‘Elon Musk in Bitcoin 2024’ Scam, Lazarus Group Hacks, MOG Phishing: Crypto-Sec
3 months ago Benito Santiago
Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec
Table of Contents
ToggleDeeply Fake Scams: Bitcoin Conference AI Costs $79K
While the Bitcoin 2024 conference was taking place on July 25-27, crypto users lost more than $79,000 due to the conference's deeply fake AI live stream. The fake live stream showed footage of Elon Musk giving a speech, but while Musk was rumored to be in attendance, he didn't speak at the conference and apparently had no involvement in the video — just like countless other Mac-related hoaxes online.
Michael Dunworth, founder of crypto payment service Wire, reported a deep fake scam via X post on July 26. “I've had people call me saying that Elon Musk is giving away free Bitcoins at Bitcoin '24,” he said. “No wonder, a fake live stream with audio and 70k+ (fake) people watching the live stream.”
According to Dunworth's article, the fake live video was posted on a channel called “Tesla,” named after Elon Musk's car company, but was not approved. The actual live stream of the conference, meanwhile, was posted on Bitcoin Magazine's official YouTube channel.
Bitcoin consulting firm reported another version of the scam on July 27. This version was posted on a YouTube channel called KHORTEX.
The live stream featured an AI-generated video telling viewers Elon Musk to send bitcoins to an address, which he said would allow them to receive double it back. A similar Elon Musk deep-fake hoax was circulated in May.
Blockchain data shows that some viewers have sent crypto to fraudulent addresses. The Bitcoin network address linked to the scam reached 0.77 Bitcoin (BTC), worth approximately $53,000, based on the price of Bitcoin between July 28-29. An additional 4.531 Ethereum (ETH) (approximately $26,000) was sent to the fraudulent Ethereum address and 4,136 Dogecoin (DOGE) (valued at $537.34) was transferred to the Dogecoin address. In total, viewers of the fake live stream lost more than $79,000 to the scam.
Deep fake scams are on the rise and even if videos appear to be from a credible source, they may be completely fake and AI-generated content. Always check the source of videos before relying on any information in them and if an investment proposition seems too good to be true, it probably is. No one is going to send you back twice as much for something.
Fish of the week: MOG owner scammed by scammer
MOG, which owns Meme Coin, lost over $148,000 to a phishing scam on July 28. The attacker drained 82 billion MOG from the victim's wallet – 16.4 billion ($29,720 based on current prices) went to the removal app developer. And another 65.6 billion ($118,880) went to the phishing scam. Blockchain security firm PeckShield reported the attack on X.
MOG is a meme coin intended to honor the pick-up-artist concept of “mamog” or asserting one's dominance over another person by showing their attractiveness to a third person. The coin launched in July 2023. It has gained more than 3,617% since February, according to data from Coinmarketcap.
According to PeckShield, the attacker extorted $10,000 worth of BASED tokens in a separate attack on the victim's BASE network.
In technical terms, what happened was that the victim on the Ethereum network apparently submitted a signed transaction message that allowed the attacker to call the Permit2 function on Uniswap's official router. Blockchain data shows that the victim's account is set as “owner” and a malicious smart contract with an address ending in cbbF is set as “spend”.
The malicious “spending” contract was created by a known phishing account on Etherscan named “Fake_Phishing188615” and was created when the authorization function was called.
Cryptophishing is a technique used to trick users by setting up a fake website that often looks like it's from an authoritative source. To help avoid such scams, crypto users should be careful not to sign marketing messages if they are unsure of what they are dealing with or are unfamiliar with the website they are using.
Phishing scammers often use a domain name that appears to be the company's official name, so checking the site's URL is sometimes an effective way to avoid these scams. But URLs can look very similar due to the use of wildcard characters that look the same outside of English.
CEXs: DMM hacker has mixed funds with Poloniex hacker wallet.
On July 27, on-chain Zacksbit reported that the funds from the May 31 DMM hack have now been combined with those from the Poloniex hack from November 2023, indicating that these two hacks must have been carried out by the same individual or group. ZachXBT suspects that both attacks were carried out by the Alazarus group.
“The dust left earlier today from the Poloniex November 2023 hack and the DMM Bitcoin May 2024 hack to the same address solidified the links to the Lazarus group,” he said.
In crypto transactions, the term “dust” refers to the very small amount of crypto that may be left in a wallet after large transactions. Zack mentions two different wallet accounts in his post, one with roughly $0.10 worth of ETH and the other with less than $0.01 worth.
The DMM hack was the biggest exploit on a central exchange in 2024. More than $300 million was lost in the attack.
Also Read: Japanese Exchange DMM Loses $305M in Bitcoin in Private Key Hack
Ransomware: Microsoft discovered ESXi backdoor
Microsoft has reportedly discovered a new attack vector being used by crypto-ransomware attackers. He released the study's findings in a blog post on July 29. The vulnerability affected ESXi servers, although it has now been removed with a patch.
The ESXi server software produced by VMWare bypasses the operating system and runs directly on enterprise-class hardware. This type of software is often called “bare metal”.
Microsoft confirmed that a flaw in the ESXi server code could allow ransomware attackers to take control of the device and encrypt its contents, disrupting operations and making it impossible to recover without the attacker's decryption key. Researchers have observed several attacks based on this vulnerability, some of which installed the popular Akira and Black Bust ransomware programs.
To carry out the attack, hackers only had to enter the commands, “net group ‘ESX Admins'/domain/add” and “net group ‘ESX Admins' username/domain/add”. Entering these commands gives the attackers “full administrative access” to the device, which allows them to encrypt all its contents.
These commands work because the domain group ‘ESX Admins' has full administrative access by default, even though the group does not exist by default and no authentication process is performed to verify its existence.
Ransomware is a type of malicious attack in which an attacker steals files and locks and compromises devices in an attempt to cause ongoing damage to an organization. The attacker then demands a payment in cryptocurrency in return for repairing the damage or restoring the device. Due to the irreversible nature of blockchain transactions, cryptocurrency networks are preferred payment methods by ransomware attackers.
Also Read: Wazir X Hackers Prepared 8 Days Before Attack, Fraudsters Register Fake Fees For USDT: Asia Express
Christopher Roark
Some say he's a white hat hacker who lives in the dark mining hills of Dakota and pretends to be a baby crossing guard to throw the NSA off his scent. All we know is that Christopher Roark has a pathological interest in hunting down fraudsters and hackers.
