Terra money website frozen to prevent more phishing scams

August 22, 2023 Coin Telegraph

Blockchain Capital’s X account hacked to promote token claim scam

August 9, 2023 Coin Telegraph

The account made multiple posts promising a token giveaway and ushered users to a copycat website to connect their crypto wallet.

The X (Twitter) account of crypto-focused venture capital firm Blockchain Capital was seemingly taken over by scammers attempting to lure users with the promise of a token claim.

On Aug. 9, Blockchain Capital's account made multiple posts promising a giveaway of "BCAP" tokens and directed users to a copycat website that emulated the appearance of the VC firm's original.

Blockchain Capital later regained control of the account and deleted the posts.

*Scammers posting a link to a fake Blockchain Capital website under the guise of a token claim. Source: X*

The copycat website — which included an additional "n" in the URL to closely mimic the original — directs users to connect their crypto wallet, a common tactic used by phishing scammers in order to trick users into signing a malicious transaction that drains funds.

The scammers tactically turned off commenting on the posts in an attempt to prevent others from warning of the possible scam. Multiple X users shared the posts warning of the scam attempt.

*Tierion founder Wayne Vaughan was one of many to warn of the scam attempt. Source: X*

Blockchain Capital's hijacked account comes days after the FBI warned of criminal actors taking over the social media accounts of well-known figures in the crypto space in order to funnel users to malicious spoof sites.

A flood of scam posts also recently appeared on pro-XRP lawyer Jeremy Hogan’s hacked X account — where malicious links to a purported XRP (XRP) giveaway were posted for around four days.

In late July, Binance CEO Changpeng “CZ” Zhao warned his 8.5 million X followers of the increasing number of phishing attacks following the hack of Uniswap founder Hayden Adams X account.

Zhao advised against using text message-based two-factor authentication and recommended the use of hardware devices instead.

Magazine: How smart people invest in dumb memecoins — 3-point plan for success

Criminal Actors Posing As NFT Developers in Crypto Phishing Scams, Warns FBI

August 7, 2023 The Daily Hodl

Zero transfer scammer steals $20M USDT, gets blacklisted by Tether

August 1, 2023 Coin Telegraph

Zero transfer scammer steals M USDT, gets blacklisted by Tether

Coin Telegraph

Zero transfer scams are becoming prominent in the crypto ecosystem, with over $40 million stolen in 2023.

A scammer using zero transfer phishing attack managed to steal $20 million worth of Tether (USDT) on Aug. 1 before getting blacklisted by the stablecoin’s issuer Tether.

According to an update from on-chain analytic firm PeckShield, A zero transfer scammer grabbed 20 million USDT from the victim address 0x4071...9Cbc. The intended address that the victim planned to send money to was 0xa7B4BAC8f0f9692e56750aEFB5f6cB5516E90570; however, it was sent to a phishing address instead: 0xa7Bf48749D2E4aA29e3209879956b9bAa9E90570.

*The zero transfer phishing scam. Source: Etherscan*

The victim's wallet address first received 10 million USD from a Binance account. The victim then sent it to another address before the scammer jumped in. The scammer then sent a fake Zero USDT token transfer out from the victim’s account to the scammer's phishing address. A few hours later the victim sent 20 million real USDT to the scammer thinking they are transferring to a known address.

The wallet was immediately frozen by the USDT issuer Tether raising eyebrows at the speedy nature of the action.

Curious who this would be if it was blacklisted within ~1 hr
— ZachXBT (@zachxbt) August 1, 2023

The scam proposers because users generally check the first or last five digits of a wallet address and not the whole address, making them send the assets to the phishing address. The victim is tricked into sending a transaction for zero tokens from their wallet to an address that resembles one to which they have already sent tokens in the past.

How zero transfer scam works. Source: Coinbase

For instance, if the victim sent 100 coins to an address for an exchange deposit, the attacker might send 0 coins from the victim's wallet to an address that appears to be similar but is actually controlled by the attacker. Upon viewing this transaction in their transaction history, the victim might assume that the address displayed is the proper deposit address. They might therefore send their coins directly.

Zero transfer phishing scams have become quite prominent in the crypto ecosystem over the past year with multiple instances of such scams coming to light. The first instance of the zero transfer occurred in December last year and has resulted in over $40 million in losses to such attacks.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: How smart people invest in dumb memecoins — 3-point plan for succes

Pink, Pussy, Venom, Inferno — Drainers coming for a crypto wallet near you

July 10, 2023 Coin Telegraph

certik

Crypto wallet drainers, or sweepers, are malicious smart contracts that can quickly empty a crypto wallet of its funds and are a standard tool for phishing scammers.

Four major crypto drainers have emerged to fill the vacuum left by the notorious wallet sweeper Monkey Drainer, with thousands of victims targeted and millions in crypto stolen already this year.

The crypto drainers — called Pink Drainer, Inferno Drainer, Pussy Drainer, and Venom Drainer — have together stolen $66.4 million in total since around the start of 2023 according to Dune dashboards complied by Web3 anti-scam platform Scam Sniffer.

Venom Drainer has stolen nearly $27.5 million since February, the most out of the group. Inferno Drainer is second with over $21.2 million stolen since January but has three times the number of victims at nearly 45,800.

Pussy Drainer and Pink Drainer together have been used to steal from over 6,000 victims with $17.5 million in funds pilfered across the two. Monkey Drainer was estimated to have stolen about $13 million worth of digital assets in total during its reign.

*Venom Drainer’s stats show the service has stolen, on average, around $1,800 worth from each victim. Source: Dune*

Crypto drainers work by having the victim unknowingly agree to a malicious transaction in their crypto wallet that allows a smart contract to transfer out a portion of assets or the entire contents of the wallet, depending on the transaction that was signed.

Scam Sniffer told Cointelegraph that most crypto drainers are rented out to groups undertaking phishing scams and the drainer takes a percentage cut of the loot.

Many operate on this pricing model but some have an additional access fee. Blockchain security firm CertiK explained that Inferno — like many other drainers — “has a 20% commission” while Venom has “introduced an initial $1,000 fee” for first-time users.

Scam Sniffer said some draining services advertise “add-ons” such as including malicious signature requests that emulate popular nonfungible token (NFT) marketplaces such as Blur and X2Y2.

“In the NFT space, there are a lot of protocols that use unreadable signatures like Seaport, Blur and X2Y2,” Scam Sniffer explained. “If the victims have assets on Blur, the drainers could launch particular malicious signatures to steal NFTs approved to trade on Blur.”

3/ Blur's bulk listing requires users to sign a Root, which is unreadable for users. this Root is the Merkle Tree Root generated by multiple Order hash. pic.twitter.com/RxAsJp0Urv
— Scam Sniffer (@realScamSniffer) June 26, 2023

Not all drainers are around forever though. According to Scam Sniffer, once the person or people behind a drainer steal a certain amount of funds, they will announce they’re quitting — likely an attempt at staving off law enforcement.

However, it added as one crypto drainer leaves another takes its place “because it’s profitable! [...] And no one has been arrested so far.”

The are currently multiple crypto-draining services making the rounds on Telegram. CertiK shared images with Cointelegraph showing other drainers named Angel, Spawn, Whale and Atomic.

In March, the crypto-draining service Monkey Drainer announced they were “shutting down” saying it was “time to move on to something better.”

The person behind Monkey Drainer pointed their “fellow cyber-gangsters” to Venom, touting it as a “flawless” service.

Magazine: Should you ‘orange pill’ children? The case for Bitcoin kids books

‘Scammers’ impersonate Crypto Twitter users on Threads as users near 100M

July 10, 2023 Coin Telegraph

Coin Telegraph

Threads are already seeing potential crypto scammers arrive on the platform as Crypto Twitter personas warn of impersonators on the app.

Scammers appear to have wasted no time since the launch of Meta’s new microblogging app — with several high-profile Crypto Twitter users already warning of imposter accounts on Threads.

Threads was launched on July 5 and has seen sign-ups climb above 98 million in the days following. It’s still far away from Twitter’s estimated 450 million users.

However, over the past few days, multiple Crypto Twitter figures have already pointed out fake accounts on Threads impersonating others or themselves.

On July 8, decentralized finance platform Wombex Finance tweeted an image of a Threads account impersonating it — warning it could be a scammer as the project isn't on the platform.

Attention, #WombexWarriors!

Please be aware that Wombex Finance DOES NOT have an account on the Threads platform.

Any account claiming to be Wombex Finance on that platform is fraudulent and is operated by a scammer!

To avoid scams, always refer to our official channels:… pic.twitter.com/uU8fc2lTiB
— Wombex (@WombexFinance) July 8, 2023

The nonfungible token (NFT) influencer Leonidas tweeted a similar warning a day earlier to their over 93,000 followers, saying that they and other "large NFT accounts" are being impersonated by "scammers" on Threads. Leonidas said they have now made an account on Threads to combat impersonators.

Jeffrey Huang, known on Twitter as Machi Big Brother, tweeted his Threads profile on July 6 with one user pointing out there was already a Threads account impersonating his Twitter persona.

Damn dude you already have a scam account on threads pic.twitter.com/QTDv3V39H7
— Nataly (NLC) (@NLC972) July 6, 2023

So far, the Thread accounts mentioned have avoided sharing any scam or phishing links, with most posting crypto-related content.

For years, Twitter has been a popular channel for crypto phishing scammers, with a common tactic involving hacking into the Twitter accounts of well-known people and businesses and posting malicious links.

Such links usually attempt to dupe unwitting targets into sharing either their crypto exchange login, a crypto wallet seed phrase or have them connect a wallet to a crypto-draining smart contract.

In the first half of this year, $108 million worth of crypto was stolen in such phishing scams according to a report by Web3 security firm Beosin.

Magazine: Crypto Twitter Hall of Flame, Gabriel Haines: Shirtless shitposting and hunting SBF on the meme streets

Multichain attack triggers Twitter phishing scheme for FTM distribution

July 9, 2023 Coin Telegraph

Coin Telegraph

A phishing link was included in the tweet and shared with the affected users of the hack, leading them to believe it is associated with Fantom Foundation.

Hackers continue their relentless activities, displaying no signs of slowing down. Shortly after the Multichain hack, these malicious individuals once again launched an attack. Their latest tactic involves spreading a phishing link through Twitter.

A fraudulent distribution of Fantom (FTM) to users, falsely linked to the Multichain attack, is rapidly spreading on Twitter, attracting significant attention. This post has garnered numerous retweets, views and even bookmarks from Twitter users.

In the disguised tweet, the malicious individuals stated thus;

“Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users. All users who have interacted with the FTM chain are eligible to claim.”

A phishing link was included in the tweet and shared with the affected users of the hack, leading them to believe it is associated with Fantom Foundation, the non-profit organization responsible for the Fantom (FTM) protocol.

Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users.

All users who have interacted with the FTM chain are eligible to claim.

Receive Now ➡️ https://t.co/UUOBcycz8t #Fantom #Multichain #FTM #FTMUSDT #FantomHackathon $USDC,…
— Fantom Foundation (@FantomFNlD) July 7, 2023

On July 6th, Multichain encountered an alarming situation when significant outflows were detected on its platform. In response, Multichain suspended operations to investigate the issue. By the end of the day, approximately $125 million worth of Multichain assets had been illicitly transferred to various wallets. The most targeted asset was the Fantom bridge, with approximately $122 million worth of wBTC, USDC, USDT and other altcoins being stolen from its holdings.

Looks like another hack happened on Multichain. This DOES NOT affect users on @Binance or @Binance itself. We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation.

Stay #SAFU. https://t.co/GGInbxFkic
— CZ Binance (@cz_binance) July 7, 2023

In light of these events, users were strongly recommended to halt all activities on the Multichain protocol and revoke any contract approvals associated with Multichain. This precautionary measure was advised until investigations were concluded and a comprehensive explanation was provided.

During the ongoing investigation, Changpeng 'CZ' Zhao, the CEO of Binance, utilized Twitter to inform his followers that the prominent digital asset service provider remained unharmed by the attack, reassuring them that all funds were secure. Additionally, he verified that Binance had already executed an asset swap and ceased accepting deposits from Multichain some time ago.

Instances of Twitter hacks like these are increasingly prevalent within the crypto industry. It is crucial for users to exercise caution and refrain from clicking on unfamiliar links.

Magazine: Should crypto projects ever negotiate with hackers? Probably

The Sandbox CEO’s Twitter was hacked, used to promote alleged ‘airdrop’ scam

May 26, 2023 Coin Telegraph

Coin Telegraph

The executive appears to have now recovered his account.

Arthur Madrid, co-founder and CEO of metaverse project The Sandbox, was the victim of a Twitter account hack on May 26, according to a post from Madrid that was apparently made after he recovered the account. The attacker allegedly used Madrid’s account to promote a fake “airdrop” phishing scam.

In Madrid’s post, he warned Sandbox users that they should “never click on any link that promote Airdrop or URL and look SCAMMY - and not 100% using our proper and unique URL/domain name : http://sandbox.game.”

My Twitter was hacked today. and now is back. Please never click on any link that promote Airdrop or URL and look SCAMMY - and not 100% using our proper and unique URL/domain name : https://t.co/X3rXN9z8z7
— Arthur Madrid (@arthurmadrid) May 26, 2023

Four hours before Madrid’s post, The Sandbox’s official Twitter account also warned that a scammer had taken control of the account and was promoting “a scam / phishing link for a fake airdrop of SAND tokens.”

The post included a screenshot of the alleged scam post, which advertised a SAND token airdrop and encouraged users to “check eligibility and claim on the site,” referring users to a website with a different URL than the official one.

The Sandbox team stated that they were “working on getting the site down and fix it ASAP.”

⚠️ Our CEO & Co-Founder Arthur Madrid's Twitter account has been hacked ⚠️

The hacker is posting a scam / phishing link for a fake airdrop of SAND tokens.

⛔️Do NOT click on the link and instead report the post so it is blocked.

We're working on getting the site down and fix… pic.twitter.com/sOqzAV5OUT
— The Sandbox (@TheSandboxGame) May 26, 2023

As of 8:26 pm UTC, the alleged scam site appears to have been taken down, as it now produces a 404 error.

Phishing attacks have become a frequent problem in the crypto community. On May 19, a scam-as-a-service called “Inferno Drainer” was reportedly discovered to be operating on Telegram, recruiting website builders to create hundreds of these phishing scam sites. By the time it was discovered, it had reportedly stolen nearly $6 million from users.

On April 15, cybersecurity firm Kaspersky reported that these types of attacks increased by 40% in 2022 compared to the previous year.

‘Inferno Drainer’ scam as a service has stolen $5.9M since March: Report

May 19, 2023 Coin Telegraph

<div>'Inferno Drainer' scam as a service has stolen .9M since March: Report</div>

Coin Telegraph

The service provides code to scammers that allows them to drain wallets using token approval phishing methods

A new scam as a service called “Inferno Drainer” has reportedly stolen nearly $6 million from unsuspecting crypto users, according to Web3 scam detecting firm Scam Sniffer. Inferno Drainer reportedly advertises that it provides ready-to-go code to scammers, allowing them to steal crypto in exchange for a 20% cut of the scammer’s crypto "loot".

1/ Inferno Drainer, a scam vendor specializing in multi-chain scams, has stolen $5.9 million in assets from nearly 4,888 victims through over 689 phishing websites targeting popular projects.https://t.co/OEjdzHm2Ls
— Scam Sniffer (@realScamSniffer) May 19, 2023

The scam service was discovered by security enthusiast and pseudonymous Twitter user 0xSaiyanElite, who happened to run across a promoter of it while browsing the Scam Sniffer Telegram channel. Saiyan reported the scammer to the channel, and the security service began an investigation. They found a screenshot showing a $103,000 drain transaction using a Permit2 exploit. Permit2 exploits are phishing scams that rely on a simplified version of the token approval process.

As told by Scam Sniffer, the screenshot showed the transaction hash of the theft, prompting the team to search up the transaction, which uncovered the exploiter’s address. Scam Sniffer then found the said address was associated with over 689 phishing websites created since March 27 and had drained $5.9 million from victims on various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain. Scam Sniffer created a Dune analytics dashboard to reveal the data validating this conclusion.

According to the report, Inferno Drainer advertised its “service” to scammers in return for 20% of profits. It even offered to build phishing sites for customers in exchange for 30%, but only for “good customers or people with big potential.”

*Alleged Telegram advertisement for Inferno Drainer. Source: Scam Sniffer*

Scams as services have become an increasing problem in the crypto community over the past few months. A similar service called “Monkey Drainer” was discovered by ZachXBT in October. It drained at least $1 million in ETH from users before shutting down in March.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Google Ads data: $4M stolen through crypto phishing URLs

April 27, 2023 Coin Telegraph

Google Ads data: M stolen through crypto phishing URLs

Coin Telegraph

Unsuspecting cryptocurrency users have lost over $4 million to phishing websites promoted using Google Ads.

Data from Google Ads coupled with blockchain analytics reveals that over $4 million has been stolen from users that have fallen for malicious phishing websites promoted on Google.

According to Web3 anti-scam service provider ScamSniffer, malicious adverts for phishing websites have been prevalent on Google ads searches in recent weeks. The URLs lead to fraudulent websites that prompt wallet login signature requests that compromise users’ addresses.

1/ A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV
— Scam Sniffer (@realScamSniffer) April 27, 2023

A number of decentralized finance (DeFi) protocols, websites and brands, including Zapper.fi, Lido, Stargate, Defillama, Orbiter Finance and Radiant, have been targeted by scammers. Slight changes to official URLs make it difficult for users to identify that they’ve clicked on malicious links.

Analysis of metadata from a number of the phishing websites in question has been linked to advertisers located in Ukraine and Canada. The users responsible for placing the malicious adverts make use of a number of methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, which allows the attackers to show a normal webpage during Google’s ad review.

Other malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website. This also allows scammers to bypass some of Google ads’ machine reviews.

On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users over the past month.

The anti-scam service followed on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin and Binance.

Making use of advertising analysis platforms, ScamSniffer suggests that the cost of promoting crypto-related phishing websites is lucrative. The average cost per click for associated keywords is between $1 to $2.

Estimating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising which has provided a return on their malevolent investments of 276%, given the $4 million stolen to date.

A report from Russian cybersecurity and anti-virus provider Kaspersky highlighted an increase in crypto-related phishing attacks through 2022, up 40% year on year with over 5 million phishing attacks identified last year.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

phishing

Share this video