• bitcoinBitcoin (BTC) $ 72,420.00
  • ethereumEthereum (ETH) $ 2,232.51
  • tetherTether (USDT) $ 1.00
  • bnbBNB (BNB) $ 604.97
  • xrpXRP (XRP) $ 1.34
  • usd-coinUSDC (USDC) $ 0.999920
  • solanaSolana (SOL) $ 83.22
  • tronTRON (TRX) $ 0.319537
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • dogecoinDogecoin (DOGE) $ 0.091740
  • usdsUSDS (USDS) $ 0.999901
  • whitebitWhiteBIT Coin (WBT) $ 53.11
  • hyperliquidHyperliquid (HYPE) $ 43.71
  • leo-tokenLEO Token (LEO) $ 10.11
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • cardanoCardano (ADA) $ 0.238375
  • bitcoin-cashBitcoin Cash (BCH) $ 425.77
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • chainlinkChainlink (LINK) $ 8.89
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • moneroMonero (XMR) $ 345.54
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • zcashZcash (ZEC) $ 357.28
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • canton-networkCanton (CC) $ 0.150627
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • stellarStellar (XLM) $ 0.151618
  • memecoreMemeCore (M) $ 2.80
  • susdssUSDS (SUSDS) $ 1.08
  • daiDai (DAI) $ 0.999937
  • usd1-wlfiUSD1 (USD1) $ 0.999286
  • litecoinLitecoin (LTC) $ 53.02
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • avalanche-2Avalanche (AVAX) $ 9.25
  • rainRain (RAIN) $ 0.007826
  • wethWETH (WETH) $ 2,268.37
  • hedera-hashgraphHedera (HBAR) $ 0.085096
  • suiSui (SUI) $ 0.918902
  • the-open-networkToncoin (TON) $ 1.43
  • usdt0USDT0 (USDT0) $ 0.998824
  • shiba-inuShiba Inu (SHIB) $ 0.000006
  • ravedaoRaveDAO (RAVE) $ 13.10
  • crypto-com-chainCronos (CRO) $ 0.068326
  • hashnote-usycCircle USYC (USYC) $ 1.12
  • tether-goldTether Gold (XAUT) $ 4,712.54
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.079266
  • bittensorBittensor (TAO) $ 256.29
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pax-goldPAX Gold (PAXG) $ 4,726.06
  • mantleMantle (MNT) $ 0.669668
  • global-dollarGlobal Dollar (USDG) $ 1.00
  • polkadotPolkadot (DOT) $ 1.18
  • uniswapUniswap (UNI) $ 3.09
  • nearNEAR Protocol (NEAR) $ 1.40
  • falcon-financeFalcon USD (USDF) $ 0.998574
  • okbOKB (OKB) $ 83.23
  • skySky (SKY) $ 0.074215
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • pi-networkPi Network (PI) $ 0.164887
  • aster-2Aster (ASTER) $ 0.662336
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • htx-daoHTX DAO (HTX) $ 0.000002
  • usddUSDD (USDD) $ 1.00
  • pepePepe (PEPE) $ 0.000004
  • aaveAave (AAVE) $ 95.41
  • ripple-usdRipple USD (RLUSD) $ 1.00
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.10
  • internet-computerInternet Computer (ICP) $ 2.44
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.13
  • bitget-tokenBitget Token (BGB) $ 1.90
  • bfusdBFUSD (BFUSD) $ 1.00
  • ethereum-classicEthereum Classic (ETC) $ 8.20
  • ondo-financeOndo (ONDO) $ 0.248963
  • kucoin-sharesKuCoin (KCS) $ 8.46
  • gatechain-tokenGate (GT) $ 6.72
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • quant-networkQuant (QNT) $ 74.53
  • pump-funPump.fun (PUMP) $ 0.001815
  • render-tokenRender (RENDER) $ 1.88
  • worldcoin-wldWorldcoin (WLD) $ 0.297727
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.23
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • morphoMorpho (MORPHO) $ 1.69
  • algorandAlgorand (ALGO) $ 0.103134
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.083726
  • nexoNEXO (NEXO) $ 0.883300
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • cosmosCosmos Hub (ATOM) $ 1.73
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • kaspaKaspa (KAS) $ 0.031870
  • usdtbUSDtb (USDTB) $ 0.999864
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • ethenaEthena (ENA) $ 0.096142
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 11.05
  • wbnbWrapped BNB (WBNB) $ 759.61
  • blockchain-capitalBlockchain Capital (BCAP) $ 83.06
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • aptosAptos (APT) $ 0.856375
  • hash-2Provenance Blockchain (HASH) $ 0.011937
  • justJUST (JST) $ 0.076815
  • ousgOUSG (OUSG) $ 114.87
  • filecoinFilecoin (FIL) $ 0.875331
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • flare-networksFlare (FLR) $ 0.007865
  • arbitrumArbitrum (ARB) $ 0.111336
  • official-trumpOfficial Trump (TRUMP) $ 2.82
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • midnight-3Midnight (NIGHT) $ 0.038846
  • beldexBeldex (BDX) $ 0.080350
  • xdce-crowd-saleXDC Network (XDC) $ 0.030351
  • yldsYLDS (YLDS) $ 0.999745
  • stable-2​​Stable (STABLE) $ 0.027223
  • vechainVeChain (VET) $ 0.006802
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • ghoGHO (GHO) $ 0.999787
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • jupiter-exchange-solanaJupiter (JUP) $ 0.163941
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • usual-usdUsual USD (USD0) $ 0.998489
  • siren-2Siren (SIREN) $ 0.762160
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.231920
  • clbtcclBTC (CLBTC) $ 76,920.00
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.59
  • dashDash (DASH) $ 39.96
  • bonkBonk (BONK) $ 0.000006
  • a7a5A7A5 (A7A5) $ 0.012629
  • true-usdTrueUSD (TUSD) $ 0.999392
  • layerzeroLayerZero (ZRO) $ 1.95
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • dexeDeXe (DEXE) $ 10.08
  • adi-tokenADI (ADI) $ 4.31
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • tbtctBTC (TBTC) $ 70,942.00
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.665186
  • euro-coinEURC (EURC) $ 1.18
  • wrappedm-by-m0WrappedM by M0 (WM) $ 1.00
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006618
  • venice-tokenVenice Token (VVV) $ 8.84
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.03
  • monadMonad (MON) $ 0.034033
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999700
  • blockstackStacks (STX) $ 0.215455
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • chilizChiliz (CHZ) $ 0.036747
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • decredDecred (DCR) $ 21.73
  • tezosTezos (XTZ) $ 0.344138
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • sei-networkSei (SEI) $ 0.054740
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • kinesis-goldKinesis Gold (KAU) $ 152.93
  • cocaCOCA (COCA) $ 1.30
  • usxUSX (USX) $ 0.999430
  • hastra-primePRIME (PRIME) $ 1.03
  • sun-tokenSun Token (SUN) $ 0.017971
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • aerodrome-financeAerodrome Finance (AERO) $ 0.365097
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • apenftAINFT (NFT) $ 0.00000033
  • ether-fiEther.fi (ETHFI) $ 0.410283
  • bittorrentBitTorrent (BTT) $ 0.00000033
  • curve-dao-tokenCurve DAO (CRV) $ 0.211676
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • gnosisGnosis (GNO) $ 117.80
  • plasmaPlasma (XPL) $ 0.128696
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • bitcoin-svBitcoin SV (BSV) $ 15.20
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • usdaiUSDai (USDAI) $ 0.999638
  • injective-protocolInjective (INJ) $ 2.94
  • kinesis-silverKinesis Silver (KAG) $ 76.04
  • spx6900SPX6900 (SPX) $ 0.308842
  • edgexedgeX (EDGE) $ 0.790277
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • conflux-tokenConflux (CFX) $ 0.053328
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • fraxLegacy Frax Dollar (FRAX) $ 0.994471
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • lighterLighter (LIT) $ 1.10
  • kaiaKaia (KAIA) $ 0.046406
  • noonNoon (NOON) $ 0.751949
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • doublezeroDoubleZero (2Z) $ 0.077770
  • flokiFLOKI (FLOKI) $ 0.000028
  • lido-daoLido DAO (LDO) $ 0.317459
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • celestiaCelestia (TIA) $ 0.295952
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • ape-and-pepeApe and Pepe (APEPE) $ 0.000001
  • syrupMaple Finance (SYRUP) $ 0.227703
  • official-foOfficial FO (FO) $ 0.263357
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • jasmycoinJasmyCoin (JASMY) $ 0.005298
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 2,265.06
Bitcoin

How to stay safe on-chain: Three crypto users lose $876K within hours

By admin
0 161

How to stay safe on-chain: Three crypto users lose $876K within hours

In just over 15 hours, three unlucky crypto users lost a total of $876,000 worth of assets to common on-chain scams.

A combination of techniques, specifically ‘approval phishing’ and ‘address poisoning,’ were used in the scams, which were spotted by X (formerly Twitter) account Scam Sniffer.

The first, and largest, of the thefts was caused by a user signing a malicious ‘permit’ transaction, allowing the scammer to steal 211 Lido-staked ether (stETH) worth $654,000.

Phishing with drainers

According to Scam Sniffer, the address to which the victim had inadvertently granted approval to move their stETH was “a malicious contract disguised as a Token.” These dangerous permit or approval transactions are often presented to users by scam-as-as-service malware packages called wallet ‘drainers.’

The drainers are often disseminated via hacked X (formerly Twitter) accounts, which can be used to post FOMO-stoking airdrop or token launch announcements, before linking the victim to a wallet drainer script.

Prolific blockchain detective ZachXBT described the typical workings of such groups, who take control of accounts via SIM-swapping, in a post on X last year.

Another method is via so-called ‘front-end’ attacks, in which the genuine domains of crypto platforms are hijacked to craft malicious transactions and serve drainers to potential victims’ wallets.

Drainer packages themselves are developed as a product or service to be used by the phishing scammers. A cut of each theft is automatically split between the drainer developers and the scammers that use them.

This model has proven to be extremely profitable. In May, when a prolific drainer service known as Pink Drainer announced its retirement after facilitating $75 million worth of thefts, crypto security firm SlowMist identified over $20 million held in related addresses.

Inferno Drainer, which shut down a year ago, has been cashing out its ill-gotten gains recently, sending a total of 4,010 ETH (currently worth $12.4 million) to sanctioned crypto mixer Tornado Cash. Previous attempts to use alternative privacy tool Railgun were blocked by the team.

Address poisoning scam

The other two victims lost similar amounts (111,500 and 111,726) of the USDT stablecoin to ‘address poisoning,’ a type of scam which, while much simpler, proves equally dangerous.

Address poisoning relies on victims accidentally copy/pasting a scammer’s address from a ‘contaminated’ transaction history on a blockchain explorer such as Etherscan.

Often, following sizable transfers, fake versions of common tokens will suddenly appear in a potential victim’s address, or appear as ‘spoofed’ transfers to accounts with similar leading and trailing characters to the genuine address (as can be seen in Scam Sniffer’s screenshot above).

Despite efforts to hide these misleading transactions by the explorer’s developers, losses are still common. For higher-value victims, scammers even opt to send genuine tokens as a workaround, putting real money on the line whilst hoping to hook a big win.

Staying off the hook

As always, double-check the URL or X account handles before clicking any links or connecting a crypto wallet. However, this may not be enough in the case that the genuine website or account has been compromised.

Learn how approvals and permits work. It is important to maintain strict ‘approval hygiene,’ revoking any active approvals and avoiding setting or accepting ‘infinite’ approvals when prompted.

Additionally, the use of built-in wallet address books can flag any unexpected addresses involved in a transaction which may be harder to spot by eye. These addresses can then be re-used instead of copying from a (potentially contaminated) transfer history.

Don’t rush, and don’t sign anything you don’t understand

Despite these well-known security measures, plenty of accidents still occur. Be it down to distraction, FOMO, rushing, or tiredness, it’s not difficult to imagine how even experienced crypto users fall for these scams on a regular basis.

Scam Sniffer’s most recent monthly round-up identified “approximately 12K victims [who] lost $20.2 million to crypto phishing scams” in October, with four cases of over $1 million. Despite an overall total 56% lower than the previous month, the number of victims grew by 20%.

Source

admin 20018 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.