CertiK
329,724 προβολές
91 Δημοσιεύσεις
Δημοφιλές
Πιο πρόσφατα
CertiK Uncovers High-Risk Vulnerability in Telegram Desktop App
CertiK, a blockchain security company, recently revealed a significant security flaw within the #Telegram messaging app that puts users at risk of cyber-attacks. The announcement was made on April 9 via the social media site X, where CertiK Alert highlighted a dangerous vulnerability that could enable attackers to carry out remote code execution (RCE) attacks by exploiting Telegram’s media processing capabilities.
The vulnerability, identified in the media processing functions of the Telegram Desktop application, can be triggered by attackers using maliciously crafted media files, including images and videos. CertiK's investigation pinpointed a specific RCE attack vector within these processes, signaling a direct threat to users.
A #CertiK spokesperson, in conversation with Cointelegraph, clarified that this vulnerability is unique to the desktop version of Telegram. The mobile version is safer in this regard since it doesn't execute executable files directly, a process that typically requires digital signatures for additional security. This information was shared in response to concerns raised within the security community.
For those using Telegram on desktop devices, CertiK advises reviewing and adjusting the application’s settings to mitigate the risk. Specifically, users should disable the auto-download feature to prevent the automatic processing of potentially dangerous files. This precaution can be taken by accessing the “Settings” menu, followed by the “Advanced” options, where the auto-download functionality can be turned off.
CertiK, a blockchain security company, recently revealed a significant security flaw within the #Telegram messaging app that puts users at risk of cyber-attacks. The announcement was made on April 9 via the social media site X, where CertiK Alert highlighted a dangerous vulnerability that could enable attackers to carry out remote code execution (RCE) attacks by exploiting Telegram’s media processing capabilities.
The vulnerability, identified in the media processing functions of the Telegram Desktop application, can be triggered by attackers using maliciously crafted media files, including images and videos. CertiK's investigation pinpointed a specific RCE attack vector within these processes, signaling a direct threat to users.
A #CertiK spokesperson, in conversation with Cointelegraph, clarified that this vulnerability is unique to the desktop version of Telegram. The mobile version is safer in this regard since it doesn't execute executable files directly, a process that typically requires digital signatures for additional security. This information was shared in response to concerns raised within the security community.
For those using Telegram on desktop devices, CertiK advises reviewing and adjusting the application’s settings to mitigate the risk. Specifically, users should disable the auto-download feature to prevent the automatic processing of potentially dangerous files. This precaution can be taken by accessing the “Settings” menu, followed by the “Advanced” options, where the auto-download functionality can be turned off.
Breaking: CertiK’s $3m Kraken spat: Hacker used the same bug to exploit other exchanges week before
There's a new twist in the CertiK white-hat hacking saga.Onchain records show that at an earlier date someone tried to exploit the same bug the auditor discovered in Kraken.
The bug that #Kraken said it patched had been used to exploit other centralised exchanges as early as last month, according to multiple crypto security experts.
That’s the latest development in the saga of two major crypto players, US-based exchange Kraken and auditor #CertiK .
On Wednesday, Kraken said it patched a “critical” bug that allowed millions of dollars in crypto to be erroneously withdrawn from the US-based exchange.
CertiK came under fire after it admitted to being behind the exploit of that bug. The firm withdrew $3 million from Kraken over several days in early June.
After a public back-and-forth, CertiK returned all the funds it took and called its actions a white-hat operation, meaning they ostensibly acted as ethical hackers with the intention of identifying and fixing security vulnerabilities rather than exploiting them for malicious purposes.
Onchain records first identified by security platform Hexagate, and confirmed to DL News by multiple other security researchers, show a hacker attempted to exploit other crypto exchanges — using the same bug as early as May 17.
Those attempts came three weeks before CertiK said it found the bug on Kraken on June 5.
“We have no evidence these exchanges have been impacted,” Hexagate posted on X. “We only traced onchain evidence for similar activity.”
Centralised crypto exchanges hold a gargantuan amount of crypto on their customers’ behalf. The top five crypto exchanges that have publicly disclosed their wallet addresses hold a combined $172 billion worth of crypto, per DefiLlama data.
CertiK didn’t immediately respond to DL News’ request for comment.
Attempted exploits
The records highlighted by Hexagate show a hacker attempted to use a so-called “revert” attack to trick centralised exchanges into letting them withdraw funds.
To do that, the hacker created a smart contract that contains a transaction to deposit funds to a centralised exchange. The contract is engineered so that the main transaction succeeds but the deposit reverts.
This tricks the exchange into thinking a user has deposited funds when they haven’t. The hacker then requests a withdrawal from the exchange, debiting the fake deposit amount.
nchain records show multiple attempts to use such a contract when depositing funds to Binance took place on BNB Chain on May 17.
Between May 29 and June 5, the same address, as well as another that was funded by it, made similar attempts on OKX, BingX and Gate.io on BNB Chain, Arbitrum, and Optimism.
Is CertiK involved?
Although CertiK first disclosed the revert attack publicly, there’s no proof it was involved in those earlier attacks.
Smart contracts functions each have a so-called signature hash they can be identified by.
In the case of the revert attack contract, the signature hash isn’t available, meaning the name of the function isn’t publicly known, a security researcher who wished to remain anonymous told DL News.
This means the function name for the revert attack is known onto CertiK or someone else has used exactly the same name as well, the researcher said.
The bug that #Kraken said it patched had been used to exploit other centralised exchanges as early as last month, according to multiple crypto security experts.
That’s the latest development in the saga of two major crypto players, US-based exchange Kraken and auditor #CertiK .
On Wednesday, Kraken said it patched a “critical” bug that allowed millions of dollars in crypto to be erroneously withdrawn from the US-based exchange.
CertiK came under fire after it admitted to being behind the exploit of that bug. The firm withdrew $3 million from Kraken over several days in early June.
After a public back-and-forth, CertiK returned all the funds it took and called its actions a white-hat operation, meaning they ostensibly acted as ethical hackers with the intention of identifying and fixing security vulnerabilities rather than exploiting them for malicious purposes.
Onchain records first identified by security platform Hexagate, and confirmed to DL News by multiple other security researchers, show a hacker attempted to exploit other crypto exchanges — using the same bug as early as May 17.
Those attempts came three weeks before CertiK said it found the bug on Kraken on June 5.
“We have no evidence these exchanges have been impacted,” Hexagate posted on X. “We only traced onchain evidence for similar activity.”
Centralised crypto exchanges hold a gargantuan amount of crypto on their customers’ behalf. The top five crypto exchanges that have publicly disclosed their wallet addresses hold a combined $172 billion worth of crypto, per DefiLlama data.
CertiK didn’t immediately respond to DL News’ request for comment.
Attempted exploits
The records highlighted by Hexagate show a hacker attempted to use a so-called “revert” attack to trick centralised exchanges into letting them withdraw funds.
To do that, the hacker created a smart contract that contains a transaction to deposit funds to a centralised exchange. The contract is engineered so that the main transaction succeeds but the deposit reverts.
This tricks the exchange into thinking a user has deposited funds when they haven’t. The hacker then requests a withdrawal from the exchange, debiting the fake deposit amount.
nchain records show multiple attempts to use such a contract when depositing funds to Binance took place on BNB Chain on May 17.
Between May 29 and June 5, the same address, as well as another that was funded by it, made similar attempts on OKX, BingX and Gate.io on BNB Chain, Arbitrum, and Optimism.
Is CertiK involved?
Although CertiK first disclosed the revert attack publicly, there’s no proof it was involved in those earlier attacks.
Smart contracts functions each have a so-called signature hash they can be identified by.
In the case of the revert attack contract, the signature hash isn’t available, meaning the name of the function isn’t publicly known, a security researcher who wished to remain anonymous told DL News.
This means the function name for the revert attack is known onto CertiK or someone else has used exactly the same name as well, the researcher said.
📢 @cronos_chain has partnered with @CertiK
#Cronos - The first blockchain that interoperates with both Ethereum and Cosmos ecosystems.
#CertiK provides a formal verification platform for smart contracts and blockchain ecosystems.
#Crypto #CryptoNews
#Cronos - The first blockchain that interoperates with both Ethereum and Cosmos ecosystems.
#CertiK provides a formal verification platform for smart contracts and blockchain ecosystems.
#Crypto #CryptoNews
Hey #CertiK did you know you can throw that $3m into Kim and take home a fat stack of rewards with some of the highest APRs in crypto rn?
Oh, and don’t forget to stake your $xKIM to boost it up.
Oh, and don’t forget to stake your $xKIM to boost it up.
⚠️Hack/Phishing #Alerts 🚫
The official Twitter account of biggest Security & Smart Contracts Auditing company #CertiK has been compromised and phishing links are being posted to defraud users of their wallet funds.
The Discord on #Certik’s official website was also replaced and turned into a fake Discord with phishing links.
Just Beware from that, and don't try to click any links, until next official updates by #Cetrik.. 💯🎯🙏
The official Twitter account of biggest Security & Smart Contracts Auditing company #CertiK has been compromised and phishing links are being posted to defraud users of their wallet funds.
The Discord on #Certik’s official website was also replaced and turned into a fake Discord with phishing links.
Just Beware from that, and don't try to click any links, until next official updates by #Cetrik.. 💯🎯🙏
$BNB #rwas
We did it!🎉
$pmt Public Meme Token has successfully passed the CertiK KYC Badge! 🔐🏆
This badge is a proof of trustworthiness and accountability for the team 🦾
skynet.certik.com/projects/publi…
Big thanks to the entire @CertiK team🙏
#CertiK #KYC
#BNBChain: public meme token
We did it!🎉
$pmt Public Meme Token has successfully passed the CertiK KYC Badge! 🔐🏆
This badge is a proof of trustworthiness and accountability for the team 🦾
skynet.certik.com/projects/publi…
Big thanks to the entire @CertiK team🙏
#CertiK #KYC
#BNBChain: public meme token
Outstanding #Memecoins audited by @CertiK 🛡️✅
$PEPE $FLOKI $SHIB
#BullorBear #SHIB #memecoin #CertiK
$PEPE $FLOKI $SHIB
#BullorBear #SHIB #memecoin #CertiK
🤑 Useful tips on how to earn 💰10,000 in Crypto with minimal risk
🚀 If you're determined to give it a shot, here are some guidelines👇
1️⃣ **Holding Strategy** Some individuals have achieved millionaire status by acquiring cryptocurrencies and holding onto them for the long term. This can be less stressful than engaging in day-to-day trading.
2️⃣**Invest in Presale** Choose verified and audited projects by #CertiK with a positive rating, for example, on ICO Holder. Such projects has the highest potential for a potential x100 gain. This is fulfilled by #SpaceCatch an audit from Certik and the highest rating on ICO Holder over the past years (4.56).
Probable insider information has caused the #SpaceCatch project to surpass 1.3 million dollars in its presale phase so fast, with nearly 100k 💰added to the token presale during one hour and over 300k during 24 hours
3️⃣**Diversification** Avoid putting all your funds into a single cryptocurrency. Diversify your investments to spread out the risk.
4️⃣**Self-Education** Take the time to understand blockchain technology, various cryptocurrencies, and how the market operates. Knowledge is your most valuable asset.
5️⃣**Risk Management** Invest only what you can afford to lose. Cryptocurrency markets are highly volatile, and you could lose your entire investment.
6️⃣**Stay Informed** Keep yourself updated with the latest news and trends in the cryptocurrency market. Market sentiment can change rapidly.
7️⃣**Technical Analysis** If you're interested in trading, learn technical analysis to make informed decisions about when to buy or sell.
8️⃣**Security** Safeguard your cryptocurrency assets with robust security measures. Utilize hardware wallets and secure exchanges.
Notice:
,The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.
🚀 If you're determined to give it a shot, here are some guidelines👇
1️⃣ **Holding Strategy** Some individuals have achieved millionaire status by acquiring cryptocurrencies and holding onto them for the long term. This can be less stressful than engaging in day-to-day trading.
2️⃣**Invest in Presale** Choose verified and audited projects by #CertiK with a positive rating, for example, on ICO Holder. Such projects has the highest potential for a potential x100 gain. This is fulfilled by #SpaceCatch an audit from Certik and the highest rating on ICO Holder over the past years (4.56).
Probable insider information has caused the #SpaceCatch project to surpass 1.3 million dollars in its presale phase so fast, with nearly 100k 💰added to the token presale during one hour and over 300k during 24 hours
3️⃣**Diversification** Avoid putting all your funds into a single cryptocurrency. Diversify your investments to spread out the risk.
4️⃣**Self-Education** Take the time to understand blockchain technology, various cryptocurrencies, and how the market operates. Knowledge is your most valuable asset.
5️⃣**Risk Management** Invest only what you can afford to lose. Cryptocurrency markets are highly volatile, and you could lose your entire investment.
6️⃣**Stay Informed** Keep yourself updated with the latest news and trends in the cryptocurrency market. Market sentiment can change rapidly.
7️⃣**Technical Analysis** If you're interested in trading, learn technical analysis to make informed decisions about when to buy or sell.
8️⃣**Security** Safeguard your cryptocurrency assets with robust security measures. Utilize hardware wallets and secure exchanges.
Notice:
,The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.
Security Experts Warn of Telegram Channels Spreading Cryptocurrency Scams
The Web3 security company CertiK has unveiled a widespread scam operation across various Telegram channels, leading to significant financial losses and undermining trust in the cryptocurrency space.
Telegram has become a popular platform for communication among cryptocurrency enthusiasts, which scammers exploit by hiring actors to promote fake cryptocurrencies through Telegram channels.
How Scammers Exploit Telegram for Cryptocurrency Schemes
CertiK, a renowned blockchain security firm, is closely monitoring the activities of scammers organizing honeytrap schemes through at least three Telegram channels:
· AltLex
· DON CRYPTON
· SZ Trades – 加密貨幣
These actors use paid actors to provide seemingly legitimate investment tips before cleverly guiding their victims to invest in bogus tokens. This malicious activity has already cost victims around $3.2 million.
Channels like AltLex and DON CRYPTON use sophisticated strategies to promote fraudulent cryptocurrencies. AltLex became known for promoting fictitious tokens such as Linea, Paxos, and Circle using a fake trading identity named Alexander. DON CRYPTON, connected to AltLex via a telegra[.]ph post, hires actors from casting websites to support their activities.
Methods and Consequences of the Scams
These channels initially publish real content to build trust among their followers, which they then exploit to promote new, fake tokens, often feigning their legitimacy and profit potential. These manipulative tactics lead to financial losses and undermine the foundational principle of trust that the cryptocurrency ecosystem relies on.
Fraudulent tokens are often paired with Wrapped Ethereum (WETH) and utilize unverified signature functions, allowing for price manipulation. Once the scammers drain the liquidity, they leave investors with worthless tokens they cannot sell.
Results of CertiK's Investigation
CertiK's investigation revealed wallets connected to these scams and provided insights into the operations and potential locations of the scammers. Although the identity and whereabouts remain hidden, evidence suggests connections to the United Kingdom, adding another layer of complexity to the operation.
CertiK reminds that in accordance with the rules of the British Financial Conduct Authority (FCA), crypto services must include warnings about investment risks, applicable only to individuals in the United Kingdom or those using a British VPN server.
The Importance of Caution When Investing in Cryptocurrencies
This revelation highlights the risks associated with investing in cryptocurrencies, especially for newcomers attracted by the promise of quick gains. It's important to perform thorough due diligence and be skeptical of offers that seem too good to be true.
#Web3 #CertiK #scam #crypto
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Telegram has become a popular platform for communication among cryptocurrency enthusiasts, which scammers exploit by hiring actors to promote fake cryptocurrencies through Telegram channels.
How Scammers Exploit Telegram for Cryptocurrency Schemes
CertiK, a renowned blockchain security firm, is closely monitoring the activities of scammers organizing honeytrap schemes through at least three Telegram channels:
· AltLex
· DON CRYPTON
· SZ Trades – 加密貨幣
These actors use paid actors to provide seemingly legitimate investment tips before cleverly guiding their victims to invest in bogus tokens. This malicious activity has already cost victims around $3.2 million.
Channels like AltLex and DON CRYPTON use sophisticated strategies to promote fraudulent cryptocurrencies. AltLex became known for promoting fictitious tokens such as Linea, Paxos, and Circle using a fake trading identity named Alexander. DON CRYPTON, connected to AltLex via a telegra[.]ph post, hires actors from casting websites to support their activities.
Methods and Consequences of the Scams
These channels initially publish real content to build trust among their followers, which they then exploit to promote new, fake tokens, often feigning their legitimacy and profit potential. These manipulative tactics lead to financial losses and undermine the foundational principle of trust that the cryptocurrency ecosystem relies on.
Fraudulent tokens are often paired with Wrapped Ethereum (WETH) and utilize unverified signature functions, allowing for price manipulation. Once the scammers drain the liquidity, they leave investors with worthless tokens they cannot sell.
Results of CertiK's Investigation
CertiK's investigation revealed wallets connected to these scams and provided insights into the operations and potential locations of the scammers. Although the identity and whereabouts remain hidden, evidence suggests connections to the United Kingdom, adding another layer of complexity to the operation.
CertiK reminds that in accordance with the rules of the British Financial Conduct Authority (FCA), crypto services must include warnings about investment risks, applicable only to individuals in the United Kingdom or those using a British VPN server.
The Importance of Caution When Investing in Cryptocurrencies
This revelation highlights the risks associated with investing in cryptocurrencies, especially for newcomers attracted by the promise of quick gains. It's important to perform thorough due diligence and be skeptical of offers that seem too good to be true.
#Web3 #CertiK #scam #crypto
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
Was CoinSpot's $2.4 Million Hack the Result of a Private Key Compromise? 🔐
Australian crypto exchange #CoinSpot recently experienced a $2.4 million hack, likely due to a "private key compromise" in one of its hot wallets.
Blockchain security firm #CertiK confirmed the exploit, revealing that 1,262 ETH, equivalent to $2.4 million, was transferred from a known CoinSpot wallet to the alleged hacker's address.
The #hacker then converted part of the funds to Wrapped Bitcoin (WBTC) using Uniswap and exchanged the rest for Bitcoin via ThorChain.
The stolen Bitcoin was further distributed among multiple wallets, a common tactic to complicate investigations. CoinSpot, established in 2013, is Australia's largest crypto exchange with around 2.5 million users.
#Binance
#crypto2023
Australian crypto exchange #CoinSpot recently experienced a $2.4 million hack, likely due to a "private key compromise" in one of its hot wallets.
Blockchain security firm #CertiK confirmed the exploit, revealing that 1,262 ETH, equivalent to $2.4 million, was transferred from a known CoinSpot wallet to the alleged hacker's address.
The #hacker then converted part of the funds to Wrapped Bitcoin (WBTC) using Uniswap and exchanged the rest for Bitcoin via ThorChain.
The stolen Bitcoin was further distributed among multiple wallets, a common tactic to complicate investigations. CoinSpot, established in 2013, is Australia's largest crypto exchange with around 2.5 million users.
#Binance
#crypto2023
🚨 Certik Twitter Account got Hacked !
DON'T Click any link shared and pinned by them. It is phishing link.
While it shows correct link but when you open, it will redirect to completely different phishing url.
#CertiK #etf #BTC #XAI #CryptoPredictions2024
DON'T Click any link shared and pinned by them. It is phishing link.
While it shows correct link but when you open, it will redirect to completely different phishing url.
#CertiK #etf #BTC #XAI #CryptoPredictions2024
Breaking 🔕🔕: The famous blockchain security firm #CertiK now returned to the #crypto Exchange Kraken $3 Million after a public dispute.
#cryptonews
#cryptonews
Хакеры взломали X-аккаунт аудиторов CertiK и опубликовали вредоносную ссылку с фейком о взломе Uniswap
Неизвестные взломали аккаунт аудиторской блокчейн-компании CertiK в X (ранее Twitter (NYSE:TWTR)) и разместили в нем фейковую новость об обнаружении уязвимости в контракте децентрализованной биржи (DEX) Uniswap. Злоумышленники от имени CertiK призвали подписчиков отозвать все разрешения на использование контракта с помощью инструмента Revoke Cash, прикрепив к посту фейковую вредоносную ссылку.
Источник: Twitter.com
#CertiK
Неизвестные взломали аккаунт аудиторской блокчейн-компании CertiK в X (ранее Twitter (NYSE:TWTR)) и разместили в нем фейковую новость об обнаружении уязвимости в контракте децентрализованной биржи (DEX) Uniswap. Злоумышленники от имени CertiK призвали подписчиков отозвать все разрешения на использование контракта с помощью инструмента Revoke Cash, прикрепив к посту фейковую вредоносную ссылку.
Источник: Twitter.com
#CertiK
CertiK unveils CertiK Ventures
#CertiK has unveiled #CertiKVentures , focusing on nurturing next-gen onchain platforms. With a focus on security-first projects, CertiK Ventures aims to foster pioneering technologies and cultivate vital ecosystem collaborations. Drawing from CertiK's deep-rooted expertise in blockchain security, the initiative is committed to offering unparalleled support and resources to its selected portfolio companies.
#CertiK has unveiled #CertiKVentures , focusing on nurturing next-gen onchain platforms. With a focus on security-first projects, CertiK Ventures aims to foster pioneering technologies and cultivate vital ecosystem collaborations. Drawing from CertiK's deep-rooted expertise in blockchain security, the initiative is committed to offering unparalleled support and resources to its selected portfolio companies.
