Crypto Hacks and Scams on the Rise

Crypto security and auditing company CertiK reported a total loss of $103.7 million due to vulnerabilities, frauds, and hacks in the month of April. Because of this, the overall loss for the year amounts to 429.7 million dollars. The month was particularly marked by major hacks, including the theft of $22 million from a hot wallet exploit at the Bitrue exchange, which resulted in a loss of $22 million; the hack of South Korea’s GDAC exchange, which resulted in a loss of $13 million; and the theft of $25.4 million due to an exploit of several MEV trading bots on April 3.

According to reports from CertiK, the overall losses incurred by crypto and DeFi exploits throughout the month amounted to $74.5 million. This is about half of the total $145 million that was exploited during the first four months of the year. assaults against flash loans were also common, resulting in losses of around $20 million. Yearn Finance was the primary victim of these assaults, which occurred when a hacker exploited an outdated smart contract on April 13.

In April, exit scams were another factor that contributed to the large amount of money lost, which was $9.4 million. The most successful exit scam for the month was perpetrated by Merlin DEX, which resulted in a loss of $2.7 million. Considering that the protocol had been audited by CertiK, which had previously warned about centralization problems, this was an especially worrying development. After the attack, Certik implemented a compensation plan, in which they demanded that the malicious developer pay back 80% of the stolen funds and offered a white hat bounty of 20% of the total amount.

In the month of April, the Rekt Database maintained by De.Fi documented over fifty crypto-related scams, hacks, and rug pulls. These Memecoin rug pulls made up a significant chunk of the total. The flash loan assault against the Polygon-based Ovix protocol, which occurred on April 28 and resulted in a loss of $2 million, was the most recent incident.

Hacks and frauds using cryptocurrencies are becoming more common, highlighting the need for stronger security measures inside the cryptocurrency ecosystem. Before putting money into any cryptocurrency project, it is essential for users and investors to do extensive research and due diligence on the project. Auditing companies such as CertiK play an essential part in determining the nature of any possible security threats that may exist and in elevating the level of industry-wide security.


Tagged : / / / / /

YouTuber’s Channel Hacked for XRP Scams

The rise of cryptocurrency has brought about a wave of new investors, eager to get in on the action and reap the rewards. Unfortunately, this has also created a new target for hackers and scammers looking to make a quick profit. One recent example of this is the hacking of the popular YouTube channel DidYouKnowGaming.

DidYouKnowGaming is a YouTuber with 2.4 million subscribers who creates content related to video game trivia and history. However, the channel was recently hacked by an anonymous bad actor, who used it to promote XRP cryptocurrency scams. The hacker changed the channel’s profile and cover images to Ripple’s logo, in an attempt to lend legitimacy to the scam.

Fortunately, YouTube was quick to intervene and prevent further damage. They prevented the XRP hackers from interacting with the channel’s subscribers and worked with DidYouKnowGaming to regain access to his channel. However, this incident is just one example of a growing trend of hackers targeting YouTube channels to promote scams.

One of the largest YouTube creators, Linus Tech Tips, also recently reported losing access to his channels. While the exploit used by the hackers to gain access to YouTube accounts remains a mystery, it is clear that the threat to crypto investors from such hacks is prominent.

The rise of deepfakes only adds to this threat. Deepfakes are fake impersonation videos generated by artificial intelligence (AI) tools, and they have become increasingly prevalent in recent years. Hackers often create deepfakes of celebrities and entrepreneurs to misguide crypto investors and trick them into investing in scams.

For example, hackers have created deepfakes of Tesla CEO Elon Musk in the past, causing confusion among investors who thought he was endorsing a particular cryptocurrency. Concerns about deepfakes escalated even further when Chinese tech giant Tencent launched a new deepfakes creation tool, allowing users to impersonate anyone for a fee.

Crypto investors across the world use YouTube to learn about and research the world of cryptocurrencies, blockchain, and Web3. However, as the number of hacks and scams on the platform increases, it is important for investors to remain vigilant and take steps to protect themselves.

While YouTube and other platforms are working to prevent hacks and scams, investors should be wary of any investment opportunities that seem too good to be true. They should also be careful about the information they consume on the platform and take the time to research any claims made in videos or comments.

In conclusion, the hacking of DidYouKnowGaming’s YouTube channel is just one example of a growing trend of hackers targeting YouTube creators to promote scams. The rise of deepfakes only adds to this threat, and investors should remain vigilant when researching and investing in cryptocurrencies.


Tagged : / / / / /

KuCoin User Linked to Memecoin Scams

KuCoin, which is a famous cryptocurrency exchange, has just verified that the address of a user is related to the start of hundreds of frauds using memecoin. This news was recently reported. A user on Twitter discovered on April 26 that the in question address had been responsible for the creation of two to five memecoins each and every day for the previous two years. The community member also brought up the fact that KuCoin “owned and controlled” the wallet addresses, which they mentioned in their post. Despite the fact that the blockchain explorer Etherscan has identified the address as belonging to a false phishing wallet, KuCoin has declared that they would not freeze the user’s funds in the absence of an official warning from law enforcement.

However, KuCoin has also stated that they will assist and cooperate with law enforcement agencies to take temporary risk control measures if the reporting party provides relevant legal documents, procedures, or reporting records. KuCoin made this statement in response to a question about whether or not they would do this. This action will be carried out in compliance with user agreements, complaints and reports, as well as the laws of the Seychelles.

The KuCoin platform had a security breach on April 24, which led to the official Twitter account of the platform being hacked. This issue arises as a consequence of that incident. The account intentionally uploaded misleading activities, which resulted in the loss of assets for several of its followers. After discovering the security flaw, KuCoin collaborated with Twitter to restore the hacked social media account and made a commitment to compensate the users whose accounts were compromised.

Some people in the cryptocurrency community have voiced their disagreement with KuCoin’s decision to not place a freeze on the user’s assets. These individuals believe that it is the responsibility of the exchange to protect its users from fraudulent behavior on its platform. On the other hand, some people have pointed out that KuCoin does not have the legal power to freeze assets since it has not received an official warning from law authorities.

This incident demonstrates how vitally important security is in the cryptocurrency business and how essential it is for exchanges to take preventative steps to thwart fraudulent conduct. Although KuCoin has pledged to assist law enforcement agencies, it is not yet clear how this situation will be resolved or what steps will be taken to prevent incidents of this nature from occurring in the future. KuCoin has stated that it will assist law enforcement agencies.


Tagged : / / / / /

Binance Launches Joint Anti-Scam Campaign

 Binance, one of the world’s largest cryptocurrency exchanges, has launched a new campaign aimed at preventing scams in cooperation with local law enforcement agencies. The initiative, called the “Joint Anti-Scam Campaign,” was first rolled out in Hong Kong and aims to help potential victims of scams avoid falling prey to fraudulent activity.

As part of the campaign, Binance collaborated with the Hong Kong Police Force’s Cyber Security and Technology Crime Bureau to create an “alert and crime prevention message” for Hong Kong residents. When users attempted to make withdrawals, they were subjected to warning messages that provided information about common scams and tips on how to avoid them.

Binance investigated users’ responses to the messages over a four-week period and found that approximately 20.4% of users either decided not to make the withdrawal or investigated further to determine whether the transaction might be a scam. The success of the pilot program has led Binance to plan collaborations with police in other jurisdictions to create tailor-made warning messages for customers outside of Hong Kong.

Phishing and social engineering scams have been a recurring problem for cryptocurrency users. In February, scammers allegedly created a fake version of the ETHDenver convention website, which they used to trick users into giving away their cryptocurrency by calling a function on a malicious contract. In another example, an influential non-fungible token promoter had over $300,000 worth of CryptoPunks removed from his wallet when he was apparently fooled into interacting with a phishing site.

Binance’s Joint Anti-Scam Campaign aims to help users avoid these types of scams by providing them with targeted alerts and resources to educate them about common scams and how to avoid them. The company’s collaboration with law enforcement agencies is an important step in the fight against fraudulent activity in the cryptocurrency space. With the success of the pilot program in Hong Kong, it is hoped that this initiative will be expanded to other jurisdictions and help prevent more users from falling victim to scams.


Tagged : / / / / /

Dozens of AI-Powered Chatbot Tokens Found to Be Part of honeypot schemes

PeckShield, a company that specializes in blockchain security, has sounded the alarm after discovering hundreds of tokens that falsely claim to be tied to the artificial intelligence (AI) powered chatbot ChatGPT.“

In a post dated February 20, the company disclosed that at least three “BingChatGPT” tokens seem to be part of honeypot scams. A honeypot strategy is a kind of smart contract that deceives a user into contributing Ether (ETH), which the attacker subsequently captures and collects.

In what is commonly known as a “pump and dump” scheme or a “rug pull,” PeckShield reports that at least two of the identified tokens have already lost nearly 100% of their value, while a third is at a loss of 65%. This type of scheme involves the purchase of an asset with the intention of quickly selling it at a higher price.

Typically, the organizers of a pump-and-dump scheme would orchestrate a campaign of deceptive claims and hype to entice investors to purchase tokens, and then they will discreetly sell their interest in the plan as prices go up. This is done in order to make a profit from the scam.

According to PeckShield, at least one of the malicious actors behind the tokens is known as “Deployer 0xb583,” and he is responsible for the creation of “dozens of tokens using a pump and dump strategy.”

PeckShield did not provide an explanation as to why the malicious actors are using the name BingChatGPT for their tokens; however, it is possible that the scammers are attempting to capitalize on the announcement made on February 7 that OpenAI’s ChatGPT technology will be integrated into Bing as well as Microsoft’s Edge web browser.

It’s possible that using the name “Microsoft Token” is an effort to fool victims into believing they are connected to Microsoft in some way, in order to capitalize on the buzz surrounding AI chatbots.

A research published on February 16 by the blockchain analytics company Chainalysis stated that approximately 10,000 new tokens created in 2022 exhibited all the on-chain hallmarks of being pump-and-dump operations. This information was recently made public.

According to the Blockchain analytics company, there were 1.1 million tokens released in 2018, but only 40,521 had a “effect on the crypto ecosystem.” This means that there were at least 10 swaps during four consecutive days of trading in the week after their introduction.

The company said that of of the 40,521 tokens that were introduced in 2022 and got sufficient momentum to be worth investigating, 9,902 or 24 percent had a price fall in the first week that was suggestive of likely pump and dump behaviour.

The company noted that it examined 25 specific tokens and found that “they were almost certainly designed for a pump and dump,” with malicious honeypot code that prevents new buyers from selling the token. While a price drop on its own is not an indication of wrongdoing on the part of token creators, the company noted that it examined 25 in particular and found that “they were almost certainly designed for a pump and dump.”


Tagged : / / / / / / /

Hope Finance Scam Leaves Prospective DeFi Users Out of Pocket

After the discovery of a vulnerability with a value of $2 million, potential customers of an Arbitrum-based decentralized finance (DeFi) effort have been left without any financial remedy. This is because the vulnerability has been exploited.

On February 21, the Hope Finance Twitter account warned clients about the fraud, which prompted the Web3 security company CertiK to raise the alarm about the situation.

It is quite challenging to get any information on the project. A Twitter account for the platform was established in January of 2023, and on that account, information was published on the network’s plans to build an algorithmic stablecoin that would be dubbed Hope token. This information was provided on the Twitter account (HOPE). The amount of Ether that is now being exchanged for one unit of HOPE causes real-time modifications to be made to the supply of the HOPE coin (ETH).

“It would seem that the con artist modified with the TradingHelper contract, which meant that the money were delivered to the con artist every time 0x4481 called OpenTrade on the GenesisRewardPool.” This includes the erroneous application of a modifier as well as the potential of reentrancy attacks. Cognitos discovered that the smart contract code was still able to pass the audit with flying colors, despite the fact that these vulnerabilities had been identified and pointed out.

As a reaction to the fraudulent behavior, Hope Finance disseminated information to its users, which provided them with the possibility to remove staked currency from the protocol by making use of an emergency withdrawal option.

Arbitrum is a roll-up network that was built on top of Ethereum’s layer 2 and has the potential to enable smart contracts to expand in an exponential form. This potential was discovered when the network’s creators saw that Ethereum’s layer 2 was lacking in roll-up capabilities.

Optimism and the other layer-2 protocols are continue to deal with an ever-increasing amount of transactions inside the Ethereum ecosystem. The ability to maintain a positive outlook is one of these protective strategies.


Tagged : / / / / / /

MetaMask Warns Investors Against Phishing Attempts by Scammers

MetaMask, a popular supplier of cryptocurrency wallets, issued a warning to investors about continuous phishing efforts. These phishing attempts are being carried out by fraudsters who are trying to contact consumers using Namecheap’s third-party upstream system for emails.

The web hosting business Namecheap discovered that one of its third-party services had been abused in the evening of February 12 for the purpose of sending some unwanted emails, which were directed specifically against users of MetaMask. “email gateway problem” was how Namecheap referred to the situation in question.

In the proactive notice, MetaMask informed its million users that it does not collect Know Your Customer (KYC) information and would never contact users through email to discuss account details. This was done to ensure that users are aware that the company does not conduct KYC checks.

Phishing emails sent out by the hacker include a link that, when clicked, takes the recipient to a bogus MetaMask website that requests a confidential recovery phrase “to keep your wallet safe.”

Investors were cautioned by the provider of the wallet not to disclose their seed words, since doing so would give an unauthorized third party entire control over the user’s cash.

NameCheap has additionally verified that its services were not compromised in any way, nor did any customer information get compromised as a result of this incident. Namecheap acknowledged that their mail delivery was restored within two hours after the original notification, and that all future notifications will now come from the official source.

On the other hand, the primary problem with the sending of unwanted emails is still being looked at at this time. When dealing with correspondence from MetaMask and Namecheap, investors are cautioned to double examine any website URLs, email addresses, and points of contact provided by the companies.

A hacker utilized Google Ad services in January to steal nonfungible tokens (NFTs) and cryptocurrencies from investors. This incident took place in January.

After inadvertently installing malicious malware that was placed in a Google advertising, the NFT influencer known as NFT God suffered “a life-changing amount” of loss.

The event took place when the influencer used the Google search engine in order to download OBS, which is open-source software for video streaming. However, he chose to click on the link that led to a sponsored advertising rather than the legitimate link, which resulted in a loss of financial resources.


Tagged : / / / / / / / /

Webaverse Co-Founder Reveals $4 Million Crypto Hack

After having a meeting with con artists who pretended to be investors in a hotel lobby in Rome, the co-founder of the Web3 metaverse gaming engine known as “Webaverse” has stated that the company was the victim of a $4 million crypto heist.

According to the co-founder Ahad Shams, the most peculiar feature of the incident is the fact that the cryptocurrency was taken from a Trust Wallet that had just been set up and that the hack took place at some time during the meeting.

He asserts that the burglars had no way of knowing the private key since he was not linked to a public WiFi network at the time and they would not have had access to it.

Shams thinks that the burglars were able to access the wallet while she was photographing the contents of the wallet to record the amount.

The letter, which was published on Twitter on February 7 and comprises testimonies from Webaverse and Shams, explains that they met with a guy called “Mr. Safra” on November 26 after many weeks of negotiations regarding the possibility of receiving funds.

Shams provided the following explanation: “We communicated with ‘Mr. Safra’ by email and video chats, and he stated that he wanted to invest in interesting Web3 startups.”

“He explained that he had been scammed by people in crypto before, and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added. “He explained that he had been scammed by people in crypto before.”

Even though Shams was initially skeptical, he agreed to meet “Mr. Safra” and his “banker” in person in the lobby of a hotel in Rome. During this meeting, Shams was supposed to show “Mr. Safra” the “proof of funds” for the project, which “Mr. Safra” claimed he needed in order to begin the “paperwork.””

“Despite the fact that we reluctantly agreed to the Trust Wallet ‘evidence,’ we went ahead and set up a brand new account for Trust Wallet at home on a device that we don’t often use when interacting with them. Our logic led us to believe that even if we lost our private keys or seed phrases, the monies would still be secure “explained Shams.

When we first got together, the three of us sat across from each other and put four million USDC into the Trust Wallet. “Mr. Safra” requested to see the current balances on the Trust Wallet app, at which point he pulled out his phone and pretended to “shoot some photographs.”

Shams clarified that he was of the opinion that everything was above board since “Mr. Safra” did not have access to any private keys or seed phrases.

But as “Mr. Safra” left the conference room, ostensibly to confer with his other banking colleagues, he vanished without a trace and was never seen again. Then Shams saw the disappearance of the cash.

“We were never able to locate him again. After a few minutes, the money was gone from the wallet.

Shams reported the theft to a local police station in Rome almost soon after it occurred, and a few days later she sent an Internet Crime Complaint (IC3) form to the Federal Bureau of Investigation in the United States.


Tagged : / / / / / / / / / /

3 Website Operators Lured Romance-Seeking Victims Into Their Fraud

The New Jersey Bureau of Securities has issued a cease and desist order to the owners of three websites, instructing them to stop attempting to con people who are looking for love into investing in their fraudulent cryptocurrency scams. The order was issued in response to the New Jersey Bureau of Securities’ discovery that the owners of these websites were targeting people who were looking for love. The New Jersey Bureau of Securities made the finding that the websites were specifically targeting persons who were interested in romantic relationships, which led to the issuance of the order. The New Jersey Bureau of Securities conducted an investigation into the websites in question, and based on the results of that investigation, the agency made the decision to issue the order.

The orders to cease and desist were reportedly sent to the firms Meta Capitals Limited, Cresttrademining Limited, and Forex Market Trade, as stated in a press release that New Jersey Attorney General Matthew Platkin released on February 3rd. The office of the state’s Attorney General made the statement that was issued by Platkin available to the general public for viewing.

The three companies all pretended to be platforms for trading cryptocurrencies, and they convinced their customers that they would be able to significantly increase the amount of money that they had in their accounts if they simply replicated the actions taken by the “expert traders” employed by the companies. However, the customers lost all of their money because the companies were only pretending to be platforms for trading cryptocurrencies.

By contacting individuals who are using dating apps like Tinder to hunt for love connections, these organisations recruit fresh victims for a scam that is frequently referred to as “pig slaughtering.”

Con artists will contact prospective victims on social media, attempt to build a romantic relationship with them, and when they have gained the confidence of their victims, they will try to trick them into investing in a fake bitcoin investment plan. This kind of fraudulent behaviour that takes place online is referred to as “pig butchering,” and it has its own moniker.


Tagged : / / / / / / /

NFT project was actually a “social experiment” designed to shed light

Little Shapes NFT was first conceived as a “social experiment,” as disclosed by Atto, the pseudonymous originator of the project. The goal of the “social experiment” was to bring light on large-scale nonfungible token (NFT) bot network frauds on Twitter.

Since late December 2022, Little Shapes has been receiving a significant amount of attention from the crypto community as well as the media. This is because the creator of the company was featured in multiple tweets that went viral and detailed events in his life that sounded too fantastic to be true.

A man woke up after being in a coma for five months, discovered that he had assets locked on FTX, told his wife about it, and then discovered that she had been cheating on him with other individuals in the NFT business. These are just a few examples.

However, the exposé was based on true events. “Here’s how a ring of influencers and entrepreneurs sucked more than $200 million out of the ecosystem across 274 projects,” Little Shapes NFT stated, adding that: “Over the course of the previous year, NFT Twitter has been managed and controlled largely by a lone Twitter botnet.” The majority of its appearances were in February 2022, and it was put to use in combination with a network of influential people and beta testers in order to sell out projects.

The actual paper has a heading that reads, “The insider NFT bot network that’s been dominating the market behind the scenes.”

It claims that from February 2022, a huge number of low-level NFT ventures have used bot networks to artificially develop excitement and legitimacy in an effort to scam investors. This was done in an attempt to pull the wool over investors’ eyes.

During an interview that took place on February 2 with BuzzFeed News, Atto, who is also the creator of BALLZNFT, referred to Little Shapes as “performance art” and emphasised that “people don’t pay attention until you give them a reason to.”

He added, “I needed a tale that sells to ensure that no one would disregard a story that hurts,” and that was exactly what he did. “I needed a story that sells.”

The paper refers to bot networks such as “Dmister” that provide social media engagement as a crucial channel for NFTs projects and only price around one hundred dollars for every one thousand likes, retweets, and responses purchased.

The BALLZNFT team even promoted Little Shapes NFT by using Dmister as an example of how it works in order to spread awareness about their product.


Tagged : / / / /
Bitcoin (BTC) $ 25,790.91 3.72%
Ethereum (ETH) $ 1,814.80 3.01%
Litecoin (LTC) $ 87.31 6.66%
Bitcoin Cash (BCH) $ 109.29 3.91%