The mailing list provider used by the Ethereum Foundation for updates was compromised, resulting in a phishing email. Hackers are now using addresses from the breach to send fake emails. These fraudulent emails claim a collaboration between Ethereum and LIDO, promising a high annual percentage yield (APY) for staked assets. Recipients are urged to avoid […]
Bitcoin News
Phishing Scammers Stole $47 Million From 57,000 Victims in February Alone — Report
Nearly million was stolen from approximately 57,000 crypto users by criminals who use phishing scams to lure victims. The Scam Sniffer data highlights that most of the thefts occurred on the Ethereum chain, with ERC-20 tokens being the most targeted. Unlike in January, the number of victims who lost digital funds exceeding million […]
Bitcoin News
Crypto Scam Alert: Phishing Attack Swipes $5.1M Worth of BEAM, Token Price Drops
According to the blockchain analytics platform Lookonchain, a crypto trader suffered a phishing attack that swooped over 180 million BEAM tokens on Wednesday and affected the token’s price.
180 Million BEAM Tokens Stolen
In an X (former Twitter) post, Lookonchain exposed a new crypto scam that had occurred on February 15. As the analytics platform detailed, the address 0x83664B8a83b9845Ac7b177DF86d0F5BF3b7739AD, under the name ‘Kirilm.eth’, suffered a phishing attack that led to the theft of millions of BEAM tokens.
kirilm.eth was phishing attacked and lost 180.25M $BEAM(.14M) 13 hours ago.
The scammer quickly sold the 180.25M $BEAM for 1,629 $ETH(.6M), which caused the price of $BEAM to drop by ~7%.https://t.co/x8epiNx4Qa pic.twitter.com/ytcfYib2Kg
— Lookonchain (@lookonchain) February 16, 2024
Users seemingly identified the victim as a crypto trader named Kirill Marinov. According to the information provided, the victim lost 180.25 million BEAM tokens, worth approximately .14 million, to an account labeled as ‘Fake_Phishing291038.’
Shortly after the theft, the scammer’s address liquidated the total amount of stolen BEAM tokens, exchanging them for 1,629 ETH worth approximately .6 million.
According to Web3 anti-scam platform Scam Sniffer, the victim signed an ‘increase allowance’ transaction that gave the scammer access to the tokens. Additionally, the. X post detailed that the token spender is a Safe Wallet address.
However, this writing has not revealed further details about the victim, the exact tactics used by the scammer, and their identity.
Phishing scams are among the most popular tactics for crypto-related crimes. Scammers exploit inexperienced investors’ naivety and oversights from more experienced traders to gain access to the funds.
The scamming tactics involve a variety of ways to trick the victims into revealing their private keys or login information to grant access to the victim’s wallets. Due to this, experts urge all crypto investors to stay alert and take the necessary measures to keep their assets safe.
BEAM Price Reacts To The Crypto Heist
The BEAM token serves as the native crypto asset for the Beam network. After the heist and subsequent exchange to ETH, the token’s price dropped, falling from the .030 price level to the .028 range.
Beam Network is a gaming network powered by the Merit Circle DAO. The ecosystem brings developers and gamers together to develop the gaming industry further. According to the Beam team, “At its core, Beam aspires to create harmony between gamers and developers.
It’s not just about gaming; it’s about ownership, empowerment, and a global community. Every feature and tool is a step towards this visionary future.”
At writing time, the token trades at .027, representing a 2.4% drop in the last hour and a 9.3% decrease from its trading price in the previous 24 hours. According to CoinMarketCap data, the token’s daily trading volume saw a 25.7% decrease in the last 24 hours, sitting at the #104 spot on this metric with .4 million.
Despite the negative price reaction following the scam, the BEAM price still registered a 32.9% increase in the last 7 days. Similarly, BEAM’s trust score in the spot markets remains untouched, per CoinGecko Data.
Trezor Issues Urgent Alert on New Phishing Scam
Trezor has confirmed a series of deceptive phishing emails targeting its users, coming just days after a security breach at their support portal. The company has issued an urgent security alert, advising users to be extra cautious.
Trezor Alerts Users to Phishing Danger Amidst Ongoing Security Challenges
Hardware wallet provider Trezor has issued an urgent security alert to its users about a new wave of phishing emails. This alert comes just days after a breach was reported at their third-party support portal.
On Jan. 24 Trezor confirmed the unauthorized use of its third-party email service provider, leading to a series of deceptive emails targeting its user base. According to Trezor’s official blog, the emails, appearing to be sent from “noreply@trezor.io,” falsely prompted users to upgrade their network, threatening the loss of funds if not complied with. The email contained a malicious link designed to extract users’ seed phrases.
Security Alert
We’ve detected an unauthorized email impersonating Trezor sent from a third-party email provider we use.
If you received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: noreply@trezor.io, please do not click any links or… pic.twitter.com/RqQnQkB4hX
— Trezor (@Trezor) January 24, 2024
While Trezor has swiftly acted to deactivate the link and reassured users that funds remain secure if the seed phrase wasn’t disclosed, they advise those who entered their recovery seed as directed by the phishing email to transfer their assets to a new wallet immediately.
The latest phishing attempt follows a similar pattern to an earlier security breach on Jan. 17, which exposed the contact information of nearly 66,000 Trezor users. Trezor has stated that no data other than email addresses was compromised in the recent phishing attack and has taken immediate action to restrict unauthorized access.
Trezor’s response to these incidents has been swift and transparent. The company’s blog offers detailed information on the timeline of events, important actions for users, and proactive security measures to be taken.
Have you been affected by any of these recent security problems? Share your thoughts and opinions about this subject in the comments section below.
Crypto Wallets Drained Off $600K Due To Ignored Phishing Attack
On January 23, Wallet Connect and other web3 companies informed their users about a phishing scam using official web3 companies’ email addresses to steal funds from thousands of crypto wallets.
A Massive Phishing Campaign
Wallet Connect took X to notify its community about an authorized email sent from a Wallet Connect-linked email address. This email prompted the receivers to open a link to claim an airdrop, however, the link led to a malicious site and, as Wallet Connect confirmed, it was not issued directly by the team or anyone affiliated. Wallet Connect contacted web3 security and privacy firm Blockaid to investigate the phishing scam further.
We've detected a sophisticated phishing attack impersonating @WalletConnect via a fake email linking to a malicious dapp.
Blockaid enabled wallets are safe.https://t.co/quz9olGrpZ pic.twitter.com/TYS0BjIk2J
— Blockaid (@blockaid_) January 23, 2024
In the following hours, crypto sleuth posted a community alert to inform unaware users that CoinTelegraph, Token Terminal, and De.Fi team emails were also compromised, signaling that a massive and more sophisticated phishing campaign was happening. At the time of the post, around 0K had been stolen.
After investigating, Blockaid later revealed that the attacker “was able to leverage a vulnerability in email service provider MailerLite to impersonate web3 companies.”
Email phishing scams are common among cyber scammers, making users wary of most suspicious links or emails. At the same time, companies and entities advise against opening links that do not come from their official channels. In this case, the attacker was able to trick a vast number of users from these companies as the malicious links came from their official email addresses.
The compromise allowed the attacker to send convincing emails with malicious links attached that led to wallet drainer websites. Specifically, the links led to several malicious dApps that utilize the Angel Drainer Group infrastructure.
The attackers, as Bloackaid explained, took advantage of the data previously provided to Mailer Lite, as it had been given access by these companies to send emails on behalf of these sites’ domains before, specifically using pre-existing DNS records, as detailed in the thread:
Specifically, they used “dangling dns” records which were created and associated with Mailer Lite (previously used by these companies). After closing their accounts these DNS records remain active, giving attackers the opportunity to claim and impersonate these accounts. pic.twitter.com/cbTpc5MXu1
— Blockaid (@blockaid_) January 23, 2024
MailerLite Explains Security Breach
The explanation later came Via an email, where MailerLite explained that the investigation showed that a member of their customer support team inadvertently became the initial point of the compromise. As the email explains:
The team member, responding to a customer inquiry via our support portal, clicked on an image that was deceptively linked to a fraudulent Google sign-in page. Mistakenly entering their credentials there, the perpetrator(s) gained access to their account. The intrusion was inadvertently authenticated by the team member through a mobile phone confirmation, believing it to be a legitimate access attempt. This breach enabled the perpetrators) to penetrate our internal admin panel.
MailerLite further adds that the attacker reset the password for a specific user on the admin panel to consolidate the unauthorized control further. This control gave them access to 117 accounts, of which they only focused on cryptocurrency-related accounts for the phishing campaign attack.
An anonymous Reddit user posted an analysis of the situation and gave a closer look at the attacker’s transactions. The user revealed:
One victim wallet appears to have lost 2.64M worth of XB Tokens. I’m showing about 2.7M sitting in the phishing wallet of 0xe7D13137923142A0424771E1778865b88752B3c7, while 518.75K went to 0xef3d9A1a4Bf6E042F5aaebe620B5cF327ea05d4D.
The user stated that most stolen funds were in the first phishing address. At the same time, approximately 0,000 worth of ETH were sent to privacy protocol Railgun, and he believes that they will soon be moved through another mixer or exchange.
Trezor Issues Security Alert Following Phishing Attack and Data Breach
In a recent security alert, Trezor announced a breach in its support ticketing system, potentially exposing the personal contact information of over 66,000 customers and raising the alarm for possible phishing attacks.
Trezor Alerts Users to Phishing Risk After Security Breach
Satoshilabs, the company behind the popular cryptocurrency hardware wallet Trezor, has issued a critical security alert. On January 17th, 2024, Trezor identified unauthorized access to a third-party support ticketing portal, potentially compromising the contact details of up to 66,000 customers.
The breach was first detected at 20:20 CET, and Satoshilabs immediately took measures to prevent further unauthorized access. While the security of users’ digital assets remains intact, the incident has raised concerns over the potential exposure of customers’ names and email addresses since December 2021.
In response to the breach, Trezor has reached out to all potentially affected users, warning them of increased risks of phishing attacks targeting their recovery seeds. Although no recovery seed phrases have been disclosed, 41 users were directly contacted by the malicious actor via email, requesting sensitive information.
Trezor’s internal audit indicates that, in addition to the 66,000 potentially exposed users, 8 people who created accounts on their trial discussion platform might also have their contact details compromised.
The company has emphasized the importance of vigilance and cybersecurity best practices in light of this incident. Trezor assures its customers that their hardware wallets and funds remain secure, reiterating that they will never ask for recovery seeds through any communication channels.
As a precaution, Trezor has urged all users to be cautious of unusual or suspicious contact attempts and to verify the legitimacy of any communication purportedly from Trezor Support.
The investigation into the full scope of the data breach is ongoing, and Trezor is working closely with the third-party service provider to resolve the issue. Affected users are encouraged to reach out to Trezor’s support team for any concerns or to report suspicious activity.
Do you consider this to be a major or minor security breach? Share your thoughts and opinions about this subject in the comments section below.
By The Numbers: Crypto Users Lose $300 Million To Phishing Scams In 2023
In a startling revelation by Scam Sniffer, the cryptocurrency world has been hit hard by a series of sophisticated phishing scams in 2023. The team behind the crypto security tool has reported that Wallet Drainers, a type of malware, have successfully siphoned off nearly 5 million from approximately 324,000 unsuspecting victims in the space.
These malicious software programs, predominantly found on phishing websites, trick users into authorizing harmful transactions, leading to significant asset theft from their crypto wallets.
Wallet Drainers: The New Threat in Crypto Security?
A closer examination of the data reveals a worrying trend of increasing phishing activities; each correlated with specific events in the crypto space. For instance, a significant theft of almost million was reported on March 11, coinciding with fluctuations in USDC rates and an impersonation scam of Circle, the company behind the stablecoin.
Additionally, a noticeable theft spike was observed around March 24, aligning with the hacking of Arbitrum’s Discord and its airdrop date. Scam Sniffer’s report highlighted several notable Wallet Drainers, including Inferno Drainer, which alone stole million from 134,000 victims, and MS Drainer, with a haul of million from 63,000 victims.
The report notes the alarming scale and velocity of these operations. For example, Monkey Drainer extracted million over six months, whereas Inferno Drainer looted million in just nine months, as seen in the chart below. The report also sheds light on the common phishing signatures these Drainers use.
Depending on the type of assets in a victim’s wallet, various phishing methods are deployed, ranging from increased allowance to ERC20 permit signatures. The most severe cases involved victims losing millions to these sophisticated scams.
Scam Sniffer’s Analysis: Tracking Malicious Trends
Scam Sniffer has ramped up its efforts in response to this growing threat. Over the past year, the tool scanned nearly 12 million URLs, identifying close to 145,000 as malicious. Furthermore, its open-source blacklist contains nearly 100,000 dangerous domains, continuously updated to platforms like Chainabuse.
The increasing use of smart contracts by scammers, such as multicall for efficient asset transfers and CREATE2 & CREATE functions to bypass wallet security checks, marks a significant change from the previous year. This evolution underscores the need for enhanced vigilance and updated security measures in the crypto community.
Scam Sniffer’s work extends beyond just tracking and reporting. The team actively collaborates with well-known platforms, offering its services to their users. They encourage all stakeholders in the crypto ecosystem to “join the fight against phishing, emphasizing that security is a collective responsibility.”
In closing, Scam Sniffer acknowledges the support of its community:
(…) crypto phishing involves multiple parties, crypto, and non-crypto platforms. Security requires a collective effort. If you wish to enhance your product’s capabilities in this area, please contact us at b2b@scamsniffer.io.
Finally, thanks to all the supporters of Scam Sniffer! Your support is the motivation that keeps us going.
Cover image from Unsplash, chart from Tradingview
MS Wallet Drainer Has Siphoned Over $58 Million Using Google and X Phishing Ads
A recent report from Scam Sniffer, an anti-scam solution, revealed that MS Wallet Drainer, a cryptocurrency malware tool, has managed to siphon over million in crypto since March. The drainer uses Google search and X ads phishing links as a distribution vector and has affected over 63,000 victims as of December 21.
MS Drainer Allows Criminals to Siphon Over Million
A recent report from Scam Sniffer, an anti-scam platform used by several Web3 wallets, has revealed that a certain malware type has managed to siphon over million from cryptocurrency holders. The tool, called MS Wallet Drainer, attacks the cryptocurrency wallets (Ethereum, BNB, and other EVM chains and rollups) of victims using Google and X ads to infect their devices and drain them of any available funds and non-fungible tokens (NFTs).
The malware is distributed using the search results of Google searches for popular cryptocurrency sites and decentralized finance exchanges, such as Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant. The same malware was also detected in a series of Ordinals-related X ads, and a recent sampling of X ads on some feeds resulted in more than 60% of the ads leading to sites using the MS Drainer.
The report highlights that these ads use several techniques to obfuscate their purposes and pass advertising audits. For example, they only target certain regions and use redirection to bypass revisions.
One of the victims lost over million in an Ethereum wallet, while another lost over million in Ethereum assets. An investigation revealed that the tool is available in darknet forums with a price of ,500 for a standard functionality set. While other similar malware tools are fully managed and charge a 20% fee, this one only charges for modules that add additional functionality to the standard package.
What do you think about the MS Wallet Drainer and its usage of Google and X phishing ads as a distribution method? Tell us in the comments section below.
Hackers Attack Domain Registrar Namecheap; Flood of DHL and Metamask Phishing Emails Follow
On Sunday, Feb. 12, 2023, the domain registrar Namecheap’s email account was compromised by hackers. Subsequently, a large number of individuals received phishing emails claiming to be from Metamask and DHL. These emails originated from the email platform Sendgrid, a service used by Namecheap for marketing correspondence.
Namecheap Confirms Email Account Compromise and Disables Sendgrid Services
Multiple reports indicate that Namecheap was breached on Sunday and hackers leveraged the company’s email account through the Sendgrid service. Namecheap CEO Richard Kirkendall confirmed the compromise and said the firm has disabled Sendgrid services. “To be clear, the issue was within a third-party provider that we use to send our newsletter,” Kirkendall tweeted. “None of our own systems or customer accounts were breached. I sent a follow-up email to all affected users. The domains linked in the original phishing emails were also disabled.”
According to users who investigated the sent emails, the links led to a phishing campaign attempting to steal private information from the user. For example, the Metamask email led to a fake website trying to get the user to enter their mnemonic recovery phrase. Metamask also tweeted about the Namecheap emails and told recipients to ignore the messages. “Metamask does not collect KYC information and will never email you about your account,” the company tweeted. The Web3 wallet firm added:
Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from Metamask or Namecheap or anyone else like this, ignore it & do not click its links!
Phishing attacks have been common in recent years, and hackers have used various methods to access people’s private information. According to reports, the DHL phishing email aims to provide the user with an invoice to get the user to enter payment information to resolve the fake issue. Once a user provides information like their mnemonic recovery phrase or other financial information, hackers can drain the funds from the account.
According to Beehive Cybersecurity, Namecheap’s team members took immediate action to resolve the issue. “We’d like to vouch that when we ourselves notified Namecheap of this, they acted promptly and treated it seriously,” Beehive Cybersecurity tweeted. “This is the A game of what we like to see from registrars.”
What measures could you take to protect yourself from phishing attacks like this one? Share your thoughts and strategies in the comments below.
How Bitcoin Phishing Scams Are Stealing Millions
Phishing comes in many forms. The main target of any cybercrime is to generate money from duplicitous actions. When a hacker targets an international business and steals their data, there is a financial incentive that pushes them to do so. As cryptocurrency becomes a more recognized financial medium, attackers are actively turning to target those with digital wallets.
In 2021, crypto scammers took billion. Quite simply, as Bitcoin and other cryptocurrencies become more valuable, they become a bigger target for hackers and scammers. With this in mind, those that actively buy, sell, and trade cryptocurrencies like Bitcoin need to be aware of the risk they’re taking.
In this article, to help reduce the chance of you falling for a Bitcoin phishing scam, we’ve created this article to show you the most common Bitcoin phishing messages you’re likely to come across. By learning about which forms phishing emails take, you’ll be better prepared to recognize them and put a stop to them before anyone makes off with your hard-earned crypto.
What Are The Most Common Bitcoin Phishing Scams?
When creating phishing emails that cause cryptocurrency owners to accidentally give away information about their private wallets, the message often comes from a financial service. Whether it’s an impersonation of a service or a fake exchange reaching out via email, attackers use a range of strategies to try and deceive their audience.
When you open your inbox, try to scan for the follow emails, as they might be a sign of someone attempting to steal your information:
- Password resets
- Impersonation
- Fake Exchanges
- Phishing Websites
- Scam Coins
Let’s break down these commonly-used methods.
Password Resets
Password resets are far from exclusive to cryptocurrency scams, yet are still one of the most pressing forms of scams that are employed when trying to steal Bitcoin and another cryptocurrency. By copying the layout of an email from an exchange like Binance, a hacker can duplicate a password reset almost identically.
They’ll send this email out, alerting their victims that they need to reset their passwords. Within this email, the reset link will then go to the attacker’s own website, where they can then collect the old password and use it to gain access to accounts.
Especially with Bitcoin and other cryptos, where a transaction is fairly irreversible, if a hacker gains access to your account for even a few minutes, they can do irreparable damage. It’s always a good idea to verify where your password reset emails are coming from. Better still, only reset your password by navigating from Google to the actual site, never directly through an email itself.
Impersonation
Within the online world, it’s incredibly easy to create fake profiles, find photos online, and construct a whole false identity. Over the past few months, the world of cryptocurrency has seen many false accounts creating profiles, gaining an audience, hosting a scam giveaway, then disappearing without a trace.
Whether it be through private messaging and asking for crypto or through hosting free giveaways which inject malware onto computer systems, always double-check who you’re talking to online.
While an extreme form of impersonation, back in 2020, a group of hackers managed to gain access to a variety of notable figures on Twitter, such as Barack Obama, Jeff Bezos, Kim Kardashian, and more. From these accounts, they then tweeted a Bitcoin scam which saw Twitter users send over 0,000 USD in transactions.
Always be wary about things that seem too good to be true when it comes to crypto.
Fake Exchanges
Over the past 18 months, seemingly hundreds of DeFi exchanges have popped up. A market that was once controlled by a few larger players is now saturated by exchanges from all over the world. With this, it’s not uncommon to find an email in your inbox that offers to help you sell or buy Bitcoin at great rates.
Unfortunately, many of these emails will be phishing attempts, with the fake exchange simply trying to farm information to take over a user’s wallet. Try and stick to sites that you know are reputable, and always navigate to them through Google instead of via email.
Scam Coins
While not directly related to Bitcoin, throughout the history of blockchain, a huge number of scam ICOs have been launched. This was at its worst back in 2018, when 80% of all cryptocurrencies released turned out to be scams. Investing in coins at a very early stage, especially when the project seems to lack a great deal of documentation, is not the smartest idea.
Although it’s tempting when you see promises of 100x returns, always be sure to research any project thoroughly before you actually commit to investing. Start with their white paper, read through their fundamentals and tokenomics, and try to discern if this project is actually worth investing in or just seems like hot air.
Equally, if an email arrives into your inbox that offers an airdrop in exchange for a small Bitcoin fee – don’t leap at the opportunity. Airdrops should never involve you giving away details of your account, no matter how great the opportunity may seem to you on the outside. Remember that phishing emails are incredibly common – you’re more likely to come across a scam than a real crypto opportunity, unfortunately.
Final Thoughts
Cryptocurrency, even in 2022, is still full of scams, hacks, and people with bad intentions. Due to the huge value of this industry, especially leading cryptos like Bitcoin, attackers will stop at nothing to gain access to user wallets and exploit them.
When reading through your emails, you’re carefully walking across the front lines, where the vast majority of cryptocurrency scams and exploits occur. What may seem like a simple email might actually have much worse intentions. Be sure to always take your time, read carefully, and never click on links from companies that you don’t recognize – your Bitcoin could be at stake.