Scam Warning
Help protect others by sharing any scam experiences you’ve faced.
글로벌온라인쇼핑몰에서 쉽게 판매하고 큰돈을 벌 수 있다고 접근합니다. 첫 접근은 텔레그램으로 일본 여성이 자신이 전화번호를 잘못추가했다면서 인사를 하면서 말을 걸어 옵니다. 본인의 어머니가 한국사람이라면서 친근한 대화를 몇마디 나누다가 다음달에 한국 여행이 있는데 한국에서 만나자고 유도를 하면서 편하게 카카오톡으로 대화를 하자고 메신저를 변경 합니다. 어머니가 한국 휴대폰을 등록해줬다면서 전화번호(01023301251)를 알려주고 카카오톡 친구 추가를 요청합니다. 본인은 피부관리샵을 운영하면서 동시에 온라인 상점에서 손쉽게 판매를하면서 고액의 수익을 올린다고 저에게도 해볼것을 권유합니다. 알려준 사이트는 (https://www.kikuu-mall.vip/) 이며, 회원가입시 어설픈 KYC를 진행하게 되고, 가짜 신분등을 업로드해도 승인이 이루어 집니다. 그 후 카카오톡을 통해서 상품을 등록하는 방법을 하나하나 알려주고, 다음날 주문이 들어오게 됩니다. 먼제 제가 제 돈을 충전하고 오더를 신청하면 쇼핑몰에서 고객에게 상품을 전달하고, 추후 고객이 주문한 상품이 고객에게 전달되면 고객의 구매금액이 저에게 돌아 온다고 합니다. 사이트를 뒤져보면 트론지갑주소도 있고, EVM 지갑 주소도 보입니다. 트론 : TUtF8Zs5jibEqEfu8U8sKaMUgwV5LLLLLL EVM: 0xCd9c7aE5fEes095db880BA9dC2740778f9563854 EVM 주소는 invalid 라고 나오지만, 트론 주소는 계속해서 USDT가 입, 출금이 되는거 보니 많은 사람들이 사기를 당하고 있는거 같습니다. 커머스피싱이라고 제법 잘 알려져 있지만 혹시 모르시는 분들이 당하시지 않게 내용 공유 합니다.
A few days ago, someone claiming to work for a well-known VC in China reached out to discuss a potential collaboration. After some conversation, we scheduled an online meeting. Everything seemed normal at first. But when the meeting time arrived, the person told me that their region was blocked from using the platform we had agreed on. Instead, they sent me a WeChat link and asked me to download the app so we could continue the meeting there. It felt a bit inconvenient, but I didn’t think much of it. I clicked the link and installed the app. Then, the person asked me to send a record screen video to confirm that I had downloaded the app, so they could "guide me through the process." That was when I started to feel uneasy. Something wasn’t right. Why would they need a record video just to help me join a meeting? I hesitated for a moment, then decided not to send anything. Instead, I tried messaging them again, suggesting we switch to another platform - but to my shock, all of our previous messages had disappeared. The WeChat link was also gone. It was as if the conversation had never happened. At that point, I knew I had narrowly avoided something serious. I wasn’t sure what kind of scam this was, but I wasn’t going to take any risks. I immediately reset my device to be safe. Looking back, I realized how easily this could have gone wrong. If I had sent that video, what kind of access could they have gained? Again, lucky for me, this device didn’t store any important data like wallets or passkey. This scammer was in several shared groups and had even contacted one of my friends before. No matter how careful you are, these situations can still happen. Stay alert, trust your instincts, and always double-check before downloading anything from an unknown source.
Hello, I'm sharing this experience to raise awareness about cryptocurrency security. Recently, someone I know had two of their cryptocurrency wallets hacked, and within 5 minutes, they lost about $20,000 worth of assets. The main reason for this breach seems to be storing their seed phrases in 1Password, which, although a trusted password manager, turned out to be a significant security risk for their cryptocurrency. #How Did the Hack Happen? The seed phrases for their cryptocurrency wallets were stored in 1Password. Unfortunately, the exact way the hacker gained access is unclear. However, several possible scenarios are: 1. Phishing Attack: -> The hacker could have used a phishing attack to steal their 1Password login credentials and then accessed the seed phrases. 2. Malware Infection: -> They recently used uBlock Origin to filter certain websites, and it’s possible a malicious script or software infiltrated their device during this process, allowing the hacker to extract data from 1Password. 3. Cracked Software: -> They had used cracked software like m0nkrus in the past, which, although trusted by some in the community, may have introduced vulnerabilities, allowing the hacker to access their system and ultimately their 1Password data. #Summary of Stolen Assets 2.92 ETH, 1,456 AGRS, 124,583 SAITO, 55.44 XCAD, and 6 BNB were stolen and transferred to a FixedFloat wallet. # Lessons Learned and Security Advice 1. Do not store seed phrases in password managers like 1Password. 2. Use hardware wallets (cold storage) to keep your seed phrases offline and secure. 3. Create a dedicated environment for storing and accessing your wallets, separate from your daily-use devices. 4. Regularly review and enhance your security practices, and always be cautious of phishing attempts and malicious software. I hope this story helps prevent others from falling victim to similar attacks. Cryptocurrency security is not something to take lightly. I encourage the cryptocurrency security community to stay vigilant and share their knowledge to help protect others.
We have identified a sophisticated phishing campaign targeting Ledger wallet users that requires immediate attention. This attack demonstrates concerning characteristics that warrant comprehensive reporting and awareness measures. # Incident Details - Target Platform: Email Communications - Primary Vector: Spoofed Official Ledger Support Messages - Impact Scope: Global Cryptocurrency User Base # Attack Characteristics 1. Social Engineering Tactics: - Utilizes urgency-based psychological manipulation - Employs sophisticated brand impersonation techniques - Creates false sense of authenticity through professional formatting - Attempts to bypass security protocols through emotional triggers 2. Technical Indicators: - Spoofs official Ledger customer success communication channels - Delivered via compromised or temporary email infrastructure - Contains suspicious links requiring immediate verification - Demonstrates advanced understanding of cryptocurrency security protocols # Impact Assessment - Potential Exposure: High - Severity Level: Critical - Risk Factors: - Advanced social engineering techniques - Highly convincing presentation - Multiple attack vectors - Sophisticated psychological manipulation # Recommended Actions 1. Immediate Mitigation: - Enhanced monitoring of cryptocurrency-related communications - Implementation of additional verification protocols - User education campaigns regarding authentication methods - Review of security protocols for cryptocurrency services 2. Long-term Prevention: - Development of advanced threat detection systems - Implementation of multi-factor authentication enhancements - Creation of comprehensive user awareness programs - Strengthening of community reporting mechanisms # Verification Protocols To verify authenticity of Ledger communications: - Always check sender domain (@ledger.com) - Verify official contact channels - Confirm request legitimacy through separate channels - Never respond to urgent financial requests via email # Reporting Instructions If encountered: 1. Do not engage with suspicious emails 2. Document all relevant details 3. Submit report to official channels 4. Maintain security protocol documentation # Additional Context This attack demonstrates evolving sophistication in cryptocurrency-related phishing campaigns. The combination of social engineering tactics and professional presentation makes it particularly dangerous for unsuspecting users. Immediate action and heightened vigilance are recommended to protect the cryptocurrency community. Please maintain highest alert status regarding this threat until further notice. Updates will be provided as additional information becomes available. Thank you for your attention to this critical security matter. Best regards,
Become an Investigator
