#phishing
33 articles found
Latest
New X attack: accounts hacked via “fake calendar”
A new large-scale phishing campaign has been detected on social network X, targeting leaders of the crypto community. Unlike traditional fake login-page schemes, attackers are exploiting X’s own infrastructure, bypassing both passwords and two-factor authentication. 
Blockchain security company Match Systems has identified several developers behind the phishing app Angel Drainer, which promptly ceased operations. Preliminary assessments indicate that at least 35,000 users lost around $25 million due to Angel Drainer's activities. 
MailerLite, an email marketing platform, has confirmed a security breach leading to the distribution of phishing emails. These fraudulent emails, mimicking various crypto companies, affected 117 entities, including names like WalletConnect, Token Terminal, and the crypto news platform Cointelegraph. 
The company Blockaid preemptively identified a perilous phishing website targeting Ethereum's co-founder admirers, even before Buterin's account was hacked.
This was attested by MetaMask, who also pointed out the integration of Blockaid's anti-phishing solution within their wallet for enhanced user protection. 
Official web portals from various jurisdictions, including India, Nigeria, Egypt, Colombia, Brazil, and Vietnam, are funneling users to a bogus MetaMask website. Visitors receive a phishing warning from Microsoft Defender the moment they access the site. Ignoring this alert and connecting one's MetaMask could result in catastrophic loss of funds.The fraudulent website is depicted beside the authentic one in a screenshot. 
Expert Tips for Avoiding Scams and Phishing Attacks
In today's financial landscape, digital assets are playing an increasingly significant role, offering new opportunities but also presenting unique challenges. As the cryptocurrency market grows, so does the complexity of the risks associated with it. The importance of strong security measures has never been greater, especially as hackers and scammers continue to evolve their tactics. 
Security company SlowMist has analyzed reports of stolen cryptocurrency assets for the second quarter of 2024, which were collected through the MistTrack platform. This analysis only considered hack reports submitted via the official form, identifying three primary attack methods: theft of private keys, the use of fake crypto wallets, and phishing. 
Blockchain researcher ZachXBT recently reported the successful return of most funds obtained from selling a DeGods NFT stolen in May 2023. The NFT was pilfered through a phishing website and promptly sold for 99 ETH (valued at $177,000) on the NFT marketplace Blur. 
Crypto analytics platform Nansen revealed a security breach stemming from a compromised third-party vendor. This breach led to the exposure of emails, password hashes, and some blockchain addresses for 6.8% of its users. The attacker gained admin access to an account used for customer platform access. Nansen has reached out to affected users, urging password changes and caution against phishing attacks. 
Security company PeckShield has issued a warning to users about a phishing attack conducted by a scammer who has stolen over $675,000 in the past five days. He exploits USDT token permissions. Users are therefore advised to promptly verify and revoke any suspicious accesses to safeguard their assets.