.png)
11 months ago
7
ARTICLE AD BOX
The post From CoinsPaid Breach to SEC Twitter Scandal: A Week in Crypto Hacking ( Jan 8th -Jan 14th) appeared first on Coinpedia Fintech News
It’s the new year, but the crypto heists continue. Same old, same old.
This week’s narrative, in particular, has taken an unexpected turn. Departing from conventional methods, hackers redirected their focus towards social media, notably Twitter accounts of reputable entities. The consequence? Substantial losses running into the millions.
Join us as we dissect the unfolding events in the crypto hacking domain, uncovering the unexpected nuances in the pursuit of illicit gains.
Crypto Gateway CoinsPaid: A $7.5M Breach
UPDATEAfter more investigation, our system has detected more unauthorized transactions on #BNB too involving @coinspaid
Hacker has got another $1M worth of digital assets 924K BSC-USD and 268.5 $BNB.
All together total loss is $7.5M
Hacker's address:… https://t.co/877vBm0Uah pic.twitter.com/xD6tg9QznK
Cyvers Alerts (@CyversAlerts) January 6, 2024
Well-known crypto payment gateway CoinsPaid experienced its second security breach in six months. Multiple irregular transactions were detected on Jan. 6 allowing the withdrawal of $6.1 million worth of digital assets in Tether and CoinsPaid’s native token CPD.
The platform had previously weathered a security breach in July 2023, where a staggering $37 million was pilfered. The modus operandi involved hackers employing a faux job interview, tricking an employee into downloading a malicious code. This breach granted unauthorized access to CoinsPaid’s infrastructure, exposing vulnerabilities in their security protocols.
SEC Twitter Account Hack
Bitcoin (BTC) experienced a tumultuous ride, witnessing $90 million in liquidations. The trigger? Fictitious tweets from a compromised SEC account announcing the approval of a bitcoin ETF. The tweet, live for a brief 30 minutes, led to erroneous reports from various news outlets and online personalities regarding the SEC’s endorsement of spot bitcoin ETFs. The unauthorized tweet has since been expunged, leaving repercussions in the crypto market.
So, Who’s to Blame?
The SlowMist Security Team issues a vital security alert in response to an upsurge in impersonators masquerading as journalists for phishing schemes. Utilizing broken Chinese in their communication, scammers deploy a seemingly innocuous Calendly link.
Unbeknownst to victims, this link subtly transforms its name to “Calendly” upon clicking, facilitating scammers to compromise Twitter accounts and circulate phishing links through compromised tweets. Vigilance against unfamiliar links is crucial.
MangoFarm on the Radar
Suspicions of a rug pull surrounded the MangoFarm project, with its official Twitter account now inaccessible and losses amounting to a significant $1,000,000.
Meanwhile, Polychain Capital, a cryptocurrency venture capital firm, confirmed the compromise of its founder and CEO Olaf Carlson-Wee’s Twitter account. Hackers exploited this breach to disseminate phishing links containing false airdrops.
The security firm CertiK also fell victim to an unexpected compromise. Attackers seized control of their Twitter account, disseminating false information about the vulnerability of Uniswap router contracts and phishing links to reentrancy attacks.
All in all…
As we wrap up this week’s crypto hack roundup, the targeted assault on Twitter accounts of high-profile figures underscores the ever-evolving strategies employed by hackers in the crypto sphere.
Brace yourself for more insights into the dynamic world of crypto security, where each week unveils new challenges and unexpected twists. Stay tuned.
English (US)