Binance CEO CZ Alerts Users of Phishing Attacks Following Kroll Data Leak

Changpeng Zhao, widely recognized as CZ, the CEO of Binance, has recently brought to light a concerning issue on his Twitter platform. Users of notable cryptocurrency exchanges FTX, BlockFi, and Genesis are reportedly under the threat of new phishing attacks. This surge in malicious activities is believed to be directly linked to the Kroll data leak. Intriguingly, this leak seems to have its roots in a SIM swap conducted on an employee.

In his tweet, CZ stated, “New rounds of phishing attacks already underway for the poor users of FTX, BlockFi, Genesis, as a result of the Kroll data leak, which seems to be a result of a SIM swap on an employee.🤷‍♂️ Learn to protect yourself. Learn about phishing attacks👇” . 

Phishing attacks, which are deceptive maneuvers by malicious entities aiming to extract sensitive information by mimicking trustworthy sources, have been on the rise. This recent wave of attacks emphasizes the critical importance of cybersecurity awareness and the necessity for users to remain alert against potential threats.

In a bid to educate users, CZ shared an article detailing the nature of phishing. Phishing is a cyber attack where attackers pose as reputable entities to deceive individuals into revealing sensitive data. These attacks often use fraudulent emails directing users to deceptive websites. Within the cryptocurrency realm, attackers may spoof genuine sites, altering wallet addresses to misdirect funds.

Key phishing methods include clone phishing, spear phishing, and pharming. Users are advised to be skeptical of unexpected emails, verify content, avoid clicking on email links, and never share private keys. With the irreversible nature of cryptocurrency transactions, vigilance is paramount.

With the cryptocurrency sector’s exponential growth, the security and confidentiality of user data have never been more crucial. Users are encouraged to stay updated and exercise prudence when navigating digital platforms.

Image source: Shutterstock


Tagged : / / / / / / /

US District Judge Rules in Favor of Custodial Arrangement for bZx DAO Members

In a recent update to the ongoing class-action lawsuit against bZx DAO members, a United States district judge ruled that the ability for developers to upgrade a smart contract where the key is in the hands of a single developer makes the arrangement custodial. The ruling, passed by United States District Judge Larry Alan Burns on March 27, marks a significant development for decentralized autonomous organizations (DAOs).

While the ruling may seem unremarkable on the surface, Web3 lawyers have noted its potential impact on the DeFi space. The defendants in the case claimed that transactions in the bZx protocol are noncustodial because users can maintain custody of their assets. However, a successful phishing attack on a bZx developer compromised the funds supposedly under users’ custody, rendering the distinction between custodial and non-custodial meaningless.

Gabriel Shapiro, the general counsel for crypto firm Delphi Labs, tweeted that the court’s ruling implies that a single developer holding the upgrade key makes the arrangement custodial. This could also apply to developers with multisigs, potentially leading to DeFi platforms that employ multisigs being seen as custodial platforms. As a result, these projects may need to obtain the necessary licenses for custody to comply with the law.

Gregory Schneider, the deputy general counsel for Hedera, commented on the lawsuit, highlighting that the ruling is significant for the DAO space. According to Schneider, the case must be “closely examined by anyone thinking about legal liability in the DAO space.”

DAOs are autonomous organizations that operate using smart contracts on a blockchain. They are designed to be decentralized and operate without intermediaries, such as banks or other financial institutions. However, the bZx case highlights the potential legal implications for DAOs, particularly those that employ multisigs.

Multisigs are a type of digital signature that requires multiple parties to sign off on a transaction. They are often used in the DeFi space to secure smart contracts and provide an additional layer of protection against hacks and other security breaches. However, the bZx case raises questions about the legal status of multisigs and their impact on the custodial vs. non-custodial debate.

The ruling in the bZx case may lead to further regulatory scrutiny of DAOs and DeFi platforms. It underscores the need for the DeFi industry to develop robust security measures and to comply with applicable laws and regulations. As the DeFi space continues to grow and evolve, it is likely that we will see more legal challenges and regulatory developments in the months and years ahead.


Tagged : / / / / / / / /

OpenSea Confirms Under Phishing Attack, after Urging Users to Migrate NFTs New Addresses

Hours after OpenSea announced an upgrade to delist inactive Non-Fungible Tokens (NFTs) on its platform. Some users have been targeted explicitly through a phishing attack disguised as a legitimate email concerning the planned upgrade. 


Per the original OpenSea update, the platform advised its customers to move their Ethereum-based NFTs to a new smart contract address, a move that will cost no cent per gas fee. Users who do not complete the migration as instructed stand the chance of losing their old and inactive tokens. Drawing on this detail, PeckShield, a blockchain security and data analytics company, said that the platform’s “Users authorize the “migration” as instructed in the phishing email and the authorization, unfortunately, allows the hacker to steal the valuable NFTs.”

In a Twitter update shared by OpenSea’s Co-Founder and CEO, Devin Finzer, the attacker’s address has remained inactive for the time being, adding that some of the stolen NFTs have been returned back to their owners. In his own words;

“As far as we can tell, this is a phishing attack. We don’t believe it’s connected to the OpenSea website. It appears 32 users thus far have signed a malicious payload from an attacker, and some of their NFTs were stolen… The attack doesn’t appear to be active at this point — we haven’t seen any malicious activity from the attacker’s account in 2 hours.” 

OpenSea claimed that “some of the NFTs have been returned, but not aware of any recent phishing emails that have been sent to users, but at this time we do not know which website was tricking users into maliciously signing messages.”

OpenSea is the world’s largest marketplace for trading NFTs, and the platform has been the target of many malicious workers in recent times.

Earlier in January, the marketplace was hacked for 332 ETH, worth approximately $780 million at the time. While the platform is actively working to mitigate these risks, it also plans on hiring additional staff to relieve its overwhelmed employees. With the new capital and the manpower, perhaps, related exploits shortly can be averted.

Image source: Shutterstock


Tagged : / / /

About 6,000 Users Falls Trap as Victims under Phishing Attack: Coinbase

The Nasdaq-listed cryptocurrency trading platform Coinbase Global Inc has said that about 6,000 of its platform users have fallen victim to a phishing attack that saw third parties gain access to such customers’ data, including names, addresses, and emails, amongst others.

Per Reuters recent report, citing a letter shared with the affected customers, the hack took place between March and May 20 of this year. The undue access to user’s data, according to Coinbase, can only be done through access to the users’ email address, password, and phone number, which the trading platform said it’s unsure the intruders obtained from its database.

“In order to access your Coinbase account, these third parties first needed prior knowledge of the email address, password, and phone number associated with your Coinbase account, as well as access to your personal email inbox,” an excerpt from the letter reads. “While we are not able to determine conclusively how these third parties gained access to this information, this type of campaign typically involves phishing attacks or other social engineering techniques to trick a victim into unknowingly disclosing login credentials to a bad actor. We have not found any evidence that these third parties obtained this information from Coinbase itself.”

The broad attack led to a risk that users’ funds being moved from the exchange. Coinbase said to reimburse all affected customers. In response to the attack, the trading platform also confirmed that it has updated its SMS Account Recovery protocols, which was identified as one of the loopholes through which the fraud was perpetrated. Coinbase also said that it is working alongside authorities to bring the perpetrators to book while promising additional support to all affected users.

Data exploits and hacking are continuously becoming prevalent in the digital currency ecosystem. Earlier in August, interoperable protocol Poly Network suffered from the largest hack in DeFi history to date, with over $610 million moved from the platform. The latest mishaps being suffered by crypto outfits brings to fore the question of security loopholes in the digital currency ecosystem and how this can stump the regulator’s enthusiasm to back the innovation with progressive regulations as demanded.

Image source: Shutterstock


Tagged : / /
Bitcoin (BTC) $ 26,356.06 0.38%
Ethereum (ETH) $ 1,604.75 0.78%
Litecoin (LTC) $ 63.25 0.96%
Bitcoin Cash (BCH) $ 229.68 7.07%