TronWeekly

Crypto World News

You are here: Home / Archives for Cyber security

Cyber security

Beware of “OTP” bots that can steal all your cryptocurrency

by

Hackers are deploying bots acquired on Telegram to deceive people into giving them access to their crypto accounts.

One Time Password (OTP) bots, according to research from cybersecurity firm Intel471, are “remarkably easy to employ” and “quite inexpensive to operate” in comparison to the amount of money that scammers can make from a successful assault.

Hackers may gain access to a Telegram bot called ‘BloodOTPbot’ for a monthly cost of $300. Fraudsters can also spend an extra $20 to $100 on more phishing tools that target individual Instagram, Facebook, Twitter accounts, banking services like Paypal and Venmo, and cryptocurrency platforms like Coinbase.

OTP bots are particularly nasty since they are usually the last stage in the hacking process after all vital personal information about the target has been acquired, often known as “the fullz” in hacker jargon. Hackers utilize the OTP bot to imitate an official phone call while requesting the user’s crypto platform for the 2FA code. Hackers obtain fast and complete access to the victim’s account after the often agitated user divulges the code.

Scammers deploy fear and feed on it

Dr. Anders Apgar, a Coinbase user, is the latest victim of this attack, as per the reports by CNBC. He claimed that his account was hijacked during a robocall and had a coin balance of more than $100,000.

The couple stated that their nightmare started when they received a text message. “When she picks it up, a banner came across a notification that says, ‘Your account’s in jeopardy,'” he said.

Dr. Anders Apgar
Dr. Anders Apgar, Image from CNBC

Dr. Agpar’s two-factor authentication (2FA) code was revealed over the phone, and he was locked out of his own Coinbase account, which housed around $106,000 in Bitcoin (BTC).

OTP bot assaults are becoming more common, generating significant losses to both institutions and regular retail investors. The bots have a very high success rate when it comes to extracting revenue.

“Coinbase would never conduct unsolicited calls to its users,” a Coinbase spokeswoman told CNBC. “We advise everyone to be cautious when providing information over the phone.” Do not give out any account information or security codes if you receive a call from someone pretending to be from a financial institution. Instead, hang up and call them at the organization’s official phone number posted on their website.”

Crypto founder reveals how he almost lost all his ETH to a $125M social engineering scam

by

Thomasg.eth, a decentralized autonomous organization (DAO) creator on Twitter, has disclosed how a social engineering fraud nearly cost him all of his ETH. He detailed how fraudsters almost grabbed him in a lengthy thread.

Cybercriminals utilize social engineering to acquire someone’s confidence, frequently through deception, in order to steal sensitive information or compel them to do something “they wouldn’t do otherwise.”

Thomasg.eth is the pseudonymous founder of Arrow, a decentralized air transportation DAO in its early stages.

According to the creator, the fraudsters went to great lengths to steal the founder’s money, including generating work for his project and participating in chats with several persons over the course of two weeks.

The social engineering scam only failed because Thomasg.eth chose to utilize a different Ethereum address rather than his primary address while performing a favor for the hackers using non-fungible tokens (NFTs).

How the social engineering scammers tried to pull off their act

He said that he was contacted by someone named Heckshine around two weeks ago. Heckshine claimed to be a Ubisoft employee and offered 3D modeling and animation assistance.

Heckshine also has an associate named Linh, who was claimed to be working on a metaverse project called Space Falcon and sought a relationship with Arrow DAO. Before moving with the agreement, Thomas said that he verified Space Falcon to make sure it was a legitimate project on Solana and found Lihn’s name on it.

However, all of this turned out to be a big con job. Linh even extended an invitation to Thomas to take a tour of the Wisk plant. After Linh notified him of a new staking software for NFT that had recently debuted, the red flags began to appear. She requested that he obtain NFT in order to assist her in testing the software.

Thomas established a separate wallet for the purpose of receiving the NFT instead of using his regular wallet. Linh then proposed sending another NFT to the main wallet.

Fortunately, Thomas went through the contract first and noticed that it had a method that allowed the fraudsters to transmit all of the wrapped ETH to his wallet.

While this attempt failed, it demonstrates the lengths to which crypto fraudsters are ready to go. In this scenario, the con artists were pros who performed their tasks to near-perfection. They plagiarized an actual project and registered a domain with a similar name.

Only Thomas’s knowledge spared him from becoming a victim. This, he claims, demonstrates that fraudsters are becoming more sophisticated and that token approval may be exceedingly risky.

White hat hacker saved Coinbase from a major trading exploit

by

Cryptocurrency exchange Coinbase was warned of a vulnerability in its trading systems on Friday afternoon by the pseudonymous white-hat hacker “Tree of Alpha.” Coinbase, in response, temporarily paused trading on its new Advanced Trading platform.

On Feb 11, 2022, @Tree of Alpha drew the attention of Coinbase leadership after tweeting that they identified a “potentially market-nuking” issue and was filing a HackerOne report. HackerOne is a forum that handles bug bounty programs for firms, including Coinbase.

“The issue is sensitive and could allow malicious users to send all Coinbase order books to arbitrary prices,” the white-hat hacker said through Twitter.

Coinbase reacts swiftly to save the day

Coinbase is one of the significant cryptocurrency exchanges. Its price feeds are also utilized as inputs for oracles, which establish the genuine pricing of tokens for applications such as DeFi protocols.

After the original tweet prompted anxiety in the crypto community, Tree of Alpha tweeted a follow-on Twitter claiming, “No actual Coinbase storages (cold or otherwise) are impacted.”

Within two hours following the Tree of Alpha’s original tweet, the Coinbase Support Twitter account declared that, due to technical difficulties, Coinbase was halting trading on its new Advanced Trading platform. While the service would still be available, consumers would be able to cancel existing purchases but not place new orders. The Advanced Trading service is provided exclusively to a restricted audience.

After almost 2 hours, Coinbase tweeted that they have re-enabled full service for retail advanced trading.

Coinbase CEO Brian Armstrong commended Tree of Alpha for helping out the Coinbase staff, noting how he “loves how the crypto community helps each other out!”

This isn’t the first time Tree of Alpha has warned significant crypto firms about flaws in their coding. He had tried to reach out to coindesk’s dev team as per his tweet on Jan 21, 2022. He urged in the tweet that he wanted an email address where he could contact them. The tweet signified that Alpha was looking into how coindesk articles were being leaked before they were published.

At times of increased exploits and scams, collaborations like this with white hat hackers are a lifesaver for safeguarding the funds of millions.

Latest Defi bridge exploit led to Meter’s loss of $4.4M

by

In a recent Defi bridge exploit, blockchain infrastructure business Meter.io has revealed that US$4.4 million was stolen in an assault on its network on February 6 and has subsequently warned users not to trade unbacked meterBNB circulating on the Moonriver parachain.

This malicious assault where tokens were minted by a hacker using a smart contract vulnerability eventually led to a cascading effect over other DeFi networks.

The hack was executed around 6 am PST. The hacker used a loophole in the bridge to mint a considerable quantity of BNB and WETH tokens, which exhausted these reserves on the bridge, Meter Passport. Meter got aware of the depletion and suspended all bridge transactions. The hacker exploited a bug inserted onto the bridge by the Meter team. The team introduced a new bug that is able to wrap and unwrap BNB and ETH automatically. The code inferred trust erroneously, which let the hacker call the ERC20 deposit function to simulate transfers of BNB and ETH. This exploit disrupted the Meter and Moonriver networks.

Peckshield, a blockchain security firm, announced that the stolen funds include 1391.24945169 ETH and 2.74068396 BTC.

Meter warned users of the exploit

Meter went and out and warned users on Twitter immediately when they were aware of the exploit. They are also working on a reimbursement strategy to compensate the ones affected. “We are working on taking a snapshot from before the attack & will convert the original BNB & WETH to 1:1 their values in MTRG, the rest inflated BNB & WETH will be converted based on the hacker stolen value from the LP pools.” “We’ve set aside $4.4M of MTRG based on today’s price,” they added.

Meter also warned users to remove their liquidity involving WETH and BNB liquidity pool and wait for an additional announcement from the Meter team. They also urged to avoid trading in these pairs.

This recent attack on Meter was followed by one of the largest exploits that happened recently on the wormhole. Wormhole was hacked, and It has been estimated that $323 million worth of Ethereum (ETH) has been stolen. Meter also tweeted that they have upgraded their smart contracts, and passport is back online.

Binance CEO CZ warns users of a massive phishing scam

by

CEO of Binance, Changpeng Zao, has notified users about a giant SMS phishing scam aimed against Binance users. The fraud of the world’s largest cryptocurrency trading platform is diverting consumers to a malicious website to steal passwords.

He made the news in a tweet on Friday. “There is a massive Phishing scam via SMS with a link to cancel withdrawals. It leads to a phishing website to harvest your credential as in the screenshot below,” he said. He also warned his users to never click on links from any unknown SMS. He urged users to always go to Binance.com via a bookmark or type it.

Are only Binance users at risk?

It is yet unknown if this phishing is just aimed against Binance users. Given what’s known, they are the only ones impacted. It is clear that other systems are also on the target list. The number of Binance users who have been victims of the current phishing scam hasn’t been recorded or revealed.

In the screenshot that CZ shared, the phishing message comprises a warning to users that someone is allegedly trying to withdraw their funds. Users are prone to panic at that moment, which will eventually lead them to click on the provided link. 

Once they click the link, the hackers will rip off their credentials, and eventually, they will lose all their funds.

Growing list of scams

The crypto market has been continually experiencing several sorts of illicit activities. This sector has been infested with scammers from rug pulling to the malware that can steal your fund. Recently $30 million was taken off from Crypto.com users on January 17. The most recent Wormhole bridge attack experienced a catastrophic loss of $323 million from the protocol.

Crypto scammers have taken over $14 billion in the year 2021. The number of users who fall victim to scams is on the rise. The growing popularity of cryptocurrencies also lures scammers to find ways to leverage this popularity. People should do their research. Many scammy projects endorse celebrities to gain the public’s trust. But it’s you who has to research because only you know your finances.

‘Mars stealer’: a new malware that can attack your 2FA and steal your crypto

by

According to 3xp0rt, Mars Stealer, an enhanced malware variant of the Oski Stealer virus released in November 2019, can reap cryptocurrencies from popular browser plugins, according to USAPTC. The new deadly spyware targets browser-based bitcoin wallets. The malicious malware dubbed Mars Stealer can obtain private keys and logins to 2-Factor Authenticator (2FAs) plugins.

“Mars Stealer written in ASM/C with using WinApi, weight is 95 kb. Uses special techniques to hide WinApi calls, encrypts strings, collects information in the memory, supports secured SSL-connection with C&C, doesn’t use CRT, STD.”

Report by 3xp0rt

A malware that can steal your credentials

Mars Stealer is the newest version of Oski Stealer. This virus first surfaced in 2019 and was used to capture personal and sensitive information afterward sold for sale on Russian underground hacker forums.

The malicious program acts by gathering material and information from affected devices. It employs specific ways to harvest information from the memory of browser extensions, bitcoin wallets, and 2FAs.

Being a lightweight virus of only 95kb weight, Mars Stealer does not strain the infected operating system and hence does not emit any clear signals of it being infiltrated. Apart from that, it has the capacity to delete itself when the data has been stolen.

Who is under threat?

As of now, the primary victims of this malware threats are:

Browser extensions: Internet Explorer, Microsoft Edge (Chromium Version), Kometa, Amigo, Torch, Orbitium, Comodo Dragon, Nichrome, Maxxthon5, Maxxthon6, Sputnik Browser, Epic Privacy Browser, Vivaldi, CocCoc, Uran Browser, QIP Surf, Cent Browser, Elements Browser, TorBro Browser, CryptoTab Browser, Brave, Opera Stable, Opera GX, Opera Neon, Firefox, SlimBrowser, PaleMoon, Waterfox, CyberFox, BlackHawk, IceCat, K-Meleon, Thunderbird.

Crypto extensions: TronLink, MetaMask, Binance Chain Wallet, Yoroi, Nifty Wallet, Math Wallet, Coinbase Wallet, Guarda, EQUAL Wallet, Jaox Liberty, BitAppWllet, iWallet, Wombat, MEW CX, Guild Wallet, Saturn Wallet, Ronin Wallet, Neoline, Clover Wallet, Liquality Wallet, Terra Station, Keplr, Sollet, Auro Wallet, Polymesh Wallet, ICONex, Nabox Wallet, KHC, Temple, TezBox Cyano Wallet, Byone, OneKey, Leaf Wallet, DAppPlay, BitClip, Steem Keychain, Nash Extension.

2FA plugins: Authenticator, Authy, EOS Authenticator, GAuth Authenticator, Trezor Password Manager.

Crypto wallets: Bitcoin Core and all derivatives (Dogecoin, Zcash, DashCore, LiteCoin, etc.), Ethereum, Electrum, Electrum LTC, Exodus, Electron Cash, MultiDoge, JAXX, Atomic, Binance, Coinomi.

How to stay safe from the malware?

Crypto wallet security has frequently been a contentious issue for discussion as many scams and theft reports have taken place in the cryptocurrency world. The malware’s primary means of spreading include scandalous distribution channels, unauthorized file-hosting, and P2P sharing websites.

To limit the chance of malware infection, experts suggest frequently upgrading apps and software. It is also crucial not to utilize unapproved or unverified web sources and not click fishy emails, links, or files.

DataDAO exposed: PeckShield warns users of a backdoor that can steal funds

by

PeckShield recently tweeted that a project named DataDao has a backdoor to steal user funds with approvals. They also added and asked users to stay away from it. DataDao project portrays itself as a data marketplace platform. It’s the recent project to jump on the long list of continuing scams. Users were warned of the questionable code through their tweet, which went live on January 31st, 2022.

PeckShield exposed DataDao

The project is one of an ever-growing number of probable frauds hitting the crypto industry, notably the DeFi sector. DataDAO itself has not yet responded to the notice, and there has been no conversation about it in the larger crypto community either.

They have very few followers on Twitter and a visibly unprofessional website. No users have reported the theft of their funds as of now.

Founded in 2018, PeckShield is a blockchain security firm with team members from organizations including Microsoft, Intel, and Alibaba. They also provide security solutions and tools, in addition to the DAppTotal and CoinHolmes services. A few weeks ago, they spotted 50 probable scam tokens on the Binance Smart Chain.

Growing scams in 2022

As per the reports by CNBC, there has been a whopping theft of $14 billion in cryptocurrency in 2021. Cryptocurrencies theft surged 516 percent from 2020 to $3.2 billion worth of cryptocurrency. Of this sum, 72 percent of stolen funds were obtained from DeFi protocols. Scamming was the main kind of cryptocurrency-based crime in 2021, followed by theft — most of which occurred through the hacking of crypto firms. One recent exploitation was conducted on Qubit Finance, where the hacker stoles fund worth almost $80 million.

Stay away from the scams

One precaution that investors can take is to stay away from scammy projects. Always check for legitimate and trustful projects. Ensure that you check out their website, social media channels and read out their whitepaper. Look for team images and the investors and companies that back the project. It’s your blood and sweat money, and it doesn’t make sense to lose it to scammers. It doesn’t hurt to gear up before diving.

How an engineer hacked a Trezor wallet and recovered $2M in crypto

by

Joe Grand, an electrical engineer, recently tweeted about how he hacked a Trezor wallet and recovered $2M. After forgetting his wallet passcode and seed phrase, he helped the owner retrieve cryptocurrency worth over $2 million.

Grand is an electrical engineer who has been hacking devices since he was ten years old. He was a member of the infamous L0pht hacking group, which testified before the US Senate in 1998 about a vulnerability that could be exploited to take down the internet or allow an intelligence agency to spy on traffic. His hacker name was “Kingpin.” He teaches hardware hacking to organizations and businesses that create complicated systems and want to know how hackers may attack them.

How did he crack the Trezor wallet?

Joe Grand said in his video, “a lot of people forget their passwords, and if you forget your password, then you can’t access the information on the chip, and you’re out of luck, and you’re out of money that’s the problem we’re dealing with today.”

He added that some guys contacted him out of the blue, saying that they have a trezor hardware wallet. They have a couple of million dollars stored on a device like this, and they want him to see if he can hack the wallet, defeat the security, and get access to the information to prove that the money is theirs.

“If he screwed something up, there was a good shot that it would never be able to be recovered,”

Reich, owner of the wallet

Grand, who runs a tailored lab in his family’s backyard in Portland, bought many similar wallets and placed the same version of firmware on them as Reich and his friend. Then he spent three months conducting research and experimenting with various approaches on his practice wallets.

Grand was fortunate in that he had past studies to help him. In 2017, Saleem Rashid, a 15-year-old hardware hacker from the United Kingdom, devised a technique to successfully unlock a Trezor wallet belonging to tech writer Mark Frauenfelder, freeing $30,000 in Bitcoin. Grand had put out a detailed video on the process on Youtube.

Are these wallets safe?

Ever since the video went viral, trezor wallet owners have been on the verge of doubt of how secure their funds are on the wallet. As a reply to Joe Grand’s tweet, Trezor replied:

image 5

No matter what secured updates come, hackers will always find a loophole to crack it. Wallet owners don’t need to panic. There is no bad news here; keep your wallet safe and do not forget your password. It’s as simple as that.

Biggest Crypto Youtubers hacked in a coordinated attack labelled as ‘One World Cryptocurrency’

by

More than 30 channels of small and big crypto YouTubers and some Indian crypto exchanges were compromised in a coordinated attack carried out by a group of anonymous hackers. Some of these channels are: @IvanOnTech,@boxmining,@aantonop,@themooncarl,@Bitboy_Crypto, @mmcrypto, @Altcoinbuzzio, @FloydMayweather, @crypto_banter, @CoinMarketCap, and Indian exchanges including CoinDCX, WazirX, and Unocoin.

The anonymous group hacked these channels, and without the creator’s authorization, a video was posted on the compromised accounts instructing viewers to deposit “USDT/USDC/BNB/ETH” to a wallet address listed in the video description in exchange for a new cryptocurrency named “OWCY.”

The scam did not inflict too much damage, according to BscScan. A total of 2.3 BNB was moved to the wallet address seen in the video. At the time of reporting, 15 transactions have been completed.

Michael Gu, the founder of the YouTube channel “Box mining,” revealed that his account had been hacked on Twitter. Gu claims to have activated two-factor authentication.

image 1

How were these Crypto Youtubers compromised?

According to a Reddit thread started by u/9Oh8m8, the hackers may have used a sim swapping technique to get around the two-factor authentication (2FA).

Unocoin and WazirX, two cryptocurrency exchanges, announced that hackers had taken control of their accounts in the early hours of Monday. “We can observe that our account has no external logins or activity.” “It appears as if YouTube has been hacked or if there was some rogue employee on their end who did this on purpose, or it is also conceivable that his computer was infiltrated,” said Sathvik Vishwanath, CEO of Uncoin.

According to Rajagopal Menon, VP Marketing, WazirX, informed that their crew discovered the scam video and removed it within 7 minutes of it becoming live on our channel.

Is there an end to these scams?

The specific method employed by the hackers to gain access to the YouTube channels is unknown at this time. Woefully the increasing amount of crypto adoption increases the chances of crypto scams.
According to a new report from CNBC, more than $14 billion in cryptocurrencies were stolen in 2021. The only thing to do is to avoid falling for the scams and ensure that we keep our funds safe.

Critical Privacy Vulnerability can Jeopardize 21 million Metamask Users Data, says Researcher

by

Cryptographer and security analyst Alexandru Lupascu, the co-founder of OMNIA protocol, found Metamask vulnerable. During his recent research, he came across and pointed out that Metamask crypto wallet users could be in jeopardy and might lose all their digital assets.

In his recent medium article, he mentioned that he spent time with this team researching different NFT airdrop situations. They bumbled upon a scenario that could compromise the privacy of more than 21 million people.

“It’s quite a potent scenario, too, as it has the potential to be eight times more devastating than a Distributed Denial of Service (DDoS) attack. And I’m saying that after comparing it to some of the most notorious attacks to hit the news last year.”

Alexandru Lupascu

How dangerous is it?

Alexandru shows how a malevolent actor may create an NFT, transmit it to a victim, and acquire their IP address, putting their privacy at risk. This is a significant privacy flaw in the blockchain ecosystem that anyone may attack for as little as $50.

Do not undervalue the threat posed by IP leaks. Alexandru adds: if hostile actors obtain other information from the IP address (such as geolocation or GSM carrier), they may transform it into a physical threat, such as kidnapping.

Alexandru detailed how the invasion is carried out, from minting an NFT to sending it to the target, obtaining the victim’s IP address, and, finally, jeopardizing their privacy or stealing their crypto assets. He used the iOS Metamask software version 3.7.0 to test this attack, but it might also apply to Android.

Are the users safe now?

Alexandru identified the flaw in early December 2021, and after examining Metamask’s Mobile security policy, they contacted them on December 14, 2021.

They informed us that this is a known problem being addressed as part of a responsible disclosure schedule.

After the study went public, Daniel Finlay, the founder of MetaMask, verified the problem and pledged to resolve it as soon as possible. He also added, “Alex is right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it.”