Ngày 11/1, tài khoản mạng xã hội của Litecoin trên X đã bị tin tặc xâm nhập ngắn hạn để quảng bá một mã thông báo lừa đảo liên quan đến Litecoin trên mạng Solana.
Chi tiết vụ việc
Tin tặc đã đăng bài quảng cáo mã thông báo gian lận kèm địa chỉ hợp đồng và liên kết pump.fun.Nội dung bài đăng bị sai ngữ pháp và đã nhanh chóng bị xóa sau khi nhóm Litecoin lấy lại quyền kiểm soát.Nguyên nhân được xác định là một tài khoản được ủy quyền bị xâm phạm, và tài khoản này đã bị vô hiệu hóa.
Bối cảnh
Sự cố này là một phần trong chuỗi các vụ tấn công gần đây nhằm vào tài khoản mạng xã hội X, với mục tiêu quảng bá mã thông báo giả hoặc liên kết lừa đảo để chiếm đoạt tài sản và dữ liệu nhạy cảm của người dùng.
Nhóm Litecoin đã khuyến cáo người dùng thận trọng trước những thông tin không chính thức và xác minh từ các nguồn đáng tin cậy.
Hãy luôn cẩn trọng và tuân thủ các nguyên tắc sau để bảo vệ tài sản của mình:
Kiểm tra nguồn thông tin chính thức: Chỉ tin tưởng các thông báo từ các kênh chính thức và được xác minh.Không nhấp vào liên kết đáng ngờ: Tránh truy cập các liên kết không rõ nguồn gốc hoặc được gửi từ tài khoản không chính thức.Bảo vệ tài khoản cá nhân: Sử dụng xác thực hai yếu tố (2FA) và mật khẩu mạnh cho các tài khoản liên quan đến tài chính.Cảnh giác với ưu đãi "quá tốt để tin": Những lời mời gọi hứa hẹn lợi nhuận cao thường là lừa đảo.Cập nhật kiến thức: Theo dõi các tin tức bảo mật mới nhất để bảo vệ tài sản số.
Hãy luôn giữ vững cảnh giác và bảo vệ thông tin cá nhân của mình!
#Hack #Litecoin #LTC

Cám ơn các bạn đã theo dõi!
Hãy like, comment và follow Cafebit Research để luôn cập nhật những tin tức mới nhất về thị trường tiền điện tử và không bỏ lỡ bất kỳ thông tin quan trọng nào nhé!

On Thursday, Ronin gaming platform wallets were compromised, resulting in the theft of approximately $9.5 million worth of Ethereum. The perpetrators utilized Tornado Cash service to launder the stolen funds, mixing transactions from multiple users to obscure the cryptocurrency's origin. Among the affected individuals is one of the founders of Ronin and Axie Infinity, who disclosed the incident on Twitter.
Theft Details: 3,250 ETH Moved by Unknown Perpetrators
A precise sum of 3,250 ETH was siphoned from gaming wallets on the Ronin network, amounting to $9.5 million. The attackers subsequently transferred these funds to three distinct Ethereum wallets via a network bridge. The ETH was then laundered through the Tornado Cash service, complicating its traceability.
Personal Accounts of Jeff 'Jiho' Zirlin Compromised
Jeff "Jiho" Zirlin, co-founder of Ronin and Axie Infinity, announced on Thursday evening that his personal wallets had been compromised in the attack. He stated that the attack solely targeted his personal accounts and did not impact the security or operations of the Ronin network or the activities of Sky Mavis, the company behind it.

Security of Ronin and Sky Mavis Unaffected
In response to the incident, Aleksander "Psycheout" Larsen, another founder of Sky Mavis, emphasized that the attack has no bearing on the security measures of the Ronin network bridge or the company's financial assets. Larsen highlighted that the bridge itself has undergone several security audits and is equipped with mechanisms to prevent excessive fund withdrawals.
Impact on Ronin's Market Value
As a consequence of the attack and fund depletion, the value of Ronin cryptocurrency (RON) experienced a decline, with its price plummeting from approximately $3.17 to $2.74, marking a decrease of over 13% within minutes. At the time of writing, the price partially recovered to $2.97.
Historical Context: Ronin Bridge Attack
The incident occurs two years after the attack on the Ethereum Ronin bridge, during which cryptocurrency worth $622 million was stolen. The attack was attributed to the Lazarus hacking group from North Korea, exploiting the insufficient decentralization at that time. Subsequently, a portion of the stolen funds was recovered, and Sky Mavis reimbursed users for all losses from the February 2022 attack.

$ETH
#Ronin #hack

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The cross-chain bridge of Orbit Chain was compromised by an exploit, which led to the loss of Tether, DAI, USDC, wBTC, and ETH with a combined value of around $81.4 million.
The vulnerability was exploited by the exploiter, who then transferred funds to a new wallet.
A weakness in the bridge or a hack in the centralized server was discovered as the primary reason by the blockchain security company SlowMist which was responsible for the investigation.
It has been revealed that a hack occurred on Orbit Bridge, which is a protocol for interchain communication that is utilized for asset conversion. A total of around $81.4 million worth of cryptocurrency were stolen from the system.
The Orbit Bridge was struck by a number of significant discharges.
An vulnerability that was worth $81.4 million was apparently used by hackers to ring in the New Year with Orbit Bridge. A number of significant outflows were discovered by the blockchain security company SlowMist and the on-chain intelligence service LookOnChain. These outflows were encountered via the cross-chain protocol.
According to the latter, the Orbit Bridge was responsible for the transfer of 30 million Tether (USDT), 10 million DAI, 10 million USDCoin (USDC), 231 wBTC (worth over $10 million), and 9,500 ETH (worth around $21.5 million) in five distinct transactions.

After doing a preliminary examination from the outside, SlowMist came to the conclusion that either the centralized server has been compromised or there is a potential vulnerability in the Orbit Chain bridge. A further in-depth investigation is currently being carried out by the company in order to obtain additional information on the attack.
The hacking of Orbit Chain has been confirmed.
Orbit Chain reported the hack on its protocol in a tweet that was published not too long ago on X. The tweet described the breach as a "unidentified access" to the bridge. A comprehensive investigation into the underlying cause of the assault is currently being carried out by the company, which has said that it is actively collaborating with law enforcement authorities in order to identify the perpetrator of the incident.
#hack #OrbitChain

Gala Games CEO Eric Schiermeyer has confirmed that a "security incident" led to the unauthorized sale of 600 million GALA tokens, worth approximately $23 million. The breach, which Schiermeyer attributed to "messed up" internal controls, has raised significant concerns within the blockchain gaming community.
Incident Overview
On May 20, at 7:32 pm UTC, blockchain observers reported the minting of 5 billion GALA tokens, valued at around $200 million at the time. The compromised wallet was selling the tokens in batches, leading to a sharp drop in GALA's price. The token hit a 24-hour low of $0.038, a 20% decrease from its daily high, before recovering slightly to $0.041, according to CoinGecko.
“We had an incident that resulted in the unauthorized sale of 600 million GALA tokens and the effective burn of 4.4 billion tokens,” Schiermeyer wrote in a May 20 post on X (formerly Twitter). He admitted, “We messed up our internal controls. This shouldn’t have happened, and we are taking steps to ensure it doesn’t happen again.”
Response and Mitigation
Gala Games quickly identified the compromise and revoked unauthorized access to the GALA contract. Schiermeyer assured users that the Ethereum contract was secure and had not been compromised. The company believes it has identified the person responsible and is collaborating with the FBI, the U.S. Justice Department, and international authorities to address the incident.
In a follow-up post on X, Gala Games announced that the security breach had been contained and the affected wallet frozen. However, details about the perpetrator and the method of access to the GALA contract remain undisclosed.
Ongoing Legal Disputes
This security incident occurs amid ongoing legal battles between Schiermeyer and Gala Games co-founder Wright Thurston. Both have filed lawsuits against each other, with Thurston accusing Schiermeyer of squandering millions in company assets, while Schiermeyer alleges that Thurston stole $130 million worth of GALA tokens.
Gala Games did not respond to requests for additional comments.
The incident underscores the critical need for robust internal controls and security measures in the cryptocurrency and blockchain industries, as companies continue to navigate complex technological and legal landscapes.
$GALA #GALA #GalaGames #hack

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

⚡LEVEL ( LVL ) Finance Hacked...$1 Million

LEVEL Finance is a Decentralized and Non- Custodial perpetual market on Binance Smart Chain ( BSC )

An exploit targeted the Referral Controller Contract

💥 214k LVL tokens drained to exploiters address

💥 Attacker swapped LVL to 3,345 BNB

💥 Exploit was isolated from other contracts

💥 Fix to be deployed in 12 Hrs.

💥 LP's and DAO treasury Unaffected

#Binance #DeFi #BSC #hack #LVL

In 2023, financial assets were removed from a cryptocurrency "whale" due to a phishing attack, where the victim authorized transactions allowing the attacker to access their financial resources.
The joint account involved in the September 2023 phishing incident transferred $10 million worth of Ether to the cryptocurrency mixing service Tornado Cash.

On March 21, blockchain security firm CertiK identified an account involved in the hack for $24 million, which sent 3,700 ETH to Tornado Cash. These funds were taken from the cryptocurrency whale during the phishing incident on September 6, 2023.
At that time, an investor lost $24 million in staked ETH through the Rocket Pool liquidity staking service. The attack occurred in two phases: the first removed 9,579 stETH, while the second took away 4,851 rETH from the crypto whale.
The Scam Sniffer project, dedicated to fraud detection, stated that the victim authorized an "Increase Allowance" transaction, enabling the hacker to approve tokens for their own use. Using smart contracts, this functionality allows third parties to spend ERC-20 tokens owned by others with their consent.
The topic of token approvals sparked much discussion in the crypto community, with some warning of the risks associated with potentially deploying malicious smart contracts for fraudulent purposes.
Blockchain security firm PeckShield recorded that the attacker converted assets into 13,785 ETH and 1.64 million Dai. Some of these DAI were transferred to the FixedFload exchange, while the rest of the stolen funds were moved to other wallets.
Phishing attacks remain a significant problem for the crypto sector. A report from the Scam Sniffer project showed that nearly $47 million was lost in February due to phishing-related scams. 
The report emphasized that 78% of these thefts occurred on the Ethereum network, with ERC-20 tokens accounting for 86% of all stolen funds. 
Recent losses caused by token approvals have also raised concerns among cryptocurrency users. On March 20, an old contract previously used by the Dolomite exchange was exploited to drain $1.8 million from users.
The exploitation affected users who had given consent to the contract. As a result, Dolomite developers urged users to revoke all consents granted to the old contract address.
Although some attempts to defraud cryptocurrencies result in the loss of millions, there are cases where fraudulent efforts are quickly detected and thwarted. For example, on March 20, the Layerswap team managed to prevent further damages after their website was compromised by an attack, thanks to the quick response from the domain provider.
However, hackers were still able to siphon off assets worth $100,000 from approximately 50 users. Layerswap announced that they would refund the lost funds to affected users and offer additional compensation for the inconvenience caused.
These incidents highlight the persistent risk of phishing attacks and the need for constant vigilance in the crypto world. The abuse of token approval functions and smart contracts underscores the need for further education and caution among cryptocurrency users to prevent unnecessary losses.
With the increasing number of sophisticated attacks, it is important for cryptocurrency users to be vigilant and thoroughly verify all transactions and contract approvals. The community and security firms must collaborate to develop better tools and procedures to protect against phishing attacks and other fraudulent activities, ensuring a safer environment for all cryptocurrency users.
#crypto #scam #hack  

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

🌐 The Crypto Market in Shock!
In 2024, total Web3 losses exceeded $2.9 billion. From DeFi to metaverses, no sector was spared. 🚨 The main vulnerability? Access control issues, responsible for 78% of all attacks.

💎 DeFi: Fewer losses, but major hacks persist
Losses decreased by 40%, but still reached $474 million. The biggest incident was the hack of Radiant Capital, costing $55 million.

🏦 CeFi in Trouble: Losses Double!
CeFi losses skyrocketed to $694 million. Notable attacks include a key leak at DMM Exchange ($305 million) and a multisignature vulnerability at WazirX ($230 million).

🎮 Games and Metaverses Lose Hundreds of Millions
The gaming sector reported $389 million in losses, accounting for 18% of all attacks. 🎲

🚩 Rug Pulls Shift to Solana
Scammers moved from BNB Chain to Solana, driven by the growing popularity of meme coins. 📈

🎯 Presales Turn into Traps: $122.5 Million Stolen in One Month!
In April 2024, scammers executed 27 fraud schemes using presales. 💰 They also exploited the names of celebrities and influencers to deceive investors.

👨‍💻 Phishing and North Korean Hackers
Phishing attacks led to $600 million in stolen funds, while North Korean hackers siphoned off $1.34 billion.

⚠️ Stay Alert!
Crypto scams are becoming increasingly sophisticated. 🛡️ Behind every meme coin, a trap could be waiting!
#Hack #scamriskwarning #solana

The Trezor hardware wallet account on social network X has become a target for attackers who have been posting enticing posts luring users into fraudulent token offers. This situation raises suspicions of a hack, likely through a SIM card exchange attack.
Detectives on the Trail: Alerting Suspicious Activity
Independent blockchain expert ZachXBT and security service Scam Sniffer have alerted to a potential security issue with Trezor, followed by several fake token presale offers of "$TRZR" and requests to send cryptocurrencies to a suspicious address. ZachXBT further stated that attackers stole approximately $8,100 from the Trezor account on the Zapper platform.

Risks Associated with Unsecured Social Accounts
Criticism has been directed at Trezor for the inadequate security of their X account, highlighting the lack of two-factor authentication (2FA). Ironically, a company focused on wallet security failed to protect its own social network accounts from attacks.
Community Response and Recent Security Incidents
The community's response has been mixed, with some comments pointing out the irony of a security-promoting company being unable to secure its own accounts. Trezor has faced security incidents in the past, including breaches that exposed the data of nearly 66,000 users.
Conclusion and User Recommendations
This incident serves as a reminder of the importance of securing digital accounts and using two-factor authentication. Users should remain vigilant and avoid sending cryptocurrencies to unknown addresses or engaging in suspicious offers.
#trezor #hack

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Several dapps using Ledger’s wallet connector kit faced security breaches yesterday. This included platforms like SushiSwap, Zapper, Phantom, Balancer, and Revoke.cash. Ledger later announced that the malicious code had been replaced with an updated, safe version of the code. Applications across the crypto ecosystem were vulnerable to this exploit, so it created quite a scare in the space. Fortunately, the attacker only got away with ~$600k in stolen funds, which were later frozen by Tether.

For now it's safe to use all the dapps and ledger, but how the hacker accomplished to change the source code... inside job?

What do you think ?

#wallet #hack #ethereum