TronWeekly

Crypto World News

You are here: Home / Archives for Scam

Scam

Monero’s CCS Wallet Exploited: Monerujo Wallet Feature At The Center Of Mystery Hack

by

In a shocking twist of events, the decentralized community-powered Monero project has unveiled a breach in its Community Crowdfunding System’s (CCS) wallet that occurred on September 1, 2023. The assailant executed nine transactions, siphoning the entire balance, totaling 2,675.73 XMR, equivalent to a staggering $460,000.

Renowned Chinese crypto journalist Colin Wu, took to his official X page, Wu Blockchain, to shed light on the Monero CCS hack. The source of the breach remains shrouded in mystery. Colin Wu also echoed the observations of blockchain security firm SlowMist, who pinpointed a potential “loophole in the Monero privacy model” as the root of the vulnerability.

According to a recent report, the Community Crowdfunding System (CCS), which relies on donations, had 2675.73 XMR until September 1. It was not until November that a Monero developer named Luigi discovered that the entire wallet had been stolen.

Monerujo’s PocketChange, Elevating Monero Security

Moonstone Research meticulously tracked the assailant’s transactions and concluded that the exploiter was a Monerujo wallet user who had activated the PocketChange feature. Monerujo, an Android non-custodial Monero wallet, offers the unique PocketChange feature, which rectifies a drawback by segmenting coins into multiple “pockets” or “enotes”. In a statement, Monerujo clarified,

“As long as [PocketChange is] enabled, every time you use Monerujo to send moneros somewhere, it will take a bigger coin, split it in parts, and spread those smaller coins into 10 different pockets. That way, the coins won’t merge again, and you’ll be ready to spend instantly from all those pockets without waiting the dreadful 20 minutes.”

Drawing from four Crescent Discovery reports, Moonstone Research confirmed that the attacker had generated 11 output eNotes, an anomaly in standard transactions. Restating their findings, Moonstone Research affirmed, “We believe this is the most likely case, regardless if the attacker was using Monerujo version 3.3.7 or 3.3.8.” 

The recent incident has caused a stir in the Monero community, leading to doubts about the safety of decentralized projects and the possible risks related to cutting-edge features such as PocketChange. The community now faces crucial questions and challenges, with the discussions revolving around security and privacy concerns.

Fake Ledger Live App Scam Nets Thief Almost $600,000 In Bitcoin

by

In a recent high-profile cryptocurrency theft, a sum nearing $600,000 in Bitcoin (BTC) was unlawfully obtained from unwitting users who fell prey to a deceitful Ledger Live application, fraudulently presented on Microsoft’s app store. This revelation has been brought to light through the diligent efforts of cryptocurrency sleuth ZachXBT, as detailed in a recent post on the platform X.

ZachXBT, a vigilant on-chain analyst, detected the counterfeit application, dubbed “Ledger Live Web3,” on November 5th. The deceptive app dupes users into believing they are acquiring the legitimate “Ledger Live” – an interface designed for its hardware wallets, enabling secure offline storage of cryptocurrencies.

According to Blockchain.com, the scammer successfully siphoned off approximately 16.8 BTC, equivalent to $588,000, spread across 38 separate transactions utilizing the wallet address “bc1q….y64q.” However, a portion of the ill-gotten gains, totaling $115,200, has been transferred out in two transactions, leaving the perpetrator with a balance of $473,800 or 13.5 BTC.

Ledger Scam Unearths Microsoft’s Security Gaps

In a subsequent update, ZachXBT indicated that Microsoft may have removed the fraudulent Live app from its platform. The initial payment to the scammer’s wallet address occurred on October 24th, amounting to $5,210. Before this transaction, the wallet had remained dormant. Notably, most of the illicit transactions occurred after November 2nd, with the largest single transfer tallying $81,200 on November 4th.

ZachXBT brought to light that they were contacted by two distressed victims on the 4th of November, both asserting that Microsoft ought to shoulder the responsibility for allowing the counterfeit application to infiltrate its app store, a sentiment echoed by others in the cryptocurrency community.

This incident marks not the first time a counterfeit app has infiltrated Microsoft’s app store. In December and March, Ledger’s support account on social media platform X (formerly Twitter) alerted users to a bogus app.

Currently, Ledger has refrained from issuing an official statement regarding this latest scam. Nevertheless, the company has consistently advised its users that the “only safe place” to download Ledger Live is from its official website. Users are strongly encouraged to exercise extreme caution and vigilance when maneuvering through the treacherous terrain of the cryptocurrency realm.

Scammers Shift Focus To Traditional Banking Targets Amid Crypto Downturn: Report

by

As the crypto market experiences a prolonged downturn, the prevalence of cryptocurrency-related scams has dwindled, leaving behind a more discerning investor base committed to due diligence. This shift in dynamics has prompted scammers in Ireland to pivot towards targeting traditional banking customers, a trend that has raised alarms among authorities.

According to a recent report by the Irish Independent, 2023 witnessed a staggering loss of nearly 20 million euros ($21.8 million) to scammers impersonating banking officials. Victims have reported being contacted through phone calls and emails, with fraudsters claiming affiliation with reputable British banks or trading houses.

In response, Irish law enforcement agencies have launched investigations into a spate of similar fraud cases. Notably, one successful operation resulted in the recovery of 2 million euros ($2.1 million) from a scammer. Since January 2023, approximately 4 million euros of the total 20 million euros lost to banking scams have been reclaimed.

Scammers Pivot Tactics

Contrary to the peak of scam activities, where crypto-related schemes accounted for 95% of cases, these incidents have now taken a backseat. Instead of intricate crypto-related plots, scammers are adopting a more straightforward approach, replicating banking websites and promotional materials to deceive unwitting victims into relinquishing their savings.

Detectives have traced over 20 bank accounts linked to these fraudulent operations in the United Kingdom, though efforts to dismantle the network remain ongoing. The Bank of Ireland has issued a cautionary advisory to its customers, urging them to exercise vigilance when dealing with alleged banking personnel pressuring them into hasty decisions—a common tactic employed by scammers.

Meanwhile, an Australian bank has raised a red flag on the global stage, asserting that many scams now involve cryptocurrencies. At a recent panel discussion during the Australian Blockchain Week, Sophie Gilder, managing director of blockchain and digital assets at Commonwealth Bank, Stated:

“One in three of the dollars that are scammed from Australians touch crypto, one in three. So it’s the single largest lever that we have to reduce this impact on our customers.”

Nigel Dobson, the Banking Services Portfolio Lead at ANZ, pointed to data from the Australian Financial Crimes Exchange, suggesting that this figure may even be as high as 40%. The crypto market’s allure for scammers appears to rise, even as traditional banking scams pose a growing threat in Ireland.

Related Reading: |CBA Takes A Stand Against Crypto Scammers, Implements New Safety Measures

Binance Assists Thai Police In Bust of $277 Million Crypto Scam

by

In a remarkable collaborative effort to combat cybercrime, Binance, the world’s leading cryptocurrency exchange, has joined forces with the Cyber Crime Investigation Bureau (CCIB) of the Royal Thai Police to crack down on criminal networks using digital assets for illicit activities. The joint operation has arrested five key members of a vast criminal organization responsible for major crypto scams. 

According to a recent report, the seized assets, valued at approximately THB 10 billion ($277 million), include luxury automobiles, residences, land, and various high-end possessions. The success of this operation comes as a beacon of hope in the fight against rising crypto scams in Thailand, which have caused financial losses of hundreds of millions. Police Lieutenant Colonel Thanatus Kangruambutr, Inspector of the Cyber Support Unit at Thailand’s CCIB, expressed his gratitude for the exchange’s significant contribution and highlighted the importance of information exchange with key partners like the Binance Investigations team. He stated, 

“Binance remains an essential ally in our combat against scams and cybercrimes. We value this partnership and look forward to continuing it.”

Binance’s Regulatory Challenges:

This collaboration sheds a positive light on Binance, which has faced regulatory accusations in the past regarding investor protection. However, the exchange has found support from market players such as Paradigm in its recent battle against the US SEC. Even USDC issuer Circle has weighed in, asserting that stablecoins should not be subject to the same regulatory rules as traditional securities.

Binance was pivotal in exposing a significant cryptocurrency scam orchestrated by an international criminal network. The investigation resulted in the apprehension of suspects located across 30 different sites in Bangkok, Samut Prakan, and Udon Thani provinces, thanks to the cooperation of over 200 officers from the CIB. Binance provided crucial intelligence to law enforcement and dispatched an investigator to Thailand to assist in securing arrest warrants.

Emphasizing its commitment to combatting cybercrime and ensuring global regulatory compliance, exchange views collaborative law enforcement initiatives as integral to the security of the Web3 ecosystem.

In recent months, Binance and its CEO, Changpeng Zhao, have faced intense regulatory scrutiny. The latest challenge involves a lawsuit alleging market manipulation activities by the leading exchange and its chief, which purportedly contributed to the financial instability of FTX.

Related Reading: | Binance Battle: Paradigm’s Bold Defense Against SEC’s Overreach

Binance Turkey Alert Users Of An Ongoing Scam Attempt

by

Binance’s ever-growing popularity comes with its downside. The world’s biggest crypto exchange is now facing another battle. No, it is not the regulators, but scammers and fraudsters that are giving the firm a hard time.

Taking advantage of the platform’s expanding fan base, unknown criminals attempted to exploit investors using fake Binance-branded billboards and hoardings in Turkey.

This prompted the Turkish wing of the trading platform to take to Twitter stating that it has no affiliation with the ad and issued a word of caution for users from falling for such scams.

It also added that “Necessary legal processes have been initiated against persons who are clearly involved in fraudulent activities”

The image contains a billboard purportedly sporting an advertisement titled “Binance Tourist exchange” which includes telephone numbers that, when dialed, might link potential victims to scammers.

Binance launched a 24/7 helpline service in Turkey

A few weeks ago, Binance launched its first 24/7 customer service center in Turkey with the primary goal to proactively end fraud cases before it happens. One likely reason for its selection of Turkey is the massive amount volume of traffic the exchange receives from the nation.

As per an announcement, if the pilot test in Turkey is successful, the exchange plans to expand the service globally. As for now, the trading firm will offer customer support in Turkish, only through the app.

Binance, which is regarded as one of the most dominant digital currency exchanges in terms of daily trading volume had discussions with UAE authorities on setting a base camp in the nation.

After Turkey and Lebanon, UAE is the third most rapidly emerging crypto market in the Middle East.

In late December 2021, Binance had inked a deal with the Dubai World Trade Center Authority [DWTCA] intending to carve out a global virtual resource ecosystem. The exchange is one of the first digital currency exchanges to join the DWTCA’s new crypto initiatives.

Binance said in a statement that the agreement allows it to work with DWTCA to “define the idea of hastening the establishment of another industry center point for Global Virtual Assets.”

Beware! Scammers hacked an Indian Website with a Fake Azuki NFT Airdrop

by

Twitter scammers are on a hunting spree for verified accounts. This time it targeted the official Twitter handle of India’s University Grants Commission [UGC] on 10th April. The account which has around 2,96,000 followers was briefly compromised when unidentified hacker/s took control and posted a series of tweets tagging numerous unknown persons across the world.

The fraudsters changed the bio and profile picture replacing them with cartoonish images and a fake promotion of Azuki NFT airdrop. Around 6 hours after the breach, the official handle was restored.

Image

Lately, CryptoTwitter is being hijacked by NFT scammers who are targeting accounts with large followers in an attempt to make a quick buck via Azuki NFTs. They change profile pictures of the compromised account and pose as one of the co-creators of the Azuki project.

The scammers then flood the account with a secret airdrop of Beanz, an NFT drop that was given out to existing Azuki NFT holders. Through the hijacked accounts, the attackers trick people to claim a bean and connect their Ethereum wallets. Once gained entry into their wallets, the fraudsters promptly drain the NFTs from these wallets.

Among the compromised accounts was that of Emily Buder, the Senior Editor at Quanta Magazine. The tweet sent out from her account read,

Shh Secret Airdrop. For the next 24 hours, we are airdropping Beanz to all active NFT traders in the community! The Beanz will no longer be claimable after they have all been airdropped. Good Luck! #Azuki Claim A Bean azuki.team Welcome To The Garden.

Scammers used Phishing emails to hack into verified Twitter accounts

So far, in two confirmed cases, the owners of the compromised Twitter accounts admitted that the hackers could access their accounts through phishing emails, which seemed to originate from Twitter’s support time.

One journalist who wished to remain anonymous said their hacked account sent out over 6,000 tweets. These tweets then tagged several potential victims that the scheme targeted.

This attack rings similar to the ApeCoin [APE] scam, which also promised to airdrop APE to gullible users and saw bad actors walk away with NFTs worth over $1 million.

User s27 Lost His Bubble Gum BAYC NFT Worth $570,000 to a Scammer

by

Unknown BAYC NFT owner “s27” recently lost around $570,000 in NFTs. This was after he swapped his BAYC NFT and two Mutant Ape Yacht Club (MAYC) tokens for counterfeit NFTs that were cleverly disguised as real.

A “bubble gum ape” was among the NFTs that went missing. The user claimed to have completed the swap via the “Swap.Kiwi” NFT exchange platform. It allows for direct NFT exchanges between collectors while lowering transaction fees.

Thanks to his Discord channel programmed to watch BAYC and MAYC listings that are at least 5% below their floor price in Ether, crypto enthusiast “quit” (@0xQuit on Twitter) detected the likely fraudulent transaction first.

s27 adds to the victim’s list of the latest BAYC scam

“The pings are rare, but when they happen it generally means one of two things: somebody is panic selling, or somebody is compromised. When I saw the notification for #1584, I instantly knew it was the latter.”

@0xQuit tweet

Quit found that not only did the deceived user transfer his expensive NFTs to a fraudster, but he was also the one who initiated the exchange, as he revealed in a Twitter thread.

Quit then tracked down the scammer’s NFTs, which s27 had gotten following the trade. They all seemed to be authentic BAYC tokens, but they weren’t.

Kiwi uses a “green checkmark” to ensure that tokens are genuine.

However, the way the checkmark appears on the UI can be readily faked using a basic image editor, which is precisely what the fraudster did.

The scammer essentially downloaded several “jpegs” displaying a few high-priced BAYC apes and applied a false watermark to make them look legitimate when posted on Swap. Kiwi.

Shortly after receiving them, the fraudster sold the BAYC and two MAYC NFTs for 98.85 ETH, 23 ETH, and 25.25 ETH, totaling $521,000. Quit said these postings were lower than their respective floor pricing, putting s27’s potential loss at $570,000.

Meanwhile, holders of NFTs appear to be becoming a prominent target for fraudsters of all kinds, who, in turn, continue to come up with increasingly imaginative strategies for their schemes.

Avalanche Network-based Snowdog token tanks as developers relinquish ownership

by

The wfirst meme coin in the Avalanche network, SnowdogDAO (SDOG), slipped by more than 90% yesterday after being live only for eight days. While many call it the platform’s largest rug pull, the SnowdogDAO team said that event wasn’t a rug pull. They named the millions of dollars lost as a “game-theory experiment gone wrong.”

SDOG attracted a lot of attention in the community and was scheduled to end with the major buyback after an 8-day long operation. 

The huge buyback, which would be financed by assets of the Snowdog treasury through mint sales, was to be the experiment’s climax. The treasury market value increased to $44 million in just eight days, allowing holders to fight for a piece of those funds during the buyback.

The main reason for such a huge loss was that only 7% of the Avalanche-based meme coin supply was eligible to be sold above market price before the buyback. However, the founders neglected to reveal to the community, or at least had not made it explicit enough.

Snowdog built its own AMM based on Uniswap V2, moving all SDOG liquidity from popular Avalanche DEX Trader Joe to prevent front running.

Avalanche-based meme coin causes loss in millions

Hundreds of users lost their funds within the seconds of buyback launch when a single address managed to grab around $10 million by exchanging SDOG for other cryptos. This reduced treasury’s buyback power by 25%

The address purchased around $180,000 worth of the Avalanche-based meme coin just before the buyback event with MIM and staked the token. Within 24 hours, it was able to drain more than $10 million worth of MIM. Apart from this, two more wallets drained $7.7 million and $3.3 million using a similar method.

Many believe that the addresses which comprise the “7% mark” were associated with the owners of the development team.

The development team of the Snowdog came out with a post after the failed blowback to clarify that the event wasn’t a rug pull.

“We understand that the buyback experience created frustration as only 7% of the supply holders would benefit from a price superior to the market price before the buyback. We deeply regret not having communicated more on this. We should have warned the community about the risks that waiting for the buyback to sell represented.”

Snowdog development team said

However, it failed to convince the investors who lost their funds and believed that the actions were pre-planned.

EthereumX scam token jumps 70,000,000% in a day

by

A token named EthereumX (ETX) jumped by more than 70,000,000% in just over 24-hours, driving investors crazy over this bullish course of action. The token is a copycat of Ethereum, the world’s second-biggest cryptocurrency. Investors claimed to have witnessed the token reach as much as $50,000, generating instant millionaires.

Indeed the token is another scam that is made for the classic rug pull tactic. While the token’s bullish surge is something to admire, it seems that a glitch ticked off this scam event. If the price action was true, EthereumX would’ve broken barriers in the entire crypto industry.

According to a report presented by Watcherguru, the token reached $50,850 from $0.008945, generating a market capitalization of $4.4 trillion, which is nearly thrice of the world’s first and biggest cryptocurrency, Bitcoin. However, this seems to be a glitch from CoinmarketCap’s database and not an actual event.

EthereumX: another scam token

According to statements by members of the crypto community on Twitter, such scams have been prevalent in the crypto market for quite some time. Back in 2017, attempts were made to close the creation of such scam tokens. However, it seems that coins like EthereumX just keep popping up.

This shitcoin is up 66.5 million percent within the last 24 hours. Retail noobs be like: “ooooh wow! now looks like a good time to buy.”

said a Twitter user

These scam tokens need to be removed from the industry, and it seems that the government will have to take regulatory steps. The Infrastructure Bill that awaits President Biden’s approval is just one of the many regulatory processes against scam tokens.

Furthermore, another scam token, the Squid Game token, also ate millions of investors’ money as the token creators were not known. The website and the Twitter handle of the token responsible for promotions all vanished without a trace.

With such incidents prevailing currently, it is very important that every investor does their own research before trying their luck.

$3.6B in Bitcoin disappears with South African crypto exchange owners after “hack”

by

Cryptocurrency investors of South African exchange AfriCrypt have reportedly lost $3.6 billion in Bitcoin after what was first reported to be a hack. However, along with the funds, the two founders of the crypto firm, who also happens to brothers, have vanished and there is no trace of them yet.

This is another major incident after last year’s fall of another South African Bitcoin trader, called Mirror Trading International. The platform had suffered losses of 23,000 digital coins, that summed up to approximately a whopping $1.2 billion. Hence, it went on to become the largest hack of 2020. If the funds are not recovered, the Africrypt investors are at a risk of losing three times as much.

Biggest Bitcoin Hack?

It all started in April this year when Bitcoin was rallying to record-breaking numbers. Hence, the disappearance of nearly 69,000 Bitcoin could be essentially turn out to be the biggest-ever dollar loss in a cryptocurrency hiest.

Africrypt Chief Operating Officer and the elder brother Ameer Cajee notified clients that the firm suffered a hack. However, he advised them to not report the incident to lawyers and authorities, as it could impede the recovery process of the missing funds. This message was sent on the 13th of April at a time when the crypto exchange raked in around $3.6 billion in Bitcoin.

However, not all of the investors compiled with this request. Some of the ones involved with the exchange also went on to onboard a law firm, Hanekom Attorneys. Additionally, a few also initiated the liquidation proceedings against Africrypt. After the Cape Town-based law firm failed to trace the two brothers, they alerted the South African police force, Hawks. Furthermore, it notified other cryptocurrency exchanges across the world if the brothers attempted to convert the coins to fiat.

However, the investigations also revealed that Africrypt’s pooled funds were moved from its South African accounts and client wallets. To top that, the digital coins were put through tumblers and mixers to essentially make them untraceable. The law firm was quoted saying,

“Africrypt employees lost access to the back-end platforms seven days before the alleged hack”