 |
Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec
DeFI Exploit: iVest Under Donation Attack
According to a report from blockchain security firm QuillAudits, decentralized finance protocol iVest Finance was hit with a $156,000 attack on August 12.
Sending tokens to a null address (0x0) normally results in the tokens being lost forever. However, in the iVest protocol, sending to a null address results in the _MakeDonation function being called, which “erroneously reduces the sender’s balance by twice the intended amount,” QuillAudits reported.
The attackers continued to repeat these steps, successfully draining $156,000 worth of BNB and iVest tokens from the pool, mostly deposited by other users.
Quill said he would provide updates as more information became available.
On its website, iVest describes itself as a project that “combines SocialFi and DAO governance with unique token economics to create a community project that supports its members and thrives.” Cointelegraph reached out to iVest for comment but did not receive a response by the time of publication.
Malware Vulnerability: AMD “Sync Close” Affects Millions
According to a report from Wired, millions of PCs are affected by a vulnerability in AMD processors discovered on August 9. This discovery may be particularly concerning for users who run MetaMask, Coinbase Wallet, Trustwallet, or other software wallets on these devices.
The vulnerability, dubbed “Sinkclose,” allows attackers to create a “bootkit” that “evades antivirus tools and is invisible to the operating system.” Once a user’s device is infected with sinkclose-related malware, it is virtually impossible to remove. Even formatting the hard drive and reinstalling the operating system will not remove the malware.
The vulnerability was reportedly discovered by researchers Enrique Nisim and Krzysztof Okupski from cybersecurity firm IOActive and was disclosed publicly at the Defcon hacker conference on August 10.
According to a separate report from Tom’s Hardware, AMD has released mitigation patches for many of the affected processors, and affected PCs have been “flagged for updates.” However, some older models will not be patched at all because they are “outside the software support period.” These processors include “Ryzen 3000 and earlier processors, as well as Threadripper 2000 and earlier chips.”
For cryptocurrency users, the SyncClose vulnerability can be particularly concerning. If a device with an AMD processor is found to contain malware, even formatting the hard drive and reinstalling the OS may not be successful in removing it. In this case, users should consider discarding the device instead of attempting to “clean” it before installing a wallet.
For users who only do simple cryptocurrency transfers and do not use Web3 applications, using a hardware wallet may help mitigate the threat of Sinkclose-based malware. However, it is unlikely to help users who use Web3 applications, as these applications typically require the user to “blindly sign” or trust their PC to display transaction data. The hardware wallet’s LCD screen cannot display the data.
Given the threat posed by Sinkclose, users with AMD devices may want to make sure their processor or graphics card firmware is updated to the latest version, as the company announced that its latest patches include “mitigations” for the vulnerability.
Phish of the Week: Web3 Gamer Loses $69,000 on Tether
A web3 gamer and Mimecoin trader lost $69,000 worth of Tether (USDT) stablecoin on August 9th due to a phishing scam.
At 10:33 PM UTC, a user authorized a malicious account called “Fake_Phishing401336” to spend all of their funds. USDT. One minute after this approval, the attacker made two transfers from the victim’s account to another account. One of the transfers was for $58,702.42, and the other was for $10,359.25, for a total of $69,061.67.
Blockchain security platform Scam Sniffer detected the transaction and announced the attack on X.
In the past, victims have traded Web3 game tokens such as Heroes of Mavia (MAVIA) and Immutable X (IMX), as well as memecoins such as HarryPotterObamaSonic10Inu, MAGA (TRUMP), and Hemule. Beyond these facts, not much is known about the victims.
Token authorization phishing scams are a common way for Web3 users to lose their tokens. In these scams, attackers trick users into visiting a website that contains a malicious app. The app is usually disguised as an app that the user trusts, such as a video game, an NFT marketplace, or a Mimecoin trading app that the user has visited in the past. However, these apps are usually located at a misspelled URL and are not authorized by the company that claims to have created them.
When the user presses a button in the malicious app, a token authorization transaction is pushed to the user’s wallet. Once the user confirms this authorization, the attacker drains all authorized tokens from the victim’s wallet. In this case, the user lost over $69,000 due to the fraud.
Web3 users are advised to carefully check the URL and contract address of any website requesting token approval. This can help users avoid huge losses.
Christopher Locke
Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.