1. Home
  2. Slowmist

Slowmist

Founder of Security Firm SlowMist Warns Against Copy-and-Pasting Sensitive Crypto Information

Founder of Security Firm SlowMist Warns Against Copy-and-Pasting Sensitive Crypto Information

The founder of the blockchain security firm SlowMist is urging crypto traders to be wary of copy-and-pasting sensitive information. The founder, who goes by the pseudonym Evilcos, tells his 81,300 followers on the social media platform X that whenever he copies something to his clipboard on his iPhone, he will reflexively go to his shortcut […]

The post Founder of Security Firm SlowMist Warns Against Copy-and-Pasting Sensitive Crypto Information appeared first on The Daily Hodl.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Crypto Exchange Hacked After 150 Suspicious Transactions Drain Over $22,000,000 From Reserves: SlowMist

Crypto Exchange Hacked After 150 Suspicious Transactions Drain Over ,000,000 From Reserves: SlowMist

Blockchain security firm SlowMist is reporting that an Indonesian crypto exchange was hacked for over $22 million in digital assets. SlowMist says that crypto exchange Indodax saw its hot wallets exploited across multiple blockchains, including Bitcoin (BTC), TRON (TRX), Ethereum (ETH), and ETH layer-2s Polygon (POL) and Optimism (OP). The firm’s data says that the […]

The post Crypto Exchange Hacked After 150 Suspicious Transactions Drain Over $22,000,000 From Reserves: SlowMist appeared first on The Daily Hodl.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Ethereum Ecosystem Suffers $400,000,000 in Losses Year-to-Date, Amount of Crypto Hacks Rise by Over 50%: SlowMist

Ethereum Ecosystem Suffers 0,000,000 in Losses Year-to-Date, Amount of Crypto Hacks Rise by Over 50%: SlowMist

New research from cybersecurity firm SlowMist reveals that the Ethereum (ETH) ecosystem has lost $400 million in exploits year-to-date as the number of crypto hacking cases sees a 50% rise. According to SlowMist’s 2024 mid-year report, the second largest digital asset by market cap saw the most funds lost due to exploits as an ecosystem, […]

The post Ethereum Ecosystem Suffers $400,000,000 in Losses Year-to-Date, Amount of Crypto Hacks Rise by Over 50%: SlowMist appeared first on The Daily Hodl.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Scammers Trick Crypto Users With Faked USDT Balances, Slowmist Reports

Scammers Trick Crypto Users With Faked USDT Balances, Slowmist ReportsSlowmist, teaming up with Imtoken, has exposed a new cryptocurrency scam exploiting offline transactions and using USDT, where scammers manipulate Ethereum RPC to falsify USDT balances in the victim’s wallet. The con artists coax victims into changing their Ethereum RPC URL to one they control, making it appear as though USDT funds were deposited, only […]

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Over $2,700,000 in Ethereum and Other Crypto Assets Stolen From OKX Decentralized Exchange in Hack: PeckShield

Over ,700,000 in Ethereum and Other Crypto Assets Stolen From OKX Decentralized Exchange in Hack: PeckShield

The decentralized exchange (DEX) OKX has suffered a security breach as a result of a compromised private key, according to cybersecurity firms. In a post on social media platform X, blockchain security company PeckShield says the exploit enabled the hackers to get away with $2.76 million worth of Ethereum (ETH), Tether (USDT) and USDC. “PeckShieldAlert […]

The post Over $2,700,000 in Ethereum and Other Crypto Assets Stolen From OKX Decentralized Exchange in Hack: PeckShield appeared first on The Daily Hodl.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Lido assures LDO, stETH tokens remain safe despite flaw in token contract

The “fake deposit” attack enables bad actors to execute a transfer where the requested value is larger than what the user actually owns.

Ethereum staking protocol Lido Finance has assured both Lido DAO (LDO) and staked-Ether (stETH) tokens remain safe despite hackers allegedly exploiting a known security flaw in LDO’s token contract.

Lido didn’t confirm any exploits, but acknowledged the security flaw was known and reassured LDO and stETH funds remain safe in response to a Sept. 10 post by blockchain security firm SlowMist.

SlowMist said LDO’s flawed token contract allows bad actors to facilitate “fake deposit” attacks on exchanges because LDO’s token contract enables users to execute transactions even where they don’t have sufficient funds. This code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist.

However, Lido Finance argued the flaw is built into all ERC-20 tokens — not just Lido’s LDO token:

SlowMist said the “fake deposit” attacks came from LDO’s token contract executing transfers where the value is larger than what the user actually owns, triggering a false return as opposed to reverting the transaction. While the firm said Lido's token contract has recently been exploited via this attack, no on-chain evidence was provided.

Cointelegraph reached out to SlowMist for comment but did not receive an immediate response.

Meanwhile, on-chain analyst “Hercules” explained on Sept. 10 that the security flaw may not be picked up by cryptocurrency exchanges.

SlowMist recommends LDO holders to also check the return values of the token contract transfers in addition to the success or failure of a transaction.

The blockchain security firm concluded that token contract implementations and behaviors vary by project and to conduct comprehensive testing before integrating any new tokens.

Related: Ethereum staking services agree to 22% limit of all validators

However, Lido highlighted in the official Ethereum Improvement Proposal document — co-authored by Vitalik Buterin in November 2015 — that both the “transfer” and “transferFrom” functions must return the transfer status and are only recommended to revert a transaction in exceptional cases.

To resolve the security flaw, Lido confirmed the LDO token integration guides will soon be updated.

Magazine: DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more powerful

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

5 sneaky tricks crypto phishing scammers used last year: SlowMist

SlowMist found that across 303 recorded blockchain security incidents in 2022, nearly a third were made up of phishing attacks, rug pulls and scams.

Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord.

It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report.

A pie chart of attack methods in 2022 in percentages Source: SlowMist

Malicious browser bookmarks

One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers.

SlowMist said scammers have been exploiting these to ultimately gain access to a project owner’s Discord account.

"By inserting JavaScript code into bookmarks through these phishing pages, attackers can potentially gain access to a Discord user's information and take over the permissions of a project owner's account,” the firm wrote.

After guiding victims to add the malicious bookmark through a phishing page, the scammer waits until the victim clicks on the bookmark while logged into Discord, which triggers the implanted JavaScript code and sends the victim's personal information to the scammer's Discord channel. 

During this process, the scammer can steal a victim's Discord Token (encryption of a Discord username and password) and thus gain access to their account, which allows them to post fake messages and links to more phishing scams posing as the victim.

‘Zero dollar purchase’ NFT phishing

Out of 56 major NFT security breaches, 22 of those were the result of phishing attacks, added SlowMis

One of the more popular methods used by scammers would trick their victims into signing over NFTs for practically nothing through a phony sales order.

Once the victim signs the order, the scammer can then purchase the user's NFTs through a marketplace at a price determined by them.

Cast your vote now!

"Unfortunately, it's not possible to deauthorize a stolen signature through sites like Revoke," the report wrote.

"However, you can deauthorize any previous pending orders that you had set up, which can help mitigate the risk of phishing attacks and prevent the attacker from using your signature."

Trojan horse currency theft

According to SlowMist, this type of attack usually occurs through private messages on Discord where the attacker invites victims to participate in testing a new project, then sends a program in the form of a compressed file that contains an executable file of about 800 MB.

After downloading the program, it will scan for files containing key phrases like "wallet" and upload them to the attacker's server.

"The latest version of RedLine Stealer also has the ability to steal cryptocurrency, scanning for installed digital currency wallet information on the local computer and uploading it to a remote control machine,” said SlowMist.

“In addition to stealing cryptocurrency, RedLine Stealer can also upload and download files, execute commands, and send back periodic information about the infected computer."

An example of the RedLine Stealer in action. Source: SlowMist

‘Blank Check’ eth_sign phishing

This phishing attack allows scammers to use your private key to sign any transaction they choose. After connecting your wallet to a scam site, a signature application box may pop up with a red warning from MetaMask.

After signing, attackers gain access to your signature, allowing them to can construct any data and ask you to sign it through eth_sign.

“This type of phishing can be very confusing, especially when it comes to authorization," said the firm.

Same ending number transfer scam

For this scam, attackers airdrop small amounts of tokens, such as .01 USDT or 0.001 USDT to victims often with a similar address, except for the last few digits in the hopes of tricking users into accidentally copying the wrong address in their transfer history.

An example of a same end number phishing attempt. Source: SlowMist

The rest of the 2022 report covered other blockchain security incidents in the year, including contract vulnerabilities and private key leakage.

Related: DeFi-type projects received the highest number of attacks in 2022: Report

There were roughly 92 attacks using contract vulnerabilities in the year, totaling nearly $1.1 billion in losses because of flaws in smart contract design and hacked programs.

Private key theft on the other hand accounted for roughly 6.6% of attacks and saw at least $762 million in losses, the most prominent examples being the Ronin bridge and Harmony’s Horizon Bridge hacks.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

North Korean hackers stealing NFTs using nearly 500 phishing domains

The hackers created decoy websites impersonating NFT marketplaces, NFT projects and even a DeFi platform.

Hackers linked to North Korea’s Lazarus Group are reportedly behind a massive phishing campaign targeting non-fungible token (NFT) investors — utilizing nearly 500 phishing domains to dupe victims.

Blockchain security firm SlowMist released a report on Dec. 24, revealing the tactics that North Korean Advanced Persistent Threat (APT) groups have used to part NFT investors from their NFTs, including decoy websites disguised as a variety of NFT-related platforms and projects.

Examples of these fake websites include a site pretending to be a project associated with the World Cup, as well as sites that impersonate well-known NFT marketplaces such as OpenSea, X2Y2 and Rarible.

SlowMist said one of the tactics used was having these decoy websites offer “malicious Mints,” which involves deceiving the victims into thinking they are minting a legitimate NFT by connecting their wallet to the website.

However, the NFT is actually fraudulent, and the victim’s wallet is left vulnerable to the hacker who now has access to it.

The report also revealed that many of the phishing websites operated under the same Internet Protocol (IP), with 372 NFT phishing websites under a single IP, and another 320 NFT phishing websites associated with another IP.

An example phishing website Source: SlowMist

SlowMist said the phishing campaign has been ongoing for several months, noting that the earliest registered domain name came about seven months ago.

Other phishing tactics used included recording visitor data and saving it to external sites as well as linking images to target projects.

After the hacker was about to obtain the visitor's data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, as well as sensitive data such as the victim’s approve record and sigData.

All this information then enables the hacker access to the victim’s wallet, exposing all their digital assets.

However, SlowMist emphasized that this is just the “tip of the iceberg," as the analysis only looked at a small portion of the materials and extracted “some” of the phishing characteristics of the North Korean hackers.

For example, SlowMist highlighted that just one phishing address alone was able to gain 1,055 NFTs and profit 300 ETH, worth $367,000, through its phishing tactics.

It added that the same North Korean APT group was also responsible for the Naver phishing campaign that was previously documented by Prevailion on Mar. 15.

Related: Blockchain security firm warns of new MetaMask phishing campaign

North Korea has been at the center of various cryptocurrency theft crimes in 2022.

According to a news report published by South Korea’s National Intelligence Service (NIS) on Dec 22, North Korea stole $620 million worth of cryptocurrencies this year alone.

In October, Japan’s National Police Agency sent out a warning to the country’s crypto-asset businesses advising them to be cautious of the North Korean hacking group.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Transit Swap ‘hacker’ returns 70% of $23M in stolen funds

The funds returned so far has come in the form of Ether (ETH), Binance-pegged ETH and BNB ($14.2 million).

A quick response from a number of blockchain security companies has helped facilitate the return of around 70% of the $23 million exploit of decentralized exchange (DEX) aggregator Transit Swap.

The DEX aggregator lost the funds after a hacker exploited an internal bug on a swap contract on Oct. 1, leading to a quick response from Transit Finance team along with security companies Peckshield, SlowMist, Bitrace and TokenPocket, who were able to quickly work out the hacker’s IP, email address and associated-on chain addresses.

It appears these efforts have already born fruit, as less than 24 hours after the hack, Transit Finance noted that “with joint efforts of all parties” the hacker has returned 70% of the stolen assets to two addresses, equating to roughly $16.2 million.

These funds came in the form of 3,180 Ether (ETH) ($4.2 million), 1,500 Binance-Peg ETH and ($2 million) and 50,000 BNB ($14.2 million), according to BscScan and EtherScan.

In the most recent update, Transit Finance stated that “the project team is rushing to collect the specific data of the stolen users and formulate a specific return plan” but also remains focused on retrieving the final 30% of stolen funds.

At present, the security companies and project teams of all parties are still continuing to track the hacking incident and communicate with the hacker through email and on-chain methods. The team will continue to work hard to recover more assets," it said. 

Related: $160M stolen from crypto market maker Wintermute

Cybersecurity firm SlowMist in an analysis of the incident noted that the hacker used a vulnerability in Transit Swap’s smart contract code, which came directly from the transferFrom() function, which essentially allowed users' tokens to be transferred directly to the exploiter's address. 

“The root cause of this attack is that the Transit Swap protocol does not strictly check the data passed in by the user during token swap, which leads to the issue of arbitrary external calls. The attacker exploited this arbitrary external call issue to steal the tokens approved by the user for Transit Swap.”

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership

Terra (LUNA) Network Addresses Scammed Out of $4,310,000 in Phishing Attack: Blockchain Security Firm SlowMist

Terra (LUNA) Network Addresses Scammed Out of ,310,000 in Phishing Attack: Blockchain Security Firm SlowMist

A leading blockchain security firm is warning that a phishing scam conned more than 50 Terra (LUNA) network users out of nearly $4.31 million worth of crypto assets. On Twitter, crypto security firm SlowMist urged LUNA traders to be wary of fake advertisements, noting that the majority of the attack resulted from Google phishing ads. […]

The post Terra (LUNA) Network Addresses Scammed Out of $4,310,000 in Phishing Attack: Blockchain Security Firm SlowMist appeared first on The Daily Hodl.

Michael Saylor Presents Framework for Digital Assets to Strengthen U.S. Leadership