Značka: Scam

Coin Bureau Youtube channel hacked despite 2FA protection

Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were “secured with ultra-strong passwords and Google security keys.”So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious problem which other creators are also experiencing. Please fix— Coin Bureau (guy.eth) (@coinbureau) January 24, 2022This was by no means an isolated incident. Prominent crypto Youtubers such as Ivan on Tech and Real Vision Finance have had their accounts compromised within the past few days. It appears to have been a coordinated effort as hackers uploaded a video titled “One World Cryptocurrency,” that solicited the same type of token sales across all breached accounts. In addition, the accounts were all logged in from an IP address in the Philippines, although the VPNs were widespread, which makes it difficult to track exact login locations.Seems like it’s happening to other YouTubers at the same time. @Altcoinbuzzio @FloydMayweather Also possibly @IvanOnTech @aantonop (seen by my telegram members). pic.twitter.com/WvknuyL3Px— Boxmining (@boxmining) January 23, 2022It’s unclear how much the hackers took in as both creators and Youtube quickly took down the scam videos. However, there have been unconfirmed reports from Twitter users claiming losses. One user, @James86965119, allegedly transferred $1,000 worth of digital currencies to the fake addresses posted by the hacker. In addition, if the allegations from the Youtubers are proven, then it would raise questions regarding the effectiveness of Google’s two-factor authentication service. Theoretically, hackers would not be able to access one’s Youtube account unless they had both the password and security key.

Čítaj viac

Crypto YouTubers fall victim to hacking and scamming attempt

Hackers attacked a number of popular crypto YouTuber accounts at some point during the afternoon of Jan. 23. The accounts posted unauthorized videos with text directing viewers to send money to the hacker’s wallet. Accounts who appear to have been targeted by the attack include: ‘BitBoy Crypto’, ‘Altcoin Buzz’, ‘Box Mining’, ‘Floyd Mayweather’, ‘Ivan on Tech’, and ‘The Moon’ among others. BREAKING: Dozens of Crypto YouTubers have had their accounts hijacked by hackers promoting a fake crypto giveaway scam. Hacked accounts include:@IvanOnTech@boxmining@aantonop@themooncarl@Bitboy_Crypto@mmcrypto@Altcoinbuzzio@FloydMayweather@crypto_banter@CoinMarketCap pic.twitter.com/ykXkZUh9cO— Mr. Whale (@CryptoWhale) January 23, 2022The Binance Smart Chain wallet address that was listed on the fraudulent videos only had a total of 9 transactions in BNB at the time of writing, with a total value of around $850.Michael Gu told Cointelegraph that his YouTube channel Boxmining posted a video without his permission. “Luckily we caught it within two mins of the video going live and managed to delete it,” he said. “By that time there were already views and comments from my community.”He added that he had done an internal sweep and found no viruses or bugs that may have given the hackers access to his account. “Seems like YouTube might be responsible,” he said. Many Crypto Youtubers (including me) got hacked today – all publishing a scam video at around the same time – @IvanOnTech @aantonop @Bitboy_Crypto @Altcoinbuzzio @FloydMayweather @crypto_banter @CoinMarketCapI have 2FA enabled. pic.twitter.com/c8z5qmJ3bT— Boxmining (@boxmining) January 23, 2022

One Reddit post by user “9Oh8m8” suggested that it appears as though the hackers were able to gain access to the accounts using a SIM swap scam, which would have enabled them to bypass two-factor authentication (2FA). They added:“They are all posting with a title like “ONE WORLD CRYPTOCURRENCY”. They have an address in vid and description to send your USDT/USDC/BNB/ETH to receive a new crypto called OWCY.” However, Gu wasn’t convinced that the hack was a result of a SIM swap, telling Cointelegraph that there were no logins on his personal Google account. “If it was a SIM swap I would lose access to my phone etc and that didn’t happen,” he said. “What we noticed was on the BRAND account (which doesn’t have a login. YouTube brand accounts are connected to personal) there was a login from the Philippines. Very likely this is either a hack on YouTube side or a rogue employee. That’s how they got so many people at the same time.”Founder and CEO of the Altcoin Buzz YouTube channel Shash Gupta added that they noticed something was amiss at around 1 AM Singapore time on Sunday night when an unauthorized video was posted to their channel. “It’s pretty unclear what happened. I’m talking to Youtube to get to understand the matter and avoid such further breaches.”Related: YouTube channels hacked and rebranded for livestreaming crypto scamsAnother crypto YouTuber Richard Heart tweeted at 9:30PM UTC that his channel had been banned during the middle of a livestream, indicating that YouTube was probably aware of the event. Hello again @YouTubecreators My channel was just banned in the middle of a livestream. I think it might have to do with all of the other youtubers that were hacked at the same time today. Could you check please, thanks! @YouTube @YouTube— Richard Heart PulseX.com! Called the Bitcoin top! (@RichardHeartWin) January 23, 2022

Cointelegraph reached out to YouTube and a number of other crypto content creators who were affected by the hack but had not received any additional information at the time of writing.

Čítaj viac

CoinMarketCap allegedly lists 3 fake SHIB contract addresses, Twitter firestorm ensues

A bit Twitter drama ensued on Thursday, continuing well into Friday afternoon, when developers behind popular meme token Shiba Inu (SHIB) issued a statement alleging that CoinMarketCap had listed three fake SHIB contract addresses belonging to the Binance Smart Chain (BNB), Solana (SOL), and Terra Luna (LUNA) blockchains. The staff at Shiba Inu claimed that the addresses were unsafe and that CoinMarketCap had refused to correct the alleged mistake. At the time of publication, the contract addresses are still viewable on CoinMarketCap.Official Statement regarding the recent actions by @CoinMarketCap . pic.twitter.com/DXP2wZRhYC— Shib (@Shibtoken) January 13, 2022Earlier in the day, CoinMarketCap issued a response claiming that the contract addresses listed on the page are wormhole addresses designed to facilitate cross-chain transactions. According to the popular crypto price-tracking site, the staff at Shiba Inu did not go through official channels to contact them and have reached out for greater clarification.Please note that the non-ETH contract addresses on this page @shibtoken are wormhole addresses, which are designed to facilitate cross-chain transactions of wrapped versions of this assethttps://t.co/IhbNBJkwnf— CoinMarketCap (@CoinMarketCap) January 14, 2022

While Shytoshi Kusama, volunteer project lead for Shiba Inu, did not comment on the issue, the developer retweeted a post from Twitter user @wenfloat, who said:”If you are going to allow scammers to add false contracts in our page (WE ARE ONLY ERC-20), you should delist SHIB. At least you won’t be collaborating with scams. You’ve ignored us for months; where’s your professionalism?”Shiba Inu is known for its stellar token gains over the past 12 months, as well as its (sometimes overly) enthusiastic investors. Last December, former SHIB influencer and Medical Q&A platform Ask the Doctor filed a lawsuit against Shytoshi Kusama, alleging libel, and threatened to reveal his personal identity in court. In response, the site lost approximately 10,000 followers out of 58,000 within hours and had its Twitter posts buried in a flurry of ridicule, along with hundreds of one-star reviews on TrustPilot (most of which have since been removed).

Čítaj viac

FTC issues public warning about new crypto ATM scam

The United States Federal Trade Commission published an alert of a new version of a scam involving cryptocurrencies. The scam has three key components, an impersonator, a QR code and a crypto ATM where the victims will be directed to send money.According to the FTC, fraudsters pretend to be public officials, law enforcement agents or employees of local utility companies. The imposters also utilize dating apps and pretend to be potential romantic partners or call victims to announce that you’ve won a prize.No matter how it starts, it always ends up with the scammer asking for money. If the user falls for the spiel, the scammer tells them to withdraw some cash and go to a crypto ATM. After that, they ask to purchase crypto through the ATM. Here, the QR code comes into play. They share the QR code of their wallet address with the victim. Because of this, once the victim scans the code, the purchased crypto assets would transfer to the fraudster’s account.Cristina Miranda from FTC’s the Division of Consumer and Business Education explained: “Here’s the main thing to know: nobody from the government, law enforcement, utility company or prize promoter will ever tell you to pay them with cryptocurrency. If someone does, it’s a scam, every time.”Related: CertiK identifies Arbix Finance as a rug pull, warns users to steer clear Meanwhile, a crypto crime report shows that in 2021, $7.7 billion worth of crypto was stolen from scam victims worldwide. The number reveals an 81% increase in comparison to 2020.

Čítaj viac

What is a honeypot crypto scam and how to spot it?

What is a crypto honeypot and why is it used?Smart contracts programs across a decentralized network of nodes can be executed on modern blockchains like Ethereum. Smart contracts are becoming more popular and valuable, making them a more appealing target for attackers. Several smart contracts have been targeted by hackers in recent years. However, a new trend appears to be gaining traction; namely, attackers are no longer looking for susceptible contracts but are adopting a more proactive strategy. Instead, they aim to trick their victims into falling into traps by sending out contracts that appear to be vulnerable but contain hidden traps. Honeypots are a term used to describe this unique sort of contract. But, what is a honeypot crypto trap?Honeypots are smart contracts that appear to have a design issue that allows an arbitrary user to drain Ether (Ethereum’s native currency) from the contract if the user sends a particular quantity of Ether to the contract beforehand. However, when the user tries to exploit this apparent flaw, a trapdoor opens a second, yet unknown, preventing the ether draining from succeeding. So, what does a honeypot do?The aim is that the user focuses entirely on the visible weakness and ignores any signs that the contract has a second vulnerability. Honeypot attacks function because people are frequently easily deceived, just as in other sorts of fraud. As a result, people cannot always quantify risk in the face of their avarice and assumptions. So, are honeypots illegal?How does a honeypot scam work?In crypto cyber attacks like honeypots, the user’s cash will be imprisoned, and only the honeypot creator (attacker) will be able to recover them. A honeypot usually works in three stages:To set up honeypots in Ethereum smart contracts, an attacker does not need any specific skills. An attacker, in reality, has the same skills as a regular Ethereum user. They only need the money to set up the smart contract and bait it. A honeypot operation, in general, consists of a computer, programs and data that mimic the behavior of a real system that might be appealing to attackers, such as Internet of Things devices, a banking system, or a public utility or transit network. Even though it looks like a part of the network, it is isolated and monitored. Because legitimate users have no motive to access a honeypot, all attempts to communicate with it are regarded as hostile. Honeypots are frequently deployed in a network’s demilitarized zone (DMZ). This strategy separates it from the leading production network while keeping it connected. A honeypot in the DMZ may be monitored from afar while attackers access it, reducing the danger of a compromised main network.To detect attempts to infiltrate the internal network, honeypots can be placed outside the external firewall, facing the internet. The actual location of the honeypot depends on how intricate it is, the type of traffic it wants to attract and how close it is to critical business resources. It will always be isolated from the production environment, regardless of where it is placed.Logging and viewing honeypot activity provides insight into the degree and sorts of threats that a network infrastructure confronts while diverting attackers’ attention away from real-world assets. Honeypots can be taken over by cybercriminals and used against the company that set them up. Cybercriminals have also used honeypots to obtain information on researchers or organizations, serve as decoys and propagate misinformation.Honeypots are frequently hosted on virtual machines. For example, if the honeypot is compromised by malware, it can be rapidly restored. For example, a honeynet is made up of two or more honeypots on a network, whereas a honey farm is a centralized collection of honeypots and analysis tools.Honeypot deployment and administration can be aided by both open source and commercial solutions. Honeypot systems that are sold separately and honeypots that are combined with other security software and advertised as deception technology are available. Honeypot software may be found on GitHub, which can assist newcomers in learning how to utilize honeypots.Types of honeypotsThere are two types of honeypots based on the design and deployment of smart contracts: research and production honeypots. Honeypots for research collect information on attacks and are used to analyze hostile behavior in the wild. They acquire information on attacker tendencies, vulnerabilities and malware strains that adversaries are currently targeting by looking at both your environment and the outside world. This information can help you decide on preventative defenses, patch priorities and future investments.On the other hand, production honeypots are aimed at detecting active network penetration and deceiving the attacker. Honeypots provide extra monitoring opportunities and fill in common detection gaps that surround identifying network scans and lateral movement; thus, obtaining data remains a top responsibility.Production honeypots run services that would typically run in your environment alongside the rest of your production servers. Honeypots for research are more complicated and store more data types than honeypots for production.There are also many tiers inside production and research honeypots, depending on the level of sophistication your company requires:High-interaction honeypot: This is comparable to a pure honeypot in that it operates a large number of services, but it is less sophisticated and holds less data. Although high-interaction honeypots are not intended to replicate full-scale production systems, they run (or appear to run) all of the services commonly associated with production systems, including functioning operating systems. The deploying company can observe attacker habits and strategies using this honeypot form. High-interaction honeypots need a lot of resources and are difficult to maintain, but the results can be worth it.Mid-interaction honeypot: These imitate characteristics of the application layer but lack their operating system. They try to interfere or perplex attackers so that businesses have more time to figure out how to respond appropriately to an attack.Low-interaction honeypot: This is the most popular honeypot used in a production environment. Low-interaction honeypots run a few services and are primarily used as an early warning detection tool. Many security teams install many honeypots across different segments of their network because they are simple to set up and maintain.Pure honeypot: This large-scale, production-like system runs on multiple servers. It is full of sensors and includes “confidential” data and user information. The information they provide is invaluable, even though it can be complex and challenging to manage.Several honeypot technologiesThe following are some of the honeypot technologies in use:Client honeypots: The majority of honeypots are servers that are listening for connections. Client honeypots actively search out malicious servers that target clients, and they keep an eye on the honeypot for any suspicious or unexpected changes. These systems are usually virtualized and have a containment plan in place to keep the research team safe.Malware honeypots: These identify malware by using established replication and attack channels. Honeypots (such as Ghost) have been designed to look like USB storage devices. For example, if a machine becomes infected with malware that spreads by USB, the honeypot will deceive the malware into infecting the simulated device.Honeynets: A honeynet is a network of several honeypots rather than a single system. Honeynets are designed to follow an attacker’s actions and motives while containing all inbound and outbound communication.Open mail relays and open proxies are simulated using spam honeypots. Spammers will first send themselves an email to test the available mail relay. If they are successful, they will send out a tremendous amount of spam. This form of honeypot can detect and recognize the test and successfully block the massive amount of spam that follows.Database honeypot: Because structured query language injections can often go undetected by firewalls, some organizations will deploy a database firewall to build decoy databases and give honeypot support.How to spot a crypto honeypot?Examining the trade history is one technique to recognize a honeypot crypto fraud. A cryptocurrency should generally allow you to buy and sell it whenever you desire. There will be a lot of buys for the coin in a honeypot scam, but people will have a hard time selling it. This indicates that it is not a legitimate coin, and you should avoid it. Moreover, the data science approach based on the contract transaction behavior can be used to classify contracts as honeypots or non-honeypots. Where can honeypots arise in Ethereum smart contracts?Honeypots might appear in three different areas of Ethereum smart contracts implementation. These are the three levels:The Etheruem virtual machine (EVM)- Although the EVM follows a well-established set of standards and rules, smart contract writers can present their code in ways that are misleading or unclear at first glance. These tactics might be costly for the unsuspecting hacker.The solidity compiler-The compiler is the second area where smart contract developers may capitalize. While certain compiler-level bugs are well-documented, others may not be. These honeypots can be difficult to discover unless the contract has been tested under real-world settings.The Etherscan blockchain explorer-The third sort of honeypot is based on the fact that the data presented on blockchain explorers is incomplete. While many people implicitly believe Etherscan’s data, it doesn’t necessarily show the whole picture. On the other hand, wily smart contract developers can take advantage of some of the explorer’s quirks.How to protect against honeypot contract scams?This section guides how to get out of the honeypot scams to avoid losing your money. There are tools available to assist you in seeing red signals and avoiding these currencies. For instance, use Etherscan if the coin you’re buying is on the Ethereum network or use BscScan if the coin under consideration is on the Binance Smart Chain. Find out your coin’s Token ID and enter it on the appropriate website. Go to “Token Tracker” on the next page. A tab labeled “Holders” will appear. You can see all of the wallets that hold tokens and the liquidity pools there. Unfortunately, there are numerous combinations of items of which to be aware. The following are some of the red flags that you should know to protect against honeypot crypto scams:No dead coins: If more than 50% of coins are in a dead wallet, a project is relatively protected from rug pulls (but not a honeypot) (usually identified as 0x000000000000000000000000000000000000dead). If less than half of the coins are dead or none are dead, be cautious.No audit: The chances of a honeypot are nearly always eliminated if a trustworthy company audits them.Large wallets holders: Avoid cryptocurrencies that have only one or a few wallets.Scrutinize their website: This should be pretty straightforward; but, if the website appears rushed and the development is poor, this is a warning sign! One trick is to go to whois.domaintools.com and type in the domain name to see when it was registered for a website. You might be quite sure it’s a fraud if the domain was registered within 24 hours or less of the project’s start.Check their social media: Scam projects usually feature stolen and low-quality photos, grammatical problems and unappealing “spammy messages” (such as “drop your ETH address below!”), no links to relevant project information and so on.Token Sniffer is another excellent resource to spot honeypot crypto. Look for the “Automated Contract Audit” results by entering the Token ID in the top right corner. Stay away from the project if there are any alerts. Because many projects now employ contract templates, the “No prior similar token contracts” indication can be a false positive.If your coin is listed on the Binance Smart Chain, go to PooCoin, enter the Token ID again and monitor the charts. Stay away if there aren’t any wallets selling or if only one or two wallets are selling your chosen coin. Most likely, it’s a honeypot. It’s not a honeypot if many wallets are selling the chosen coin. Lastly, you should conduct thorough research before parting with your hard-earned cash when purchasing cryptocurrencies.How is a honeypot different from a honeynet?A honeynet is a network made up of two or more honeypots. It can be beneficial to have a honeypot network that is connected. It allows businesses to track how an attacker interacts with a single resource or network point and how an invader moves between network points and interacts with many points at once. The goal is to persuade hackers that they have successfully breached the network; therefore, adding more false network locations to the realism of the arrangement. Honeypots and honeynets with more advanced implementations, such as next-generation firewalls, intrusion detection systems (IDSes), and secure web gateways, are referred to as deception technology. Intrusion detection systems refer to a device or software program that watches for hostile activity or policy breaches on a network. Automated capabilities of deception technology allow a honeypot to respond to potential attackers in real-time.Honeypots can assist firms in keeping up with the ever-changing risk landscape as cyber threats emerge. Honeypots provide vital information to ensure an organization is prepared and are possibly the best means to catch an attacker in the act, even though it is impossible to forecast and prevent every attack. They’re also a good source of knowledge for cybersecurity professionals.What are the pros and cons of honeypots?Honeypots collect data from genuine attacks and other illicit activity, giving analysts a wealth of knowledge. Furthermore, there are fewer false positives. For example, ordinary cybersecurity detection systems can generate many false positives, but a honeypot minimizes the number of false positives because genuine users have no motive to contact the honeypot.Additionally, honeypots are worthwhile investments since they only interact with harmful actions and do not demand high-performance resources to process enormous volumes of network data in search of attacks. Lastly, even if an attacker is using encryption, honeypots can detect malicious activities.Although honeypots provide many advantages, they also have a lot of drawbacks and risks. For instance, honeypots only collect data in the event of an attack. There have been no attempts to access the honeypot; thus, no data exists to examine the attack.Furthermore, malicious traffic acquired by the honeypot network is only collected when an attack is launched against it; if an attacker suspects a network is a honeypot, they will avoid it.Honeypots are generally recognizable from legal production systems, which implies that skilled hackers can easily distinguish a production system from a honeypot system using system fingerprinting techniques.Despite the fact that honeypots are isolated from the real network, they eventually connect in some way to allow administrators to access the data they hold. Because it seeks to lure hackers to get root access, a high-interaction honeypot is often deemed riskier than a low-interaction one.Overall, honeypots aid researchers in understanding risks in network systems, but they should not be used in place of standard IDS. For example, if a honeypot isn’t set up correctly, it might be exploited to acquire access to real-world systems or a launchpad for assaults on other systems.

Čítaj viac

Hong Kong NFT project Monkey Kingdom loses $1.3M in phishing hack, launches compensation fund

On Tuesday, Solana nonfungible token (NFT) project Monkey Kingdom, which has received notable backing from American DJ Steve Aoki, announced via Twitter that hackers made off with $1.3 million of the community’s crypto funds through a security breach on Discord. According to its developers, the hack first occurred with the breach of Grape, a popular solution for verifying users on Solana. Hackers then used the exploit to take over an administrative account, which posted a phishing link in the Monkey Kingdom Discord’s announcement channel. Users who followed the link connected their wallets expecting they would receive an NFT but instead were drained of their SOL tokens by the scammer.Announcement on the discord hack pic.twitter.com/1r7svjlZcB— Monkey Kingdom (@MonkeyKingdom_) December 21, 2021Tragically, the hack took place when users were lining up for the project’s second drop. The Monkey Kingdom consists of 2,222 algorithmically generated NFTs centered around Sun Wukong, otherwise known as “The Monkey King” in Chinese folklore. All proceeds from the initial sale of the NFTs were to go to a charity of choice, with the intent of supporting Asian communities worldwide. It was one of the most successful NFT projects to have originated in Asia. Guys I got drained 650 $SOL.It is one my biggest mistake.I am always recommending people using burner but I was nervous and fomo the Monkey Kingdom Mint. Never thought it was not a legit mint link in official discord.It is important money to my family: my wife, my son. pic.twitter.com/rtWbCu81Ga— commenstar (@commenstar) December 21, 2021

Related: Beeple’s Discord compromised, timed to coincide with Christie’s auctionOne Twitter user, who goes by the name of “commenstar,” claims to have lost 650 SOL, worth roughly $120,400, due to the scam. But all was not lost. The staff at Monkey Kingdom has set aside a compensation fund for victims and is on track to fully reimburse those affected. The timeline and process for distributing the funds has not yet been disclosed.Phishing attacks are nothing new for the crypto industry. Over the past year, scammers have been repeatedly targeting Discord users and exploiting the platform itself to orchestrate such NFT hacks. Monkey Kingdom community, we have your back! We have begun processing compensation requests and will be contacting individuals starting today. Thank you for your patience! Once you receive your compensation, please kindly share the news with the community. For the Kingdom!! pic.twitter.com/TVbuSqdKtq— Monkey Kingdom (@MonkeyKingdom_) December 22, 2021

Čítaj viac
Načítava

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy