1. Home
  2. phishing

phishing

Ethereum Foundation email hacked to promote fake Lido staking phishing scam

Coin Telegraph
Ethereum Foundation email hacked to promote fake Lido staking phishing scam
Coin Telegraph

A hacker broke into the Ethereum Foundation’s email server and sent scam emails to 35,794 people, recording 81 subscriber email addresses in the process.

On June 23, the Ethereum Foundation’s “update” email account was hacked and used to promote a phishing scam, according to a July 2 blog post from the foundation. The foundation has recovered the account, and the malicious emails are no longer being sent out.

According to the post, 35,794 scam emails were sent to the foundation’s subscribers and other individuals using its official updates@blog.ethereum.org email address. The foundation’s investigation led to the conclusion that no victims lost cryptocurrency from the attack. However, the email addresses of 81 subscribers may have been exposed to the attacker.

The emails contained a fake announcement stating that the Ethereum Foundation has partnered with the Lido decentralized autonomous organization (LidoDAO) to offer 6.8% yield on staked Ether (stETH), Wrapped Ether (WETH), or Ether (ETH) deposits. It told subscribers that staking would be “Protected and Verified by The Ethereum Foundation.”

Read more

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Binance Labs-backed Velvet Capital forced offline to prevent phishing attack

Coin Telegraph
Binance Labs-backed Velvet Capital forced offline to prevent phishing attack
Applications

According to Vasily Nikonov, the founder of Velvet Capital, users who have confirmed any transactions on the platform since April 23 at 5:39 am UTC may be potential victims of the website hack.

Decentralized finance (DeFi) asset management protocol Velvet Capital was forced to deactivate its website temporarily to prevent a major phishing attempt. 

Crypto community members on X reported unusual activity on Velvet Capital’s trading platform on April 23. Users trying to connect to the front-end were prompted to approve their wallet access to the protocol.

Internal investigations led Velvet Capital to issue a cybersecurity alert, advising investors to deny all wallet connect requests from the application until further notice.

Read more

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Phishing Scams Appear As Ads on Ethereum Block Explorer Etherscan: Report

The Daily Hodl
Phishing Scams Appear As Ads on Ethereum Block Explorer Etherscan: Report
crypto
Phishing Scams Appear As Ads on Ethereum Block Explorer Etherscan: Report

Phishing scams are bubbling up on the Ethereum (ETH) block explorer Etherscan, according to the cybersecurity firm Scam Sniffer. The firm says Etherscan aggregates advertisements from crypto and web3 ad networks Coinzilla and Persona, which could be using “insufficient” filtering that enables exposure to phishing attempts. Scam Sniffer has previously noted crypto phishing scams facilitated […]

The post Phishing Scams Appear As Ads on Ethereum Block Explorer Etherscan: Report appeared first on The Daily Hodl.

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Phishing Comments Under X Posts Leading to Many Crypto Thefts, Says Blockchain Security Firm SlowMist

The Daily Hodl
Phishing Comments Under X Posts Leading to Many Crypto Thefts, Says Blockchain Security Firm SlowMist
crypto
Phishing Comments Under X Posts Leading to Many Crypto Thefts, Says Blockchain Security Firm SlowMist

Misleading comments that link to crypto phishing scams are plaguing the social media platform X, according to the blockchain security firm SlowMist. In a new analysis, SlowMist notes that phishing scams represent around 80% of comments on tweets from famous crypto projects. The scammers employ a high level of automation, according to the security firm. […]

The post Phishing Comments Under X Posts Leading to Many Crypto Thefts, Says Blockchain Security Firm SlowMist appeared first on The Daily Hodl.

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media

The Daily Hodl
Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media
certik
Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media

A phishing link was posted on the X account of blockchain-focused cybersecurity firm Certik after a bad actor hacked into the protocol’s social media profile. In a new announcement, the cybersecurity company says that a “verified account associated with well-known media” was able to hack into one of their employee’s X accounts, using it to […]

The post Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media appeared first on The Daily Hodl.

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Web3 Projects Lose $2,020,000,000 in 2023 to Hacks, Rug Pulls and Phishing Attacks: Crypto Security Firm

The Daily Hodl
Web3 Projects Lose ,020,000,000 in 2023 to Hacks, Rug Pulls and Phishing Attacks: Crypto Security Firm
Blockchain security
Web3 Projects Lose ,020,000,000 in 2023 to Hacks, Rug Pulls and Phishing Attacks: Crypto Security Firm

Web3 projects lost more than $2 billion in 2023 to hacks, rug pulls and phishing scams, according to the blockchain security firm Beosin. In a new annual report, the crypto security firm notes 191 major attacks this year resulted in roughly $1.397 billion in losses, 267 rug pulls caused $388 million in losses, and phishing […]

The post Web3 Projects Lose $2,020,000,000 in 2023 to Hacks, Rug Pulls and Phishing Attacks: Crypto Security Firm appeared first on The Daily Hodl.

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Crypto catfishers ditch fake exchanges for approval phishing scams

Coin Telegraph
Crypto catfishers ditch fake exchanges for approval phishing scams
approvals

According to on-chain analytics firm Chainalysis, romance scammers increasingly use this method to steal their victim’s hard-earned crypto.

Crypto romance scammers — a cohort of crypto-stealing smooth-talkers — appear to have a new trick up their sleeves: targeted approval phishing.

In a Dec. 14 report from on-chain analytics firm Chainalysis, the firm noted that the technique has seen explosive growth over the past two years, with at least $374 million in suspected stolen crypto in 2023.

Approval phishing is a crypto scam where victims are tricked into signing transactions that give scammers access to wallets, allowing them to drain funds. While this isn’t new, Chainalysis said the technique is now utilized more often by pig-butchering scammers.

Read more

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Asked to get a banana, a BAYC owner narrowly avoids a fake Forbes scam

Coin Telegraph
Asked to get a banana, a BAYC owner narrowly avoids a fake Forbes scam
BAYC

Scammers posing as Forbes journalists have been targeting BAYC holders to set up interviews and distract them while they attempt to steal their apes.

A Bored Ape Yacht Club (BAYC) owner says he has managed to avoid a potentially “dreadful day” after being asked to retrieve a banana for a photo from someone they initially believed was interviewing them for Forbes.

On Nov. 27, NFT collector ‘Crumz’ detailed his run-in with a scammer  posing as a Forbes journalist.

He reported that someone pretending to be Robert LaFanco — a real Forbes editor, contacted him by direct message from an impersonator account with the offer of an interview for a new article about BAYCs. 

During the interview, the scammer prompted Crumz to click a "button" to allow access to record the interview. Crumz said he complied with the so-called journalists despite certain red flags, including their use of a non-premium Zoom account and wanting to use a separate recorder bot to record his screen.

“I had to press a button to allow access to record,” he said before adding, “I didn’t think much of it first but at the end, he asks me to say something that resembles my ape and he suggests a banana.”

'Crumz' said he later realized this was a distraction attempt to take him away from his computer during which the attacker would take control of his computer to steal his assets. 

‘Crumz’ said instead of getting the banana, he waited by his computer and sure enough, the scammers started to control his screen.

"I mute my screen and there's no video and just waited by the screen and sure enough they started to control my screen, I stopped them when they went on delegate.cash." 

Crypto casino Rollbit partner ‘@3orovik’ echoed the warning to his 140,000 X followers on Nov. 27.

He also fingered a spurious account named ‘Robert LaFranco’ whose profile claims he is a Forbes assistant managing editor. “During this interview, he attempts to trick you to gain access to your PC and steal your expensive NFTs,” he warned.

Meanwhile, BAYC community member Laura Rod also reported being contacted by the bogus Forbes editor.

Related: Nansen phishing emails flood crypto investors’ inboxes

Earlier this month blockchain security firm Slowmist detailed a number of scams in which victims lost crypto assets to fake journalists.

It reported that, after scheduling an interview, the attacker would guide victims to join the interview on Telegram, providing an interview outline, conducting a two-hour interview, and then providing the malicious link to consent to publication.

In October, a Friend.tech user reported being duped by a fake Bloomberg journalist, who lured them into clicking a link for a “consent form” which instead resulted in a drained Friend.tech account. 

Meanwhile, several industry observers have noted that scammers on X (Twitter) often have a BAYC profile picture which is something to look out for.

Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

Nansen phishing emails flood crypto investors’ inboxes

Coin Telegraph
Nansen phishing emails flood crypto investors’ inboxes
Coin Telegraph

On Sept. 22, one of Nansen’s third-party vendors suffered a security breach, which exposed the email addresses of 7% of the system’s users.

Numerous users of the crypto analytics platform Nansen have received phishing emails from scammers pitching an “exclusive opportunity” to participate in the fictitious “Nansen Airdrop.”

On Nov. 23, crypto community members on X (formerly Twitter) flagged an ongoing phishing campaign targeting Nansen users. The scammers are impersonating Nansen and sending fake invitations to an exclusive airdrop event.

Cointelegraph confirmed the hack from crypto investigator Officer’s Notes (Officercia), who initially warned the community about the ongoing attack. He suspects that user data from a previous third-party database leak is being used to target Nansen users.

On Sept. 22, one of Nansen’s third-party vendors suffered a security breach, which affected nearly 7% of the system’s users. The users affected by the breach reportedly had their email addresses exposed, along with some password hashes, and several had their blockchain addresses compromised. At the time, Nansen claimed it would identify and inform those affected and ask them all to change their passwords. It also clarified that wallet funds were unaffected by the event.

Nansen phishing email. Source: @offiercia (X)

The screenshot of the Nansen phishing email shared with Cointelegraph shows the sender was “mail@networkforgood.com,” an email address completely unrelated to the original analytics platform.

It said that for the next 48 hours, users could claim a guaranteed allocated amount of fake NANSEN tokens. The scammers attached a link to the email, which would redirect users to a potentially rigged website.

Officercia advises reporting suspected phishing links to databases such as chainabuse.com, cryptoscamdb.org and phishtank.org, which help the internet community reduce the success rates of such attacks.

Nansen has not responded to Cointelegraph’s request for comment.

Related: No ‘mass exodus of funds’ following Binance–DOJ settlement — Nansen

Even more crypto investors are potential phishing targets after user data from TrueCoin and FTX bankruptcy claims, among others, was leaked recently.

However, Friend.tech recently denied claims that its database of over 100,000 users was leaked. “It’s like saying someone hacked you by looking at your public Twitter feed,” explained the Friend.tech team, clarifying that the information came from scraping its public API.

Magazine: This is your brain on crypto: Substance abuse grows among crypto traders

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

OpenSea NFT users report massive email phishing campaign

Coin Telegraph
OpenSea NFT users report massive email phishing campaign
Coin Telegraph

OpenSea users have reportedly been targeted with a widespread email phishing campaign, including a fake developer API risk alert and a fake NFT offer.

Users of the major nonfungible token (NFT) marketplace OpenSea have said they are being targeted with a new email phishing attack, and have received emails containing malicious links from attackers posing as the marketplace itself.

According to social media reports, OpenSea users and developers have been targeted by various email phishing campaigns, including a fake developer account risk alert and a fake NFT offer.

One OpenSea developer took to X (formerly Twitter) on Nov. 13 to report receiving a phishing attempt to an email strictly dedicated to their OpenSea Application Programming Interface (API) key. “In other words, dev contacts have been exfiltrated from OpenSea and are the real target in this campaign,” the poster said.

The social media report came in response to OpenSea's insistence that the platform has not been hacked and urging users not to click on links they don’t trust.

Another OpenSea user took to Reddit to express confusion about the ongoing phishing campaign on Nov. 14.

“Haven't used OpenSea for years and all of a sudden, I keep getting emails talking about my NFT listings getting offers,” the poster wrote, adding that all the vulnerable links were trying to direct the reader to install a malicious app.

“Right now I'm getting 3-4 scam/phishing emails a day which is crazy since I got zero just a few weeks ago,” the Redditor wrote, adding:

“So my question is did something new happen to OpenSea. The email address of mine they are hitting is one I created specifically for OpenSea so not concerned but I know OpenSea had hacks previously. Are they just now hitting up my email or is there a new one?”

The news comes a few weeks after one of OpenSea’s third-party vendors experienced a security incident that exposed information related to user API keys. OpenSea reported the breach in a notification email to affected users in late September 2023, stating that user emails and developer API keys may have been leaked due to the attack.

OpenSea users have received phishing emails previously. In February 2022, OpenSea officially confirmed that its platform faced a phishing attack from outside the OpenSea website and urged users to stay away from clicking on any links in the emails. The firm was also investigating rumors of an exploit associated with OpenSea-related smart contracts.

Related: Chinese hackers use fake Skype app to target crypto users in new phishing scam

OpenSea did not immediately respond to Cointelegraph’s request for comment.

This latest phishing campaign is happening just after OpenSea laid off 50% of its staff, with the stated intention of launching OpenSea 2.0 with a smaller team.

This attack is yet another reminder for the cryptocurrency community to stay vigilant when receiving emails from service providers. To avoid a phishing hack, users should be cautious of the email sender’s authenticity and the associated links. Users should also remember that crypto firms never ask their users for personal data like wallet addresses or private keys.

Magazine: How to protect your crypto in a volatile market — Bitcoin OGs and experts weigh in

Read more
56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

56% of advisers more likely to invest in crypto after Trump win: Bitwise survey

WordPress Theme by cactus.com
Close

Share this video