Friend.Tech Boosts Security with CoolWallet on Base Chain

Friend.tech, a decentralized social media platform operating on Base’s Ethereum layer-2 chain, has been a significant contributor to Base’s recent growth. Base is a secure, low-cost, builder-friendly Ethereum layer-2 chain designed by Coinbase to bring the next billion users on chain. It has become a favorite for DApp developers and early investors due to its outstanding performance and the innovative projects it attracts.

According to the latest data, the platform has surpassed one million daily active users and has a total value locked (TVL) exceeding $35 million. The platform allows users to buy “shares” of other users to chat with them, emphasizing the concept that “Your network is your net worth.”

However, this rapid growth has also attracted cybersecurity threats, notably phishing attacks. These social engineering tactics have been a significant concern in the Web3 sector, with losses already amounting to $650 million as of June 2023. High-profile individuals like Mark Cuban and Vitalik Buterin have also fallen victim to such attacks. To mitigate these risks, Friend.tech strongly recommends its users to employ hardware wallets for enhanced asset security.

In response to these security challenges, CoolWallet, a hardware wallet maker that natively supports the Base ecosystem, has initiated a Web3 Guardian competition. This campaign aims to raise awareness about its Web3 SmartScan feature, which proactively screens all Web3 transactions and flags any malicious behavior or smart contract vulnerabilities. The SmartScan feature is available on the CoolWallet App and offers an added layer of protection against phishing attempts.

To further promote Web3 asset protection, CoolWallet is launching a global competition with generous rewards for participating users. The competition aims to enhance user security awareness and encourage the use of SmartScan for safer transactions. This move is particularly timely, given the increasing number of phishing attacks targeting not just individual users but also high-profile personalities in the crypto space.

The Web3 Guardian competition is expected to draw significant attention, especially among Friend.tech users who are already concerned about asset security. The competition will not only offer rewards but also educate users on the importance of transaction screening, a feature that is often overlooked but crucial in the current landscape of frequent cyber attacks.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / /

SlowMist Reports Surge in Diverse Crypto Security Incidents for the Week of September 17-23, 2023

Key Takeaways

Total security incidents reported: 7

Estimated financial loss: Approximately $380,600

Notable trend: Increase in phishing attacks and rug pull tactics

New attack methods: DNS hijacking, contract vulnerability, and phishing attempts

Breakdown of Incidents

Phishing Attacks:

Unimevbot users were targeted through malicious MEV bot codes on the website. The exact loss remains undisclosed, but funds were transferred to the hacker’s on-chain address.

Coinbase Wallet also fell victim to a phishing attack that exploited the Web3 messaging network protocol. The exact financial impact is yet to be reported.

Contract Vulnerabilities:

Linear Finance exposed its $LUSD token to an exploit attack due to a contract vulnerability. No specific loss has been reported.

Rug Pulls:

BNBpay and YZER were involved in rug pull incidents, with losses amounting to approximately $114,000 and $28,600, respectively, following significant liquidity removals.

DNS Hijacking:

Balancer was targeted in a DNS hijacking attack by a phishing group known as AngelDrainer, resulting in a loss of around $238,000.

Infrastructure Vulnerability:

An unspecified infrastructure vulnerability led to significant funding and team token loss for a project named “None.” The exact financial impact remains undisclosed.

Conclusion

The Slowmist report underscores the increasing complexity and diversity of attacks in the crypto and blockchain landscape. SlowMist urges users to remain vigilant and adopt comprehensive security strategies.

Image source: Shutterstock

Source

Tagged : / / / / / / / / / / /

Hacked Ledger Database Dumped on Raidforums Making Way For Phishing Attacks

Crypto Twitter was buzzing after a leak in the database of Ledger’s hardware wallet today, consisting of more than 270,000 physical addresses and phone numbers and a million email addresses, made available on the hacker’s site, Raidforums.

What Was The Nature of Leaked Information?

The data theft was reportedly during a hack into Ledger’s e-commerce database in June. On the plus side, Ledger users can now see first-hand whether their personal information gained exposure during the hack.

The original hack targeted Ledger’s marketing and e-commerce database, meaning only contact and order details are visible. No financial information, recovery phrases, or keys were on display during the attack.

According to the cybersecurity website hasibeenpwned.com, 69% of the dump database addresses were vulnerable since the first hack. However, Ledger reported at that time that 9,500 customers had their personal information compromised.

In a series of tweets, Ledger said it was aware of the database dump and confirmed the leak was real. Additionally, the company said that early indications suggest that this may indeed be the content of their June 2020 e-commerce database. “It is a big understatement that we sincerely regret this situation,” Ledger added.The attacker had access to the e-commerce database using a disabled API key.

Phishing Attacks Expected

Unfortunately, due to the ledger database leak, many users are receiving phishing scam emails. Benoit Pellevoizin, vice president of marketing at Ledger, warned that the phishing attacks are an attempt to trick Ledger customers into giving out their private keys.

Pellevoizin says that primarily via email, phishers can instruct customers to introduce themselves to Ledger to ask for their opening phrase to gain access to coins, something that Ledger would never ask.

In a tweet today, Ledger reiterated that consumers should not share their 24-word recovery phrase with anyone even if they pretend to be a Ledger agent. The company has also created a website where users can report details of a phishing attack.


Ledger added that it is very disparaging to say that they sincerely regret this situation. They take confidentiality very seriously and will make the Ledger safer. 

Even though there was no financial information leaked, users are concerned that this publicly available leak is a more significant threat than a phishing attack. One user commented that Ledger users typically have high cryptocurrency assets and will be exposed to more cyber and physical abuse than ever before.

In a statement during the original hack, Ledger said French data protection authority CNIL knew of the breach on July 16 and are looking into the hack.

Like BTCMANAGER? Send us a tip!

Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4


Source

Tagged : / / / / / / / /
Bitcoin (BTC) $ 41,644.16 5.44%
Ethereum (ETH) $ 2,258.40 4.22%
Litecoin (LTC) $ 74.75 3.85%
Bitcoin Cash (BCH) $ 249.57 9.43%