An Indian national has pleaded guilty in the U.S. to wire fraud conspiracy for stealing over million by spoofing crypto exchange Coinbase’s website. He and his co-conspirators created a fake Coinbase Pro site to steal login credentials and two-factor authentication codes, transferring victims’ cryptocurrency to their own wallets. Guilty Plea in M Coinbase Crypto […]
Bitcoin News
Fake NFT Project Hack? CTO Vanishes After Allegedly Stealing 94 SOL
A new rug pull alert sounded on Tuesday after crypto detective ZachXBT unveiled on-chain details of an alleged hack suffered by an NFT project last month. The project’s CTO announced that a response was in the works but ultimately vanished as criticism grew.
Nuddies NFT, A Hack Or Rug Pull?
On-chain sleuth ZachXBT revealed the alleged misuse of funds by the CTO of NFT project Nuddies NFT. In a now-deleted post, its CTO Kyle explained that the project was “derugged from its previous founder” and built differently from other NFT projects.
A short investigation into how @kyledegods faked a hack and stole SOL from his project @NuddiesNFT before spending it on NFTs and lying to holders about how devastated he was about the incident.
On March 3, 2024 Kyle made a post in his Discord server claiming his wallets had… pic.twitter.com/4ne6dtVyA5
— ZachXBT (@zachxbt) April 2, 2024
According to the crypto detective, Kyle faked a hack that seemingly stole the project’s funds. On March 3, the alleged culprit posted on the Nuddies NFT Discord server, informing us of the hack.
The post affirmed that Kyle’s Mac was hacked despite “not clicking in any malicious link.” The CTO concluded that a “zombie process” was on his computer for an undetermined period.
This “mini-program” gave control of the computer to “the hacker.” Through the TeamViewer app the attacker gained access to the project and Kyle’s wallets. The post further explained that 90 SOL, approximately ,000 at today’s price, were taken from the Nuddies NFT creator wallet.
Moreover, the hacker allegedly took control of Kyle’s Discord and stole 150 SOL, worth around ,300, from his wallets. At the time, he claimed to be “mentally destroyed” by the loss of the project’s treasury money.
Nonetheless, the on-chain data compiled by ZachXBT tells a different story. Per the crypto detective’s post, the CTO allegedly lied to the holders and stole the 94 SOL, worth ,000, when the incident occurred.
The post reveals that the funds were transferred during that day from the Nuddies Royalty Wallet to an exchange deposit at 8:20 UTC. The on-chain investigator claims that a destination transaction was found using time analysis. The transaction to one of Kyle’s wallets accounted for 3.42 ETH, around ,700, at 8:21 UTC.
The ETH was seemingly used to buy two NFTs: DeGods 2921 and y00t 10991. The DeGod NFT was used as the CTO’s profile picture on X until yesterday.
CTO Answers The Accusations, Then Vanishes
The accusations didn’t go unnoticed by the suspect, who posted on his X account that he was “preparing the answer” with a wink face emoji. After changing his profile picture, Kyle answered some users’ questions about his credibility, to which he replied that his “conscience is clear.”
In the early hours of Wednesday, Nuddies NFT account shared a now-deleted post informing that the creator wallet was “refilled with 12k USD.” In the post, Kyle reassured that his previous claims of intending to refill the wallet were authentic.
The CTO also claimed he was “waiting for his $W airdrop” to fulfill his promise instead of selling his DeAsset. Additionally, he “stepped out” of the project after giving the access keys to two community members.
However, the story doesn’t end there. Kyle and Nuddies NFT’s account were deleted a couple of hours after the post. The Nuddies website seems not to be working, as reported by an X user.
The project’s future is unsure as one of the community members to whom Kyle gave the access keys was unaware of the situation. Juiceddd, an NFT artist, is one of the two people in charge of the project.
The artist explained that he was responsible for redrawing the entire Nuddies collection while adding “70+ new traits.” Moreover, Juiceddd stated that he “woke up this morning to being the owner of everything.” The artist is contemplating giving his perspective on the incident as he considers that it is generally the artist who “gets fucked” in these situations.
Australian Police Officer in Court for Stealing Nearly 82 BTC From Seized Drug Trafficker’s Wallet
An Australian police officer recently appeared in a Melbourne court where he faced charges of stealing 81.616 bitcoins from a crypto wallet seized from drug traffickers. After initially blaming the drug traffickers,’ the Australian Federal Police later reopened the case after an expert found evidence linking the theft to a former police officer. The accused […]
Bitcoin News
Singapore Police Warn About ‘Crypto Drainers’ Stealing Cryptocurrencies From Wallets
Singapore’s Police Force and Cyber Security Agency (CSA) have issued a joint warning about “crypto drainer” malware, which steals cryptocurrencies from wallets. As digital assets become more popular, “Cybercriminals are increasingly leveraging crypto drainers to target owners of cryptocurrency wallets,” the authorities cautioned.
Singapore Police Warn About Crypto Drainers
The Singapore Police Force and the Cyber Security Agency (CSA) of Singapore issued a joint advisory on Wednesday advising investors to protect themselves from crypto drainers. They explained:
Cybercriminals are increasingly leveraging crypto drainers to target owners of cryptocurrency wallets (‘crypto wallets’) as the use of cryptocurrencies become increasingly popular with their dollar values correspondingly increasing.
The authorities explained that a crypto drainer “is a type of malware that targets crypto wallets,” adding: “These drainers are often deployed as part of phishing attacks, where the victim is tricked into clicking a malicious link or opening a malicious attachment. By doing so, the victims are tricked into consenting to a malicious transaction that allows the drainer to steal cryptocurrencies stored in their wallets.”
The advisory also includes a list of measures crypto owners can take to safeguard themselves from the crypto drainer scam. One of the measures is:
Using a hardware wallet for enhanced security.
Other measures include being wary of “too good to be true” offers, verifying smart contract legitimacy and functions before interaction, and limiting high allowances using blockchain explorers or wallet interfaces.
Moreover, the authorities advised investors to thoroughly research projects and cryptocurrencies before linking their wallets and only make connections after verifying the project website’s validity. The advisory also notes that investors should also consider connecting a newly created or empty crypto wallet when uncertain about a project or token, and should not divulge seed phrases to anyone.
Have you come across crypto drainer malware? Let us know in the comments section below.
Former Cohasset High School Employee Accused of Stealing Thousands in Electricity to Mine Bitcoin in School Campus Crawlspace
A former school assistant facilities director in Cohasset, Massachusetts, has been accused of operating a cryptocurrency mining operation inside a crawlspace at Cohasset High School. The Cohasset Police Department alleges that Nadeam Nahas stole nearly ,000 in electricity to power the crypto mining scheme.
Former Cohasset School Employee Faces Charges for Electricity Theft in School Crawlspace Crypto Mine
A report published by Boston’s WCVB network alleges that Nadeam Nahas, a former school employee in Cohasset, Massachusetts, stole electricity from the district to mine cryptocurrency. Nahas is accused of setting up the operation at Cohasset High School’s crawlspace, where multiple computers, ventilation devices, and connected wiring were found.
Photographs taken by the Cohasset Police Department show that the mining devices appear to be application-specific integrated circuit (ASIC) mining rigs, possibly used for mining bitcoin. Police accuse Nahas of secretly mining cryptocurrency for eight months on the school’s campus, and the town’s IT director discovered the operation was a crypto mine.
Investigators, Cohasset police, and members of the Department of Homeland Security were involved in the case and removed the miners from the high school’s crawlspace. The investigation lasted three months, and investigators estimate that approximately ,492 in electricity was stolen.
Nahas is one of many individuals accused of stealing electricity to power cryptocurrency mining operations over the years. For example, in 2021, Malaysia seized 1,720 bitcoin mining machines during an electricity theft crackdown.
Law enforcement officials in Malaysia revealed last year that they had arrested more than 600 people for stealing electricity to mine cryptocurrency in the previous two years. In 2020, a kennel owner in China was arrested for stealing power to run a bitcoin mining farm.
In Rotterdam, Netherlands, two brothers were arrested in 2016 for stealing electricity to mine bitcoin and grow cannabis. WCVB reporter William Bennett reports that Nahas is facing charges of school vandalism and fraudulent use of electrical resources.
Nahas is scheduled to appear in Quincy District Court for arraignment on Feb. 23, 2023. According to Bennett, when reached by phone, the accused former Cohasset school employee declined to comment on the matter.
What do you think about the former school employee accused of stealing electricity to mine cryptocurrency in the Cohasset High School crawlspace? Share your thoughts on this subject in the comments section below.
Court to Try 2 Russians for Stealing 86 Bitcoins From Crypto Miner
Two residents of the Russian city of Tomsk will be tried for “large-scale robbery” involving the theft of cryptocurrency worth millions of rubles from a local miner. The digital coins were stolen from the owner at gunpoint, authorities said, adding that both criminals are now in custody.
Thieves Face Trial in Russia for Armed Robbery of Cryptocurrency Miner
The Kirovsky Court of Tomsk will soon try two men for their attack on another resident of the Siberian city who made a living by mining cryptocurrencies. They were able to extort from him coins worth more than 360 million rubles at the time (over .8 million), the Russian crypto news outlet Bits.media reported.
The crime took place in October 2021. The perpetrators attacked the cryptocurrency miner when he was leaving his home. One of them threatened him with an object resembling a gun and brought him back inside his apartment.
Then, his accomplice came in and the two forced the victim to log into his account on a crypto exchange and transfer them 86 BTC from a wallet that contained 90 BTC. It’s unclear why they decided not to withdraw the full balance.
Russian law enforcement managed to track and detain one of the suspects in St. Petersburg. He has since pleaded guilty and returned the fiat equivalent of a portion of the stolen digital cash — 35 million rubles (close to 9,000 at current exchange rates). The second man was arrested later.
The regional prosecutor’s office has charged the attackers with “robbery committed by a group of persons on an especially large scale” under the Criminal Code of the Russian Federation. They face up to 15 years in prison and a fine of up to 1 million rubles.
Attacks against people owning and earning cryptocurrency have been on the rise in Russia. In July, 2021, armed robbers plundered a large mining farm near Moscow, stealing dozens of video cards used to mint digital currencies. Also last year, million in tether was taken away from a crypto trader in the Russian capital.
Do you think crypto-related crimes like in these cases will continue to spread with the popularity of cryptocurrencies? Share your thoughts on the subject in the comments section below.
How Bitcoin Phishing Scams Are Stealing Millions
Phishing comes in many forms. The main target of any cybercrime is to generate money from duplicitous actions. When a hacker targets an international business and steals their data, there is a financial incentive that pushes them to do so. As cryptocurrency becomes a more recognized financial medium, attackers are actively turning to target those with digital wallets.
In 2021, crypto scammers took billion. Quite simply, as Bitcoin and other cryptocurrencies become more valuable, they become a bigger target for hackers and scammers. With this in mind, those that actively buy, sell, and trade cryptocurrencies like Bitcoin need to be aware of the risk they’re taking.
In this article, to help reduce the chance of you falling for a Bitcoin phishing scam, we’ve created this article to show you the most common Bitcoin phishing messages you’re likely to come across. By learning about which forms phishing emails take, you’ll be better prepared to recognize them and put a stop to them before anyone makes off with your hard-earned crypto.
What Are The Most Common Bitcoin Phishing Scams?
When creating phishing emails that cause cryptocurrency owners to accidentally give away information about their private wallets, the message often comes from a financial service. Whether it’s an impersonation of a service or a fake exchange reaching out via email, attackers use a range of strategies to try and deceive their audience.
When you open your inbox, try to scan for the follow emails, as they might be a sign of someone attempting to steal your information:
- Password resets
- Impersonation
- Fake Exchanges
- Phishing Websites
- Scam Coins
Let’s break down these commonly-used methods.
Password Resets
Password resets are far from exclusive to cryptocurrency scams, yet are still one of the most pressing forms of scams that are employed when trying to steal Bitcoin and another cryptocurrency. By copying the layout of an email from an exchange like Binance, a hacker can duplicate a password reset almost identically.
They’ll send this email out, alerting their victims that they need to reset their passwords. Within this email, the reset link will then go to the attacker’s own website, where they can then collect the old password and use it to gain access to accounts.
Especially with Bitcoin and other cryptos, where a transaction is fairly irreversible, if a hacker gains access to your account for even a few minutes, they can do irreparable damage. It’s always a good idea to verify where your password reset emails are coming from. Better still, only reset your password by navigating from Google to the actual site, never directly through an email itself.
Impersonation
Within the online world, it’s incredibly easy to create fake profiles, find photos online, and construct a whole false identity. Over the past few months, the world of cryptocurrency has seen many false accounts creating profiles, gaining an audience, hosting a scam giveaway, then disappearing without a trace.
Whether it be through private messaging and asking for crypto or through hosting free giveaways which inject malware onto computer systems, always double-check who you’re talking to online.
While an extreme form of impersonation, back in 2020, a group of hackers managed to gain access to a variety of notable figures on Twitter, such as Barack Obama, Jeff Bezos, Kim Kardashian, and more. From these accounts, they then tweeted a Bitcoin scam which saw Twitter users send over 0,000 USD in transactions.
Always be wary about things that seem too good to be true when it comes to crypto.
Fake Exchanges
Over the past 18 months, seemingly hundreds of DeFi exchanges have popped up. A market that was once controlled by a few larger players is now saturated by exchanges from all over the world. With this, it’s not uncommon to find an email in your inbox that offers to help you sell or buy Bitcoin at great rates.
Unfortunately, many of these emails will be phishing attempts, with the fake exchange simply trying to farm information to take over a user’s wallet. Try and stick to sites that you know are reputable, and always navigate to them through Google instead of via email.
Scam Coins
While not directly related to Bitcoin, throughout the history of blockchain, a huge number of scam ICOs have been launched. This was at its worst back in 2018, when 80% of all cryptocurrencies released turned out to be scams. Investing in coins at a very early stage, especially when the project seems to lack a great deal of documentation, is not the smartest idea.
Although it’s tempting when you see promises of 100x returns, always be sure to research any project thoroughly before you actually commit to investing. Start with their white paper, read through their fundamentals and tokenomics, and try to discern if this project is actually worth investing in or just seems like hot air.
Equally, if an email arrives into your inbox that offers an airdrop in exchange for a small Bitcoin fee – don’t leap at the opportunity. Airdrops should never involve you giving away details of your account, no matter how great the opportunity may seem to you on the outside. Remember that phishing emails are incredibly common – you’re more likely to come across a scam than a real crypto opportunity, unfortunately.
Final Thoughts
Cryptocurrency, even in 2022, is still full of scams, hacks, and people with bad intentions. Due to the huge value of this industry, especially leading cryptos like Bitcoin, attackers will stop at nothing to gain access to user wallets and exploit them.
When reading through your emails, you’re carefully walking across the front lines, where the vast majority of cryptocurrency scams and exploits occur. What may seem like a simple email might actually have much worse intentions. Be sure to always take your time, read carefully, and never click on links from companies that you don’t recognize – your Bitcoin could be at stake.
Ex-Cryptopia Employee Admits to Stealing $170K Worth Of Crypto
An ex-employee of the now-defunct crypto exchange Cryptopia has admitted in court to stealing crypto worth about 0,000. The employee pled guilty to stealing coins and customer data while he worked at Cryptopia when the company was still up and running.
A name suppression by the Christchurch district court of New Zealand keeps the employee anonymous for the time being. The employee pled guilty to two crimes, namely; theft by a person in a special relationship and theft of more than ,000.
Related Reading | Robinhood Fined M For Causing “Significant Harm” To Customers
The crime was brought to light in 2020 due to complaints from a customer that he had deposited coins into a Cryptopia wallet by mistake. Cryptopia has been through a series of problems in the past. Which is what led to its now-defunct state. The company finally collapsed in 2019.
Cryptopia Hacks
Cryptopia suffered two devastating hacks that eventually led to it shutting down in 2019. The company was hacked at the beginning of 2021 in January when a hack led to the theft of over 19,000 Ethereum. The crypto was transferred into an unknown wallet. The value of the crypto at the time of the hack in 2019 was .3 million. At this point, Cryptopia was serving a global customer base of 1.8 million customers.
Crypto subsequently went into liquidation that year and began the process of shutting down the exchange and mapping out ways for users to get their crypto back.
Bitcoin price loses momentum as it falls back into K range | Source: BTCUSD on TradingView.com
Later that year though, the company fell victim to another hack. This time losing about million worth of crypto to the attackers. The hack happened during the liquidation. Somehow attackers were able to access a wallet that had not fallen victim to the hack and transfer the crypto out of that wallet to an unknown wallet. This hack represented about 15% of the company’s holdings of digital assets.
During the liquidation, employees of the company were terminated. But not before an employee had copied private keys and customer data. These he retained after his employment with the company were terminated.
The data available to this single employee reportedly gave him access to over 0 million worth of digital assets.
The Crime
Having access to the keys, the employee believed that no one would check old transactions during the liquidation. The employee had transferred Bitcoins with the equivalent value of approximately 0,000 out of wallets and over 0,000 worth of other cryptos.
While he was employed at Cryptopia, the employee had made copies of Cryptopia’s private keys and customer data. He stored this on a USB flash drive. Which he then took home and uploaded the data onto his personal computer at home.
Upon finding out that old transactions were in fact going to be reviewed, the employee came forward to admit the theft. According to the employee, he had planned to return the crypto over time. And he had apparently taken the crypto because he was frustrated with the company, Cryptopia.
Related Reading | Bitcoin Whale Warns Of “November 2018 Vibes.” What This Means
The employee also admitted that he had believed he would get away with the theft as he did not think that anyone would go on to check old transactions.
Upon stepping forward, the employee had sought assurance that he would not be persecuted for the offenses. Although he has now been arrested and charged and will remain in jail until his sentencing, which is scheduled for October 20th, 2021.
The crime is unrelated to the Cryptopia hack. The employee has returned some of the cryptos and has promised to pay back the rest over time.
Featured image from PCMag, chart from TradingView.com
Man Accused of Stealing $1 Million in Cryptocurrency Using SIM-Card Scheme
The post Man Accused of Stealing Million in Cryptocurrency Using SIM-Card Scheme appeared first on DCEBrief.
IBM Patents Blockchain to Stop Drones From Stealing Packages
IBM has won a patent for a blockchain system which tracks packages in case they’re stolen by drones.
CryptScout #BitFeed RSS – Bitcoin and Cryptocurrency News 24/7