Search for Risk
Lucky Star Rug Pull
The strategy employed by the malicious actor(s) appears rather straightforward yet carefully executed. LSC tokens were illicitly withdrawn, converted to BUSD, and ultimately consolidated into a single address (0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896). Funds were finally moved to MEXC Global Exchange Link : https://medium.com/sentinel-protocol/a-closer-look-at-the-lucky-star-rug-pull-a-1m-cryptocurrency-heist-79112df2f4f5 Link : https://twitter.com/CertiKAlert/status/1711440972796604521 Address that launder BUSD : 0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896
Email Scam
Hello pervert, I've sent this message from your Microsoft account. I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisеly. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS and Windows. I guess, you already figured out where I’m getting at. It’s been a few months since I installed it on all your dеviсеs because you were not quite choosy about what links to click on the intеrnеt. During this period, I’ve learned about all aspects of your private life, but оnе is of special significance to me. I’ve recorded many videos of you jerking off to highly controversial роrn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick реrvеrsiоn. I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks. Every number in your contact Iist will suddenly receive these vidеоs – on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your fоrmеr life. Don’t think of yourself as an innocent victim. No one knows where your реrvеrsiоn might lead in the future, so consider this a kind of deserved рunishmеnt to stop you. I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mеrсy is not free. Transfer 1400$ to my Litecoin (LTC) wallet: ltc1qsv3zptrkyzvve4cn02w827pjjzqjlaw0r4400d Once I receive confirmation of the transaction, I will реrmanently delete all videos compromising you, uninstаll Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second. I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” or "buy Litecoin" and then it will be no harder than buying some useless stuff on Amazon. I strongly warn you against the following: * Do not reply to this email. I've sent it from your Microsoft account. * Do not contact the police. I have access to all your dеviсеs, and as soon as I find out you ran to the cops, videos will be published. * Don’t try to reset or destroy your dеviсеs. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the vidеоs are рublished. Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided аddrеss. Good luck, my perverted friend. I hope this is the last time we hear from each other. And some friendly advice: from now on, don’t be so careless about your online security.
Email Scam
Hello pervert, I've sent this message from your Microsoft account. I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS and Windows. I guess, you already figured out where I'm getting at. It's been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, l've learned about all aspects of your private life, but one is of special significance to me.
Address is used in Phishing scam
There are reports that this address was used in a Phishing scam. Please exercise caution when interacting with it. Reported by GoPlusSecurity.
Multiple USDT Fake Phishing
Fake Phishing Scam impersonating USDT token
Sophisticated Phishing Campaign Targeting Ledger Wallet Users
We have identified a sophisticated phishing campaign targeting Ledger wallet users that requires immediate attention. This attack demonstrates concerning characteristics that warrant comprehensive reporting and awareness measures. # Incident Details - Target Platform: Email Communications - Primary Vector: Spoofed Official Ledger Support Messages - Impact Scope: Global Cryptocurrency User Base # Attack Characteristics 1. Social Engineering Tactics: - Utilizes urgency-based psychological manipulation - Employs sophisticated brand impersonation techniques - Creates false sense of authenticity through professional formatting - Attempts to bypass security protocols through emotional triggers 2. Technical Indicators: - Spoofs official Ledger customer success communication channels - Delivered via compromised or temporary email infrastructure - Contains suspicious links requiring immediate verification - Demonstrates advanced understanding of cryptocurrency security protocols # Impact Assessment - Potential Exposure: High - Severity Level: Critical - Risk Factors: - Advanced social engineering techniques - Highly convincing presentation - Multiple attack vectors - Sophisticated psychological manipulation # Recommended Actions 1. Immediate Mitigation: - Enhanced monitoring of cryptocurrency-related communications - Implementation of additional verification protocols - User education campaigns regarding authentication methods - Review of security protocols for cryptocurrency services 2. Long-term Prevention: - Development of advanced threat detection systems - Implementation of multi-factor authentication enhancements - Creation of comprehensive user awareness programs - Strengthening of community reporting mechanisms # Verification Protocols To verify authenticity of Ledger communications: - Always check sender domain (@ledger.com) - Verify official contact channels - Confirm request legitimacy through separate channels - Never respond to urgent financial requests via email # Reporting Instructions If encountered: 1. Do not engage with suspicious emails 2. Document all relevant details 3. Submit report to official channels 4. Maintain security protocol documentation # Additional Context This attack demonstrates evolving sophistication in cryptocurrency-related phishing campaigns. The combination of social engineering tactics and professional presentation makes it particularly dangerous for unsuspecting users. Immediate action and heightened vigilance are recommended to protect the cryptocurrency community. Please maintain highest alert status regarding this threat until further notice. Updates will be provided as additional information becomes available. Thank you for your attention to this critical security matter. Best regards,
Telegram 보안 인증 위장 피싱 문자 주의
Telegram 보안 인증을 빙자한 피싱 문자입니다. 사용자의 계정 해킹을 막는다고 속이며, 링크 클릭을 유도합니다. 해당 링크는 피싱 사이트로 추정되므로 주의가 필요합니다.
Bitcoin Scam Incident on eBay – Warning and Prevention
Hello, ChainBounty Community, I recently encountered a classic scam while selling Bitcoin on eBay. I want to share this experience to warn others and help prevent similar fraud. 📌 Incident Overview 1. I encouraged my parents to invest in Bitcoin, and they started selling it on eBay. 2. A buyer made a payment via PayPal, and after confirming the transaction, we sent 1 BTC. 3. About a week later, the buyer claimed they "never received the Bitcoin" and opened a dispute on eBay. 4. This appears to be a classic chargeback scam, where the buyer receives the Bitcoin and then falsely claims non-receipt to get a refund. ⚠️ How to Avoid Similar Scams - Avoid selling Bitcoin on eBay or through PayPal. (Bitcoin transactions are irreversible, but PayPal does not protect digital assets.) - Keep detailed transaction records and store the blockchain transaction ID (TxID). - If a dispute arises, use blockchain transaction proof to defend your case. - Report scams to eBay, PayPal, and relevant authorities immediately. These scams are becoming more frequent, and it’s crucial to stay vigilant. If you have experienced a similar issue or have advice on handling such disputes, please share your insights. Thank you.
Crypto Airdrop Scam Alert: Beware of Wallet Connection Requests!
Recently, there has been a surge in cryptocurrency theft cases disguised as airdrops in the crypto community. This article aims to explain these risks and provide prevention guidance. Airdrop scams are criminal schemes that promise free tokens or coins to trick users into connecting their wallets, ultimately leading to theft of their cryptocurrency holdings. These scams particularly target new cryptocurrency investors, luring them with promises of free tokens to gain wallet access. # Main types of scams include: Fake profile marketing airdrops: Creating fake accounts impersonating legitimate projects or influencers Phishing website attacks: Creating fake claim websites mimicking legitimate airdrop sites Unauthorized token/NFT drops: Sending unsolicited tokens or NFTs to users' wallets and directing them to fake claim websites !!Warning!! Red flags to watch out for: - Promises of unrealistically high returns or token amounts - Requests for wallet connections or private keys - Unclear or inadequate project documentation - Urgent time limits or FOMO creation - Typos or unusual URLs # Safe participation guidelines: - Verify information only through official channels - Check project team members' real identities and backgrounds - Review community reputation and activity history - Never share private keys or seed phrases - Visit official websites through new browser windows - Double-check URL accuracy repeatedly - Be cautious of unnecessary permission requests # Emergency response protocol if wallet compromise is suspected: 1. Immediately transfer all digital assets to a secure wallet 2. Revoke all connected API keys and permissions 3. Create a new wallet and backup !! Warning !! Legitimate airdrops prioritize protecting users' assets. Don't fall prey to promises of free tokens at the cost of exposing your personal information. Continuous education and vigilance are essential for safe cryptocurrency investing.
We’re kicking off 2025 with something MASSIVE! Get ready for ChainBounty: The Bounty Blast Events 2025 a high-stakes campaign series designed to bring bigger rewards, exclusive perks and nonstop action throughout the year!Whether you’re a crypto newbie or a seasoned pro, this is your chance to hunt ChainBounty Points, earn rewards, and level up your game.What is Bounty Blast 2025?It’s a multi-phase campaign series where each event unlocks new rewards and challenges. Every phase builds on the last — meaning the earlier you join, the more benefits you unlock!What’s Coming?Phase 1: BOUNTY BLAST 001 (The Warm-Up) — Start your bounty journey with exclusive early rewards!Phase 2: BOUNTY BLAST 002 (The Accelerate) — The ultimate bounty hunt with major prizes & multipliers!Phase 3: BOUNTY BLAST 003 (The Finale) — Bigger campaigns, secret airdrops, and surprise bonuses!Why Join?More than just rewards — this is your chance to be part of a thriving crypto community! Connect, compete, and earn bigger rewards as the campaign progresses. The earlier you join, the more you gain!How to Get Started?It’s easy — complete simple tasks, follow the campaign updates, and start earning. No experience needed!What’s Next?The first campaign launches soon! Follow us and stay tuned for exclusive perks and surprises.Guess what’s coming? Drop your thoughts below!About ChainBountyChainBounty is a decentralized platform that addresses security challenges in the crypto space. With collective intelligence and fair rewards, anyone can join the fight against cybercrime.Follow us to stay up-to-date with the latest information:X: https://x.com/ChainBountyXWebsite: https://chainbounty.io/Medium: https://medium.com/@ChainBountyX#Web3 #Cyberthreats #Cybersecurity #CryptoSafety #BlockchainInnovation #ChainBounty
ChainBounty
4 days agoIn the evolving world of Web3, scams, threats, and cybercrimes have become more prevalent, jeopardizing trust and security across the blockchain ecosystem. ChainBounty has emerged as a decentralized platform with a bold mission: to harness the power of community-driven reporting and create a safer digital environment. But what truly sets ChainBounty apart is its innovative “report-to-earn” model, rewarding users with points and the ability to convert them into tokens, creating an ecosystem where contributors are both incentivized and empowered.Why Does ChainBounty Reward Users?At ChainBounty, we believe that valuable insights deserve meaningful recognition. Here’s why we reward users for reporting scams and threats:1. Encouraging Active ParticipationCybersecurity is no longer the responsibility of a few; it’s a collective effort. By rewarding users, we encourage participation from a global community, empowering everyone to contribute to building a secure Web3 ecosystem.2. Building a Comprehensive DatabaseEach scam or threat reported on ChainBounty contributes to a growing threat intelligence database. This database serves as a powerful tool for identifying patterns, mitigating risks, and safeguarding the Web3 space.3. Future-Ready ProtectionThe collected data is not just about solving current problems but preparing for future challenges. By analyzing reported scams and threats, ChainBounty equips individuals, projects, and law enforcement with actionable insights to prevent attacks before they happen.4. Rewarding Contribution, Fostering TrustUsers who contribute to the platform are rewarded with ChainBounty Points (CBP), which can later be converted into ChainBounty Tokens (CBT). This incentivized structure ensures transparency, fairness, and continuous engagement.How The Process Works1. Report Scams or ThreatsUsers can log in to ChainBounty and submit details of phishing attempts, scam emails, blockchain threats, or fraudulent activities. Each report undergoes a validation process to ensure its accuracy.2. Earn RewardsUpon validation, users earn CBP points for their contributions. These points reflect the platform’s appreciation for their efforts and play a key role in incentivizing continued participation.3. Convert Points to TokensCBP can be converted into CBT, a blockchain-native token, creating real value for the community. This token-based approach provides a tangible reward for participation.4. Strengthen the EcosystemEach reported case adds to the database, which is shared across the ecosystem to warn others and prevent similar attacks. ChainBounty’s mission extends beyond rewards; it’s about creating a safer blockchain world for everyone.The Bigger Picture: Leveraging Data for a Secure FutureEvery scam report or threat submission is more than just data — it’s a building block for a secure future. Here’s how ChainBounty utilizes this data:Enhanced Risk Prevention: The database enables real-time risk assessment, alerting users about potential scams and malicious activities.Global Collaboration: With contributions from a global user base, ChainBounty acts as a central hub for blockchain threat intelligence.Insights for Law Enforcement: Verified data can support investigations, helping authorities take swift action against cybercriminals.Why Join ChainBounty?Be Part of a Global Movement: Contribute to the collective fight against scams and threats.Earn Rewards for Your Efforts: Transform your cybersecurity vigilance into real value.Help Create a Safer Blockchain Ecosystem: Your contributions directly impact the safety and trust of the Web3 community.Looking AheadChainBounty is more than a platform — it’s a vision for a secure and trustworthy Web3 ecosystem. By rewarding community contributions and building an expansive threat database, we are setting new standards for cybersecurity in blockchain. Join us today and be a part of this revolution. Report, earn, and secure the future with ChainBounty.About ChainBountyChainBounty is a decentralized platform that addresses security challenges in the crypto space. With collective intelligence and fair rewards, anyone can join the fight against cybercrime.Follow us to stay up-to-date with the latest information:X: https://x.com/ChainBountyXWebsite: https://chainbounty.io/Medium: https://medium.com/@ChainBountyX#Web3 #Cyberthreats #Cybersecurity #CryptoSafety #BlockchainInnovation #ChainBounty
ChainBounty
4 days agoWe are excited to announce that ChainBounty has officially launched 4 new features as part of our latest update this January. These features are designed to enhance the platform’s capabilities, empower the community, and take blockchain security to new heights.Let’s dive into the details of what these features bring to the table!1. Wallet Scan with Risk ScoringChainBounty offers Wallet Scan feature, which leverages machine learning to assess wallet risk levels. Wallets are categorized into four risk levels: Low, Medium, High, and Extremely High. Each scan generates Detailed Reports, which include malicious transaction details and are available for download as PDFs, providing users with a clear understanding of potential threats2. Threat Data Utilization in Wallet ScanChainBounty’s threat reports data have always been an invaluable resource, but now, their integration into the Wallet Scan feature takes things to the next level. This makes the scanning process smarter and more effective at detecting risks. Your contributions help improve security for everyone.3. Scam and Threat ReportingChainBounty now enables users to report scams and threats, contributing to the community’s safety. You can submit Threat & Scam Reports on phishing attempts, fake links, malicious phone numbers, suspicious activities or vulnerabilities preventing others from falling victim to fraud.4. Community Insights PlatformOur Community Insights Platform lets users share valuable Blockchain Insights and Cybersecurity Tips. It’s a space for the community to collaborate, exchange ideas, and offer advice on staying safe in the blockchain world.This platform is designed to foster collaboration and thought leadership, empowering users to make informed decisions and improve the security of the blockchain ecosystem.By using Wallet Scan, reporting threats, and sharing insights, you help make the platform smarter and the community safer. Plus, with the ChainBounty Point Reward System, your contributions are rewarded, encouraging more collaboration.Experience now!ChainBounty’s new features mark a significant leap in enhancing blockchain security. We invite users to explore these powerful tools, share insights, and contribute to a safer ecosystem.👉 Discover now: https://community.chainbounty.io/Stay tuned for more updates and improvements as we work towards making ChainBounty the go-to platform for blockchain security!About ChainBountyChainBounty is a decentralized platform that addresses security challenges in the crypto space. With collective intelligence and fair rewards, anyone can join the fight against cybercrime.Follow us to stay up-to-date with the latest information:X: https://x.com/ChainBountyXWebsite: https://chainbounty.io/Medium: https://medium.com/@ChainBountyX#Web3 #Cyberthreats #Cybersecurity #CryptoSafety #BlockchainInnovation #ChainBounty
ChainBounty
20 days agoGet ready to level up your impact in the Web3 world! With ChainBounty Points (CBP), your efforts to make the crypto space safer don’t just make a difference — they earn you rewards. It’s time to protect, engage, and get rewarded for it.What Are ChainBounty Points (CBP)?ChainBounty Points (CBP) are here to reward you for being an active and valuable part of the Web3 community.By reporting threats, identifying scams, or sharing valuable insights, you play a vital role in creating a safer and more transparent crypto space.Weekly Allocation Points: How It WorksEvery week, there’s a fixed set amount of CBP up for grabs. These points are distributed based on your activities — like reporting scams and threats — from Monday 00:00 to Sunday 23:59 (UTC).But here’s the twist: unused points DON’T roll over to the next week, ensuring a transparent and balanced distribution process for all users.So, stay active, earn your share, and keep the momentum going!How You Can Earn CBPContributing to the ChainBounty community is rewarding in more ways than one. Here’s how you can earn CBP:Report Threats and Scams: Spot suspicious activity? Let us know and earn points.Share Insights: Got valuable knowledge? Share it and help others stay secure.Engage with the Community: Every interaction strengthens our mission and earns you rewards.Your actions make the Web3 space safer, and CBP is our way of showing appreciation.Why CBP is a Big DealCBP isn’t just about collecting points — it’s about unlocking opportunities:✅ Access premium features like risk assessments and investigation tools.✅ Support others by donating points — because teamwork makes the dream work.✅ Convert your CBP into $BOUNTY tokens and take your rewards to the next level.It’s simple: your contributions help the community, and CBP helps you.ConclusionChainBounty Points (CBP) are at the heart of our mission to create a safer crypto world. Every report, every insight, every interaction counts toward a stronger, more secure Web3.So, what are you waiting for? Start earning, contributing, and making a difference today. Together, we’ll fight scams, protect our community, and build a brighter future for crypto.Ready to get started? Let’s go — the CBP revolution is here!About ChainBountyChainBounty is a decentralized platform that addresses security challenges in the crypto space. With collective intelligence and fair rewards, anyone can join the fight against cybercrime.Follow us to stay up-to-date with the latest information:X: https://x.com/ChainBountyXWebsite: https://chainbounty.io/Medium: https://medium.com/@ChainBountyX#Web3 #Cyberthreats #Cybersecurity #CryptoSafety #BlockchainInnovation #ChainBounty
ChainBounty
24 days agoBlockchain Insights
Bounty King: Investigation Series follows a team of skilled investigators as they navigate the dark world of cybercrime, uncovering hidden digital trails and solving complex mysteries with the power of AI and blockchain technology. Each case takes them deeper into the realm of online fraud, crypto hacks, and digital heists, where bounties fuel the relentless pursuit of truth. With every investigation, they piece together the puzzle—tracing lost assets and exposing the individuals behind the screens. It’s a journey of persistence, intelligence, and teamwork, where every clue brings them one step closer to justice in an ever-evolving digital landscape.The Ionic Hack: $8.8M Heist on the Mode NetworkOn February 5, 2025, the Ionic platform, operating on the Mode network, suffered a security breach, leading to an estimated loss of $8.8 million. According to security firm QuillAudits, attackers exploited the platform by using unofficial fake LBTC (Lombard BTC) as collateral to secure loans.X Post: QuillAudits' Analysisionic stated that they are still investigating the incident.X Post: Ionic’s UpdateAnalysis of the Hacked Wallet and Fund MovementsFirst, let's organize the details regarding the hacked wallet and the movement of the associated funds.According to the incident details, the attacker's address is 0x9E34d89C013Da3BF65fc02b59B6F27D710850430, which was used to exploit the smart contract.Interestingly, before transferring the funds to Tornado Cash, the attacker moved 1,203.651 ETH to 0x15ED470607601274DF6ED71172614B67001901EB, which was then used to funnel the funds into Tornado Cash.100 ETH was sent directly from 0x9E34d89C013Da3BF65fc02b59B6F27D710850430 to Tornado Cash.1,203.651 ETH was first transferred to 0x15ED470607601274DF6ED71172614B67001901EB, which subsequently sent the funds to Tornado Cash.Notably, this intermediary address (0x15ED470607601274DF6ED71172614B67001901EB) received ETH from multiple sources, not just the attacker's wallet (0x9E34d89C013Da3BF65fc02b59B6F27D710850430).Therefore, the attacker’s wallet (0x9E34d89C013Da3BF65fc02b59B6F27D710850430) and the relay wallet (0x15ED470607601274DF6ED71172614B67001901EB) played key roles in moving the stolen assets to Tornado Cash.Figure 1: Flow of Stolen ETH to Tornado CashSource: ChainBounty Track(to be released)Among them, we identified an interesting characteristic in the wallet used just before depositing the funds into Tornado Cash.The wallet that sent 1,203.65 ETH received funds not only from the attacker's primary wallet (0x9E34d89C013Da3BF65fc02b59B6F27D710850430) but also from several other wallets.Let's examine whether these wallets are also connected to the incident.Figure 2: Source Flow of Relay Wallet to Tornado CashSource: ChainBounty Track (to be released)The key factor here is timing. If there is a connection, the related wallet must have sent funds before the attacker's wallet (0x9E34d89C013Da3BF65fc02b59B6F27D710850430) made its transaction.In this context, the wallet at the top of the list, 0x9ec235ca191e6d434b7ef70730e7fb726bf50430, appears suspicious. Here's why:According to UTC timestamps, the attacker's wallet (0x9E34d89C013Da3BF65fc02b59B6F27D710850430) transferred funds to 0x15ED470607601274DF6ED71172614B67001901EB at the following times:February 4, 16:21 UTCThe transfer occurred three times within 16 minutes, with a gap of approximately 16 minutes between transactions.This timing pattern suggests that 0x9ec235ca191e6d434b7ef70730e7fb726bf50430 warrants closer examination.Figure 3: Three Transactions from Attacker Address to Relay WalletSource: ChainBounty Track (to be released)In the meantime, at 16:32, 0.0001 ETH was sent.One might question its significance, but it’s worth examining the possible connection.Figure 4: Single Transaction from Unknown Address to AttackerSource: ChainBounty Track (to be released)Actually, when an incident occurs, often receive these kinds of requests.Figure 5: Donation Request from Community On-ChainSource: EtherscanHowever, an interesting aspect of 0x9ec235ca191e6d434b7ef70730e7fb726bf50430 is the transaction pattern.At 16:21, the first 1 ETH was transferred.At 16:30, an additional 100 ETH was sent.At 16:32, a small amount of 0.0001 ETH was received.Finally, the remaining 1,102.65 ETH was transferred.The increasing amounts (1 → 100 → 1,102.65 ETH) with time gaps suggest a manual operation.Now, the question arises—why was a small amount of ETH transferred in between these manual transactions? There’s no accompanying message as mentioned earlier, but the transaction (TX) details can be found below for reference.Additionally, the gas fee settings appear to be standard (21,000 | 21,000 (100%)), even for transactions made just before entering Tornado Cash. Using standard gas settings alone doesn’t necessarily indicate a direct connection.However, in most hacking incidents, funds are typically moved along with gas fees to ensure smooth transactions. In this case, the process seems more deliberate and unhurried, which is worth noting.Figure 6: Transaction Information from Unknown Address to AttackerSource: EtherscanLink: https://etherscan.io/tx/0x48e96238a04f4607ec8333c4633d82329708331e351d0dfa558a9503a5ee2781Tracing Microtransactions: Uncovering Fund FragmentationNow, let's trace back the wallet that received the 0.0001 ETH.Interestingly, there is a record of 0.0002 ETH being received from 0x14cb9b0d268556cc4c056801f88cfc2b1a19ce3d.0.0002 → 0.0001? It seems like the funds are being fragmented, doesn’t it?Typically, when such small transactions follow a pattern in terms of amount and timing, it suggests a deliberate intent behind the transfers.Figure 7: Small Fund DistributionSource: ChainBounty Track (to be released)Because both transactions occurred at the same time—16:32 UTC.0x14cb9b → 0x9ec235 (attacker)0x9ec235 (attacker) → 0x15ED47 (Tornado Cash deposit address)Why did this automated transaction occur right when the attacker was transferring funds to Tornado Cash? What was the intent behind it? This address itself is quite interesting. As you can see, it distributes small amounts of funds to multiple wallets.Figure 8: Suspicious Wallet DistributionSource: ChainBounty Track (to be released)What Could This Address Be?What exactly is its purpose? It appears similar to a gas fee supplier, but so far, no OSINT (Open-Source Intelligence) labels have been identified for it.However, one thing is certain: after one hop, the small amounts of ETH end up in an exchange deposit address.To investigate further, I will ask AI to analyze which exchange these funds were deposited into between January 1, 2025, and February 5, 2025. Figure 9: Suspicious Wallet Distribution – AI InvestigationSource: ChainBounty Track (to be released)The AI explains how it is connected to such a wide variety of transactions. For example, it reveals that Upbit’s user account is linked to these transactions.Figure 10: Suspicious Wallet Distribution – AI Investigation FindingsSource: ChainBounty Track (to be released)However, there is still something curious—what exactly is the purpose? Upon closer inspection, the answer becomes clear. By analyzing Upbit’s deposit wallet, we can see that large sums are deposited first, followed by smaller amounts sent to addresses with similar prefixes. This is known as address poisoning, a technique where scammers deposit small amounts into specific addresses after a significant transaction.Suspicious Transactions Identified During AnalysisThe goal of this attack is to trick the wallet owner into mistakenly sending funds to a fake address instead of the intended recipient during a future transaction.Thus, the small amounts received from unidentified addresses confirm that this is part of an address poisoning attack. In this case, at 16:30, after 100 ETH was transferred, the attacker generated a lookalike address (0x9ec235ca191e6d434b7ef70730e7fb726bf50430) within two minutes of the original transaction and then sent a small amount of funds.Unfortunately, the source of these funds could not be directly linked to the Ionic attacker. However, it has been observed that address poisoning attacks are also targeting stolen funds. A detailed analysis of the identified address poisoning attackers will be provided in a separate series.Interestingly, most of these attacks are heavily targeting Korean exchange addresses. If attackers are monitoring large ETH movements, it raises the question of why Korean exchange wallets are the primary targets despite the existence of other major exchanges. This trend suggests a deliberate focus on Korean platforms, warranting further investigation.Additionally, any further findings related to Ionic will be updated accordingly.Figure 11: Exchange Usage from Arkham Intelligence (Period: 01/02/2025 – 02/01/2025)Source: Arkham IntelligenceView on Arkham Intelligence
Cybersecurity Tips
First, it would be great if we could post in categories like "General" or "Suggestions" on this community page.I have many questions, but there isn’t a proper place to ask them. Therefore, I apologize for posting in an unrelated category.Also, I’m unable to log in to MetaMask on my mobile phone.When I scan the QR code, it opens the MetaMask mobile app (Android),and after accepting the permissions, it redirects me back to the page, but I’m still not logged in.How can I log in to MetaMask on mobile?
Blockchain Insights
Singapore, October 11th 2023 — Navigating through the vast Decentralized Finance (DeFi) and Non-Fungible Token (NFT) space requires sharp awareness and a skeptical eye. An example that underscores this imperative is the recent “Lucky Star Rug Pull” incident that took place on the Binance Smart Chain (BSC) Mainnet. This event, reported by news sources like Cointelegraph or projects like CertiKAlert, entails the unauthorized withdrawal of LSC tokens, subsequently exchanged for BUSD and accumulated at a single address, costing the stakeholders an estimated $1 Million.Our in-house research team at Uppsala Security assessed the case to uncover any noteworthy findings.Incident BreakdownThe strategy employed by the malicious actor(s) appears rather straightforward yet carefully executed. LSC tokens were illicitly withdrawn, converted to BUSD, and ultimately consolidated into a single address (0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896).In a brief, here’s how the event unfolded:Withdrawal of LSC tokens from the systemSwap of LSC tokens to BUSDConsolidation of BUSD at a single addressThe wallet addresses involved in this operation, swapping LSC tokens to BUSD and funneling them into the consolidation address, are as follows:0x9Ef72Ee68a7c841986A0C60e0FDbAE4e27446Deb0x895c414F17Ef676dd9c18D55D3358D411ba795740xFA24FcAff5A51965F762101c2BD4E46302a2Bd640x8789DA3886386740DD775C95E18820BEe339a48AExamining the consolidation address reveals an interesting aspect: it harbors a history of other incoming funds prior to this incident. Could it be a mere coincidence or an intentional confusion tactic? Or does this address serve as a confluence point for funds derived from other criminal activities?The intersection between multiple streams of incoming funds, presumably from various illicit endeavors, suggests a plausible continuity among them. This intriguing convergence propels an inquiry: is there a common threat actor masterminding multiple cyber-attacks?Image captured from the Crypto Analysis Transaction Visualization (CATV) Dashboard.On December 18th 2023, it was observed through CATV that funds were laundered to known entity MEXC Global Exchange. The Lucky Star incident serves as a grim reminder for stakeholders, developers, and investigators within the cryptocurrency ecosystem to forge ahead with elevated diligence and skepticism. Deploying advanced security protocols, conducting rigorous smart contract audits, and fostering a culture of security awareness among users are paramount.About the Crypto Analysis Transaction Visualization (CATV) ToolThe Crypto Analysis Transaction Visualization (CATV), developed exclusively by Uppsala Security’s expert team, serves as a sophisticated yet seamless forensic tool that offers in-depth insights into cryptocurrency transaction flows. This tool is designed to trace both inbound and outbound transactions linked to a specific wallet. CATV empowers users to effectively track, analyze, monitor, and graphically visualize cryptocurrency transactions, highlighting the flow of tokens and their interactions with various entities like exchanges and smart contracts.About Uppsala SecurityUppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.
Blockchain Insights
Singapore, November 1st 2023 — In the ever-evolving landscape of cryptocurrencies, security remains a paramount concern. On October 17th, Cointelegraph released an article mentioning an incident involving one of the Fantom Foundation’s hot wallets, which led to the loss of $550,000 worth of cryptocurrency through a vulnerability in the official Fantom wallet. This serves as a stark reminder of the vulnerabilities that can be exploited in the digital realm. In this article, however, we will delve into the details of this cybersecurity breach, examining the trajectory of the stolen tokens/the perpetrators’ actions after the incident.The Fantom Foundation Hot Wallet HackThe incident, which unfolded a couple of weeks ago, sent shockwaves through the crypto community as it came to light. A few wallets belonging to the Fantom Foundation, a prominent player in the blockchain space, were drained of their assets. The stolen tokens encompassed a wide array of assets, including ETH, USDC, USDT, Frax Share, DAI, OriginToken, Republic, OMG, Livepeer, Shiba Inu, The Graph, LoopringCoin, ChainLink, Quant, WAVES, Aave, Convex Token, Immutable X, SingularityNET, Compound, Request, Curve DAO and more.The affected tokens found their way to two primary addresses: 0x2F4F1D2C5944Dba74E107d1e8E90e7C1475f4001 and 0x1d93c73d575b81a59ff55958afc38a2344e4f878.The perpetrators skillfully executed a series of swaps, converting the stolen tokens into ETH. The consolidated ETH was subsequently transferred to another address, 0x0b1F29DF74A19C44745862ab018D925501FE9596, in an attempt to conceal their trail.Our investigatory team at Uppsala Security swung into action and initiated an investigation using the Crypto Asset Monitoring Service (CAMS), tracing the origin and movement of the stolen assets. This included 68 origin hashes, 9 origin wallets and 36 initial tokens involved, some of them already being mentioned above.Image captured from the Crypto Asset Monitoring Service (CAMS) Dashboard.Further details can be found in the CAMS Dashboard as well as the Portal Case.CAMS, or Crypto Asset Monitoring Service, built by Uppsala Security, stands at the forefront of real-time monitoring solutions, providing advanced capabilities for overseeing cases related to digital assets. A standout feature is its automated fund monitoring system, reducing the need for manual oversight. CAMS maintains continuous surveillance over financial transactions, instantly identifying any fund movements and promptly alerting relevant parties. This not only boosts operational efficiency but also guarantees swift responses to potential security and compliance issues, establishing it as an essential asset in the realm of digital asset management.The hot wallet hack that affected the Fantom Foundation, like any hack that negatively impacts original asset owners, serves as a clear reminder of the significance of cybersecurity within the cryptocurrency realm. As the crypto industry continues to evolve, it becomes increasingly crucial for both projects and individuals to maintain vigilance and take proactive measures to protect their digital assets. While hackers may have briefly gained an advantage, the unwavering dedication of security experts and community assures that justice will ultimately prevail in the digital world.If you have any details about the Fantom Foundation case or if you would like to cooperate with our team on this investigation, please reach out by filling in this contact form.About Uppsala SecurityUppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.Disclaimer: This article is meant for informational purposes only and does not constitute financial or legal advice. Always conduct your own research and consult professionals directly.