BNB Smart Chain scam losses dropped 75% in Q3: Report

November 7, 2023 Coin Telegraph

Security firm HashDit says the lower amount lost to scams on BSC could be due to an uptrend in security products addressing the threat.

Scams facilitated on BNB Smart Chain (BSC) decreased from $55.4 million in the second quarter of 2023 to $13.6 million in the third quarter, according to an AvengerDAO report contributed to by security firm HashDit. This represents a 75% drop in the amount lost to scams.

According to the security firm’s analysis, the drop can be attributed to various factors, including an increase in overall awareness among community members, an uptrend in security products flagging malicious websites and activities, and community members identifying scams early and giving warnings before the scammers can succeed.

*Amount lost to BSC scams in 2023. Source: HashDit*

Despite the drop, rug pulls represented 67% of total losses on the blockchain in the third quarter. According to HashDit, this remains BSC’s most common attack vector. With rug pulls, maliciously acting projects entice investors with marketing efforts but don’t deliver their promised products, and the founders run away with investor funds.

Reserves and price manipulation were also prevalent on BSC in Q3 2023. According to the report, this is because hackers are exploiting “poorly designed smart contracts.”

On Oct. 20, various security experts highlighted that malicious actors may prefer BSC because it’s cheaper and is perceived as having lower security than the Ethereum blockchain. According to CertiK security researcher Joe Green, fees on BSC are much lower than Ethereum, but the network’s stability and speed are the same. The researcher believes that because of this, hackers face “no financial pressure” when using BSC.

Magazine: Slumdog billionaire: Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal

FTX clients face deceptive priority withdrawal scam

October 21, 2023 Coin Telegraph

Coin Telegraph

FTX users have reported receiving deceptive emails purportedly sent by FTX Trading, West Realm Shires Services and FTX EU.

FTX users are reportedly being targeted in a withdrawal scam. X (formerly Twitter) user and FTX creditor advocate Sunil cautioned FTX account holders about the phishing scam and urged them to avoid clicking on dubious links.

Sunil’s X post highlights the ever-evolving tactics online scammers employ.

FTX users have reported receiving deceptive emails purportedly sent by FTX Trading, West Realm Shires Services and FTX EU. The emails falsely offer FTX creditors an exclusive chance for immediate asset withdrawals, bypassing waiting periods and legal proceedings. One example of a fraudulent email states:

“We are excited to offer the valued priority clients of FTX Trading Ltd., West Realm Shires Services Inc., and FTX EU Ltd., a special opportunity starting today, Oct. 20, 2023. As a priority client, you can now undergo the withdrawal process for your assets on the FTX platform and deposit them directly into your wallet, eliminating any waiting period and court outcomes.”

The email targets users keen to withdraw assets amid ongoing legal disputes involving Sam Bankman-Fried, the former CEO of the exchange.

The scam emerged shortly after FTX creditors achieved a notable milestone by announcing the resolution of customer property disputes.

Pending approval from a bankruptcy court, the revised plan envisions significant relief for FTX’s global customer base. According to the proposal, customers will obtain over 90% of the distributable value.

Magazine: Can you trust crypto exchanges after the collapse of FTX?

EtherHiding: Why hackers may prefer Binance’s BNB Smart Chain

October 20, 2023 Coin Telegraph

BNB Chain

According to cybersecurity analysts at 0xScope and CertiK, threat actors may prefer using BNB Smart Chain contracts because it’s cheaper and seen as having lower security than Ethereum.

Despite the name “EtherHiding,” the new attack vector that hides malicious code in blockchain smart contracts doesn’t have much to do with Ethereum at all, cybersecurity analysts have revealed.

As reported by Cointelegraph on Oct. 16, EtherHiding has been discovered as a new way for bad actors to hide malicious payloads inside smart contracts — with the ultimate goal of distributing malware to unsuspecting victims.

These cybercriminals tend to prefer using Binance’s BNB Smart Chain, it is understood.

Speaking to Cointelegraph, a security researcher from blockchain security firm CertiK, Joe Green, said most of this is due to BNB Smart Chain’s lower costs.

“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap meaning there’s no financial pressure.”

EtherHiding attacks are initiated by hackers compromising WordPress websites and injecting code that pulls partial payloads buried in Binance smart contracts. The website’s front end is replaced by a fake update browser prompt which when clicked pulls the JavaScript payload from the Binance blockchain.

The actors frequently change the malware payloads and update website domains to evade detection. This allows them to continuously serve users fresh malware downloads disguised as browser updates, Green explained.

Screenshot of malware updates being deployed in BSC smart contract. Source: Certik

Another reason, according to security researchers at Web3 analytics firm 0xScope, could be because of increased security-related scrutiny on Ethereum.

"While we are unlikely to know the EtherHiding hacker's true motives for using BNB Smart Chain over other blockchains for their scheme, one possible factor is the increased security-related scrutiny on Ethereum.”

Hackers may face higher risks of discovery by injecting their malicious code using Ethereum due to systems such as Infura’s IP address tracking for MetaMask transactions, they said.

The 0xScope team told Cointelegraph they recently tracked the money flow between hacker addresses on BNB Smart Chain and Ethereum.

Key addresses were linked to NFT marketplace OpenSea users and Copper custody services, it reported.

Payloads were updated daily across 18 identified hacker domains. This sophistication makes EtherHiding hard to detect and stop, the firm concluded.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Tim Draper warns of crypto scams using his AI-synthesized voice

October 19, 2023 Coin Telegraph

Advancements in AI have made it possible to create deepfake videos and voices in which scammers write the scripts to try and illegally obtain others' crypto.

American venture capitalist Tim Draper issued a warning on social media that scammers are attempting to con crypto users using an artificial intelligence (AI) voice generator.

In an Oct. 19 post on X (formerly Twitter), Draper warned his roughly 254,000 followers to be mindful of “thieves” using AI to create an approximation of his voice. According to the venture capitalist, “AI is getting smarter” as evidenced by followers seemingly reporting Draper tried to get them to send cryptocurrency.

Apparently AI is getting smarter, and people are using my voice to try to get you to send money (crypto). Please know that I will never ask the public X followers for money. If anyone asks, it is not me. They are thieves.
— Tim Draper (@TimDraper) October 19, 2023

Recent advancements in AI have made it easier for the average person to hear their favorite celebrity’s voice or watch a video of politicians saying whatever they want through certain programs. Following the collapse of FTX in November 2022, scammers created a deepfake video of former CEO Sam Bankman-Fried offering compensation to affected users. A similar situation occurred with a deepfake of Tesla CEO Elon Musk in May 2022.

Draper, who once predicted that the price of Bitcoin (BTC) would hit $250,000 by 2023, was an early investor in the cryptocurrency. Despite losing roughly 40,000 BTC when Mt. Gox collapsed in 2011, he has continued to be an advocate for the space and digital assets.

Magazine: US gov’t messed up my $250K Bitcoin price prediction: Tim Draper, Hall of Flame

Scammers prefer banking customers over crypto investors in Ireland: Report

October 16, 2023 Coin Telegraph

Banking

To date, Irish authorities managed to recover approximately 4 million euros of the 20 million euros lost in banking scams since January 2023.

Fraudsters in Ireland prefer targeting traditional banking customers instead of cryptocurrency investors amid a two-year-long bear market.

The frequency of cryptocurrency scams is often directly proportional to the hype and profits around the ecosystem at a given time. It appears that the ongoing crypto bear market has helped eradicate at least some of the bad actors, including scams and businesses, while it has largely retained serious investors who believe in due diligence.

The resultant difficulty in targeting crypto investors has led scammers in Ireland to focus on banking customers. According to the Irish Independent, in 2023, Irish people lost nearly 20 million euros ($21.8 million) to scammers posing as banking officials. A source revealed:

“In the last few months, what has become more and more common is that victims have been contacted often by phone or by email by fraudsters who are saying they work for legitimate, high-profile British banks or trading houses.”

Fraudsters mimicking traditional banks approach unwary customers through phone calls and emails. The Irish police are currently investigating numerous frauds of a similar nature and have been successful in retrieving 2 million euros ($2.1 million) from one of the scammers.

Irish authorities have recovered approximately 4 million euros of the 20 million euros lost to banking scams since January 2023. Detectives confirmed with the Irish Independent that crypto scams are no longer the dominant form of investment scams despite accounting for 95% of scams at its peak.

Instead of plotting complex crypto scams, fraudsters mimic banking websites and brochures to convince victims to part with their savings. Detectives have identified well over 20 bank accounts in the United Kingdom being used by the fraudsters but are yet to dismantle the operation.

The Bank of Ireland warned customers to be suspicious of banking employees pressurizing them into acting quickly and without thinking — a technique commonly used by scammers to dupe investors.

While Ireland investigates the rising scams against banking customers, an Australian bank recently claimed that 40% of scams “touch” crypto.

During a panel at the Australian Blockchain Week on June 26, Sophie Gilder, managing director of blockchain and digital assets at Commonwealth Bank, said:

“One in three of the dollars that are scammed from Australians touch crypto, one in three. So it’s the single largest lever that we have to reduce this impact on our customers.”

Nigel Dobson, banking services portfolio lead at ANZ, referred to data from the Australian Financial Crimes Exchange suggesting that the figure may be even higher, at 40%.

Magazine: Beyond crypto: Zero-knowledge proofs show potential from voting to finance

EtherHiding: Hackers create novel way to hide malicious code in blockchains

October 16, 2023 Coin Telegraph

BNB Chain

Threat actors have worked out a way to hide malicious payloads in Binance smart contracts to lure victims into updating their browsers from fake prompts, according to cybersecurity researchers.

Cybercriminals have discovered a new way to spread malware to unsuspecting users, this time by manipulating BNB Smart Chain (BSC) smart contracts to hide malware and disseminate malicious code.

A breakdown of the technique known as “EtherHiding” was shared by security researchers at Guardio Labs in an Oct. 15 report, explaining that the attack involves compromising WordPress websites by injecting code that retrieves partial payloads from the blockchain contracts.

The attackers hide the payloads in BSC smart contracts, essentially serving as anonymous free hosting platforms for them.

Guardio Labs exposes "EtherHiding" - a new threat hiding in Binance's Smart Chain, a technique that evades detection, targeting compromised WordPress sites. Read about this game-changing method! @BNBCHAIN #BNBChain #CyberSecurity https://t.co/alNI5KqKUO
— Guardio (@GuardioSecurity) October 15, 2023

The hackers can update the code and change the attack methods at will. The most recent attacks have come in the form of fake browser updates, where victims are prompted to update their browsers using a fake landing page and link.

The payload contains JavaScript that fetches additional code from the attacker’s domains. This eventually leads to full site defacement with fake browser update notices that distribute malware.

This approach allows the threat actors to modify the attack chain by simply swapping out malicious code with each new blockchain transaction. This makes it challenging to mitigate, according to Nati Tal, head of cybersecurity at Guardio Labs, and fellow security researcher Oleg Zaytsev.

Once the infected smart contracts are deployed, they operate autonomously. All Binance can do is rely on its developer community to flag malicious code in contracts upon discovery.

*Contract address flagged for scam activity. Source: Guard.io*

Guardio stated that website owners using WordPress, which runs roughly 43% of all websites, need to be extra vigilant with their own security practices before adding:

“WordPress sites are so vulnerable and frequently compromised, as they serve as primary gateways for these threats to reach a vast pool of victims.”

The firm concluded that Web3 and blockchain bring new possibilities for malicious campaigns to operate unchecked. “Adaptive defenses are needed to counter these emerging threats,” it said.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis

BlackRock seeks court crackdown on 44 copycat sites, some crypto adjacent

October 12, 2023 Coin Telegraph

blackrock

The world’s largest asset manager wants to take control of a raft of domain names that have been registered to imitate it.

Investment giant BlackRock has called for a crackdown on a range of potentially scammy domains and “typosquatting” websites it alleges are taking advantage of its name.

On Oct. 10, BlackRock filed a legal complaint in the United States District Court for the Easter District of Virginia against the owners of 44 internet domain names containing keywords such as ‘Blackrock’, ‘Aladdin’, ‘capital’, ‘crypto’, and ‘investments’.

The asset manager alleges the domains were registered in bad faith to profit from consumer confusion and divert traffic through tactics like pay-per-click ads, malware, and email phishing attacks.

The firm’s lawyers from Wiley Rein LLP cited studies that have “shown that over 95% of the 500 most popular sites on the Internet are the subject of ‘typosquatting’”. This is a practice where a domain is registered representing a typographical error of the legitimate site.

BlackRock alleges the entities have violated the Anti-Cybersquatting Consumer Protection Act for registering domains confusingly similar to its own.

*Screenshot of some of the offending domain names. Source: courtlistener*

There were a couple of crypto-related domain names such as blackrock-crypto dot net which failed to open and crypto-blackrock dot com which offered web design services.

However, most of the ones Cointelegraph tested did not open or were typical cybersquatting on the domain name.

BlackRock looked up publicly available domain registration data from the Whois database in an attempt to identify the owners.

It is seeking the transfer of the offending domains to its control, damages, and injunctions against further cybersquatting and infringement of its trademarks BLACKROCK, ALADDIN, and BLK by defendants.

Copycat domain names are often used in conjunction with advertising providers such as Google and Facebook to promote scams or disseminate malware.

Earlier this year, Cointelegraph reported that victims have lost more than $4 million to fake websites promoted using Google Ads.

Magazine: Should we ban ransomware payments? It’s an attractive but dangerous idea

Alameda Research lost $190M to scams and ‘questionable’ blockchains: Whistleblower

October 12, 2023 Coin Telegraph

Alameda Research lost 0M to scams and ‘questionable’ blockchains: Whistleblower

Coin Telegraph

Former Alameda Research engineer Aditya Baradwaj says one trader lost more than $100 million after clicking on a fake link.

FTX’s sister hedge fund, Alameda Research, lost at least $190 million of its trading funds due to arguably avoidable scams, according to a former engineer at the firm.

In an Oct. 12 post to X titled “The Hacks,” former Alameda Research engineer turned whistleblower Aditya Baradwaj claims that the firm’s “breathtaking” agility led to “major security incidents” as often as every few months.

Incident #1:

An Alameda trader got phished while trying to complete a DeFi transaction by accidentally clicking a fake link that had been promoted to the top of Google Search results

Cost: $100M+

Postmortem: Implemented extra checks on our internal wallet software
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023

In an example of one of the biggest exploits, Baradwaj claims a trader at Alameda once lost more than $100 million of the firm’s funds after clicking a malicious link promoted to the top of Google Search results.

The trader was attempting to sign off on a decentralized finance transaction, said Baradwaj.

In another example, he said Alameda was yield farming on a new blockchain of “questionable legitimacy” — a move that saw the trading firm eventually rack up losses of more than $40 million.

Baradwaj wrote that FTX founder Sam Bankman-Fried believed that the “single most important thing” for Alameda and FTX was their ability to move quickly. This ethos led to Alameda routinely ignoring industry-standard engineering and accounting practices for such firms, he said.

“This meant virtually no code testing and incomplete balance accounting. Safety checks for trading would only be added on an as-needed basis,” wrote Baradwaj.

“Blockchain private keys and exchange API keys were stored in plaintext in a file that several employees could access.”

This led to another security incident that cost the firm millions after an old version of the plaintext files containing keys to Alameda’s wallets were leaked.

The attacker transferred funds out of “some exchanges,” and the incurred losses tallied up to more than $50 million, explained Baradwaj.

These are just a few incidents - there's many more, including from before my time at the company.

FTX had its own issues, including the MobileCoin fiasco that Gary recently testified about during the trial.
— Adi (e/acc) (@aditya_baradwaj) October 11, 2023

He said that Alameda suffered through “many more” incidents of similar scope to the ones he’d described, but many of these were before his time at the company.

The former engineer has been speaking publicly about the many faults of Alameda and FTX in the wake of their collapse in November last year, telling Cointelegraph how its founder, Sam Bankman-Fried, justified many of his “ridiculous” actions under the guise of an idealistic philosophy known as Effective Altruism.

Baradwaj’s comments come amid former Alameda CEO Caroline Ellison taking the stand to testify against Bankman-Fried on the sixth day of his fraud trial. In the preceding days, a number of former colleagues, including Adam Yedidia and Gary Wang, have brought a wealth of new evidence against the former billionaire.

Wang has admitted to writing in specific code that allowed for Alameda to trade with a near-unlimited line of credit from FTX, while Caroline Ellison has explained the intricate details of FTX’s alleged commingling of funds with Alameda.

Bankman-Fried has pled not guilty to the charges brought against him and maintains his innocence in the ongoing trial.

Magazine: ‘AI has killed the industry’ — EasyTranslate boss on adapting to change

OpenSea ‘unaware’ of any involvement of former exec in $60M rug pull

October 9, 2023 Coin Telegraph

OpenSea ‘unaware’ of any involvement of former exec in M rug pull

Coin Telegraph

A former OpenSea employee has been accused of assisting the infamous AnubisDAO rug pull in 2021, but some commentators have raised doubts.

Nonfungible token (NFT) platform OpenSea says it is unaware of any evidence pointing to a former employee being involved in the infamous AnubisDAO rug pull in 2021 following new accusations on social media.

In an Oct. 6 thread on X (formerly Twitter), the anonymous account NFT Ethics tagged OpenSea, asking it to respond to accusations that its former head of ventures, Kevin Pawlak, is linked to the pseudonymous identity “0xSisyphus” and was involved in “various dubious business dealings.“

1/ Dear @OpenSea, what do you think of the fact that your Head of Ventures, Kevin Pawlak, has been involved in various very dubious business dealings (e.g. Anubis) and pump & dump schemes under his pseudonymous identity @0xSisyphus (& 0xMagellan)? pic.twitter.com/GzIVLJirLE
— NFT Ethics (@NFTethics) October 6, 2023

Both NFT Ethics and blockchain analytics account Lookonchain alleged that 0xSisyphus, and thus Pawlak, played a key role in hyping the AnubisDAO project to investors shortly before the project transferred the freshly raised funds to a series of external wallets.

The thread by NFT Ethics attempted to explain that Pawlak’s alleged role in the AnubisDAO rug pull was premeditated with other developers and laundered the proceeds through the memecoin Pepe (PEPE).

However, an OpenSea spokesperson told Cointelegraph that it was unaware of Pawlak’s involvement in any such activities but also noted that Palwak had a “limited scope” while working there.

“Kevin is a former employee who left the company in June 2023. He had a limited scope while at OpenSea — where he worked in a non-management position. We have no awareness of his involvement with the projects in question.”

“Furthermore, we have no connection to, or information about, the projects in question, as they took place before his time at OpenSea,” said the company representative.

In October 2021, AnubisDAO raised 13,556 Ether (ETH) — worth $60 million at the time — from crypto investors. However, some 20 hours later, the funds were sent to several different wallet addresses, resulting in an instant loss for the investors.

Blockchain sleuth ZachXBT also appeared to throw cold water on the accusations, saying the thread was “one of the most mid-curve” things he’d read.

He added that much of the thread seemed to base many assumptions about 0xSisyphus’ role in the alleged rug pull using “unrelated events without facts.”

That thread is one of the most midcurve things I have read. They make many assumptions off unrelated events without facts.

FixedFloat does tons in volume and same with the other exchanges mentioned. Here is the source address of the April 2023 FixedFloat insider PEPE buys I… https://t.co/0kG2M7DNVi
— ZachXBT (@zachxbt) September 29, 2023

0xSisyphus is also understood to have once offered a 1,000 ETH bounty to anyone who could identify the wallet address that drained the pool and engaged law enforcement in both the United States and Hong Kong, further raising doubts about the new accusations.

“Is Sisyphus at fault for gross negligence for lying about the Anubis team multisig? Absolutely 100%. Probably a civil case possible for victims,” wrote ZachXBT.

ZachXBT noted that negligence, in this case, is very different from stealing money from one’s own project. “[As far as I know,] Sisyphus was the only team member speaking with the [Department of Homeland Security].”

“You really think they did not look at him first and monitor his activity?” asked ZachXBT.

He also explained that the two actors most likely responsible for the loss of funds during the AnubisDAO scandal were two pseudonymous users known only as “Beerus” and “Ersan.”

Magazine: NFT collapse and monster egos feature in new Murakami exhibition

Galxe protocol experiences DNS attack, losses top $150,000 so far and still growing

October 6, 2023 Coin Telegraph

Galxe protocol experiences DNS attack, losses top 0,000 so far and still growing

Coin Telegraph

The Web3 platform’s website has been restored, but the company still warns against using it. The hack may be linked to September’s attack on Balancer.

The website of Web3 community platform Galxe was offline for about an hour on Oct. 6. Galxe reported on X (Twitter) that its website was down at 14:44 UTC and 40 minutes later posted an update confirming that it had experienced a security breach affecting the company’s Domain Name System (DNS) record. It warned against visiting its domain until the situation is remedied.

Galxe has not confirmed that its website is safe to use again at the time of writing. After the website was restored, some X posters were reporting that it was blocked by Google.

Dear Galxe Community,

We recognize the impact that recent events have had upon our users and are quickly working to take remedial action. The Galxe security team continues to take an aggressive approach to protect your data, funds and digital assets.

Steps You Should Take:
❗️Do…
— Galxe (@Galxe) October 6, 2023

One Web3 cybersecurity service explained:

“Their DNS records have been modified to redirect to a phishing web-site that drains users wallets.”

Crypto detective ZachXBT has reported that funds are being stolen from Galxe. The wallet linked to the exploit by ZachXBT continued to gather funds after the Galxe website came back online, and hovered around $160,000 at 17:15 UTC.

ZachXBT suggested a link between the Galxe exploiter and the party that attacked the Balancer protocol on Sept. 19. That was the second attack on Balancer in the span of a month.

Once you connect to Galxe, you will be prompted for approval.
If you approve by logging in to WEB3 as usual, all assets will be removed.
Please RT and spread the word. pic.twitter.com/W51Bdd78KU
— ZORBA۞ (@OHzorba) October 6, 2023

The second attack on Balancer led to losses of $238,000. The Balancer team called the incident a social engineering attack on its DNS server carried out by a crypto wallet drainer called Angel Drainer. Blockchain security firm SlowMist suggested that the attacker was associated with Russia.

$148k has already been stolen by the Galxe hacker.

The hacker is using the same smart contract on 10 networks:

0x0000d38a234679F88dd6343d34E26DCB50C30000

Please revoke this smart contract ASAP on:

❍ Ethereum
❍ Optimism
❍ Arbitrum
❍ BNB Chain
❍ Base
❍ Polygon
❍… pic.twitter.com/I9SN3FfPYF
— FIP Crypto (@FIP_Crypto) October 6, 2023

Losses to Web3 projects increased dramatically in the third quarter of this year, as compared to Q3 2022, according to a recent report from security platform Immunefi. Attacks rose from 30% to 76% year-on-year, and losses reached close to $686 million in Q3 2023. The biggest loss in that period was from the Mixin hack on Sept. 25.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story

Scams

Share this video