Meme Coin Presale Trend Goes Wild on Solana: Almost $150 Million Raised

March 21, 2024 Bitcoin.com

Trezor’s X account compromised, hacker promotes fake Solana token

March 20, 2024 The Crypto Briefing

‘Stop Doing This’ – $122,500,000 Worth of Solana (SOL) Raised in One Week for Altcoin Presales: Report

March 19, 2024 The Daily Hodl

Phishing Link Posted to Certik’s X Account After Hacker Compromises Blockchain Security Firm’s Social Media

January 5, 2024 The Daily Hodl

Crypto exchange CoinSpot reportedly suffers $2M hot wallet hack

November 9, 2023 Coin Telegraph

Crypto exchange CoinSpot reportedly suffers M hot wallet hack

australia crypto exchange

Blockchain security firm CertiK believes the $2.4 million draining of a CoinSpot hot wallet is likely the result of a “private key compromise.”

Australian crypto exchange CoinSpot has reportedly been hacked for $2.4 million in a “probable private key compromise” over at least one of its hot wallets.

According to a Nov. 8 post to his Telegram channel, blockchain sleuth ZachXBT highlighted two transactions entering the alleged hackers wallet. Afterwards, the wallet’s owner bridged the funds to the Bitcoin (BTC) network via ThorChain and Wan Bridge.

In emailed comments to Cointelegraph, blockchain security firm CertiK said the alleged exploit was the result of a “probable private key compromise” on at least one CoinSpot hot wallet.

According to data from Etherscan, a transaction totalling 1,262 Ether (ETH) — worth $2.4 million at current prices — came from a known CoinSpot wallet and entered the alleged hackers wallet.

*The presumed attacker stole 1,262 ETH from a known CoinSpot wallet. Source: ZachXBT*

The owner of the wallet address that received the 1,262 ETH then began making a series of transfers. In two separate transactions, the wallet’s owner swapped 450 ETH for 24 Wrapped Bitcoin (WBTC) via Uniswap.

*The list of transactions made from the alleged attackers' wallet. Source: DeBank*

Within the next 10 minutes, the address swapped 831 ETH for Bitcoin via Thorchain, sending the Bitcoin to four different wallet addresses, according to CertiK investigative data viewed by Cointelegraph.

A search of Bitcoin explorer BTCScan data, showed the owner of the four Bitcoin wallets distributing the allegedly ill-gained BTC to multiple new wallets, transferring smaller divisions of the funds to additional new wallets each time.

This is a tactic commonly leveraged by attackers to prolong the investigation process — making it more difficult to track the entirety of the stolen funds.

CoinSpot was established in 2013 and currently stands as Australia’s largest crypto exchange by reported user numbers, serving around 2.5 million customers. The exchange is regulated by Australian financial watchdog AUSTRAC and was granted an Australian Digital Currency Exchange License by the regulator.

CoinSpot did immediately respond to a request for comment from Cointelegraph.

Magazine: Beyond crypto — Zero-knowledge proofs show potential from voting to finance

Fake Ledger Live app sneaks into Microsoft’s app store, $588K stolen

November 5, 2023 Coin Telegraph

<div>Fake Ledger Live app sneaks into Microsoft's app store, 8K stolen</div>

application

The $588,000 was stolen across 38 transactions, with the largest transfer totaling $81,200.

Almost $600,000 in Bitcoin (BTC) has been stolen from users who downloaded a fake Ledger Live application on Microsoft’s app store, according to cryptocurrency sleuth ZachXBT.

The on-chain analyst spotted the scam, “Ledger Live Web3” on Nov. 5, which is tricking users into thinking that they’re downloading “Ledger Live” — a user interface for Ledger hardware wallets to store cryptocurrency offline.

Approximately 16.8 BTC worth $588,000 has been received by the scammer across 38 transactions using wallet address, “bc1q….y64q,” according to Blockchain.com. About $115,200 has left the scammer’s wallet across two transactions, leaving it with $473,800 or 13.5 BTC.

Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen

Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q pic.twitter.com/rOZ0ZWRWbn
— ZachXBT (@zachxbt) November 5, 2023

In a follow up post, ZachXBT noted that Microsoft may have removed the fake Ledger Live app from its platform.

The first transaction sent to the scammer’s wallet address took place on Oct. 24, worth $5,210. Prior to that, the wallet hadn’t been used. Most of these transactions have taken place since Nov. 2, with the largest transfer totaling $81,200 on Nov. 4.

A search by Cointelegraph found the fake “Ledger Live Web3” application appeared in Microsoft’s app store as early as Oct. 19.

*The fake “Ledger Live Web3” app on Microsoft Apps. Source: Microsoft*

ZachXBT said they have received two messages from victims on Nov. 4 and even argued that Microsoft “should be held liable” for allowing the fake Ledger Live app to appear in its app store.

Sadly received two messages about this from victims today. Seems another person lost funds in just past few min. pic.twitter.com/yYPbizltN5
— ZachXBT (@zachxbt) November 5, 2023

It isn’t the first time a fake Ledger Live app has made its way into Microsoft’s app store either.

Ledger’s support account on X (formerly Twitter) informed its users about a fake Ledger Live app on two separate occasions in December and March.

Hey #ledger users

Beware of fake Ledger Live apps published on the Microsoft Store

The only safe place to download Ledger Live is on our websitehttps://t.co/cDLX1rEWPf

Ledger will NEVER ask you for your 24-word recovery phrase ❌

Stay safe pic.twitter.com/0dXTJ7FeuO
— Ledger Support (@Ledger_Support) December 26, 2022

Ledger hasn’t commented on the scam but has previously iterated to users that the "only safe place" to download Ledger Live is from its website, ledger.com.

Cointelegraph reached out to Microsoft for comment but did not receive an immediate response.

Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide

Crypto thief steals $4.4M in a day as toll rises from LastPass breach

October 30, 2023 Coin Telegraph

Crypto thief steals .4M in a day as toll rises from LastPass breach

Coin Telegraph

Estimates in September revealed that at least $35 million in crypto has been stolen from victims of the LastPass breach since 2022, with the latest hack adding to the toll.

At least 25 people have reportedly seen $4.4 million in crypto drained from across 80 wallets due to a 2022 data breach that impacted password storage software LastPass.

In an Oct. 27 X (Twitter) post, pseudonymous on-chain researcher ZachXBT said they and MetaMask developer Taylor Monahan tracked the fund movements of at least 80 wallets compromised on Oct. 25.

“Most, if not all, of the victims are longtime LastPass users and/or confirm having stored their [crypto wallet] keys/seeds in LastPass,” Monahan said in an accompanying Chainabuse report.

Just on October 25, 2023 alone another ~$4.4M was drained from 25+ victims as a result of the LastPass hack.

Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately. pic.twitter.com/26HsxrlnCb
— ZachXBT (@zachxbt) October 27, 2023

In December 2022, LastPass disclosed an attacker leveraged information previously stolen in a breach that August to target a LastPass employee, snagging their credentials and decrypting stored customer information.

Also stolen was a backup of encrypted customer vault data which LastPass warned could be decrypted if the attacker brute force guesses the account’s master password.

In a September blog post, cybersecurity journalist Brian Krebs reported some of the LastPass customer vaults had seemingly been cracked and over $35 million worth of crypto had been stolen from around 150 victims.

In January, LastPass was hit with a class-action suit from individuals claiming the August 2022 breach resulted in the theft of around $53,000 worth of Bitcoin (BTC).

In his latest X post, ZachXBT advised anyone who ever stored a wallet seed or private key in LastPass to “migrate your crypto assets immediately.”

Magazine: Deposit risk: What do crypto exchanges really do with your money?

Vitalik Buterin’s X account hacked, draining $691K+ from victims: Report

September 10, 2023 Coin Telegraph

<div>Vitalik Buterin's X account hacked, draining 1K+ from victims: Report</div>

blockchain investigator

Following the reported breach of Ethereum co-founder Vitalik Buterin's X (formerly Twitter) account, victims suffered losses exceeding $691,000 due to a malicious link that falsely promoted a free NFT.

Vitalik Buterin, co-founder of Ethereum (ETH) had his X (formerly Twitter) account compromised, which, according to social media reports, resulted in victims losing over $691,000 through malicious links.

In a Sept. 9 post on X, Dmitry Buterin, the father of Vitalik Buterin, announced that his son's account has been compromised:

“Disregard this post, apparently Vitalik has been hacked. He is working on restoring access.”

The post to which he was referring has since been deleted. It was allegedly made by the hackers on Buterin's account to celebrate the arrival of "Proto-Danksharding on Ethereum."

The hacker shared a malicious link to an alleged free commemorative non-fungible token (NFT) available, enticing victims to connect their wallets, before ultimately stealing all their funds.

WARNING! I JUST LOST A FEW PUNKS!

DON'T INTERACT! pic.twitter.com/lS4VvlHdVa
— chiefeditor.eth@encyclopediagalactica.eth ohgod.et (@BokkyPooBah) September 9, 2023

Consequently, this incident has led a user on platform X to claim they've suffered losses to their CryptoPunk NFT collection.

At the time of publication, the prevailing minimum price for a CryptoPunk NFT stands at 46.99 Ether, which is approximately equivalent to $76,837.

Blockchain investigator ZachXBT has been actively informing his 438,200 followers about the hacker's activities, which have led to the illicit draining of $691,000 from Buterin's followers through the malicious link.

Update: $691k drained (another 33% in drainer fee address) pic.twitter.com/AVIShqDlMU
— ZachXBT (@zachxbt) September 9, 2023

A user on X claimed that Buterin might not have implemented sufficient security measures for his X account.

"I hate to be the one to say it, but Vitalik should take accountability for his poor op-sec and compensate those affected," he noted, before implying that he believes Buterin's oversight led to the attack:

The only way this isn’t negligence on Vitalik part is if someone at X internally compromised the account, or if he was coerced in person by a criminal who threatened violence. I highly doubt that’s what happened.

However, ZachXBT challenged these allegations, asserting that Buterin's high profile makes him susceptible to various forms of hacking attempts:

"You do not know yet whether it was a SIM swap. Vitalik is a big enough target to where an insider could have been paid off or panel was used," he stated.

Magazine: How to protect your crypto in a volatile market: Bitcoin OGs and experts weigh in

Crypto casino Stake reopens withdrawals just 5 hours after $41M hack

September 4, 2023 Coin Telegraph

Crypto casino Stake reopens withdrawals just 5 hours after M hack

Beosin

The online crypto casino reported unauthorized transactions from its hot wallets on Sept. 4 with blockchain security firms estimating at least $41 million pilfered from hackers.

Crypto betting platform Stake has reopened deposits and withdrawals and resumed services for users only five hours after the platform was hacked to the tune of $41.3 million, blockchain security firms estimate.

Stake confirmed that all services resumed at 9:28pm UTC time on Sept. 4 — a few hours after the platform confirmed that several unauthorized transactions were made on Stake’s ETH/ BTC hot wallets:

All services have resumed! Deposits & withdrawals are processing instantly for all currencies. We apologise for any inconvenience.
— Stake.com (@Stake) September 4, 2023

The betting site said its Bitcoin (BTC), Litecoin (LTC), and XRP wallets were not impacted but hasn’t yet shared the cause of the exploit or how much was stolen. Stake however confirmed that user funds remain safe.

Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.

We are investigating and will get the wallets up as soon as they’re completely re-secured.

User funds are safe.

BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.
— Stake.com (@Stake) September 4, 2023

Recent analysis by blockchain security firm Beosin calculated the total loss to be $41.35 million, which included $15.7 million on Ethereum (ETH), $7.8 million on Polygon (MATIC) and another $17.8 million from the Binance Smart Chain.

@Stake has experienced multiple suspicious outflows on #Ethereum, #BSC and #Polygon.

ETH: ~$15.7M
Polygon: ~$7.8M
BSC: ~$17.8M
The total funds were ~$41.35M.

Stay alert! pic.twitter.com/cKBK3kMeUz
— Beosin Alert (@BeosinAlert) September 4, 2023

An earlier estimate of $15.7 million by fellow blockchain security firm PeckShield didn’t account for the $25.6 million allegedly lost on BSC and Polygon, according to on-chain analyst ZachXBT.

The first transaction occurred at 12:48 pm UTC, transferring approximately $3.9 million worth of stablecoin Tether (USDT) from Stake to the attacker’s account. The next two transactions removed over 6,000 Ether, worth approximately $9.8 million at the current prices.

The attacker continued to remove tokens over the next few minutes, including about $1 million in USD Coin (USDC), $900,000 worth of Dai (DAI) and 333 Stake Classic (STAKE) ($75) which is understood to have made up the first $15.7 million on Ethereum.

Magazine: How smart people invest in dumb memecoins — 3-point plan for success

Machi Big Brother withdraws defamation lawsuit against ZachXBT

August 14, 2023 Coin Telegraph

Coin Telegraph

Jeffrey Huang withdrew the lawsuit after ZachXBT edited his article that Huang claimed to be defamatory.

Taiwanese music celebrity Jeffrey Huang, also known as "Machi Big Brother," has withdrawn a defamation lawsuit against internet sleuth ZachXBT.

In a bilateral announcement dated Aug. 14, Machi Big Brother said "Zach has many times in the past been of great service to the crypto community and pursuing legal action against him was a last resort but not the right path," after ZachXBT made a series of his amendments to his article that sparked the defamation suit from Huang.

I am withdrawing my defamation suit against @zachxbt.

Zach has many times in the past been of great service to the crypto community and pursuing legal action against him was a last resort but not the right path.

I appreciate that Zach has made important amendments to his…
— Machi Big Brother (@machibigbrother) August 14, 2023

Meanwhile, ZachXBT stated that he "updated my article with additional context from Machi + edits from myself," leading Huang to withdraw the lawsuit. "While I am disappointed it went down the legal route in the first place I am appreciative we are able to find a resolution," Zach wrote.

1/2 Today @machibigbrother has agreed to voluntarily withdraw the lawsuit. I have updated my article with additional context from Machi + edits from myself

While I am disappointed it went down the legal route in the first place I am appreciative we are able to find a resolution
— ZachXBT (@zachxbt) August 14, 2023

In June 2022, ZachXBT published an article on Medium alleging Huang embezzled funds related to his work at past crypto projects. Huang denied the allegations. The accusations have not been proven in a court of law. At the time of publication, ZachXBT's original allegations regarding embezzlement have been removed.

On June 16, 2023, Huang filed a defamation lawsuit against ZackXBT in the United States District Court for the Western District of Texas, writing, "I have consistently maintained that the allegations in his article are false." When questioned about the likelihood of answering a court subpoena regarding his corporate activities, Huang wrote "I'm legit asf."

ZachXBT then posted a request asking for community donations for the former lawsuit's legal fees. Within 24 hours, over $1 million was solicited with notable contributions from Binance CEO Changpeng Zhao and Kraken co-founder Jesse Powell. A prominent on-chain researcher, ZachXBT's investigative works have been cited as evidence in aid of ongoing lawsuits and criminal proceedings.

Magazine: Deposit risk: What do crypto exchanges really do with your money?

zachxbt

Share this video