As cryptocurrencies gain popularity, scammers are developing new and sophisticated methods in this field. Crypto wallet emptiers have become an increasing threat lately. Four major crypto wallet emptiers, namely Pink Drainer, Inferno Drainer, Pussy Drainer, and Venom Drainer, have targeted thousands of individuals since the beginning of 2023, resulting in a total of $66.4 million worth of stolen cryptocurrencies. #wallet

Actions of Emptiers:

Crypto wallet emptiers operate through malicious smart contracts called "sweeps" or phishing scams. These malicious software transfer assets from victims' wallets without their knowledge. An associated transaction linked to a smart contract leads to the theft of a portion or all of the victim's assets without their consent. #hackers

Activities of Emptiers:

According to Scam Sniffer, a Web3 anti-scam platform, Venom Drainer has been the top emptier, having stolen the highest amount to date. Venom Drainer, which has stolen $27.5 million since February, maintains its leading position within this group. Inferno Drainer comes second, having stolen $21.2 million along with nearly 45,800 victims since January. Pussy Drainer and Pink Drainer have collectively stolen $17.5 million from over 6,000 victims. Monkey Drainer, during its reign, estimatedly stole $13 million worth of digital assets.

Business Model of Emptiers:

According to Scam Sniffer, most crypto wallet emptiers collaborate with groups conducting phishing scams to receive a percentage of the stolen amount. However, some emptiers also demand an additional access fee. For instance, according to CertiK, emptiers like Inferno charge a "20 percent commission," while Venom initially requests a "starting fee of $1,000."

New Emptiers:

As per the information provided by Scam Sniffer, crypto wallet emptiers are constantly changing. When one emptier ceases its operations, a new emptier takes its place. This indicates that being an emptier is a lucrative business and none of them have been caught so far.

In Summary:

Crypto wallet emptiers pose a significant threat that users need to be cautious about. Users should avoid clicking on links or emails from unknown sources and take additional measures such as two-factor authentication to ensure security. Furthermore, increasing security awareness and acting consciously are crucial in defending against crypto wallet emptiers.

#Write2Earn Craig Wright admits forging documents in #SatoshiNakamoto 's claim amid a legal battle with COPA, casting doubt on his credibility.STORY HIGHLIGHTSCraig Wright, self-proclaimed Satoshi Nakamoto, admits to forging documents in high-profile legal battle.COPA challenges Wright's Nakamoto identity, supported by influential figures like Jack Dorsey.Wright's credibility tarnished as an information security specialist by admitting to document manipulation.Craig Wright, the Australian computer scientist who has long claimed to be Satoshi Nakamoto — inventor of Bitcoin under a pseudonym –has admitted forging documents supporting his claim. The confession resulted from a high-profile legal fight between Wright and the Cryptocurrency Open Patent Alliance (COPA), leaving shadows over his years-old self-claim for being the founder of digital currency.Reflections on Day 4 of COPA v Wright, the identity issue.The blame game shifted from Citrix MetaFrame to Ira Kleiman and Atlassian today.We learnt that Calvin is supposedly not funding this case, he only provided a loan (that money is gone, Calvin).We saw complete 180s… pic.twitter.com/MAERPYcmcI— Norbert ⚡️ (@bitnorbert) February 8, 2024Satoshi Nakamoto’s Courtroom DramaUnder tough cross-examination, Wright admitted the falsity of several documents he had submitted as proof that he is Satoshi Nakamoto. The revelation followed after COPA’s legal team had pointed out inconsistencies and anachronisms in the papers, including mentions of font styles and technologies that allegedly were not around at the time when they claimed these documents to have been created.Wright explained these inconsistencies by a number of factors, such as errors made while previous attorneys worked on the case; acts of sabotage performed by disgruntled former employees, and illegal modifications introduced into code-base documents that were done with the help of #hackers .The COPA ChallengeCOPA, with the support of the influentials in the crypto world, including Jack Dorsey, who is a Twitter co-founder, has tried to refute Wright’s claims that there was persuasive evidence for his Nakamoto identity.The main goal of this union is to keep the white paper, which serves as a cornerstone for Bitcoin, accessible to anyone and not covered by individual copyright claims that could prevent open development or use.Questions of CredibilityWright’s confession does much damage to his credibility, especially considering that he is an information security specialist. The court was made aware of Wright’s technical capabilities, such as his ability to change document metadata – admittedly taught by him to students at various universities. This disclosure has made the case even more complicated, considering that any document Wright submits in his defense comes into question under these circumstances.Despite this blow, Wright still plays a vital role in different legal cases across many courts within several countries, such as the US, Norway, and Britain. The anonymous funders of these lawsuits have seen Wright gather a large legal team, suggesting the heightened stakes in his attempt to become acknowledged as the creator of Bitcoin.Although Wright’s claims and the resulting judicial turmoil have implications beyond the court, they influence Bitcoin origins through perceptions about cryptocurrencies as a whole. His promotion of a Bitcoin design that matches his conception of digital cash rather than its current use as an investment tool highlights the political fractures within the crypto community. Therefore, this case is about Satoshi Nakamoto’s identity and the potential path Bitcoin will take in the future.#TrendingTopic #PYTH

Level Finance moves to address the issue

Importance of thorough code review and testing emphasized

An attack on the Level Finance decentralized perpetual exchange on the BNB Chain resulted in the theft of more than $1 million worth of the exchange’s native Level Finance (LVL) token.

In an announcement on May 1, the decentralized platform acknowledged the occurrence and informed its Twitter followers that more than 214,000 LVL tokens from the exchange had been stolen and exchanged for 3,345 Binance Coins, which at press time had an estimated worth of $1,500,000.

LEVEL Finance #RealYield @Level__Finance

Even though the exploit was isolated from other contracts and the liquidity pools and the decentralized autonomous organization (DAO) treasury were unaffected, according to their brief statement on Twitter, the attacker was still able to exchange the stolen LVL tokens for 3,345 Binance Coins (BNB).

LEVEL FINANCE MOVES TO ADDRESS THE ISSUE

They continued to say that the fix would be implemented within 12 hours of their statement while advising the exchange users to prepare for a full post-mortem.

Furthermore, the blockchain security company Peckshield said Level Finance’s “LevelReferralControllerV2” smart contract had a bug that permitted “repeated referral claims” from the same epoch.

The hacker reportedly set up an unconfirmed contract a week ago and is allegedly extracting LVL tokens progressively in units of 15,000 via the delegate function, according to certain sources on the CoinMarketCap Community, which is also confirmed by De.Fi Web3 Antivirus on Twitter. Likewise, they claimed that Tornado Cash, a well-known provider of crypto-mixing services, was where the attacker’s funding came from.

De.Fi 🛡️ Web3 Antivirus @DeDotFiSecurity

IMPORTANCE OF THOROUGH CODE REVIEW AND TESTING EMPHASIZED

Before deploying a smart contract, some Twitter users underline the significance of developers carrying out audits frequently and thoroughly, as it helps to find and address issues. However, they argued that not all developers do this, which can result in bugs going under the radar.

Many members of the community emphasize the significance of thorough code review and testing by asserting that it’s possible that this bug could have been discovered with a proper audit. In order to avoid such bugs going unnoticed, developers must give code review and testing top priority. The use of standardized auditing procedures can also raise the overall level of software development.

Since the tragic event, the value of the LVL token has drastically dropped. At the time of publication, the Level Finance token’s price on CoinMarketCap was $7.33, a decrease of 16.83% from the previous day.

There have been other instances of smart contract bugs leading to substantial losses before the Level Finance event. The necessity for better security measures and risk management procedures in the DeFi sector has been highlighted by a number of similar instances that have happened in recent years.

source: crypto-economy.com

#hack #hackers #exchange #dyor #crypto

Disclaimer

The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading crypto assets comes with a risk of financial loss.

The cryptocurrency space is a rapidly growing and evolving industry. With this growth, there has also been an increase in the number of scams and hacks targeting cryptocurrency users. This is why cryptocurrency users need to be aware of the security risks involved and take steps to protect themselves.

Here are some of the most common security and fraud risks in the crypto space:

Phishing Attacks: Phishing attacks are one of the most common ways that criminals target crypto users. In a phishing attack, criminals send emails or text messages that appear to be from a legitimate source, such as a cryptocurrency exchange or wallet provider. The emails or text messages will often contain a link that, when clicked, will take the victim to a fake website that looks like the real website. Once the victim enters their login credentials on the fake website, the criminals can steal them.

Malware Attacks: Malware attacks are another common way that criminals target crypto users. Malware can be installed on a victim's computer through a variety of ways, such as clicking on a malicious link, opening an infected attachment, or downloading a file from an untrusted source. Once malware is installed on a victim's computer, it can steal the victim's cryptocurrency, or it can be used to take control of the victim's computer and steal other data.

Exchange Hacks: Exchange hacks are a major security risk in the crypto space. Exchanges are where people can buy, sell, and store cryptocurrencies. Exchanges are often targeted by criminals because they hold large amounts of cryptocurrency. In an exchange hack, criminals will gain access to an exchange's systems and steal the cryptocurrency that is stored on the exchange.

Wallet Hacks: Wallet hacks are another major security risk in the crypto space. Wallets are where people can store their cryptocurrency. Wallets can be software wallets, hardware wallets, or paper wallets. Software wallets are the most common type of wallet. They are stored on a computer or mobile device. Hardware wallets are more secure than software wallets. They are physical devices that store cryptocurrency offline. Paper wallets are the most secure type of wallet. They have printed copies of a cryptocurrency address and private key. In a wallet hack, criminals will gain access to a victim's wallet and steal the cryptocurrency that is stored in the wallet.

There are several things that people can do to protect themselves from security and fraud risks in the crypto space:

Use Strong Passwords: People should use strong passwords for all of their cryptocurrency accounts. Strong passwords should be at least 12 characters long and should include a mix of upper and lowercase letters, numbers, and symbols.

Enable Two-Factor Authentication (2FA): Two-factor authentication (2FA) is an extra layer of security that can be enabled for most cryptocurrency accounts. 2FA requires people to enter a code from their phone in addition to their password when they log in.

Be Careful about Clicking on Links: People should be careful about clicking on links in emails or text messages. If a link looks suspicious, people should not click on it.

Only Download Files from Trusted Sources: People should only download files from trusted sources. If a file looks suspicious, people should not download it.

Keep Your Software Up to Date: People should keep their software up to date, including their operating system, web browser, and cryptocurrency software. Software updates often include security patches that can help to protect people from malware and other security threats.

Store Your Cryptocurrency in a Secure Wallet: People should store their cryptocurrency in a secure wallet. Software wallets should be stored on a computer that is not connected to the internet. Hardware wallets and paper wallets are the most secure options for storing cryptocurrency.

By following these tips, people can help to protect themselves from security and fraud risks in the crypto space.

#crypto #cryptocurrency #scams #hackers

AI-generated cybercrime is rapidly expanding, accelerated by the launch of several new tools on the darkweb beyond the discovery of WormGPT last month, according to a new report released on Tuesday by cybersecurity firm SlashNext.

WormGPT and FraudGPT, released a week later, are just the tip of the iceberg in developing artificial intelligence tools that cybercriminals aim to employ against victims, SlashNext concludes. FraudGPT alone was built with the ability to create phishing scam web pages, write malicious code, create hacking tools, and write scam letters.

SlashNext researchers said they engaged a pseudonymous individual named CanadianKingpin12 via Telegram.

“During our investigation, we took on the role of a potential buyer to dig deeper into CanadianKingpin12 and their product, FraudGPT,” SlashNext said. “Our main objective was to assess whether FraudGPT outperformed WormGPT in terms of technological capabilities and effectiveness.”

The team got more than it bargained for as the seller—while showing off FraudGPT—said new AI chatbots called DarkBart and DarkBert are coming. Those chatbots, CanadianKingpin12 claimed, will have internet access and can integrate with Google’s image recognition technology, Google Lens, which would allow the chatbot to send both text and images.

SlashNext notes that DarkBert was initially designed by data intelligence company S2W as a legitimate tool to fight cybercrime, but that criminals have clearly repurposed the technology to commit cybercrime instead.

CanadianKingpin12 told researchers DarkBert can even assist in advanced social engineering attacks, exploit vulnerabilities in computer systems, and distribute other malware, including ransomware.

"ChatGPT has guardrails in place to protect against unlawful or nefarious use cases," David Schwed, chief operating officer at blockchain security firm Halborn, previously told Decrypt on Telegram. "[WormGPT and FraudGPT] don’t have those guardrails, so you can ask it to develop malware for you."

SlashNext said the seller was forced to switch communications to encrypted messenger apps after being banned from a forum due to policy violations—specifically, trying to sell access to FraudGPT through online forums on the public “clear net.”

The clear net, or surface web, refers to the general internet accessible by search engines. In contracts, the darknet or darkweb isn’t indexed by search engines, and darknet websites can’t typically be found through a Google search. While the darkweb has been linked to cybercriminals and illegal online marketplaces like the Silk Road, many users—like journalists or political dissidents—rely on the darkweb to obscure their identity and protect their privacy.

To defend against the rapid development of AI-generated cybercrime tools, SlashNext advises companies to be proactive in their cybersecurity training and implement enhanced email verification measures.

As cybercriminals are turning to AI to create more advanced malicious tools, a separate report by the web security company Immunefi said cybersecurity experts are not having much luck with using AI to fight cybercrime. Its report said that 64% of surveyed experts said OpenAI’s chatbot provided “limited accuracy,” with 61% saying it lacked specialized knowledge for identifying exploits.

“While it’s difficult to accurately gauge the true impact of these capabilities, it’s reasonable to expect that they will lower the barriers for aspiring cybercriminals,” SlashNext said. “Moreover, the rapid progression from WormGPT to FraudGPT and now DarkBERT in under a month, underscores the significant influence of malicious AI on the cybersecurity and cybercrime landscape.”

#hackers