Fraudsters make $50,000 a day by spoofing crypto researchers

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major cryptocurrency exchange platforms. The scenario urges users to act swiftly to safeguard their digital assets from potential theft. The scammers impersonate accounts on X belonging to blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer, to promote fabricated security breaches on Uniswap and Opensea. To impersonate the legitimate accounts, the threat actors created new X accounts with similar account names. Many legitimate X users fell for the trick and shared the scam on their accounts, some with hundreds of thousands of followers without double-checking the validity of the claims. One example is a tweet from malware analysis platform vx-underground, whose admins falsely assumed the information came from a trustworthy account. The scale of the campaign is also notable, with bot accounts promoting hashtags like #UniswapExploit to the point of them reaching top trending topics in the U.S. on X. ZachXBT, one of the accounts impersonated in this scam, told BleepingComputer that the first time he saw this threat group utilizing this tactic was on November 9th. This was when Hayden Adams - the developer of Uniswap's web application interface, warned the cryptocurrency community of the scam, clarifying that there was no Uniswap exploit leveraged in the wild and that tweets about this came from fake X accounts impersonating ZachXBT, Certik, and other well-known users in the cryptocurrency community. The scammers impersonate accounts on X belonging to blockchain analytics and investigation firms or users, like CertiK, ZachXBT, and Scam Sniffer, to promote a fabricated security breach on Uniswap or Opensea. Users are advised to revoke the permissions as soon as possible to prevent losing their assets by following a link to a malicious website at 'revoketokens[. Once visitors click on the 'Revoke Approvals' button and connect their wallet, the scam drains their funds, which is a non-reversible process. After publication of this article, ZachXBT says that the threat actors have successfully stolen over $305k in cryptocurrency as part of this ongoing scam. Impersonating the 'good guys' is a powerful deception trick capable of increasing success rate of the scam. In July 2022, phishing actors were seen impersonating cybersecurity companies to gain initial access to corporate networks. In June 2023, hackers created fake accounts on GitHub that impersonated existing cybersecurity researchers, even linking to fake X accounts for added legitimacy. There's no precaution more effective than double-checking that an account is authentic and that its claims accurately represent the truth. Because even legitimate accounts can be compromised to propagate scams, users should verify the claims from official sources. If you're overly worried about the likelihood of losing your digital assets to hacks and breaches, consider moving them to a cold wallet. Palestine crypto donation scams emerge amid Israel-Hamas war. Mixin Network suspends operations following $200 million hack. TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Fraudsters make $50,000 a day by spoofing crypto researchers

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
10 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
10 months ago Bleepingcomputer.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
10 months ago Darkreading.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
9 months ago Bleepingcomputer.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
10 months ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
8 months ago Darkreading.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
9 months ago Techtarget.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
8 months ago Cybersecuritynews.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
9 months ago Bleepingcomputer.com
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
10 months ago Bleepingcomputer.com
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds - The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - January 20th, 2023 Crypto Exchanges Under Attack - The week of January 20th, 2023 brought yet another wave of ransomware attacks targeting crypto exchanges. Crypto exchanges all around the world have been hit by a barrage of sophisticated and well-planned ransomware campaigns. From high-profile ...
1 year ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
4 months ago Securityaffairs.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
4 months ago Bleepingcomputer.com
SIM swapper gets 8 years in prison for account hacks, crypto theft - Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency ...
10 months ago Bleepingcomputer.com
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
10 months ago Bleepingcomputer.com
Crypto scammers abuse X 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
9 months ago Bleepingcomputer.com
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts - The website uses the status ID to determine what post should be loaded from the site's database, not bothering to check if the account name is valid. This allows you to take an URL for a Tweet and modify the account name to whatever you want, even ...
9 months ago Bleepingcomputer.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
10 months ago Bleepingcomputer.com
Hackers hijack govt and business accounts on X for crypto scams - Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. A recent high-profile case is the X account of cyber threat ...
9 months ago Bleepingcomputer.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
9 months ago Bleepingcomputer.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
10 months ago Darkreading.com
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
9 months ago Infosecurity-magazine.com
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
8 months ago Bleepingcomputer.com
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)