 |
Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec
Deepfake Fraud: Bitcoin Conference AI Leaks $79K
During the Bitcoin 2024 conference, which took place on July 25-27, crypto users lost over $79,000 due to a deepfake AI livestream of the conference. The fake livestream featured footage of Elon Musk speaking, but while Musk was rumored to be in attendance, he did not actually speak at the conference and was clearly unrelated to the video. This is similar to numerous other Musk-related scams that have popped up online.
Michael Dunworth, co-founder of cryptocurrency payment service Wyre, reported the deepfake scam in a post on X on July 26. “People were calling me saying Elon Musk was giving away free bitcoin on Bitcoin ’24,” he said. “That’s not true. There’s a fake live stream with a dubbed voice and over 70,000 (fake) people are watching the live stream.”
According to Dunworth’s post, the fake livestream was posted on a channel called “Tesla,” which is named after Elon Musk’s car company, but is not endorsed by the company. The real livestream of the conference, on the other hand, was posted on Bitcoin Magazine’s official YouTube channel.
Bitcoin consulting firm The Bitcoin Way reported another version of the scam on July 27, this one reportedly posted on a YouTube channel called KHORTEX.
The livestream featured an AI-generated video in which Elon Musk told viewers to send bitcoin to a specific address, claiming they would get their money back doubled. A similar Elon Musk deepfake scam was circulated in May.
According to blockchain data, some viewers sent cryptocurrency to the scam addresses. The Bitcoin network address associated with the scam received 0.77 Bitcoin (BTC), worth approximately $53,000 based on the Bitcoin price at the time, on July 28-29. Additionally, 4,531 Ethereum (ETH) (worth approximately $26,000) was sent to the scammers’ Ethereum address, and 4,136 Dogecoin (DOGE) (worth $537.34) was sent to the Dogecoin address. In total, the fake livestream viewers lost more than $79,000 due to the scam.
Deepfake scams are on the rise, and while videos may appear to feature a trustworthy source, they may be completely fake and AI-generated content. Always verify the source of a video before relying on any information in it to ensure authenticity, and if an investment idea seems too good to be true, it probably is. No one is going to give you twice as much cryptocurrency for one thing.
Phishing of the Week: MOG Holders Fall for Scams
A person who held meme coin MOG lost over $148,000 in a phishing scam on July 28. The attackers stole 82 billion MOG from the victim’s wallet. Of that, $16.4 billion (equivalent to $29,720 at the time) went to the app developer who was stealing it, while the remaining $65.6 billion (equivalent to $118,880 at the time) went to the phishing scammers. Blockchain security firm PeckShield reported the attack on X.
MOG is a meme coin that celebrates the concept of “mogging”, a pickup artist, which means claiming superiority over others in order to show off to a third party. The coin was launched in July 2023. According to data from Coinmarketcap, it has increased by over 3,617% since February.
According to PeckShield, attackers stole $10,000 worth of BASED tokens from victims in a separate attack on the Base network.
Technically speaking, the victim appears to have submitted a signed transaction message on the Ethereum network, authorizing the attacker to call the Permit2 function on Uniswap’s official router. According to blockchain data, the victim’s account was set as the “owner” and a malicious smart contract with an address ending in cbbF was set as the “spender.”
The malicious “spender” contract was created by a known phishing account on Etherscan called “Fake_Phishing188615” and was created at the moment the Permit function was called.
Crypto phishing is a technique where scammers trick users into approving unintended tokens, usually by setting up fake websites that appear to come from authoritative sources. To avoid such scams, crypto users should be careful not to sign transaction messages if they are unsure of the content contained therein or if they are unfamiliar with the website being used.
Phishers often operate from domain names that are not the official domain name of the company they are impersonating, so checking the URL of the site can also be an effective way to avoid these scams. However, URLs can look very similar because they use alternative characters from languages other than English.
CEX: DMM Hacker Mixes Funds with Poloniex Hacker Wallet
On July 27, on-chain detective ZachXBT reported that funds from the May 31 DMM hack were mixed with funds from the November 2023 Poloniex hack, suggesting that both hacks were likely carried out by the same individual or group. ZachXBT suspects that both attacks were carried out by the Lazarus Group.
He said, “Earlier today, the dust left over from the Poloniex November 2023 hack and the DMM Bitcoin May 2024 hack was consolidated into the same address, further demonstrating the link to the Lazarus Group.”
In cryptocurrency trading, the term “dust” refers to a very small amount of cryptocurrency that may remain in a wallet after a larger transaction has been made. In his post, Zach mentioned two different wallet accounts, one of which contained about $0.10 worth of ETH, and the other contained less than $0.01 worth of ETH.
The DMM hack was the largest exploit against a centralized exchange so far in 2024. The attack resulted in the loss of over $300 million.
Also read: Japanese Exchange DMM Loses $350 Million Worth of Bitcoin Due to Private Key Hack
Ransomware: ESXi Backdoor Discovered by Microsoft
Microsoft says it has discovered a new attack vector being used by crypto-ransomware attackers. The company announced its findings in a blog post on July 29. The vulnerability affected ESXi servers, but has now been patched.
ESXi server software from VMWare runs directly on enterprise-class devices, bypassing the operating system. This type of software is often referred to as “bare metal.”
Microsoft has discovered that a flaw in the ESXi server code could allow ransomware attackers to take control of the device and encrypt its contents, rendering it inoperable and unrecoverable without obtaining the attacker’s decryption key. Researchers have observed several attacks that rely on this vulnerability, including those that installed the infamous Akira and Black Bast ransomware programs.
To launch the attack, a hacker only needs to type the commands “net group ‘ESX Admins’ /domain /add” and “net group ‘ESX Admins’ username /domain /add”. By typing these commands, the attacker gains “full administrative access” to the device, allowing them to encrypt all of its contents.
These commands worked because the ‘ESX Admins’ domain group did not exist by default and had full administrative access by default even though no validation process was performed to check for the group’s existence.
Ransomware is a type of malicious attack where the attacker steals files, locks the device, and corrupts it to cause lasting damage to the company. The attacker then demands payment in cryptocurrency in exchange for repairing the damage or restoring the device. Because of the irreversible nature of blockchain transactions, ransomware attackers prefer cryptocurrency networks as a means of payment.
Also read: WazirX hackers prepared for attack 8 days in advance, scammers counterfeit fiat with USDT: Asia Express
Christopher Locke
Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.