커뮤니티

It’s no secret that scams and malicious actors run rampant in the crypto sphere, particularly during bullish market phases. Regrettably, the frequency of scams and malicious activities on X, one of the most widely-used social platforms in the blockchain and cryptocurrency industry, has escalated in recent months. In this article, we’ll explore three common examples of threats lurking in the Web3 space on the X platform and provide insights on how users can proactively safeguard themselves against falling prey to these deceitful schemes.1. Malicious Actors Pretending to be Crypto Journalists/Reporters and sending Calendly Phishing Link InvitesThis tactic has witnessed a significant increase in usage over recent months. Malicious actors exploit the direct messaging feature on X, assuming the identity of journalists affiliated with reputable organizations to target various high-profile individuals or projects under the guise of arranging interviews. What enhances the credibility of these messages is the seemingly authentic appearance of the accounts — they often display the blue verification checkmark and maintain an active feed with recent pertinent activity. Moreover, they furnish what appears to be legitimate email addresses, complete with the corresponding domain.The screenshot below exemplifies an instance where an individual impersonated a Cointelegraph journalist, representing just one among numerous occurrences circulating on the X platform. One notable red flag is the urgency conveyed in their inquiry. Typically, scammers employ time-sensitive tactics to coerce potential victims into overlooking suspicious indicators.Image 1 — Fraudulent message using the X platform “Direct Message“ functionIn these instances, malicious actors aim to gain unauthorized access to targeted X accounts for nefarious purposes. Their strategy involves sharing seemingly legitimate Calendly links, which, when clicked, prompt users to grant the app permissions to perform actions on their behalf. Once authorized, the attackers can exploit the compromised X accounts to disseminate phishing links or promote fraudulent activities, such as fake airdrops or crowdfundings. This deceptive tactic is designed to mislead the followers of the targeted account, potentially resulting in the loss of their digital assets.To protect yourself from such threats, it’s essential to exercise caution and verify the authenticity of accounts that reach out through the DM function on X before interacting with them. Directly contacting the organization they claim to represent can help confirm their legitimacy. Additionally, avoid clicking on any links and carefully review any displayed terms and conditions before proceeding. Whenever feasible, generate your own Calendly links for meeting bookings rather than relying on links provided by others.To monitor third-party app access to your X account, navigate to “Settings and privacy” > “Security and account access” > “Connected accounts.” Here, you can review the list of connected apps and revoke access for any that appear suspicious or unauthorized. Taking this proactive approach helps mitigate the risk of unauthorized account access and potential security breaches.2. Targeting Potential Victims Through X AdsAnother tactic observed on the X platform involves the creation of deceptive Ad campaigns aimed at deceiving users. While these ads typically undergo review by the X team to ensure compliance, there has been a noticeable increase in fraudulent ads slipping through the cracks. One notable instance occurred within the Dymension community, a recently launched project that garnered significant attention in the crypto community. Additionally, malicious actors exploited two other aspects to attract users and generate enthusiasm: the involvement of the Binance exchange, widely utilized in the crypto community, and the promise of airdrops, which naturally attracts users seeking such opportunities. It’s worth noting that, in this case as well, the impersonating accounts have a blue checkmark, further enhancing the deception of the posts.Image 2 — Deceptive Ad campaigns on the X PlatformTo safeguard against these malicious tactics, users should exercise increased caution when encountering posts that are part of an Ad campaign but do not originate from the official account of the specific project. As demonstrated by the examples above, it’s evident that the URLs associated with these Ads are not the official URLs of the Dymension project. Therefore, it’s essential to be wary of clicking on any links and to verify the existence of any ongoing initiatives with the project’s officials. Another method to avoid being targeted by such Ads is to have a Premium+ X account, albeit at a monthly cost.3. Hijacked Official X AccountsLastly, members of the Web3 community must exercise heightened scrutiny even when engaging with posts shared by official accounts of the projects they follow. A recent incident exemplifying this necessity is the recent hijacking of the Trezor X account, a renowned manufacturer of cryptocurrency hardware wallets. This incident was particularly unfortunate, given that followers would not anticipate a security-focused project to undergo such a breach. Subsequently, the Trezor team released a dedicated statement addressing the breach. Investigations revealed that malicious actors successfully posted from the official Trezor X account, employing the tactic outlined in the preceding section of this article. This involved sharing a malicious Calendly link in a X direct message, enabling unauthorized posting from the official Trezor X account.Image 3 — Deceptive post shared by hackers from the official Trezor X accountWhat steps can users take in such a situation? Always question the content posted on X, even if it appears to be from official sources, and refrain from engaging in any activities until multiple official sources have confirmed the legitimacy of the opportunity. It’s crucial to bear in mind that legitimate opportunities will never require you to share your private keys, and that transferring cryptocurrency assets is an irreversible action.Regrettably, navigating the landscape of online threats has become an ongoing challenge in the dynamic Web3 environment. At Uppsala Security, we’ve developed advanced tools to provide proactive protection against malicious activities such as fraudulent wallet addresses, phishing URLs, and impersonation attempts. One such solution is our UPPward Extension, available for Brave, Chrome, Edge and Firefox browsers, designed to alert users when they’re on the verge of interacting with potential threats.Furthermore, if you’ve been unfortunate enough to fall victim to hacking, scams, or fraud resulting in the loss of your cryptocurrency assets, our dedicated in-house research team stands ready to assist. We offer comprehensive investigation services aimed at uncovering the details of such incidents and, where possible, facilitating the recovery of stolen assets. If you’ve experienced such a setback, we encourage you to reach out through our Digital Assets Tracking Services.About Uppsala SecurityUppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers both end-users and organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.Uppsala Security is headquartered in Singapore and has branch offices in Seoul, South Korea. Follow Uppsala Security on Telegram, LinkedIn, Twitter, Facebook and Medium.

At Uppsala Security, we have developed a robust suite of cybersecurity tools specifically designed for the Web3 environment. These tools are exclusively tailored for Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. Our team of seasoned security experts is committed to meticulously investigating prominent hacks, scams, and other malicious activities within the Web3 ecosystem. Our mission is to enhance the safety and integrity of this rapidly evolving space. By identifying and apprehending malicious actors, we facilitate a smoother adoption path for innovative decentralized technologies, contributing to a more secure and trustworthy digital future.On December 14th 2023, the Ledger Connect Kit experienced an exploit that shooked the worldwide crypto community. However, the issue has since then been resolved.The breach began when a phishing attack deceived a former Ledger employee, leading to the unauthorized upload and distribution of compromised versions of the Ledger Connect Kit. This malicious software was specifically engineered to divert user funds to an attacker-controlled wallet, identified as 0x658729879fca881d9526480b82ae00efc54b5c2d.The aftermath of this security breach saw the attacker’s wallet amass approximately $250,000 USD in various tokens. The bulk of these were stETH (34.8 units, valued at around $78,000 USD), USDC (60,340 units), and USDT (27,000 units). Additionally, the hacker acquired about 7 ETH and transferred numerous tokens to another wallet under their control, marked as 0x1b9f9964A073401a8BC24f64491516970bB84E47. Here, a significant portion of the tokens, including 34.8989 stETH and 60,000 USDC, were swiftly exchanged for ETH, totaling 34.5841 and 26.1515 ETH respectively. The hacker also gained possession of 50 diverse NFTs, all of which remain in the aforementioned wallet.Further investigations revealed additional wallets potentially linked to the hacker: 0x412f10AAd96fD78da6736387e2C84931Ac20313f, which is suspected to be connected with the Ledger phishing attack, as well as 0xd41138112Ace58D87Db07e4B5ED61740A6cBA6EB and 0x634984866301511696AC3fdC41Fa4700e11609CE, associated with a ChangeNOW user account. Currently, the majority of the stolen funds are held in wallets 0x1b9f9964A073401a8BC24f64491516970bB84E47 and 0x658729879fca881d9526480b82ae00efc54b5c2d.Uppsala Security’s Crypto Analysis Transaction Visualization (CATV) tool stands out as one of our most effective transaction tracking solutions available in the decentralized space. It has played a crucial role in several rigorous investigations, aiding victims in successfully recovering their lost funds. Earlier this year, the CATV tool also proved instrumental in an investigation conducted in collaboration with INTERPOL.The CATV tool was also used by our investigative team for this specific incident, and the graph visualizes the transaction flow from the wallet address 0x658729879fca881d9526480b82ae00efc54b5c2d to the ChangeNOW Exchange.Image captured from the Crypto Analysis Transaction Visualization (CATV) Dashboard.Ledger Connect Kit Incident — Fund distributionWallet Address 1: 0x658729879fCa881D9526480B82aE00EFc54B5c2d (Annotation: Ledger Exploiter)Estimated Funds held:340.2671 USDC27,011.00319 USDT522,338.2018 GALA311,922.3308 TOKEN31,553.66706 MUBI0.152605 aEthWBTC47,881.85104 0x028,0013.6813 BEAM1,715,952,879 PLEB21,679.44229 PAAL1.17132 ETHx1,818,442,420 PEPE43,496.21023 DINO4,753.199999 RARE255,641.9237 DOG2,539,115.608 RACA0.174921 swETH484.463348 BONE4,250,000,000 CAW784,268.8768 NPC11.642887 aLINK18.7 AXS1,386.407018 PEAR85.00114 RSC0.17 AAVE369,698,608 PEPE28,500.130745 VEIL2. Wallet Address 2: 0x1b9f9964A073401a8BC24f64491516970bB84E47 (Annotation: Ledger Exploiter 2 / Fake_Phishing268838)63.4746 ETH2.764925 WETH24.547777 ILV454.280584 RNDR22,095.6233 CHZ59,844,773.41 SHIB51.631267 ENS3. Wallet Address 3: 0x077D360f11D220E4d5D831430c81C26c9be7C4A4 (Annotation: ChangeNOW, Exchange)0.008008 ETHOur investigative team remains vigilant in monitoring the wallets implicated in the Ledger Connect Kit incident. This is made more efficient with our proprietary tool, which automatically sends alerts when assets are transferred. Known as the Crypto Asset Monitoring Service (CAMS), this state-of-the-art product enables real-time surveillance and provides advanced functionality for overseeing cases involving digital assets.We welcome anyone seeking assistance with investigations, including the Ledger Connect Kit incident, to contact us at any time. Please feel free to reach out to us at [email protected] for support or inquiries.About Uppsala SecurityUppsala Security is a leading provider of innovative security tools and services, specializing in Crypto Anti-Money Laundering/Counter-Terrorist Financing (AML/CTF), Transaction Risk Management, Regulatory Compliance, and Transaction Tracking. With a team of experts dedicated to staying ahead of emerging threats, Uppsala Security empowers organizations with the knowledge and tools to safeguard their operations in the fast-paced world of cryptocurrencies.Disclaimer: This article is meant for informational purposes only and does not constitute financial or legal advice. Always conduct your own research and consult professionals directly.