LIVEAlvosec
@Alvosec
Web3 security advisor. You can follow us also on twitter.com/alvosec.
Following
Followers
Liked
Shared
Scammer gave me access to his wallet?
In the crypto and blockchain world, unfortunately, we find scammers who strive to be able to directly or indirectly steal the funds of the unfortunate who for one reason or another fall victim to the same scammers.
There are several scams and tricks that criminals use but this time we will focus on a really devious one that few know or recognize, which is the one that concerns the seed or the private key.
Before going into detail and understanding how it works, this scam is based on the fact that we must never reveal our private key or our seed to anyone because if we do, we will lose all the funds within it.
Knowing this, criminals deliberately publish their private key or seed in chat or private messages, in the hope that someone can insert the private key or seed into the wallet and see that there are crypto with a value and ready to be moved to our wallet with a simple transaction.
We will take one example that was circulating on Twitter and dig into the case.
Here we have a scammer wallet address: TUr8tTfMmr2ML88C65xLHPT4JGNgUkvh9Z
Here is also a secret phrase: damage muscle dilemma year useful toast siege sustain hero property lucky home
Now let's check what is going on, and why scammer "generously" shares his private key?
Scammer wallet
Let's check account permissions.
It is important to notice that threshold of Owner permission is set to 4. For those who don't know what threshold is, here is a brief definition:
Minimum threshold to validate multisig transactions, a multisig transaction will only take effect when the total weight of signing addresses is greater than the threshold.
So basically we are looking at msig wallet, with 2 accounts and second account has weight of 3 - meaning that first account + second will satisfy msig condition of threshold and by that, action will be executed.
This means that without access to that second wallet, this first account is useless. And from that point anyone that has access will be unable to send funds to another address. If victim persist to send funds, he will be asked to top up TRX to cover transaction fee - which will be quickly pulled by criminals to another address.
There are several scams and tricks that criminals use but this time we will focus on a really devious one that few know or recognize, which is the one that concerns the seed or the private key.
Before going into detail and understanding how it works, this scam is based on the fact that we must never reveal our private key or our seed to anyone because if we do, we will lose all the funds within it.
Knowing this, criminals deliberately publish their private key or seed in chat or private messages, in the hope that someone can insert the private key or seed into the wallet and see that there are crypto with a value and ready to be moved to our wallet with a simple transaction.
We will take one example that was circulating on Twitter and dig into the case.
Here we have a scammer wallet address: TUr8tTfMmr2ML88C65xLHPT4JGNgUkvh9Z
Here is also a secret phrase: damage muscle dilemma year useful toast siege sustain hero property lucky home
Now let's check what is going on, and why scammer "generously" shares his private key?
Scammer wallet
Let's check account permissions.
It is important to notice that threshold of Owner permission is set to 4. For those who don't know what threshold is, here is a brief definition:
Minimum threshold to validate multisig transactions, a multisig transaction will only take effect when the total weight of signing addresses is greater than the threshold.
So basically we are looking at msig wallet, with 2 accounts and second account has weight of 3 - meaning that first account + second will satisfy msig condition of threshold and by that, action will be executed.
This means that without access to that second wallet, this first account is useless. And from that point anyone that has access will be unable to send funds to another address. If victim persist to send funds, he will be asked to top up TRX to cover transaction fee - which will be quickly pulled by criminals to another address.
The weakest link in any security system is often the people using it. #cybersecurity #awareness #security
Do you know what to do if you lose your iPhone and you have your crypto funds on it?
If you lost your iPhone, iPad, or iPod touch or you think it might be stolen, use Find My iPhone - where you will be able to locate your device, notify the finder or erase you device.
1. Look for your device on a map
To find your device, sign in to iCloud.com/find. Or use the Find My app on another Apple device that you own.
If your iPhone, iPad, or iPod touch doesn’t appear in the list of devices, Find My was not turned on. But you can still protect your account if Find My was not turned on.
2. Mark as Lost
By marking your device as lost, you can secure your information by remotely locking it with a passcode. This action also deactivates Apple Pay on the missing device. Additionally, you have the option to showcase a customized message on the lost device that includes your contact information.
3. Remotely erase your device
If you erase a device that had iOS 15, iPadOS 15, or later installed, you can still use Find My to locate the device or play a sound on it. Otherwise, you won't be able to locate the device or play a sound after you erase it.
If you have AppleCare+ with Theft and Loss, do not remove the device from Find My or your Apple ID.
4. Contact your wireless carrier
If the missing device is an iPhone or an iPad with cellular, it is recommended to notify your wireless carrier about the lost device. Request the carrier to deactivate your account so that no calls, texts, or data can be used on the device. Moreover, if your wireless carrier plan covers the lost device, you should file a claim.
5. Protect your sensitive information
Change passwords for sensitive accounts and private keys of your crypto wallets: If you have any sensitive accounts or cryptocurrency wallets associated with your lost iPhone, it is essential to change the passwords immediately. This will prevent unauthorized access to your accounts and protect your digital assets. You should also consider transferring your cryptocurrency funds to a new wallet to ensure their safety.
Use a passcode and enable Find My app: It is important to use a passcode and enable the Find My app on your iPhone before it gets lost or stolen. This can help you locate your device and prevent others from accessing your personal information.
1. Look for your device on a map
To find your device, sign in to iCloud.com/find. Or use the Find My app on another Apple device that you own.
If your iPhone, iPad, or iPod touch doesn’t appear in the list of devices, Find My was not turned on. But you can still protect your account if Find My was not turned on.
2. Mark as Lost
By marking your device as lost, you can secure your information by remotely locking it with a passcode. This action also deactivates Apple Pay on the missing device. Additionally, you have the option to showcase a customized message on the lost device that includes your contact information.
3. Remotely erase your device
If you erase a device that had iOS 15, iPadOS 15, or later installed, you can still use Find My to locate the device or play a sound on it. Otherwise, you won't be able to locate the device or play a sound after you erase it.
If you have AppleCare+ with Theft and Loss, do not remove the device from Find My or your Apple ID.
4. Contact your wireless carrier
If the missing device is an iPhone or an iPad with cellular, it is recommended to notify your wireless carrier about the lost device. Request the carrier to deactivate your account so that no calls, texts, or data can be used on the device. Moreover, if your wireless carrier plan covers the lost device, you should file a claim.
5. Protect your sensitive information
Change passwords for sensitive accounts and private keys of your crypto wallets: If you have any sensitive accounts or cryptocurrency wallets associated with your lost iPhone, it is essential to change the passwords immediately. This will prevent unauthorized access to your accounts and protect your digital assets. You should also consider transferring your cryptocurrency funds to a new wallet to ensure their safety.
Use a passcode and enable Find My app: It is important to use a passcode and enable the Find My app on your iPhone before it gets lost or stolen. This can help you locate your device and prevent others from accessing your personal information.
