Strange ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec

Crypto Scams, Hacks and Exploits and How to Avoid Them: Crypto-Sec

DeFI uses: iVest hit by donation attack

Decentralized financial protocol iVest Finance was the victim of a $156,000 exploit on August 12, according to a report from blockchain security firm QuilAdits.

Transferring tokens to an empty address (0x0) usually causes them to be lost forever. However, in the iVest protocol, transfers to an empty address cause the _MakeDonation function to be called, which causes a “sender balance.” [to be] It was twice as much as it was mistakenly thought to be,” Quill Audit reported.

The attacker repeated these steps over and over, successfully withdrawing more than $156,000 worth of BNB and iVest tokens from the pool, most of which were deposited by other users.

Quill said he will provide further updates as information becomes available.

On its website, iVest describes itself as a “social fie and DAO management project to support our members and create thriving community projects through unique Tokinomics.” Cointelegraph contacted iVest for comment but did not receive a response by the time of publication.

Malware Vulnerability: AMD “Sinkclose” Affects Millions

According to a report from Wired, millions of PCs were affected by a vulnerability in AD processors discovered on August 9. The finding may be particularly concerning for users who run software wallets on these devices, such as MetaMask, Coinbase Wallet, Trustwallet, or others.

The vulnerability, called “Sinkclose,” allows an attacker to create a “bootkit” that “evades antivirus tools and is invisible to the operating system.” If a user's device is infected with a coil-related malware, it is almost impossible to remove. Even formatting the hard drive and reinstalling the operating system will not remove the malware.

The vulnerability was discovered by Enrique Nissim and Krzysztof Okupski, researchers at cybersecurity firm IOActive, and was announced on August 10 at the Defcon hacker conference.

According to a separate report from Tom's Hardware, AMD has issued mitigation packages for many of the affected processors, and affected PCs have been “suggested to receive an update.” However, some older models will never be patched because they “fall outside the software support window”. These processors include “Ryzen 3000 and higher processors and Stringripper 2000 and higher chips.”

For crypto users, the hack's vulnerability can be particularly worrisome. This means that if a device with an AMD processor is found to have malware, formatting the hard drive and reinstalling the OS may not successfully remove it. In this case, the user should consider discarding the device instead of trying to “wipe” it before installing a wallet.

For users who only make simple cryptocurrency transfers and don't use Web3 applications, using a hardware wallet can help reduce the risk of Sinkclose-based malware. But this web3 application is less likely to help users, because these applications usually require users to display a PC to display the transaction data, so the data cannot be displayed on the hardware wallet's LCD screen.

In light of the Sinkclose threat, users with AMD devices will want to make sure their processor or graphics card firmware is updated to the latest version.

Fish of the Week: Web3 player loses $69,000 on Tether

A web3 player and memecoin trader lost more than $69,000 worth of Tether (USDT) stablecoins to a phishing scam on August 9th.

At 10:33 PM UTC, the user approved the malicious account “Fake_Phishing401336” to spend all their money. USDT One minute after this was accepted, the attacker made two transfers from the victim's account to other accounts. One of these transfers was $58,702.42 and the other was $10,359.25 for a total of $69,061.67.

A blockchain security platform fraud sniffer detected the transactions and reported the attack on X.

Previously, the victim traded Web3 game tokens such as Heroes of Mavia (MAVIA) and Immutable X (IMX), as well as memecoins such as Harry Potter ObamaSonic10Inu, MAGA (TRUMP) and Hemule. Other than these facts, not much is known about the victim.

Token validation phishing scams are a common way for Web3 users to lose their tokens. In this type of scam, the attacker is tricked into visiting a website that contains a malicious application. The app often looks like something the user trusts, such as a video game, an NFT marketplace, or a memecoin trading app that the user has previously visited. But the truth is, these apps often reside in misspelled URLs and are not licensed by the company they claim to have made.

When the user pushes a button on the malicious app, the token authentication transaction is pushed to the user's wallet. If the user verifies this authentication, the attacker withdraws any approved victim's wallet. In this case, the user lost over $69,000 to the fraud.

Web3 users are advised to carefully scrutinize the URL and contract address of any website that requires a token license. This can save users from heavy losses.

Christopher Roark

Some say he's a white hat hacker who lives in the dark mining hills of Dakota and pretends to be a baby crossing guard to throw the NSA off his scent. All we know is that Christopher Roark has a pathological interest in hunting down fraudsters and hackers.