• bitcoinBitcoin (BTC) $ 74,162.00
  • ethereumEthereum (ETH) $ 2,328.91
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 614.74
  • xrpXRP (XRP) $ 1.36
  • usd-coinUSDC (USDC) $ 0.999759
  • solanaSolana (SOL) $ 83.18
  • tronTRON (TRX) $ 0.322581
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • dogecoinDogecoin (DOGE) $ 0.093174
  • whitebitWhiteBIT Coin (WBT) $ 54.43
  • usdsUSDS (USDS) $ 0.999702
  • hyperliquidHyperliquid (HYPE) $ 43.60
  • leo-tokenLEO Token (LEO) $ 10.12
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • cardanoCardano (ADA) $ 0.240202
  • bitcoin-cashBitcoin Cash (BCH) $ 432.39
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 9.08
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 342.31
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • zcashZcash (ZEC) $ 359.58
  • ethena-usdeEthena USDe (USDE) $ 0.999905
  • canton-networkCanton (CC) $ 0.149242
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • stellarStellar (XLM) $ 0.156361
  • memecoreMemeCore (M) $ 2.88
  • susdssUSDS (SUSDS) $ 1.08
  • daiDai (DAI) $ 0.999307
  • litecoinLitecoin (LTC) $ 54.36
  • paypal-usdPayPal USD (PYUSD) $ 0.999888
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • usd1-wlfiUSD1 (USD1) $ 0.999178
  • avalanche-2Avalanche (AVAX) $ 9.36
  • rainRain (RAIN) $ 0.008025
  • wethWETH (WETH) $ 2,268.37
  • ravedaoRaveDAO (RAVE) $ 15.31
  • suiSui (SUI) $ 0.939647
  • hedera-hashgraphHedera (HBAR) $ 0.085534
  • usdt0USDT0 (USDT0) $ 0.998824
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • the-open-networkToncoin (TON) $ 1.36
  • crypto-com-chainCronos (CRO) $ 0.068651
  • tether-goldTether Gold (XAUT) $ 4,794.77
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.079893
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • pax-goldPAX Gold (PAXG) $ 4,808.95
  • bittensorBittensor (TAO) $ 247.89
  • global-dollarGlobal Dollar (USDG) $ 0.999793
  • mantleMantle (MNT) $ 0.654942
  • uniswapUniswap (UNI) $ 3.16
  • polkadotPolkadot (DOT) $ 1.16
  • falcon-financeFalcon USD (USDF) $ 0.998211
  • okbOKB (OKB) $ 84.63
  • nearNEAR Protocol (NEAR) $ 1.35
  • skySky (SKY) $ 0.074546
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • pi-networkPi Network (PI) $ 0.167451
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • aster-2Aster (ASTER) $ 0.662924
  • usddUSDD (USDD) $ 1.00
  • aaveAave (AAVE) $ 100.87
  • pepePepe (PEPE) $ 0.000004
  • ripple-usdRipple USD (RLUSD) $ 0.999915
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.13
  • bitget-tokenBitget Token (BGB) $ 1.90
  • internet-computerInternet Computer (ICP) $ 2.41
  • bfusdBFUSD (BFUSD) $ 0.999549
  • ethereum-classicEthereum Classic (ETC) $ 8.33
  • ondo-financeOndo (ONDO) $ 0.252030
  • kucoin-sharesKuCoin (KCS) $ 8.48
  • gatechain-tokenGate (GT) $ 7.01
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • pump-funPump.fun (PUMP) $ 0.001836
  • quant-networkQuant (QNT) $ 74.15
  • algorandAlgorand (ALGO) $ 0.112216
  • worldcoin-wldWorldcoin (WLD) $ 0.296357
  • render-tokenRender (RENDER) $ 1.86
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • morphoMorpho (MORPHO) $ 1.74
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.24
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.084407
  • nexoNEXO (NEXO) $ 0.896455
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.032359
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • cosmosCosmos Hub (ATOM) $ 1.74
  • usdtbUSDtb (USDTB) $ 1.00
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • ethenaEthena (ENA) $ 0.095770
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.05
  • wbnbWrapped BNB (WBNB) $ 759.61
  • blockchain-capitalBlockchain Capital (BCAP) $ 82.76
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • aptosAptos (APT) $ 0.860987
  • filecoinFilecoin (FIL) $ 0.896746
  • justJUST (JST) $ 0.077988
  • flare-networksFlare (FLR) $ 0.007976
  • arbitrumArbitrum (ARB) $ 0.112743
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • official-trumpOfficial Trump (TRUMP) $ 2.81
  • hash-2Provenance Blockchain (HASH) $ 0.011043
  • beldexBeldex (BDX) $ 0.079923
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • midnight-3Midnight (NIGHT) $ 0.036445
  • xdce-crowd-saleXDC Network (XDC) $ 0.030246
  • ousgOUSG (OUSG) $ 114.92
  • vechainVeChain (VET) $ 0.006925
  • jupiter-exchange-solanaJupiter (JUP) $ 0.165739
  • ghoGHO (GHO) $ 0.999589
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • yldsYLDS (YLDS) $ 0.999844
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • dexeDeXe (DEXE) $ 12.14
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • stable-2​​Stable (STABLE) $ 0.026007
  • usual-usdUsual USD (USD0) $ 0.998063
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.61
  • clbtcclBTC (CLBTC) $ 76,920.00
  • bonkBonk (BONK) $ 0.000006
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.225528
  • siren-2Siren (SIREN) $ 0.689890
  • a7a5A7A5 (A7A5) $ 0.012698
  • true-usdTrueUSD (TUSD) $ 0.999304
  • dashDash (DASH) $ 38.41
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • layerzeroLayerZero (ZRO) $ 1.91
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.672286
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • adi-tokenADI (ADI) $ 4.23
  • tbtctBTC (TBTC) $ 70,942.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006942
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • euro-coinEURC (EURC) $ 1.18
  • blockstackStacks (STX) $ 0.222045
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999558
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • monadMonad (MON) $ 0.033834
  • venice-tokenVenice Token (VVV) $ 8.63
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • chilizChiliz (CHZ) $ 0.036977
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • tezosTezos (XTZ) $ 0.346130
  • usxUSX (USX) $ 0.999672
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • decredDecred (DCR) $ 21.05
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • sei-networkSei (SEI) $ 0.054025
  • cocaCOCA (COCA) $ 1.30
  • kinesis-goldKinesis Gold (KAU) $ 148.56
  • hastra-primePRIME (PRIME) $ 1.03
  • sun-tokenSun Token (SUN) $ 0.018110
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • edgexedgeX (EDGE) $ 0.993371
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • aerodrome-financeAerodrome Finance (AERO) $ 0.367577
  • ether-fiEther.fi (ETHFI) $ 0.426159
  • apenftAINFT (NFT) $ 0.00000033
  • curve-dao-tokenCurve DAO (CRV) $ 0.217600
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • bittorrentBitTorrent (BTT) $ 0.00000032
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • gnosisGnosis (GNO) $ 117.34
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • plasmaPlasma (XPL) $ 0.130354
  • bitcoin-svBitcoin SV (BSV) $ 15.29
  • injective-protocolInjective (INJ) $ 3.03
  • lido-daoLido DAO (LDO) $ 0.354123
  • usdaiUSDai (USDAI) $ 0.999841
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • spx6900SPX6900 (SPX) $ 0.320529
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • kinesis-silverKinesis Silver (KAG) $ 78.32
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.286713
  • doublezeroDoubleZero (2Z) $ 0.081041
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • celestiaCelestia (TIA) $ 0.311397
  • crvusdcrvUSD (CRVUSD) $ 0.999520
  • conflux-tokenConflux (CFX) $ 0.053851
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • fraxLegacy Frax Dollar (FRAX) $ 0.994211
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • kaiaKaia (KAIA) $ 0.046517
  • flokiFLOKI (FLOKI) $ 0.000028
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • official-foOfficial FO (FO) $ 0.263537
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
  • jasmycoinJasmyCoin (JASMY) $ 0.005263
Bitcoin

How to stay safe on-chain: Three crypto users lose $876K within hours

By admin
0 163

How to stay safe on-chain: Three crypto users lose $876K within hours

In just over 15 hours, three unlucky crypto users lost a total of $876,000 worth of assets to common on-chain scams.

A combination of techniques, specifically ‘approval phishing’ and ‘address poisoning,’ were used in the scams, which were spotted by X (formerly Twitter) account Scam Sniffer.

The first, and largest, of the thefts was caused by a user signing a malicious ‘permit’ transaction, allowing the scammer to steal 211 Lido-staked ether (stETH) worth $654,000.

Phishing with drainers

According to Scam Sniffer, the address to which the victim had inadvertently granted approval to move their stETH was “a malicious contract disguised as a Token.” These dangerous permit or approval transactions are often presented to users by scam-as-as-service malware packages called wallet ‘drainers.’

The drainers are often disseminated via hacked X (formerly Twitter) accounts, which can be used to post FOMO-stoking airdrop or token launch announcements, before linking the victim to a wallet drainer script.

Prolific blockchain detective ZachXBT described the typical workings of such groups, who take control of accounts via SIM-swapping, in a post on X last year.

Another method is via so-called ‘front-end’ attacks, in which the genuine domains of crypto platforms are hijacked to craft malicious transactions and serve drainers to potential victims’ wallets.

Drainer packages themselves are developed as a product or service to be used by the phishing scammers. A cut of each theft is automatically split between the drainer developers and the scammers that use them.

This model has proven to be extremely profitable. In May, when a prolific drainer service known as Pink Drainer announced its retirement after facilitating $75 million worth of thefts, crypto security firm SlowMist identified over $20 million held in related addresses.

Inferno Drainer, which shut down a year ago, has been cashing out its ill-gotten gains recently, sending a total of 4,010 ETH (currently worth $12.4 million) to sanctioned crypto mixer Tornado Cash. Previous attempts to use alternative privacy tool Railgun were blocked by the team.

Address poisoning scam

The other two victims lost similar amounts (111,500 and 111,726) of the USDT stablecoin to ‘address poisoning,’ a type of scam which, while much simpler, proves equally dangerous.

Address poisoning relies on victims accidentally copy/pasting a scammer’s address from a ‘contaminated’ transaction history on a blockchain explorer such as Etherscan.

Often, following sizable transfers, fake versions of common tokens will suddenly appear in a potential victim’s address, or appear as ‘spoofed’ transfers to accounts with similar leading and trailing characters to the genuine address (as can be seen in Scam Sniffer’s screenshot above).

Despite efforts to hide these misleading transactions by the explorer’s developers, losses are still common. For higher-value victims, scammers even opt to send genuine tokens as a workaround, putting real money on the line whilst hoping to hook a big win.

Staying off the hook

As always, double-check the URL or X account handles before clicking any links or connecting a crypto wallet. However, this may not be enough in the case that the genuine website or account has been compromised.

Learn how approvals and permits work. It is important to maintain strict ‘approval hygiene,’ revoking any active approvals and avoiding setting or accepting ‘infinite’ approvals when prompted.

Additionally, the use of built-in wallet address books can flag any unexpected addresses involved in a transaction which may be harder to spot by eye. These addresses can then be re-used instead of copying from a (potentially contaminated) transfer history.

Don’t rush, and don’t sign anything you don’t understand

Despite these well-known security measures, plenty of accidents still occur. Be it down to distraction, FOMO, rushing, or tiredness, it’s not difficult to imagine how even experienced crypto users fall for these scams on a regular basis.

Scam Sniffer’s most recent monthly round-up identified “approximately 12K victims [who] lost $20.2 million to crypto phishing scams” in October, with four cases of over $1 million. Despite an overall total 56% lower than the previous month, the number of victims grew by 20%.

Source

admin 20070 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.