 |
Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec
Weekly Phish: DeFi Saver Users Lose $55 Million in DAI
A user of the decentralized finance protocol DeFi Saver was hit with an unusual style of phishing attack on August 21. According to a post from blockchain security firm Global Ledger X, the attacker tricked the user into reassigning ownership of the DeFi Saver Proxy contract.
The victim reportedly attempted to trade again but failed. The attacker then changed ownership again and emptied all Dai (DAI) stablecoins from the smart contract wallet, removing a total of $55 million.
According to blockchain data, the DAI came from a null address rather than the victim’s address, suggesting the attacker minted the DAI using the victim’s collateral rather than directly withdrawing it from the victim’s account.
The victim’s smart contract wallet is listed as “DSProxy #166,776” on Etherscan. On August 20, the account owner called the “Set Owner” function and listed the malicious phishing account as the new owner. The owner was likely tricked by the malicious web app into approving this transaction. This was a costly mistake, as the victim is now $55 million poorer.
Web3 users should consider carefully reviewing the contract address before approving a transaction. Many protocols list official contract addresses in their documentation, and users can check these addresses to see if the address they want to interact with is listed there. This can help users avoid losing funds due to phishing attacks, but no security method is 100% foolproof.
DeFi Exploit: iVest Announces Shutdown After $156,000 Loss
Decentralized finance (DeFi) protocol iVestDAO has announced that it will not be reopening after suffering a $156,000 exploit. The protocol had previously said it would compensate investors and reopen later. However, iVest’s Telegram administrator told Cointelegraph on August 15 that it was shutting down.
“Unfortunately, we cannot continue operations and are having to suspend the project and refund holders out of our own pocket,” the manager said, calling the incident a “tragic event.”
In a public statement on the protocol’s website, iVest claims the team is “refunding holders out of our own pockets,” but the funds are “non-recoverable and there is no way to replace them back to 100% of the team’s own funds.”
The team said they were “bruised and defeated” but would “pick up the pieces and move on with our lives.”
iVest was exploited via a ‘null address’ donation attack on August 12th.
Malware Corner: Copy2pwn bypasses Windows Smart Screen
According to a report from SecurityWeek, malware operators are using a new exploit called “copy2pwn” to bypass the Windows Smart Screen program’s protections. The vulnerability has been patched in recent versions of Windows, but some devices may still be at risk because they have not yet been updated.
These exploits can be used to install malicious software and may result in the private keys of software wallets being leaked.
Also read
characteristic
Tornado Cash 2.0: The Race to Create a Safe and Legal Coin Mixer
characteristic
Lazarus Group’s Favorite Exploits Revealed – Crypto Hacking Analysis
Copy2pwn, disclosed in CVE-2024-38213 and reportedly discovered by Trend Micro’s Zero Day Initiative, is designed to make it easier for users to share and edit web-based content by leveraging the Web-based Distributed Authoring and Versioning (WebDAV) protocol in Windows.
However, cybercriminals have discovered that content hosted on WebDAV shares can bypass the smart screen protection feature by not getting the webmark flag.
According to the report, malware operators have been using copy2pwn to install DarkGate on users’ devices. According to cybersecurity firm Socradar, DarkGate is a sophisticated malware program that is difficult to detect and effective at stealing data.
Cryptocurrency users who use Windows Smart Screen for malware protection are advised to upgrade to the latest version of Windows as soon as possible.
Hackathon participants suffer clipboard hack
On August 25, Porter Adams, a software engineer at Matter Labs, the developer of the ZKsync network, discovered cryptocurrency-stealing malware in an unexpected place. The malware was found on the PC of one of the hackathon participants.
Adams posted video of the reported incident to X.
The participant attempted to send Ether (ETH) to a specific address on the Sepolia test network, but Adams discovered that the person’s device was infected with clipboard hijacking software.
Every time a user copies and pastes a cryptocurrency address, the malware pastes the developer’s address instead, causing the user to send their cryptocurrency to the wrong address and lose it forever.
Fortunately, the participants were using a testnet with ETH that had no real value. However, if the participants had gone home and used the device to trade real cryptocurrencies, they could have easily lost all their funds. “I saved a hackathon participant from malware today,” Adams said in his post.
When cutting and pasting an address, crypto users are advised to check that the pasted address is the same address they were trying to copy. If it is different, the device may be infected.
Subscribe
The most interesting articles on blockchain, delivered once a week.
Christopher Locke
Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.