phishing scam through a fake Zoom link drained $6.09 million from a Gigachad token investor, igniting security concerns.

A crypto memecoin investor holding Gigachad (GIGA) tokens lost $6.09 million in a phishing attack involving a fake Zoom meeting link.

On Nov. 12, GIGA recorded an unusual price drop triggered by a massive sell-off event. Soon after, prominent pseudonymous GIGA investor Still in the Game proactively alerted against the involvement of a hacker:

According to crypto investigation firm Scam Sniffer, the victim clicked on a fake Zoom call invite link, which redirected them to a deceptive website designed to harvest sensitive wallet information. 

Read more

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

Crypto On/Off Ramp Discloses Breach, Says 1.14% of Users Affected

Crypto On/Off Ramp Discloses Breach, Says 1.14% of Users AffectedTransak, a cryptocurrency on/off-ramp service, confirmed on Oct. 21 that experienced a data breach affecting 1.14% of its users. A ransomware group claimed to have obtained sensitive data but Transak confirmed only limited information was accessed. The company said it is taking steps to address the incident and has contacted affected users and relevant authorities. […]

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

Bitfinex users fall for ‘minor’ phishing attack after employee gets hacked

Bitfinex stressed its systems weren’t compromised and no customer funds were lost.

Cryptocurrency exchange Bitfinex said it suffered a “minor” information security incident after one of its customer support agents was hacked earlier in the week (Oct. 30 — Nov. 5).

It led to a spree of phishing attacks against Bitfinex users but little damage was done, the firm explained in a Nov. 4 statement.

“A small portion of our customer support boards, which held partial, incomplete and stale information was accessed by an individual or group, through the phishing of a customer support agent.”

Fortunately, the customer support agent didn’t have “senior permissions” and therefore had limited access to supporting tools and help desk tickets, the firm added.

Bitfinex stressed its systems weren’t compromised and no customer funds were lost.

“No server, wallet or database infrastructure was accessed.” Bitfinex added:

“At no time were customer assets on the platform at risk, nor was password information accessible. Most of the affected customer accounts were empty or inactive.

While Bitfinex said the issue is now “resolved,” they’re still reviewing the incident, the compromised information and are reaching out to affected customers.

The firm notified law enforcement of the issue and “will be working with investigation authorities” to track down the perpetrator behind the phishing attack.

“We have a strong track record of securing successful convictions against individuals who have attempted to attack our operations in the past,” Bitfinex iterated.

The incident happened despite Bitfinex regularly reviewing its security procedures and mandating all employees to undertake cybersecurity training.

Related: Crypto phishing scams: How users can stay protected

Bitfinex was founded in Hong Kong in 2012. Jean-Louis van der Velde has served as the firm’s CEO since 2013.

Bitfinex is ranked 17th in CoinGecko’s “Trust Score” index among all cryptocurrency exchanges. It saw over 800,000 visits on its platform over the last month.

Magazine: Deposit risk: What do crypto exchanges really do with your money?

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

Crypto firms beware: Lazarus’ new malware can now bypass detection

The malware payload “LightlessCan" — used in fake job scams — is far more challenging to detect than its predecessor, warns cybersecurity researchers at ESET.

North Korean hacking collective Lazarus Group has been using a new type of “sophisticated” malware as part of its fake employment scams — which researchers warn is far more challenging to detect than its predecessor.

According to a Sept. 29 post from ESET’s senior malware researcher Peter Kálnai, while analyzing a recent fake job attack against a Spain-based aerospace firm, ESET researchers discovered a publicly undocumented backdoor named LightlessCan.

The Lazarus Group’s fake job scam typically involves tricking victims with a potential offer of employment at a well-known firm. The attackers would entice victims to download a malicious payload masqueraded as documents to do all sorts of damage.

However, Kálnai says the new LightlessCan payload is a “significant advancement” compared to its predecessor BlindingCan.

“LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions.”

“This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools,” he said.

The new payload also uses what the researcher calls “execution guardrails” — ensuring that the payload can only be decrypted on the intended victim’s machine, thereby avoiding unintended decryption by security researchers.

Kálnai said that one case that involved the new malware came from an attack on a Spanish aerospace firm when an employee received a message from a fake Meta recruiter named Steve Dawson in 2022.

Soon after, the hackers sent over the two simple coding challenges embedded with the malware. 

The initial contact by the attacker impersonating a recruiter from Meta. Source: WeLiveSecurity.

Cyberespionage was the main motivation behind Lazarus Group’s attack on the Spain-based aerospace firm, he added.

Related: 3 steps crypto investors can take to avoid hacks by the Lazarus Group

Since 2016, North Korean hackers have stolen an estimated $3.5 billion from cryptocurrency projects, according to a Sept. 14 report by blockchain forensics firm Chainalysis.

In September 2022, cybersecurity firm SentinelOne warned of a fake job scam on LinkedIn, offering potential victims a job at Crypto.com as part of a campaign dubbed “Operation Dream Job." 

Meanwhile, the United Nations has beetrying to curtail North Korea’s cybercrime tactics at the international level — as it is understood North Korea is using the stolen funds to support its nuclear missile program.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.

The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts is claiming to have packed up shop and is “moving on to something better.”

The scammer by the pseudonym Monkey Drainer posted to their Telegram channel on Mar. 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”

Monkey Drainer’s full message posted to Telegram recommending an alternative service. Source: Telegram

The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.

Monkey Drainer even recommended a “flawless” alternative service to the one they once offered named “Venom Drainer” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.

Blockchain security firm PeckShield tweeted on Mar. 1 that Monkey Drainer scammer deposited around 200 Ether (ETH) worth $330,000 within the last day into the crypto mixing service Tornado Cash, attempting to obscure their funds. 840 ETH worth $1.4 million was still in their primary wallet.

Blockchain security firm CertiK also shared Monkey’s message on a Mar. 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others' use of the software.

Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.

Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens (NFTs) since that time.

Related: Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.

Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.

Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

Nifty News: Price drops on ‘Cryptohouse’ with NFT decor, mint your personality as an NFT and more

The owner of the crypto-themed home has dropped its price by over 20% in a few months as they struggle to sell the house.

Waning interest in a North Hollywood crypto-themed home

A crypto-friendly house in North Hollywood, Los Angeles, is seemingly struggling to sell, as the property has seen its price reduce three times in a little over four months.

The so-called “Cryptohouse,” as stated on the glowing neon sign in its kitchen, was listed for sale at $1.2 million in October 2022. As of Jan. 5, its asking price is now $949,000.

The impressive custom neon sign never lets you forget just where you are. Image: Zillow

The four-bed, three-bath home sees the listing agents boasting in the property description of its spacious and flowing floor plan ideal for “savvy investors.”

For unknown reasons, the description doesn’t mention its tasteful wallpaper choices, which include multiple nonfungible tokens (NFTs) from the classic Bored Ape Yacht Club and CryptoPunk collections prominent in the living and dining areas.

The future owner can look forward to explaining the unique decor choices to dinner guests. Image: Zillow

The house also features themed wallpapers in each of the four rooms, one each for Bitcoin (BTC), Ether (ETH) and Dogecoin (DOGE), with one room smattered with a selection of crypto-positive tweets.

Guests will surely be saying “much wow” if they sleep in the DOGE room. Image: Zillow

Those wanting to try before they buy can even rent the house through Airbnb. Although, there’s no rush because it currently has no future bookings.

Make your personality an NFT and mint your heart on the blockchain

A project is offering up NFTs as a way to visually portray an individual’s personality and own the result on the blockchain.

Rubens DB, a Tel Aviv-based artist, launched the “Psynesthesia” NFT collection with 1,024 possible NFTs generated by the results of a personality test.

The Polygon-based NFTs are generated according to the traits identified by the test and an algorithm coded by DB. The process is explained in a release shared with Cointelegraph:

“For example, the more the agreeableness is high, the more the colors are warm; the more the extroversion is high, the more the connections are developed.”

The resulting art can be collected as an NFT. The original owner is also granted a photoshoot at Rubens DB’s studio in Tel Aviv, where their artwork is projected onto them in a portrait.

An example of the NFTs generated from the personality tests. Image: Psynesthesia

10% of the sales are donated to the Multidisciplinary Association for Psychedelic Studies, a United States-based nonprofit aiming to increase understanding of psychedelic substances.

UK NFT investment firm gets phished

NFT Investments, a United Kingdom-based investment firm that invests in NFT-related companies, said it was the target of a phishing attack resulting in the loss of $250,000 worth of assets.

The firm announced on the London Stock Exchange’s news wire on Jan .12 that it is “managing a cybersecurity incident” resulting from the attack on Jan. 9.

Apparently, the hacked amount represents “less than 1%” of the firms current net asset value.

It did not disclose what assets were stolen or how attackers compromised the security surrounding the storage of the investments.

Cointelegraph contacted NFT Investments for comment but did not immediately receive a response.

What bear market? Shiba Inu NFT collab sells out in seconds

An NFT collaboration between Shiba Inu’s (SHIB) NFT project “SHIBOSHIS” and luxury handbag company Bugatti Group sold out in 110 seconds, according to a Jan. 14 tweet from Bugatti Group.

Bugatti Group — not to be confused with the luxury sports car manufacturer Bugatti Automobiles — created a new batch of NFTs with the dog-themed project and offered those who minted one a piece of custom luggage emblazoned with a SHIBOSHIS NFT.

Related: NFTs have a brighter future on Instagram than on Twitter

The collaboration between the two also sees Bugatti Group creating a SHIBOSHIS-themed limited edition collection of backpacks, satchels, luggage and wallets.

Other nifty news

The crypto wallet of an NFT influencer has been drained after mistakenly downloading malware hiding in a program advertised on a Google Ad.

YouTuber Logan Paul revealed a $1.5 million recovery plan for those who invested in his troubled NFT project CryptoZoo after an exposé from fellow YouTuber Coffeezilla.

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

FTX to give a ‘one-time’ $6M compensation to phishing victims

FTX founder Sam Bankman-Fried said the exchange won’t be “making a habit of compensating” users that are “phished by fake versions of other companies.”

Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts. 

FTX founder and CEO Sam Bankman-Fried posted in a Twitter thread on Oct. 23 that the exchange generally doesn’t award compensation to its users “phished by fake versions of other companies in the space” but in this case, it would compensate users.

Bankman-Fried said that this was a “one-time thing” and FTX would “not do this going forward.”

“THIS IS NOT A PRECEDENT,” he wrote, clarifying it was only the accounts of FTX users that would be reimbursed.

The recent phishing attack saw attackers gaining user account application programming interface (API) keys which allowed them to conduct unauthorized trades with their crypto exchange accounts.

The attack came to light on Oct. 21 after 3Commas said it was alerted that some of its users had unauthorized trading activity.

After an initial investigation, FTX and 3Commas then suspended the suspicious accounts to avoid further losses and disabled all compromised API keys.

Related: Mango Market exploiter brags after rug pulling Mango Inu 'shitcoin'

On Oct.19 Bankman-Fried published a blog post detailing his thoughts on crypto regulation that included a proposal he dubbed the “5-5 standard” where hackers keep either $5 million or 5% of the amount they’ve stolen, whatever is smaller.

In his most recent tweet thread, he thought it time to try his newly thought-up standard, imploring the hacker to send back 95%, around $5.7 million, of the stolen funds within 24 hours, saying “we’ll absolve them.”

October has been dubbed “hacktober” by the crypto community as Chainalysis revealed on Oct. 13 that October 2022 has been the “biggest month” ever for hacking activity, despite the report coming out not even halfway through the month.

At the time of the report around $3 billion had been exploited through over 125 separate incidents since the start of the month.

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

French police use Twitter crypto sleuth’s research to catch scammers

The alleged fraudsters built a BAYC and MAYC NFT focused website that masqueraded as a service to animate the apes but instead phished victims details to steal their NFTs.

French authorities have reportedly utilized research from pseudonymous blockchain sleuth ZachXBT to charge five people on suspicion of stealing $2.5 million worth of nonfungible tokens (NFTs) via phishing scams.

According to an Oct. 12 report from the Agence France Presse (AFP) shared by Barron’s, the alleged fraudsters built a website that masqueraded as a service that animates the static artwork from people’s Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFTs.

Unfortunately for the victims, they had their credentials swiped and their NFTs stolen via the phishing website instead. 

The five young suspects are said to be in their mid to late 20s, and had allegedly conducted the scheme between late 2021 and early 2022.

The charges against the five include fraud committed as part of a criminal gang, concealing fraud and criminal association.

Two of the suspects are thought to be the ring leaders, and prosecutors have requested for them to be held in pre-trial detention.

ZachXBT provides key info

Christophe Durand, the deputy chief of France’s national cyber unit told the AFP that it got clued into the incident after observing an investigation from the self-proclaimed "on-chain sleuth" ZachXBT on Twitter.

Durand explained that ZachXBT had launched into an investigation in response to requests from "the community of owners of the Bored Ape Yacht Club series” that had their tokens swiped.

Over on Twitter, ZachXBT noted that they were “very pleased” to see that French authorities had taken action against the alleged scammers. The sleuth was also happy to see their work was officially credited online, given that they are an independent investigator that is funded by community donations.

ZachXBT also linked back to their original Aug. 9 article that he said helped kick off the investigation.

A key part of the research revolved around the alleged scammers' use of Tornado Cash to mix and withdraw the funds.

ZachXBT outlined that the “mathys.eth” address in particular left revealing breadcrumbs, as they often withdrew intervals of 10 ETH that added up to the value the NFTs were sold for, around the time they were stolen.

“While the scammer did make an attempt to hide their breadcrumb trail by depositing the stolen funds into Tornado Cash, they were not careful about covering their tracks when it came to withdrawing the funds from Tornado.”

ZachXBT has posted a series of on-chain investigations focused on rug pulls, scams, hacks and pump and dumps, and has developed a strong Twitter following of 303,200 for their efforts.

Related: Bored Ape creators and other NFT projects investigated by SEC probe

At the start of this month, ZachXBT launched an investigation into the $450,000 Beeple Discord hack to find the people responsible. Cointelegraph also reported on ZachXBTs recent research and allegations from Sept. 29 accusing Crypto influencer Lark Davis of shilling a series of “low cap projects” just to dump on “them shortly after.”

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report

MetaMask warns Apple users over iCloud phishing attacks

The firm warned that If an Apple user has enabled automatic iCloud backups of their MetaMask wallet data, their seed phrase is being stored online.

ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the community regarding Apple iCloud phishing attacks.

The security issue for iPhone, Mac, and iPad users is related to default device settings which see a user’s seed phrase or “password-encrypted MetaMask vault” stored on the iCloud if the user has enabled automatic backups for their app data.

In a Twitter thread posted on April 18, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials.

To fix the issue, users can disable automatic iCloud backups for MetaMask as detailed:

The warning from MetaMask came in response to reports from an NFT collector who goes by “revive_dom” on Twitter, who stated on April 15 that their entire wallet containing $650,000 worth of digital assets and NFTs was wiped via this specific security issue.

In a separate thread earlier today, DAPE NFT project founder “Serpent” – who also helped gain the attention of MetaMask via posting sharing the story with their 277,000 followers — gave a rundown of what happened to the victim.

They noted that the victim received multiple text messages asking to reset his Apple ID password along with a supposed call from Apple which was ultimately a spoofed caller ID.

As they were reportedly unsuspecting of the caller, “revive_dom” handed over a six-digit verification code to prove that they were the owner of the Apple account. The scammers subsequently hung up and accessed his MetaMask account via data stored on iCloud.

Related: MetaMask expands institutional offering by integrating new crypto custodians

After MetaMask posted the warning today, “revive_dom” expressed his frustrations with the company, noting that:

“I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this I would bet none of them would have the app or iCloud on.”

While most of the community response was supportive, others were quick to emphasize the importance of using cold storage and doing a lot of due diligence when storing assets in a hot wallet.

JPMorgan Chase Pays $40,000,000,000 in Fines and Settlements As US Bank Battles Hundreds of Ongoing Legal Challenges: Report