Crypto-Sec is a bi-weekly collection of crypto and cyber security stories and tips.
Table of Contents
ToggleFish of the Week: Turbo Todd fan lost $3,600
Evan Lai, a Memecoin collector and user of X Tech, lost more than 1 million Turbines, worth more than $3,600 at the time, when he fell victim to a phishing attack, according to a post he wrote on July 11. “I feel completely fine,” Ivan said.
He later lost his signals after receiving a phishing email containing a link he clicked. Evan didn't explain what happened after clicking the link, but it probably sent him to a malicious web application connected to the flushing protocol.
Blockchain data shows that two separate wallet drain transactions were performed on it. The first one poured 863,926 TURBO ($3,113.45) and sent to an address ending in Ace. The second invested 152,458 TURBO ($549) and sent EtherScan to a known malicious address with the tag “FakePhishing 328927”.
Given that the second transfer is much smaller than the first, the “FakePhishing” address may be the developer of the phishing software, while the “Aece” address may be owned by the person who ran the scam. Developers of phishing software usually charge a small percentage of the stolen property to allow fraudsters to use their services.
The user had previously called the “increase allowance” function on the Turbo contract, entered an unverified modern contract address ending in 1F78 as “withdraw”, and allowed him to withdraw a large number of tokens. The attacker later used this malicious contract to drain the tokens.
Because the user had previously authorized a malicious contract, Turbo knew that the contract was legitimate and was unable to block the attack. According to him, when Evan initiated this transaction, he did not know that he was allowing the tokens to be used by a malicious application.
A malicious contract only displays unreadable bytecode on Etherscan, and its functions are not available in human-readable form.
A phishing attack is a form of fraud in which the attacker poses as a trusted source and tricks the victim into providing personal information or performing a task the attacker wants them to perform. In this case, the attack allowed an application to steal the tokens without the user's knowledge.
Crypto users should be aware that some Web3 applications are malicious and exist to steal users' tokens. Users may want to carefully examine each wallet's credentials when approving transactions and avoid issuing token authorizations to untrusted applications.
Many wallet applications attempt to warn users when malicious sites ask for authentication credentials. However, these warning systems sometimes block legitimate sites as well.
White hat corner: Microsoft measures another zero-click office error
Microsoft has patched another “zero-click” security vulnerability in its Office Suite, according to a July 10 report from InfoSecurity magazine. The vulnerability could be that an attacker does not need the user to download a file in order to run malware on the user's machine. Instead, the user only needed to open the email for their device to be infected. For this reason, it is called “zero-click” vulnerability.
The new vulnerability was discovered by Morphysec, the same security group that discovered a zero-click vulnerability in Office products in June. But unlike the other vulnerabilities, this new one only allowed zero clicks from a “trusted sender.” If the sender was untrusted, the attack would have required the user to make a second click.
According to the report, Microsoft says the new vulnerability is more complex and less exploitable than the previous one. Still, he patched the attack vector on July 9.
Read more
Main characteristics
NFT failure and monster egos feature in new Murakami exhibition
Main characteristics
What happened to EOS? Community shots for an unlikely return
Getting infected with malware can be devastating. Once a device is infected, an attacker can use the malware to steal the user's keystore file and access their encryption credentials. Keystore files are encrypted, so having a strong password can help prevent this threat, but some malware also contains keylogging software that can record password typing.
Using a hardware wallet also helps prevent this threat, as the attacker cannot steal the keystore file if it is not on the device. But users who rely on software wallets should be aware that zero-click vulnerabilities are becoming more prevalent. For this reason, you may want to avoid opening emails from untrusted sources, even if you don't intend to click on links or files in the email.
CX: Evolve Bank Suffers Data Breach
This week's CEX report looks at the crypto-friendly Evolve Bank & Trust. Evolve has partnered with crypto payments app Juno and previously offered debit cards to users of now-defunct crypto companies FTX and BlockFi.
According to the bank's official statement, a hacker accessed Evolve's database on July 8 and leaked customer information. Blockchain security firm Veridisse has revealed that more than 33 terabytes of data was stolen.Tack and more than 155,000 accounts were affected.
2) Attackers stole 33TB of user data and breached the servers of @getevolved1925, a crypto-friendly bank.
While customer funds remained intact, sensitive personal information on more than 155,000 accounts at various companies was affected by the breach 💥 https://t.co/T4qrkFcBDo
– Veridise | (@VeridiseInc) July 9, 2024 We're hiring.
According to the bank, the cybercriminal group Lockbit is responsible for the attack. The group convinced an Evolve employee to tap a “malicious Internet link.” As a result, the attackers were able to access customer information and encrypted some of the information so that the bank could not use it. However, the bank used its backups to restore most of the lost data, so the only significant damage was the leak of customer data.
According to Evolve, the attackers offered to provide a ransom in exchange for the release of the data. However, the bank refused.
The attackers now have customers' “names, social security numbers, bank account numbers and contact information” as well as other “personal information,” according to Evolve. In addition, customer data of Evolve's Open Banking partners was leaked. The bank is still investigating to find out all the information that was compromised.
No money was lost in the attack, the bank said.
Evolve said it has taken steps to strengthen its security practices to prevent such a breach from happening again. In the meantime, he encourages customers to “be proactive by monitoring account activity and credit reports” and be on the lookout for future phishing attacks.
These potential attacks may include phone calls or emails impersonating legitimate companies and asking for personal information. Evolve also recommends that customers use two-factor authentication for their online accounts, as attackers may try to use customer data to access their accounts on other platforms.
Subscribe
A very engaging read in Blockchain. It is given once a week.
Christopher Roark
Some say he's a white hat hacker who lives in the dark mining hills of Dakota and pretends to be a baby crossing guard to throw the NSA off his scent. All we know is that Christopher Roark has a pathological interest in hunting down fraudsters and hackers.
