Latest Hackers News and Insights | Yellow.com

A cryptocurrency investor has lost $32 million in a phishing attack with an infamous Inferno Drainer tool. The incident occurred on September 28, 2024. It was first reported by blockchain security firm ScamSniffer on social media platform X. The victim lost 12,083 wrapped ether tokens (spWETH). These tokens are linked to the Spark decentralized finance protocol. Their current value is approximately $32.4 million. Blockchain intelligence firm Arkham identified the attack method. The scammer used Inferno Drainer, a notorious scam-as-a-service tool. This software creates fake versions of popular DeFi applications and tricks users into signing malicious transactions. Inferno Drainer has a significant history of theft. A Dune Analytics dashboard by ScamSniffer shows it has stolen over $215 million from more than 200,000 victims. The service's operators allegedly take a 20% commission on stolen tokens. The tool was thought to be defunct. Its developers shut it down in November 2023. However, it resurfaced in May 2024. The new version claimed improved features and wider blockchain support. The victim's identity remains unconfirmed. Blockchain investigator ZachXBT noted transactions linking the compromised wallet to a whale known as CZSamSun. This is not the same as the Paradigm researcher @samczsun on X. The victim has offered a reward. A message from the compromised wallet promises 20% for the return of stolen funds. The alleged scammer has not responded. LookOnChain, a blockchain analytics firm, advised caution. They urged users to avoid unfamiliar links and verify all transactions before signing. This can help prevent similar attacks. In a related development, a fake wallet app has caused further losses. The app, masquerading as WalletConnect, stole $70,000 from users, targeting mobile users exclusively, a first of its kind according to researchers. Check Point Research uncovered the scam. The malicious app deceived over 10,000 users into downloading it and exploited common web3 user frustrations to market itself as a solution. These incidents highlight ongoing security risks in the cryptocurrency space. Users are advised to remain vigilant and verify all transactions carefully.

A malicious cryptocurrency wallet application on the Google Play Store has siphoned $70,000 from users. The app was downloaded 10,000 times over five months. Cybersecurity firm Checkpoint Research (CPR) uncovered the scheme. The malware posed as an app for WalletConnect, a protocol linking crypto wallets to decentralized applications. WalletConnect does not have an official app, and scammers exploited this fact to target confused users. "Inexperienced users might think WalletConnect is a separate wallet app," CPR explained. This misconception led victims to search for and download the fake app. The malicious "WalletConnect – Crypto Wallet" appeared at the top of Google Play search results. It leveraged the trusted WalletConnect name to lure victims. Over 150 users fell prey to the scam. The attackers employed social engineering and technical manipulation to execute their plan. CPR noted the sophisticated nature of the operation. "They capitalized on a well-known name and exploited user confusion," the firm stated. The scammers accumulated significant cryptocurrency without raising immediate alarms. They achieved this through clever tactics and exploitation of user trust. Unlike typical crypto scams, this exploit used smart contracts and avoided conventional attack methods such as keyloggers. The incident highlights the ongoing security challenges in mobile app stores. It underscores the need for vigilance when downloading cryptocurrency-related applications.

Another day, another hack. Truflation, a blockchain project backed by Coinbase Ventures, has fallen victim to a malware attack. Blockchain analysts estimate the loss at $4.6 million. This is a second large attack in the recent days, following BingX $50 million hack on September 20. The attack was detected on September 25th, 2024. Truflation's team reported "abnormal activity" on social media platform X. They are now working with law enforcement to investigate the incident. Web3 security firm Cyvers reports that attackers gained control of Truflation's safe address, this led to the loss of $4.6 million worth of TRUF tokens. Blockchain investigator ZachXBT corroborated this information on Telegram. Truflation has halted its staking services as a precautionary measure. The company is offering a reward to white hat hackers who can assist in the investigation or recovery efforts. They maintain that no customer funds were compromised. CEO Stefan Rust addressed the situation in a video statement, in which he suggested the malware was likely injected into computers during the Token2049 event in Singapore last week. This resulted in unauthorized access to treasury funds. "We are working with the best investigators and crypto security experts," Rust stated. He emphasized the company's commitment to transparency throughout the investigation process. Blockchain data platform Zapper provided a breakdown of the stolen assets. These include $3.89 million in TRUF, $1.07 million in ETH, and $236,700 in DAI from Ethereum wallets. Additional tokens such as BNB, WETH, and qSQTH were also taken. Rust disclosed that his personal account was also hacked. He warned users about potential scammers impersonating the Truflation team. "We will not ask you for tokens," he cautioned. The CEO expressed mixed emotions about the timing of the attack as Truflation was reportedly preparing to make several significant announcements. "I am super excited and disappointed," Rust admitted. This incident highlights the ongoing security challenges faced by blockchain projects. It serves as a reminder of the importance of robust cybersecurity measures in the rapidly evolving crypto landscape. Earlier yellow wrote about the 10 most high-profile hacker attacks in the DeFi world in recent years.

BingX, a Singapore-based cryptocurrency exchange, has confirmed a security breach. The incident resulted in "minor asset loss," according to company officials. Vivien Lin, BingX's chief product officer, disclosed the attack. It occurred around 4 am Singapore time on September 20 when the technical team detected "abnormal network access" to BingX's hot wallet. "We immediately started our emergency plan," Lin stated on X (formerly Twitter). This included urgent asset transfers and withdrawal suspensions. Lin emphasized that BingX keeps minimal funds in hot wallets. The exact loss amount is still being calculated. Earlier, blockchain security firm PeckShield reported suspicious outflows. They estimated losses at over $13.5 million. But analytics platform Lookonchain suggested a higher figure of $26 million. BingX has temporarily halted withdrawals. They expect to restore services within 24 hours. The exchange is conducting an "emergency inspection" and strengthening wallet security. Lin assured users that BingX would "fully compensate" for the losses. She stated that user assets remain safe, and the company maintains the loss is "minimal and manageable." A BingX spokesperson told Cointelegraph they are still assessing the situation. "We will announce the details soon," they added. Critics have questioned BingX's transparency. Harrison Leggio, co-founder of crypto startup g8keep, challenged the exchange's initial "wallet maintenance" explanation. Blockchain data shows millions in various tokens transferred from a BingX hot wallet. The recipient address held over $9.5 million across nine blockchains at the time of reporting. Recent transactions suggest attempts to obscure fund origins. Small amounts have been moved through decentralized exchange Kyberswap, a common tactic among hackers. The incident highlights ongoing security challenges in the cryptocurrency sector. It underscores the importance of robust security measures for digital asset exchanges.

A new scam is causing havoc in the Solana ecosystem. Users are buying tokens that vanish within seconds. The culprit? A sneaky abuse of Solana's "Permanent Delegate" extension. Slorg, a member of Jupiter's Core Working Group, flagged the issue. "Imagine you swap for a token and the wallet history confirms that you received it. But then you look inside and nothing shows up," he posted on X. The scam exploits a feature in Solana's Token 2022 standard. PeckShield, a blockchain security firm, explained the technicalities to Cointelegraph. The extension grants unrestricted privileges over token accounts. Solana's website describes the feature's intended uses. These include retrieving mistakenly transferred tokens and enabling automatic payments. However, they admit it's a "double-edged sword". So why burn victims' tokens? Slorg offered two theories. "Sometimes scammers just want to see destruction and chaos," he said. It's a mix of prank and malice. The second reason is more calculated. Burning tokens reduces float. "If someone can't sell, the price won't decrease," Slorg explained. Even small profits can add up for persistent scammers. PeckShield suggested another motive. The scam could be an attempt to manipulate token supply. This affects the cryptocurrency's overall economics. Beosin, another security provider, had a different take. They believe scammers might use this tactic to create a false impression of token scarcity. This could artificially inflate prices. The crypto community is fighting back. Jupiter and RugCheck have created indicators for this extension. But Slorg stressed the need for caution. "Always have a routine that you don't deviate from," he advised. As the Solana ecosystem evolves, so do the scams. Users must stay vigilant. The price of carelessness in crypto can be steep. It's a wild world out there, and even seasoned traders are getting caught out.