Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
Home»ALTCOIN NEWS»Strange ‘null address’ iVest hack, millions of PCs still vulnerable to ‘synchro’ malware: Crypto-Sec
ALTCOIN NEWS

Strange ‘null address’ iVest hack, millions of PCs still vulnerable to ‘synchro’ malware: Crypto-Sec

By Crypto FlexsAugust 13, 20245 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Strange ‘null address’ iVest hack, millions of PCs still vulnerable to ‘synchro’ malware: Crypto-Sec
Share
Facebook Twitter LinkedIn Pinterest Email
Amazon Polly has given us a voice

Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec

DeFI Exploit: iVest Under Donation Attack

According to a report from blockchain security firm QuillAudits, decentralized finance protocol iVest Finance was hit with a $156,000 attack on August 12.

Sending tokens to a null address (0x0) normally results in the tokens being lost forever. However, in the iVest protocol, sending to a null address results in the _MakeDonation function being called, which “erroneously reduces the sender’s balance by twice the intended amount,” QuillAudits reported.

iVest Attack Reported by QuillAuditsiVest Attack Reported by QuillAudits
Source: QuillAudits

The attackers continued to repeat these steps, successfully draining $156,000 worth of BNB and iVest tokens from the pool, mostly deposited by other users.

Quill said he would provide updates as more information became available.

On its website, iVest describes itself as a project that “combines SocialFi and DAO governance with unique token economics to create a community project that supports its members and thrives.” Cointelegraph reached out to iVest for comment but did not receive a response by the time of publication.

Malware Vulnerability: AMD “Sync Close” Affects Millions

According to a report from Wired, millions of PCs are affected by a vulnerability in AMD processors discovered on August 9. This discovery may be particularly concerning for users who run MetaMask, Coinbase Wallet, Trustwallet, or other software wallets on these devices.

The vulnerability, dubbed “Sinkclose,” allows attackers to create a “bootkit” that “evades antivirus tools and is invisible to the operating system.” Once a user’s device is infected with sinkclose-related malware, it is virtually impossible to remove. Even formatting the hard drive and reinstalling the operating system will not remove the malware.

The vulnerability was reportedly discovered by researchers Enrique Nisim and Krzysztof Okupski from cybersecurity firm IOActive and was disclosed publicly at the Defcon hacker conference on August 10.

According to a separate report from Tom’s Hardware, AMD has released mitigation patches for many of the affected processors, and affected PCs have been “flagged for updates.” However, some older models will not be patched at all because they are “outside the software support period.” These processors include “Ryzen 3000 and earlier processors, as well as Threadripper 2000 and earlier chips.”

For cryptocurrency users, the SyncClose vulnerability can be particularly concerning. If a device with an AMD processor is found to contain malware, even formatting the hard drive and reinstalling the OS may not be successful in removing it. In this case, users should consider discarding the device instead of attempting to “clean” it before installing a wallet.

For users who only do simple cryptocurrency transfers and do not use Web3 applications, using a hardware wallet may help mitigate the threat of Sinkclose-based malware. However, it is unlikely to help users who use Web3 applications, as these applications typically require the user to “blindly sign” or trust their PC to display transaction data. The hardware wallet’s LCD screen cannot display the data.

Given the threat posed by Sinkclose, users with AMD devices may want to make sure their processor or graphics card firmware is updated to the latest version, as the company announced that its latest patches include “mitigations” for the vulnerability.

Phish of the Week: Web3 Gamer Loses $69,000 on Tether

A web3 gamer and Mimecoin trader lost $69,000 worth of Tether (USDT) stablecoin on August 9th due to a phishing scam.

At 10:33 PM UTC, a user authorized a malicious account called “Fake_Phishing401336” to spend all of their funds. USDT. One minute after this approval, the attacker made two transfers from the victim’s account to another account. One of the transfers was for $58,702.42, and the other was for $10,359.25, for a total of $69,061.67.

Blockchain security platform Scam Sniffer detected the transaction and announced the attack on X.

Scam Sniffer reports USDT phishing attack.Scam Sniffer reports USDT phishing attack.
(Scam Sniffer/X)

In the past, victims have traded Web3 game tokens such as Heroes of Mavia (MAVIA) and Immutable X (IMX), as well as memecoins such as HarryPotterObamaSonic10Inu, MAGA (TRUMP), and Hemule. Beyond these facts, not much is known about the victims.

Token authorization phishing scams are a common way for Web3 users to lose their tokens. In these scams, attackers trick users into visiting a website that contains a malicious app. The app is usually disguised as an app that the user trusts, such as a video game, an NFT marketplace, or a Mimecoin trading app that the user has visited in the past. However, these apps are usually located at a misspelled URL and are not authorized by the company that claims to have created them.

When the user presses a button in the malicious app, a token authorization transaction is pushed to the user’s wallet. Once the user confirms this authorization, the attacker drains all authorized tokens from the victim’s wallet. In this case, the user lost over $69,000 due to the fraud.

Web3 users are advised to carefully check the URL and contract address of any website requesting token approval. This can help users avoid huge losses.

Christopher Locke

Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

XRP struggles for $ 3: Do Whale Offroads attract it lower?

August 7, 2025

Tethers we target the Stablecoin market and quote the path of genius behavior.

July 31, 2025

Crypto EXEC is not the end of the rally.

July 24, 2025
Add A Comment

Comments are closed.

Recent Posts

A Global Initiative To Transform Crypto Education From The Ground Up

August 11, 2025

Cango Inc. Acquires 50 MW Bitcoin Mining Facility In Georgia, Laying Groundwork For Future Energy Strategy

August 11, 2025

SIM Mining Cloud Mining Allows Global Investors To Easily Earn BTC And DOGE Profits Using Just Their Smartphones (daily Income Of $23,999 USD)

August 11, 2025

MultiBank Group Delivers Record H1 Results With $209M Revenue And MBG Token Driving 7X Returns Since Launch.

August 11, 2025

The Animoca brand invests in a nice cat

August 11, 2025

Is Alt Season finally here, just as Ether Lee’s tearing and a small cap follows?

August 11, 2025

Flareonix airdrop is live! Under the share of 100m FXP today!

August 11, 2025

Carv can be used for transactions!

August 10, 2025

Ethereum (ETH), SEI (Sei), and Bonk (Bonk) gathered in July, but one token is prepared to dominate next.

August 10, 2025

Floki and OnDo expand their profits as Robinhood Listing strengthens.

August 10, 2025

Vitalik Buterin regains the title of ‘Onchain Billionaire’, where ether reaches $ 4.2K.

August 10, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

A Global Initiative To Transform Crypto Education From The Ground Up

August 11, 2025

Cango Inc. Acquires 50 MW Bitcoin Mining Facility In Georgia, Laying Groundwork For Future Energy Strategy

August 11, 2025

SIM Mining Cloud Mining Allows Global Investors To Easily Earn BTC And DOGE Profits Using Just Their Smartphones (daily Income Of $23,999 USD)

August 11, 2025
Most Popular

Investors in PI Network & Dogecoin have benefited from XRPTurbo, an AI agent lunch pad of XRP.

May 16, 2025

Ethereum price prediction: Top analyst says ETH is headed for a 35% surge as traders flock to this AI platform marking 30x the cryptocurrency.

January 18, 2024

Universal-2: Revolutionizing speech recognition with improved accuracy

November 4, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.