Scam Warning
Help protect others by sharing any scam experiences you’ve faced.
OTHER
How I almost fell for a sophisticated scam from a fake Chinese VC
A few days ago, someone claiming to work for a well-known VC in China reached out to discuss a potential collaboration. After some conversation, we scheduled an online meeting. Everything seemed normal at first. But when the meeting time arrived, the person told me that their region was blocked from using the platform we had agreed on. Instead, they sent me a WeChat link and asked me to download the app so we could continue the meeting there. It felt a bit inconvenient, but I didn’t think much of it. I clicked the link and installed the app. Then, the person asked me to send a record screen video to confirm that I had downloaded the app, so they could "guide me through the process." That was when I started to feel uneasy. Something wasn’t right. Why would they need a record video just to help me join a meeting? I hesitated for a moment, then decided not to send anything. Instead, I tried messaging them again, suggesting we switch to another platform - but to my shock, all of our previous messages had disappeared. The WeChat link was also gone. It was as if the conversation had never happened. At that point, I knew I had narrowly avoided something serious. I wasn’t sure what kind of scam this was, but I wasn’t going to take any risks. I immediately reset my device to be safe. Looking back, I realized how easily this could have gone wrong. If I had sent that video, what kind of access could they have gained? Again, lucky for me, this device didn’t store any important data like wallets or passkey. This scammer was in several shared groups and had even contacted one of my friends before. No matter how careful you are, these situations can still happen. Stay alert, trust your instincts, and always double-check before downloading anything from an unknown source.
OTHER
Sharing a $20K Crypto Loss Due to Storing Seed Phrases in 1Password
Hello, I'm sharing this experience to raise awareness about cryptocurrency security. Recently, someone I know had two of their cryptocurrency wallets hacked, and within 5 minutes, they lost about $20,000 worth of assets. The main reason for this breach seems to be storing their seed phrases in 1Password, which, although a trusted password manager, turned out to be a significant security risk for their cryptocurrency. #How Did the Hack Happen? The seed phrases for their cryptocurrency wallets were stored in 1Password. Unfortunately, the exact way the hacker gained access is unclear. However, several possible scenarios are: 1. Phishing Attack: -> The hacker could have used a phishing attack to steal their 1Password login credentials and then accessed the seed phrases. 2. Malware Infection: -> They recently used uBlock Origin to filter certain websites, and it’s possible a malicious script or software infiltrated their device during this process, allowing the hacker to extract data from 1Password. 3. Cracked Software: -> They had used cracked software like m0nkrus in the past, which, although trusted by some in the community, may have introduced vulnerabilities, allowing the hacker to access their system and ultimately their 1Password data. #Summary of Stolen Assets 2.92 ETH, 1,456 AGRS, 124,583 SAITO, 55.44 XCAD, and 6 BNB were stolen and transferred to a FixedFloat wallet. # Lessons Learned and Security Advice 1. Do not store seed phrases in password managers like 1Password. 2. Use hardware wallets (cold storage) to keep your seed phrases offline and secure. 3. Create a dedicated environment for storing and accessing your wallets, separate from your daily-use devices. 4. Regularly review and enhance your security practices, and always be cautious of phishing attempts and malicious software. I hope this story helps prevent others from falling victim to similar attacks. Cryptocurrency security is not something to take lightly. I encourage the cryptocurrency security community to stay vigilant and share their knowledge to help protect others.
Sophisticated Phishing Campaign Targeting Ledger Wallet Users
We have identified a sophisticated phishing campaign targeting Ledger wallet users that requires immediate attention. This attack demonstrates concerning characteristics that warrant comprehensive reporting and awareness measures. # Incident Details - Target Platform: Email Communications - Primary Vector: Spoofed Official Ledger Support Messages - Impact Scope: Global Cryptocurrency User Base # Attack Characteristics 1. Social Engineering Tactics: - Utilizes urgency-based psychological manipulation - Employs sophisticated brand impersonation techniques - Creates false sense of authenticity through professional formatting - Attempts to bypass security protocols through emotional triggers 2. Technical Indicators: - Spoofs official Ledger customer success communication channels - Delivered via compromised or temporary email infrastructure - Contains suspicious links requiring immediate verification - Demonstrates advanced understanding of cryptocurrency security protocols # Impact Assessment - Potential Exposure: High - Severity Level: Critical - Risk Factors: - Advanced social engineering techniques - Highly convincing presentation - Multiple attack vectors - Sophisticated psychological manipulation # Recommended Actions 1. Immediate Mitigation: - Enhanced monitoring of cryptocurrency-related communications - Implementation of additional verification protocols - User education campaigns regarding authentication methods - Review of security protocols for cryptocurrency services 2. Long-term Prevention: - Development of advanced threat detection systems - Implementation of multi-factor authentication enhancements - Creation of comprehensive user awareness programs - Strengthening of community reporting mechanisms # Verification Protocols To verify authenticity of Ledger communications: - Always check sender domain (@ledger.com) - Verify official contact channels - Confirm request legitimacy through separate channels - Never respond to urgent financial requests via email # Reporting Instructions If encountered: 1. Do not engage with suspicious emails 2. Document all relevant details 3. Submit report to official channels 4. Maintain security protocol documentation # Additional Context This attack demonstrates evolving sophistication in cryptocurrency-related phishing campaigns. The combination of social engineering tactics and professional presentation makes it particularly dangerous for unsuspecting users. Immediate action and heightened vigilance are recommended to protect the cryptocurrency community. Please maintain highest alert status regarding this threat until further notice. Updates will be provided as additional information becomes available. Thank you for your attention to this critical security matter. Best regards,
SMS
Telegram 보안 인증 위장 피싱 문자 주의
Telegram 보안 인증을 빙자한 피싱 문자입니다. 사용자의 계정 해킹을 막는다고 속이며, 링크 클릭을 유도합니다. 해당 링크는 피싱 사이트로 추정되므로 주의가 필요합니다.
OTHER
Bitcoin Scam Incident on eBay – Warning and Prevention
Hello, ChainBounty Community, I recently encountered a classic scam while selling Bitcoin on eBay. I want to share this experience to warn others and help prevent similar fraud. 📌 Incident Overview 1. I encouraged my parents to invest in Bitcoin, and they started selling it on eBay. 2. A buyer made a payment via PayPal, and after confirming the transaction, we sent 1 BTC. 3. About a week later, the buyer claimed they "never received the Bitcoin" and opened a dispute on eBay. 4. This appears to be a classic chargeback scam, where the buyer receives the Bitcoin and then falsely claims non-receipt to get a refund. ⚠️ How to Avoid Similar Scams - Avoid selling Bitcoin on eBay or through PayPal. (Bitcoin transactions are irreversible, but PayPal does not protect digital assets.) - Keep detailed transaction records and store the blockchain transaction ID (TxID). - If a dispute arises, use blockchain transaction proof to defend your case. - Report scams to eBay, PayPal, and relevant authorities immediately. These scams are becoming more frequent, and it’s crucial to stay vigilant. If you have experienced a similar issue or have advice on handling such disputes, please share your insights. Thank you.
SNS
Crypto Airdrop Scam Alert: Beware of Wallet Connection Requests!
Recently, there has been a surge in cryptocurrency theft cases disguised as airdrops in the crypto community. This article aims to explain these risks and provide prevention guidance. Airdrop scams are criminal schemes that promise free tokens or coins to trick users into connecting their wallets, ultimately leading to theft of their cryptocurrency holdings. These scams particularly target new cryptocurrency investors, luring them with promises of free tokens to gain wallet access. # Main types of scams include: Fake profile marketing airdrops: Creating fake accounts impersonating legitimate projects or influencers Phishing website attacks: Creating fake claim websites mimicking legitimate airdrop sites Unauthorized token/NFT drops: Sending unsolicited tokens or NFTs to users' wallets and directing them to fake claim websites !!Warning!! Red flags to watch out for: - Promises of unrealistically high returns or token amounts - Requests for wallet connections or private keys - Unclear or inadequate project documentation - Urgent time limits or FOMO creation - Typos or unusual URLs # Safe participation guidelines: - Verify information only through official channels - Check project team members' real identities and backgrounds - Review community reputation and activity history - Never share private keys or seed phrases - Visit official websites through new browser windows - Double-check URL accuracy repeatedly - Be cautious of unnecessary permission requests # Emergency response protocol if wallet compromise is suspected: 1. Immediately transfer all digital assets to a secure wallet 2. Revoke all connected API keys and permissions 3. Create a new wallet and backup !! Warning !! Legitimate airdrops prioritize protecting users' assets. Don't fall prey to promises of free tokens at the cost of exposing your personal information. Continuous education and vigilance are essential for safe cryptocurrency investing.
New PayPal Scam: Exploiting Legitimate Invoices for Phishing
A new scam method using PayPal has been identified. Unlike typical phishing emails, this scam takes advantage of legitimate PayPal invoices, making it more deceptive and harder to detect. #Scam Overview 1) Receiving an Invoice Email That Appears to Be from PayPal - The email is actually sent from PayPal’s real domain (@paypal.com). - It contains an invoice from ‘Coinbase Inc.’ requesting a payment of $516.99 USD. - A note from the “seller” includes a message instructing the recipient to call a specific phone number to cancel the transaction. 2) The Invoice is Real and Visible on PayPal’s Website - Clicking the "View and Pay Invoice" button redirects the user to the actual PayPal website, where the invoice appears. - This means scammers are sending invoices directly to PayPal users without their consent. 3)Fake Customer Support Number for Further Phishing Attempts - The phone number in the email is similar to, but different from, PayPal’s official support number. - Calling the number results in an automated message before the call disconnects. - This suggests a potential setup for identity theft or further fraudulent attempts. #Precautionary Measures & How to Respond - Always verify suspicious invoices by logging into PayPal directly instead of clicking links in emails. - Never call the number provided in the email—check PayPal’s official website for the correct customer support contact. - Report any fraudulent invoices to PayPal immediately. - Enhance your PayPal security settings to prevent unauthorized invoices. This scam is more sophisticated than typical phishing attempts, as it uses legitimate PayPal emails and website features to create a false sense of authenticity. Users who receive similar invoices should report them immediately and take steps to strengthen their account security to prevent further attacks.
