Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
Crypto Flexs
Home»ADOPTION NEWS»Evolve Bank Data Breach Leaves Turbo Toad Enthusiasts $3,600 Lost
ADOPTION NEWS

Evolve Bank Data Breach Leaves Turbo Toad Enthusiasts $3,600 Lost

By Crypto FlexsJuly 15, 20246 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Evolve Bank Data Breach Leaves Turbo Toad Enthusiasts ,600 Lost
Share
Facebook Twitter LinkedIn Pinterest Email
Amazon Polly has given us a voice

Crypto-Sec is a site that publishes stories and tips about cryptocurrency and cybersecurity every two weeks.

Fishing of the Week: Turbo Toad Enthusiast Loses $3,600

Tech on Ivan, a memecoin collector and X user, fell victim to a phishing attack and lost over 1 million TURBO, worth over $3,600 at the time, according to a post he made on July 11. “I’m devastated,” Ivan said.

He subsequently lost his token after receiving a phishing email with a link he clicked on. Ivan did not explain what happened after he clicked on the link, but he was likely sent to a malicious web app linked to the Drayna protocol.

According to blockchain data, he made two separate wallet leak transfers. The first one drained 863,926 TURBO ($3,113.45) and sent it to an address ending in Aece. The second one drained 152,458 TURBO ($549) and sent it to a known malicious address labeled by Etherscan as “FakePhishing 328927.”

Given that the second transfer was much smaller than the first, the “FakePhishing” address is most likely owned by the drainer software developer, while the “Aece” address is more likely owned by the person who perpetrated the scam. Drainer software developers typically charge a small amount of the stolen loot in exchange for allowing the scammer to use their service.

The user previously called the “increase quota” function on the Turbo contract, designating an unverified smart contract address ending in 1F78 as the “spender” and authorizing a large amount of tokens to be spent. The attacker later used this malicious contract to empty the tokens.

Turbo Drain Approved. (Etherscan)

Because the user had previously authorized the malicious contract, Turbo Contract recognized it as legitimate and failed to block the attack. According to his statement, Ivan did not know that he was authorizing a malicious app to use his tokens when he initiated this transaction.

Malicious contracts only display unreadable bytecode in Etherscan, and their functionality is not available in human-readable form.

A malicious contract that stole tokens from Ivan’s Tech. (Etherscan))

Phishing is a type of fraud where the attacker pretends to be a trusted source and tricks the victim into providing personal information or performing a desired action. In this case, the attack tricked the user into unintentionally authorizing the app to steal tokens.

Crypto users should be aware that some Web3 apps are malicious and exist with the purpose of stealing users’ tokens. Users may want to carefully check each wallet confirmation when approving a transaction and avoid approving tokens for apps that have not been proven to be trustworthy.



Many wallet apps attempt to warn users when a malicious site requests token authorization. However, these warning systems sometimes block legitimate sites as well.

White-Hat Corner: Microsoft patches another clickless Office bug

According to a July 10 report from Infosecurity Magazine, Microsoft has patched another “zero-click” security vulnerability in its Office Suite. This vulnerability could allow an attacker to run malware on a user’s computer without the user downloading any files. Instead, the user only needs to open an email to infect the device. That’s why it’s called a “zero-click” vulnerability.

The new vulnerability was discovered by Morphisec, the same security team that previously discovered zero-click vulnerabilities in Office products in June. However, unlike the other vulnerabilities, this new vulnerability only allowed zero-click attacks from “trusted senders.” If the sender was not trusted, the attack would have required the user to make a second click.

According to the report, Microsoft claimed that the new vulnerability was more complex and less exploitable than the previous one. Nevertheless, it removed the attack vector with the July 9 patch.

Also read

characteristic

Murakami’s New Exhibition Shows NFT Collapse and Monstrous Egos

characteristic

What Happened to EOS? The Community Aims for an Unexpected Comeback

If your device is infected with malware, it can be fatal. Once your device is infected, attackers often use malware to steal your keystore file and gain access to your cryptocurrency accounts. Keystore files are encrypted, so using a strong password can help protect against this threat, but some malware also includes keylogging software that can record your password as you type it.

Using a hardware wallet can help protect against this threat, as it prevents attackers from stealing keystore files that are not on your device. However, users who rely on software wallets should be aware that zero-click vulnerabilities are becoming more common. As a result, it is recommended that you do not open emails from untrusted sources, even if you do not plan to click on links or files within the email.

CEX: Evolve Bank suffers data breach

This week’s CEX report is about crypto-friendly Evolve Bank & Trust. Evolve has partnered with Juno, a crypto payments app, and previously offered debit cards to users of defunct crypto companies FTX and BlockFi.

According to an official statement from the bank, hackers breached Evolve’s database on July 8 and stole customer data. Blockchain security firm Veridise estimates that more than 33 terabytes of data were stolen.More than 155,000 accounts were affected.

2) Attackers compromised the servers of a cryptocurrency-friendly bank. @getevolved192533TB of user data was stolen.

While customer funds were not compromised, sensitive personal information for over 155,000 accounts across multiple companies was impacted by the breach. 💥 https://t.co/T4qrkFcBDo

— Veridise | Careers (@VeridiseInc) July 9, 2024

According to the bank, the cybercrime group LockBit was responsible for the attack. The group convinced Evolve employees to click on a “malicious internet link.” As a result, the attackers were able to access customer information and encrypt some of the data, preventing the bank from using it. However, the bank was able to recover most of the lost information using backups, so the only serious damage was the leak of customer data.

Evolve said the attackers offered to stop the data leak in exchange for a ransom, but the bank refused.

The attackers now have customers’ “names, Social Security numbers, bank account numbers, contact information” and other “personal information,” Evolve said. Information from customers of Evolve’s open banking partners was also compromised. The bank is still investigating to determine all the data compromised.

The bank claimed that no funds were lost as a result of the attack.

Evolve said it has taken steps to strengthen its security practices to prevent a breach like this from happening again. In the meantime, it advises customers to “remain vigilant by monitoring account activity and credit reports” and to be on the lookout for phishing attacks targeting them in the future.

These potential attacks can include phone calls or emails that pretend to be from a trusted company and ask for personal information. Evolve also suggests that customers use two-factor authentication for their online accounts, as attackers may try to use their data to access their accounts on other platforms.

Subscribe

The most interesting articles on blockchain, delivered once a week.

Subscribe to the Cointelegraph Newsletter Magazine.Subscribe to the Cointelegraph Newsletter Magazine.

Christopher Locke

Some say he is a white hat hacker living in the black mining hills of Dakota, pretending to be a children’s crossing guard to avoid the NSA’s eyes. What we do know is that Christopher Locke has a pathological desire to hunt scammers and hackers.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Vortex uses NVIDIA Jetson to innovate medical imaging with CT-similar ultrasound.

June 6, 2025

Sei Development Foundation: Use of US Innovation for Global Block Chain

June 6, 2025

Solana’s Journey: Promotion of Challenge, Innovation and Speed

June 6, 2025
Add A Comment

Comments are closed.

Recent Posts

Musk & Trump SPAT sends trenches from DOGE Price Crumbling, Tesla.

June 6, 2025

Musk & Trump SPAT sends trenches from DOGE Price Crumbling, Tesla.

June 6, 2025

Vortex uses NVIDIA Jetson to innovate medical imaging with CT-similar ultrasound.

June 6, 2025

2025 Best Free Cloud Mining

June 6, 2025

Sei Development Foundation: Use of US Innovation for Global Block Chain

June 6, 2025

Analyst Michaël Van de Poppe says Bitcoin is getting higher.

June 6, 2025

Does Ethereum start their business? MorningStar Candlestick Pattern tells the story

June 6, 2025

Solana’s Journey: Promotion of Challenge, Innovation and Speed

June 6, 2025

Ether Leeum’s imminent brake out in major chart patterns

June 6, 2025

Bittensor increases rapidly after 118 subnets in the $ 1,000 TAO price guess.

June 6, 2025

Bitcoin’s $ 100k drop in caught many merchants for many merchants.

June 6, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Musk & Trump SPAT sends trenches from DOGE Price Crumbling, Tesla.

June 6, 2025

Musk & Trump SPAT sends trenches from DOGE Price Crumbling, Tesla.

June 6, 2025

Vortex uses NVIDIA Jetson to innovate medical imaging with CT-similar ultrasound.

June 6, 2025
Most Popular

Binance Launches LUNC Revival Campaign to Return USTC to $1

June 19, 2024

DOGE & SHIB mascots hit the road in Tesla’s new Cybercab.

October 11, 2024

On Stake | Ethereum Foundation Blog

June 3, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.