Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Crypto Scam. Show all posts
Trading Bots
AI Trading Blockchain Security Crypto Scam Cyber Fraud Trading Bots

Crypto Scammers Are Targeting AI Trade Bots

 

The blockchain security company CertiK disclosed how a new generation of scammers is changing their tactics to target automated trading bots in the wake of the LIBRA meme currency fiasco, in which insiders were given advanced information of the launch procedures.

Kang Li, the chief security officer at CertiK, told Decrypt last week at Consensus in Hong Kong that some smart contracts are intentionally made to target the snipers.

The observations follow Hayden Davis's description of such ventures as a "zero-sum game" in which only a few have power. Davis is the self-described "launch strategist" for LIBRA and other celebrity meme coins.

Even at the top, all of it is extractive to some degree—none of it has value, Davis stated in an interview with Coffeezilla's Stephen Findeisen last Sunday. He explained how "professional snipers" are involved in meme coin launches, front-running a token and loading up to buy in before a launch is made public.

Smart contract sniping is a technique in which bots watch on-chain activity for newly issued tokens and execute deals before human traders can react. These bots use on-chain technology and are trained to execute trades as soon as liquidity becomes available. According to Li, a new breed of shrewd fraudsters is creating fake tokens with hidden "backdoors" that appear secure to AI-powered trading bots trained to identify security issues. 

Although these artificial intelligence trading bots "are not dumb" and examine tokens "to see if you have any clear rug-proofing function there," Li noted that scammers have exploited this as a bait-and-switch tactic. 

Following the launch of a token, the scammers "immediately promote [this] in all the AI trading community," and "once they have a few buys, they rug pull it," Li added. 

Li refutes the notion that blockchain security is unnecessary for meme coins and pump-and-dump operations, claiming that the actual risks are in who controls the token, price manipulation, and the history of those behind it. These scams are taking place on a "massive scale," potentially resulting in losses of "tens of millions of dollars," according to Li. With no fear of legal repercussions, scammers 'simply keep destroying' trading bots, taking advantage of a victim.
Read more »
Web3 Wallet
Crypto Scam Cyber Fraud ScamSniffer Transaction Simulation Web3 Wallet

New Crypto Threat: Transaction Simulation Spoofing Leads to $460,000 Ethereum Theft

 


Cybercriminals are employing a sophisticated technique called “transaction simulation spoofing” to steal cryptocurrency, with a recent attack resulting in the theft of 143.45 Ethereum (ETH), valued at nearly $460,000. This exploit, identified by blockchain security platform ScamSniffer, targets vulnerabilities within the transaction simulation features of modern Web3 wallets—tools designed to protect users from malicious and fraudulent transactions.
 
How the Attack Works

Transaction simulation is a security feature that allows users to preview the outcome of a blockchain transaction before approving and executing it. This function helps users verify transaction details, such as:
  • The amount of cryptocurrency being sent or received.
  • Applicable gas (transaction) fees.
  • Changes to on-chain data resulting from the transaction.
Attackers exploit this feature by directing victims to a fraudulent website disguised as a legitimate platform. On this site, users are prompted to interact with a seemingly harmless “Claim” function. The simulation preview misleadingly shows that the user will receive a small amount of ETH. However, due to the brief time gap between simulation and actual execution, attackers manipulate the on-chain contract state, altering the transaction’s behavior. When the user approves the transaction based on the simulation, they unknowingly authorize the transfer of their entire cryptocurrency balance to the attacker’s wallet. ScamSniffer reported a real-world example where a victim signed the deceptive transaction just 30 seconds after the contract state was modified, leading to the loss of 143.45 ETH.


“This new attack vector represents a significant evolution in phishing techniques,” stated ScamSniffer. “Instead of relying on basic deception, attackers are now exploiting trusted wallet features that users depend on for security. This advanced method makes detection much more difficult.”

Mitigation Strategies for Wallet Developers

To counteract such threats, ScamSniffer recommends several security improvements for Web3 wallets:
  • Limit Simulation Refresh Rates: Align refresh rates with blockchain block times to reduce the window for manipulation.
  • Mandatory Simulation Refresh: Force wallets to refresh simulation results before executing critical actions.
  • Expiration Warnings: Implement alerts that notify users when simulation results become outdated.

Precautions for Crypto Holders

For cryptocurrency users, this incident highlights the risks of fully trusting wallet transaction simulations. To enhance security, users should:
  • Exercise caution with “free claim” offers on unfamiliar websites.
  • Only interact with verified and trusted decentralized applications (dApps).
  • Regularly review wallet permissions and revoke access to suspicious platforms.
As phishing tactics grow more sophisticated, staying vigilant and adopting secure practices is crucial for protecting digital assets.
Read more »
Investment Scam
bank scams CFPB Crypto Scam cryptocurrency Cyber Security DBS Bank Investment Scam

California Man Sues Banks Over $986K Cryptocurrency Scam



Ken Liem, a California resident, has filed a lawsuit against three major banks, accusing them of negligence in enabling a cryptocurrency investment scam. Liem claims he was defrauded of $986,000 after being targeted on LinkedIn in June 2023 by a scammer promoting crypto investment opportunities. Over six months, Liem wired substantial funds through Wells Fargo to accounts held by Hong Kong-based entities.

Liem’s ordeal escalated when his cryptocurrency account was frozen under false allegations of money laundering. To regain access to his funds, scammers demanded he pay a fake IRS tax—an established tactic used to maximize financial extraction from victims before vanishing.

The lawsuit names three financial institutions as defendants:
  • Chong Hing Bank Limited (Hong Kong-based)
  • Fubon Bank Limited (Hong Kong-based)
  • DBS Bank (Singapore-based, with a Los Angeles branch)

Allegations of Negligence and Non-Compliance

Liem accuses these banks of failing to follow mandatory “Know Your Customer” (KYC) and anti-money laundering (AML) protocols as required by the U.S. Bank Secrecy Act. The lawsuit asserts that the banks:
  • Failed to Verify Identities: Inadequate due diligence on account holders allowed fraudsters to operate unchecked.
  • Neglected Business Verification: The nature of the businesses linked to these accounts was not properly investigated.
  • Ignored Complaints: Liem reported the scam in August 2024, but the banks either disregarded his concerns or denied accountability.

The lawsuit contends that these financial institutions enabled the transfer of illicit funds from the U.S. to Asian accounts tied to organized scams by ignoring suspicious transactions.

Liem's case highlights the growing debate over banks' responsibility in preventing fraud. While lawsuits of this nature are uncommon, they are not without precedent. For instance:
  • January 2024: Two elderly victims of IRS impersonation scams sued JPMorgan Chase for allowing large international transfers without adequate scrutiny.

Globally, different approaches are being adopted to address fraud:
  • United Kingdom: New regulations require banks to reimburse scam victims up to £85,000 ($106,426) within five days, though banks have pushed back against raising this cap.
  • Australia: Proposed legislation could fine banks, telecom providers, and social media platforms for failing to prevent scams.
  • United States: The Consumer Financial Protection Bureau (CFPB) has taken legal action against Bank of America, Wells Fargo, and JPMorgan Chase for not preventing fraud on the Zelle platform, which has resulted in $870 million in losses since 2017.

As global authorities and financial institutions grapple with accountability measures, victims like Ken Liem face significant challenges in recovering their stolen funds. This lawsuit underscores the urgent need for stronger fraud prevention policies and stricter enforcement of compliance standards within the banking sector.
Read more »
Ransom
Crypto Extortion Crypto Scam Cyber Crime Kidnapping Ransom

Crypto Dealers Targeted in Alarming Kidnapping and Extortion Cases

 

Recent incidents have revealed a troubling trend of cryptocurrency dealers being targeted for kidnappings and extortion. These cases underline the risks associated with the growing prominence of the cryptocurrency sector.

French authorities recently rescued a 56-year-old man found tied in the trunk of a car in Le Mans. According to France Bleu Normandie, the man had been abducted on New Year’s Eve by masked assailants who broke into his home, tied him and his wife up, and transported him approximately 500 kilometers across the country.

The captors used encrypted communication networks to demand a ransom from his son, a cryptocurrency influencer based in Dubai. The victim was discovered disoriented and covered in gasoline, prompting an ongoing investigation as the perpetrators remain at large.

Global Surge in Crypto-Related Crimes

Cryptocurrency's rising value and adoption have made it a lucrative target for cybercriminals. On December 17, Bitcoin (BTC) reportedly reached significant highs, amplifying interest in the sector. This growth has drawn attention from threat actors engaging in malware attacks, kidnappings, and extortion schemes.

For instance, on December 25, a cryptocurrency merchant in Pakistan was kidnapped in Karachi. The assailants coerced the victim into transferring $340,000 in cryptocurrency before abandoning him. Seven individuals, including a Counter-Terrorism Department officer, were later arrested, and charges for kidnapping and extortion were filed under the Pakistan Penal Code.

Cryptocurrency and Ransom Scams

In Australia, a case involving a Saudi royal highlighted the use of social platforms in abduction schemes. The victim was lured via a dating app to a location where he was ambushed and restrained. Threatened with severe harm, he transferred $40,000 in Bitcoin. While the lead perpetrator, Catherine Colivas, avoided prison due to mitigating circumstances, the case underscores the broader vulnerabilities in cryptocurrency transactions.

According to analysts at Chainalysis, the expanding ransomware landscape compounds these risks. Tracking incidents and ransom payments made in cryptocurrencies remains a significant challenge, emphasizing the need for heightened security and vigilance in the sector.

Read more »
Private Keys
Crypto Scam Cyber Attacks Ethereum Financial Exploit phishing Private Keys

Crypto Phishing Scams: $47M Lost in February

 


In February, cybercriminals orchestrated a series of sophisticated crypto phishing scams, resulting in a staggering $47 million in losses. These scams, often initiated through social media platforms like X (formerly Twitter), saw a dramatic 40% surge in victims compared to January, with over 57,000 individuals falling prey to their deceitful tactics. Despite the increase in victims, the overall amount lost decreased by 14.5%, indicating a slight reprieve amidst the relentless onslaught of crypto-related scams.

Leading the charge in terms of losses were Ethereum (ETH) and the layer-2 network Arbitrum (ARB), accounting for three-quarters and 7.4% of the total losses, respectively. ERC-20 tokens, a popular form of cryptocurrency, constituted a staggering 86% of the assets pilfered by cybercriminals, highlighting their preference for easily transferable digital assets.

At the heart of these scams lies a cunning strategy: impersonating legitimate entities, such as well-known crypto projects, to trick unsuspecting users into divulging sensitive information like private keys. These keys serve as a gateway to users' digital wallets, which are subsequently raided by the scammers, leaving victims reeling from substantial financial losses.

Scam Sniffer, a prominent anti-scam platform, shed light on the prevalent use of fake social media accounts in these fraudulent schemes. By impersonating X accounts of reputable crypto projects, phishers exploit users' trust in official channels, coaxing them into unwittingly surrendering their private keys.

The year 2023 witnessed a staggering $300 million in losses due to crypto phishing scams, ensnaring over 320,000 users in their intricate web of deception. In recent times, scammers have adopted a new tactic, luring users with enticing "airdrop claim" links, which, unbeknownst to the victims, serve as traps to drain their wallets of funds.

Even high-profile entities like MicroStrategy have fallen victim to these scams, with their social media accounts compromised to disseminate phishing airdrop links. Additionally, the email services of reputable Web3 companies have been hijacked to distribute fraudulent airdrop claim links, resulting in significant financial losses for unsuspecting victims.

To shield themselves from falling prey to these scams, users are urged to exercise utmost vigilance and meticulously scrutinise any suspicious communication. Signs such as typographical errors, content misalignment, and grammatical inconsistencies should serve as red flags, prompting users to exercise caution when engaging with crypto-related content online.

By staying informed and adopting proactive measures, individuals can practise safety measures against these malicious schemes, safeguarding their hard-earned assets from falling into the clutches of cybercriminals.


Read more »
Technology
AI AI bots Artificial Intelligence Crypto Scam Technology

AI Amplifies Crypto Scam Threat, Warns Web3 Expert

 

hThe utilization of artificial intelligence (AI) by cybercriminals in crypto scams has taken a concerning turn, introducing more sophisticated tactics. Jamie Burke, the founder of Outlier Ventures, a prominent Web3 accelerator, highlighted this worrisome development in an interview with Yahoo Finance UK on The Crypto Mile. Burke shed light on the evolution of AI in cybercrime and the potential consequences it holds for the security of the crypto industry.

The integration of AI into crypto scams enables malicious actors to create advanced bots that can impersonate family members, tricking them into fraudulent activities. These AI-powered bots closely resemble the appearance and speech patterns of the targeted individuals, leading them to make requests for financial assistance, such as wiring money or cryptocurrency.

Burke stressed the importance of implementing proof of personhood systems to verify the true identities of individuals involved in digital interactions.

Burke said: “If we just look at the statistics of it, in a hack you need to catch out just one person in a hundred thousand, this requires lots of attempts, so malicious actors are going to be leveling up their level of sophistication of their bots into more intelligent actors, using artificial intelligence.”  

The integration of AI technology in cybercrime has far-reaching implications that raise concerns. This emerging trend provides cybercriminals with new avenues to exploit AI capabilities, deceiving unsuspecting individuals and organizations into revealing sensitive information or transferring funds.

By leveraging AI's ability to mimic human behavior, malicious actors can make it increasingly difficult for individuals to distinguish between genuine interactions and fraudulent ones. Encountering an AI-driven crypto scam can have a severe psychological impact, eroding trust and compromising the security of online engagements.

Experts emphasize the importance of cultivating a skeptical mindset and educating individuals about the potential risks associated with AI-powered scams. These measures can help mitigate the impact of fraudulent activities and promote a safer digital environment.
Read more »
User Security
Crypto Phishing Crypto Scam Cyber Fraud Online Security Phishing scam User Privacy User Security

Cryptocurrency Scams: How to Detect and Avoid Them

 

Due to the prevalence of fraudulent activity since its inception, the bitcoin market has become well-known. Scammers employ a number of techniques to trick bitcoin consumers and take their hard-earned money. 

How do crypto phishing scams work?

The well-known cyberattack known as phishing has been around for a while. The FBI Internet Crime Report for 2022 states that phishing was the most prevalent technique, with 300,497 victims losing $52 million as a result. This fraudulent activity has now spread to the world of cryptocurrencies. 

A crypto phishing scam is a strategy used by scammers to steal sensitive information, such as the private key to your wallet. They accomplish this by posing as a trustworthy organisation or individual and requesting personal information from you. The information you supply is then used to steal your digital assets. 

Crypto phishing scams have become more frequent in recent years. A well-known cryptocurrency hardware wallet maker, Trezor, issued a warning regarding a large crypto phishing attack in February 2023. Users of Trezor were the target of scammers who sent them fictitious security breach alerts in an effort to get them to divulge their recovery seed phrase, which the attackers could then use to steal their cryptocurrency. 

Identifying crypto phishing scams

Following are five warning signals to watch out for to prevent becoming a victim: 

The majority of the time, cybercriminals send mass emails or messages without checking the language, spelling, or sentence structure. As a result, grammatical errors are the clearest indication of a phishing letter. Clear communication with their clients is important to reputable businesses. 

Scammers frequently copy the logos, colour schemes, typefaces, and messaging tones of respectable businesses. The branding of the crypto businesses you utilise should therefore be familiar to you. 

The URLs in the message should always be double-checked because phishers often utilise links that look real but actually take you to dangerous websites. 

Prevention tips 

Don't disclose your private keys: Your private keys are what allow you to access your cryptocurrency wallet. Keep them confidential and never give them out. 

Educate yourself: Stay up to date on the latest cyber risks and best practises for keeping your cryptocurrency secure. The more you know about self-defense, the better prepared you'll be to defend against cyber-attacks.

In-depth research: Before investing in any cryptocurrency, properly investigate the concept and the team behind it. Examine the project's website, white paper, and social media outlets to establish its legitimacy.
Read more »
Suspected Hackers
Crypto Scam Cyber Crime Cybersecurity NFT NFTs Suspected Hackers

Five Suspects Charged for $2.5 million Worth NFTs Theft, Targeting Bored Ape NFT Owners

 

On Wednesday, October 12, five crypto scammers in France faced allegations of collaborating in a phishing scam and were consequently charged. Allegedly, the suspects have audaciously acquired and resold $2.5 million worth of blue chip non-fungible tokens (NFTs). The phishing scam prominently targeted Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) owners. 
 
As per the prosecution, the alleged suspects leveraged a phishing scam in order to steal the assets, enticing victims through a fake website, while promising to animate their NFTs, reports Agence France Presse (AFP) in a post by Barrons. 
 
The charged suspects aged between 18 and 24, are residents of Paris, Caen, and Tours. Two of the five scammers are charged with manufacturing the fraudulent phishing site that enabled the theft. The rest three were accused of taking charge of advertising and money laundering aspects of the phishing, says deputy chief of France’s cyber-crime authority, Christopher Durand. 
 
The prosecution charges included “fraud committed as a part of criminal gang, concealing fraud and criminal association.” The subjects have been placed in pre-trial detention by the French authorities, along with their parents. The parents of one of the accused have also been arrested, but later they were released without charge. 
 
The deputy chief says that the probe was initially started as a result of an investigation by well-known Twitter user “ZachXBT" ZachXBT, describing himself as an “on-chain sleuth" in a blog post mentioned how the Twitter user “Dilly Dilly" had clicked on a link shared by “a verified member of the BAYC Discord" and consequently had his BAYC NFT stolen after approving a transaction on website that “he was lead to believe would produce an animated version” of his NFT.  
 
ZachXBT claims that after selling the stolen tokens on the NFT marketplace Opensea, the accused tried to hide the tracks by using the now-sanctioned Tornado Cash protocol. 
 
A report by blockchain analytics firm Elliptic suggests that over $100 million worth of NFTs being stolen between July 2021 and July 2022. Along with these recent incidents, NFT fraud seems to be rapidly booming in general and thus has sparked security concerns.  
 
This news sees the light of day when the firm behind the Bored Ape collection, Yuga Labs is under investigation for its business practices. Although the organization has not yet been charged with any misconduct, the Securities and Exchange Commission (SEC) is now investigating the start-up, to check if the anonymous sources reported by Bloomberg are true.
Read more »
Subscribe to: Posts (Atom)