Revoke adds new feature after users complain of fake approvals scam

July 10, 2023 Coin Telegraph

approvals

Scammers have found a new way to make crypto by luring users into revoking fake approval transactions.

Approval management platform Revoke has issued a fix aimed at mitigating a new crypto scam, which involves baiting crypto users into revoking “fake approvals” and then stinging them with excessively high transaction fees.

On July 9, Revoke.cash stated that it had received reports of people seeing unknown approval transactions in their transaction history.

Yesterday, we received reports of people seeing unknown approval transactions in their transaction history.

It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals". pic.twitter.com/vpY2sGIv0T
— Revoke.cash (@RevokeCash) July 9, 2023

In reality, scammers have been using what are known as “gas tokens” to trick victims into believing they have suspicious transaction approvals.

“It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals".”

Gas tokens were developed when Ethereum network fees started climbing. Users could effectively store cheap gas during periods of low network demand.

“This allowed users to mint gas tokens when fees were low, and burn them when fees were high, effectively "locking in" the lower fee,” explained Revoke.

However, Revoke said that scammers have been creating fake gas tokens that they airdrop with fake approvals that users think they need to revoke.

The spurious tokens have been programmed to generate a lot of gas during the revoked transaction with the newly minted gas tokens being sent back to the scammers leaving the victim with a high transaction fee.

Revoke said it has now addressed the issue by adding a check that disables revoking approvals if there's an excessive gas fee. It advised users to ignore the fake approvals:

“Best thing to do with these fake approvals / fake tokens is to ignore them. As long as you don't interact with them, they can't steal your funds.”

Revoke is a preventative tool that helps users practice safer crypto wallet behavior by managing or revoking active approvals such as those no longer required by DeFi protocols.

*Revoke's new fix to combat the gas token approval scam. Source: Twitter*

Platforms such as Revoke have been urging users to revoke approvals for Multichain following the multi-million dollar network exploit on July 7. This has given scammers a new avenue to lure victims to approve their fake transaction revokes.

Magazine: Crypto Twitter Hall of Flame, Gabriel Haines: Shirtless shitposting and hunting SBF on the meme streets

‘Scammers’ impersonate Crypto Twitter users on Threads as users near 100M

July 10, 2023 Coin Telegraph

Coin Telegraph

Threads are already seeing potential crypto scammers arrive on the platform as Crypto Twitter personas warn of impersonators on the app.

Scammers appear to have wasted no time since the launch of Meta’s new microblogging app — with several high-profile Crypto Twitter users already warning of imposter accounts on Threads.

Threads was launched on July 5 and has seen sign-ups climb above 98 million in the days following. It’s still far away from Twitter’s estimated 450 million users.

However, over the past few days, multiple Crypto Twitter figures have already pointed out fake accounts on Threads impersonating others or themselves.

On July 8, decentralized finance platform Wombex Finance tweeted an image of a Threads account impersonating it — warning it could be a scammer as the project isn't on the platform.

Attention, #WombexWarriors!

Please be aware that Wombex Finance DOES NOT have an account on the Threads platform.

Any account claiming to be Wombex Finance on that platform is fraudulent and is operated by a scammer!

To avoid scams, always refer to our official channels:… pic.twitter.com/uU8fc2lTiB
— Wombex (@WombexFinance) July 8, 2023

The nonfungible token (NFT) influencer Leonidas tweeted a similar warning a day earlier to their over 93,000 followers, saying that they and other "large NFT accounts" are being impersonated by "scammers" on Threads. Leonidas said they have now made an account on Threads to combat impersonators.

Jeffrey Huang, known on Twitter as Machi Big Brother, tweeted his Threads profile on July 6 with one user pointing out there was already a Threads account impersonating his Twitter persona.

Damn dude you already have a scam account on threads pic.twitter.com/QTDv3V39H7
— Nataly (NLC) (@NLC972) July 6, 2023

So far, the Thread accounts mentioned have avoided sharing any scam or phishing links, with most posting crypto-related content.

For years, Twitter has been a popular channel for crypto phishing scammers, with a common tactic involving hacking into the Twitter accounts of well-known people and businesses and posting malicious links.

Such links usually attempt to dupe unwitting targets into sharing either their crypto exchange login, a crypto wallet seed phrase or have them connect a wallet to a crypto-draining smart contract.

In the first half of this year, $108 million worth of crypto was stolen in such phishing scams according to a report by Web3 security firm Beosin.

Magazine: Crypto Twitter Hall of Flame, Gabriel Haines: Shirtless shitposting and hunting SBF on the meme streets

Losses from crypto rug pulls outpaced DeFi exploits in May: Beosin

June 2, 2023 Coin Telegraph

Beosin

Over $45 million was lost to exit scams in May while exploits on DeFi protocols racked up less than half that amount over the same period.

The amount of cryptocurrency lost to "rug pull" or "exit scams" — where founders suddenly up and leave with investors’ money — had outpaced the amount stolen from decentralized finance (DeFi) projects in May, a blockchain security firm has revealed.

A June 1 report from Beosin said in May total losses from rug pulls and scams reached over $45 million across six incidents.

Meanwhile, there were 10 attacks on decentralized finance (DeFi) protocols that netted only $19.7 million. The amount is a nearly 80% decrease from April and losses from these types of exploits had been on the decline for two months, it added.

Rug Pull Outpaces Attacks: The total amount involved in #rugpull reached $45.02 million, surpassing losses from attacks

2/5
— Beosin Blockchain Security (@Beosin_com) June 1, 2023

The largest of such rug pulls was the $32 million that crypto project Fintoch is alleged to have made off with on May 24. The $7.5 million attack on the DeFi platform Jimbos protocol was the largest attack last month according to Beosin.

“Hackers and scammers are gradually shifting the target of their attacks from various project parties to ordinary users,” Beosin wrote.

It recommended crypto users “raise their anti-fraud awareness,” undertake due diligence on a project before investing and learn how to better safeguard their crypto.

Beosin also warned against using shared or public charging devices for mobile phones as these could potentially be modified to inject malicious programs that could compromise private keys.

In April, the United States Federal Bureau of Investigation (FBI) issued a similar warning the use of free charging stations such as those found at airports should be avoided.

Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead. pic.twitter.com/9T62SYen9T
— FBI Denver (@FBIDenver) April 6, 2023

“Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices,” the FBI’s Denver office tweeted on April 6. It instead advised carrying a charger and USB cord for use in an electrical outlet.

Hall of Flame: Crypto Wendy on trashing the SEC, sexism, and how underdogs can win

Google Ads data: $4M stolen through crypto phishing URLs

April 27, 2023 Coin Telegraph

Google Ads data: M stolen through crypto phishing URLs

Coin Telegraph

Unsuspecting cryptocurrency users have lost over $4 million to phishing websites promoted using Google Ads.

Data from Google Ads coupled with blockchain analytics reveals that over $4 million has been stolen from users that have fallen for malicious phishing websites promoted on Google.

According to Web3 anti-scam service provider ScamSniffer, malicious adverts for phishing websites have been prevalent on Google ads searches in recent weeks. The URLs lead to fraudulent websites that prompt wallet login signature requests that compromise users’ addresses.

1/ A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.#PhishingScams #GoogleAds pic.twitter.com/vuKCgSuFnV
— Scam Sniffer (@realScamSniffer) April 27, 2023

A number of decentralized finance (DeFi) protocols, websites and brands, including Zapper.fi, Lido, Stargate, Defillama, Orbiter Finance and Radiant, have been targeted by scammers. Slight changes to official URLs make it difficult for users to identify that they’ve clicked on malicious links.

Analysis of metadata from a number of the phishing websites in question has been linked to advertisers located in Ukraine and Canada. The users responsible for placing the malicious adverts make use of a number of methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, which allows the attackers to show a normal webpage during Google’s ad review.

Other malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website. This also allows scammers to bypass some of Google ads’ machine reviews.

On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users over the past month.

The anti-scam service followed on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin and Binance.

Making use of advertising analysis platforms, ScamSniffer suggests that the cost of promoting crypto-related phishing websites is lucrative. The average cost per click for associated keywords is between $1 to $2.

Estimating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising which has provided a return on their malevolent investments of 276%, given the $4 million stolen to date.

A report from Russian cybersecurity and anti-virus provider Kaspersky highlighted an increase in crypto-related phishing attacks through 2022, up 40% year on year with over 5 million phishing attacks identified last year.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Winner of Canadian Lottery Jackpot Says Impostors Using His Name to Steal Bitcoins

April 14, 2023 Bitcoin.com

Ukraine Dismantles $40 Million Russian Crypto Pyramid

April 6, 2023 Bitcoin.com

US Treasury Report Warns of Defi’s Threat to National Security, Authors Conclude Fiat Is Used in Illicit Finance More Than Crypto

April 6, 2023 Bitcoin.com

Beware of fake Arbitrum Airdrops, community warns

March 20, 2023 Coin Telegraph

Airdrop

The community has warned others to stay vigilant after reports of phishing websites and scams offering Arbitrum Airdrop tokens.

Ethereum layer-2 scaling solution Arbitrum's upcoming "ARB" token Airdrop appears to have become a popular target for scammers, with the community warning of hundreds of phishing scams aimed at tricking crypto users.

Announced in a March 16 post by the Arbitrum Foundation, the airdrop will send out 10 billion governance tokens via a token airdrop, allowing holders to vote on code changes. The airdrop is set for March 23.

Unfortunately, the development has led to more than a few attempts from scammers to set up fake token airdrops aimed at stealing funds from victims ahead of the officially slated event.

Blockchain security company Redefine in a March 19 post said it found a website impersonating an official Arbitrum airdrop website. The screenshots show a user is asked by the website to allow access to their funds, which would presumably result in the scammers draining th wallet.

*Blockchain security company Redefine has found several websites impersonating official Arbitrum airdrop website. Source: Redefine*

CertiK, another blockchain security firm pointed to a fake Arbitrum Twitter account with the user name “@arbitrum_launch” — which is advertising a token Airdrop. It has warned users not to interact with it.

#CertiKSkynetAlert

Be aware of a fake @arbitrum Twitter account which is advertising a token Airdrop.

Do not interact with this Airdrop.

Always verify Twitter accounts and URLs from trusted sources.

Stay vigilant! pic.twitter.com/gTlSNRzd6l
— CertiK Alert (@CertiKAlert) March 19, 2023

Meanwhile, Reddit user CryptoMaximalist posted a thread on March 19, warning that "scammers are hoping to capitalize on the complexity of crypto and users excited for free money."

According to CryptoMaximalist, they found fake "Arbitrum" Twitter profiles with links to fake Arbitrum websites, advising everyone to check a user's profile and history, and check if they are spamming links across many subreddits before clicking on shared links.

Last week, Web3 anti-scam tool Scam Sniffer told its Twitter followers that it had already detected more than 273 phishing sites related to Arbitrum since the token airdrop was announced, with the number expected to rise before the official drop on March 23.

Gm, $ARB airdrop holders! ☀️

We found a lot of scam accounts calling you to claim airdrop! Don't trust!

Only legal website: https://t.co/zjxfLBnn9I

The following 6 accounts are official @arbitrum @arbitrum_cn @arbitrumcore @ArbitrumDevs @arbitrum_intern @OffchainLabs… https://t.co/F0ADoE6Lwd pic.twitter.com/0nEqEsnH8k
— ANDAO (,) (@ArbitrumNewsDAO) March 19, 2023

According to the Arbitrum Foundation, a points system was used to determine who could claim the token airdrop and how many they can claim.

Qualifying actions included completing more than four transactions or interacting with at least four smart contracts, bridging funds into the chain Arbitrum One and depositing more than $50,000 of liquidity into Arbitrum.

Blockchain analytics firm Nansen, which helped develop the criteria with Arbitrum, revealed that out of more than 2.3 million wallets bridged on the Arbitrum One chain before Feb. 6, only 625,143 are eligible for the airdrop.

The Arbitrum Airdrop had a long list of eligibility criteria. Source: Nansen

"Organic activity earned positive (behaviors to encourage) or negative behaviors to discourage) points. The number of tokens that a wallet received in the airdrop was a function of how many points it collected,” Nansen explained in a tweet on March 16.

Scam alert: $300K stolen by fake Blur airdrop websites

March 16, 2023 Coin Telegraph

Airdrop

Unsuspecting users looking to claim Blur token airdrops have had funds stolen by a number of fake websites.

Scammers continue to prey on nonfungible token (NFT) users looking to claim Blur token airdrops through the use of numerous scam websites.

According to data from TrustCheck, over $300,000 has been stolen from unsuspecting users that have linked wallets to malicious websites.

The legitimate Blur platform is a newcomer to the NFT marketplace space, making waves in the industry with booming user numbers and trading volume directly resulting from the platform’s three-phase airdrop incentive scheme. 10% of Blur’s total token supply was distributed to users based on their trading activity in its second token airdrop scheme from Feb. 15.

The first airdrop was retroactive, awarding tokens to anybody who traded an NFT on Ethereum in the six months leading up to the platform’s launch in October 2022. The second airdrop awarded tokens to users who listed NFTs before Dec. 6, while the third airdrop awarded tokens to users placing bids on the platform after the feature went live.

Given the incentive program's mechanics, many users have been looking to claim $BLUR tokens across the NFT ecosystem. This created an opportunity for scammers to promote fake airdrop links to malicious websites.

Data shared with Cointelegraph from Ethereum-based Web3 browser security extension TrustCheck reveals that over $300,000 worth of funds have been stolen from 24 different scam websites since Feb. 15. A handful of these websites are still functional, with users warned to be wary when connecting wallets.

*A screenshot of a fake website looking to scam users attempting to claim $BLUR token airdrops. Source: TrustCheck*

The websites make use of smart contracts that automatically prompt a transaction when users connect their ETH wallets. All the ETH from the wallet is then drained to a specific address, which has allowed TrustCheck to keep tabs on the number of funds stolen to date.

Tools like TrustCheck will flag suspicious websites and transactions, warning Web3 users of potential fake websites and smart contracts.

Blur has also been in the spotlight due to reports of users carrying out NFT wash trading in order to cash in on its token airdrop incentive scheme. However, data analytics carried out by data scientist Hildebert Moulié on Dune suggests that Blur’s NFT trading volumes are legitimate.

Fake websites and phishing attacks are commonplace across the internet, while scammers continue attempts to drain funds through Web3 functionality. In February 2023, a URL masquerading as the ETH Denver conference website was linked to a notorious phishing wallet address that has stolen over $300,000 to date.

Scammers also preyed on FTX investors using phishing websites in late 2022 that were scrambling to recoup funds after the implosion of the failed cryptocurrency exchange.

Fraudsters Offer Russians Bogus Chance to Invest in Fake ‘State Cryptocurrency’

March 9, 2023 Bitcoin.com

Scammers

Share this video