Defend Against Cybercrime with the Power of Community

Many victims have already taken action through ChainBounty. Report now and join the effort to stop online crime

chainbounty
Risk assessment
Before you send, check wallet addresswallet address

Help protect others by sharing your scam experience

View More

Fake otp from exodus wallet

I believe i never use any service from exodus wallet, soo this mail 100% scam whith phising link included. Becareful double check! Stay Safe!

salaryman

8 reads

Scam mail with phising link!

The mail telling me to open link to reveal password, but i do beleive email was not trusted and link are suspicious so i'm not visit the link. Becareful mail like this maybe you also got it one. Stay safe!

salaryman

10 reads

Fake NFT offer!

Fake NFT offer with suspicious link, 100% phising link! Becareful if you got this one. Stay safe!

salaryman

12 reads

링크 클릭 유도하는 스팸 문자

자극적인 내용으로 링크 클릭 유도함

Jenn

14 reads

Fake giveaway with phising link.

The mesagge invite me to join bitcoin giveaway with phising link, and bunch of pdf file. This is absolutely fake and scam! Becareful and stay safe!

salaryman

19 reads

비트코인 사기

BTC 준다면서 가입 유도하네요

jxsh3907

22 reads

Contribute by sharing insights to strengthen the community

UppSecEcho
UppSecEcho

June 24, 2025

Blockchain Insights
💥 The Day CoinMarketCap Was Used to Drain Wallets: A Story of a Silent Phishing Breach

On an ordinary Thursday evening, thousands of crypto users did what they always do, visit CoinMarketCap to check token prices, track trends, and explore new projects. Everything seemed fine. The homepage loaded normally, complete with its signature doodle graphic at the top.But hidden behind that seemingly harmless doodle… was a trap.A highly targeted, well-executed supply-chain attack was underway, and most visitors had no idea.🎭 A Familiar Prompt, A Dangerous IllusionAs users scrolled the CoinMarketCap homepage, something popped up:“Connect your Wallet to Continue.”It looked legitimate. A clean interface mimicking WalletConnect.Many users, conditioned by countless previous wallet interactions, didn’t think twice.They clicked.Within seconds, wallets were drained.SOL, XRP, obscure meme tokens, and more, gone.🔍 Unmasking the AttackThis wasn’t a server breach. There were no leaks, no brute-force logins, and no malware downloads.Instead, the attackers found a smarter way in, through the frontend.They exploited a third-party image API used by CoinMarketCap to load its doodle. That API was silently compromised. When CoinMarketCap called it, it returned not just the image… but also malicious JavaScript code.That code injected the fake wallet prompt right into the homepage, all within the browser.Users never left the site. But their crypto left their wallets.💸 The AftermathWithin 24 hours:• 110+ wallets were compromised• At least $43,000 in funds were stolen• Tokens included $SOL, $XRP, $EVT, $PENGU, $SHDW, and others• The attacker used a tool known as Inferno Drainer, a wallet-draining-as-a-service platform growing in popularityThis wasn’t the first time Inferno Drainer was seen in action. But using CoinMarketCap’s trusted brand and homepage as the delivery vector? That was bold.And most importantly:The funds were traced to the drainer wallet:• 0x8a2983f358a03c6DB9c47a70e944368D4De77820• 0x030703e1EB18355a794F3f034Fe63959F8640D33This address received tokens from victims across multiple chains. You can see the wallet’s on-chain activity, including token swaps and consolidation behavior — classic drainer operation.Other IOCs involved• 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000• 0x0000553F880fFA3728b290e04E819053A3590000• www.cdnkit[.]io• https://static.cdnkit[.]io• blockassets[.]app🛡️ CoinMarketCap’s ResponseTo their credit, CoinMarketCap reacted quickly:• ✅ The fake pop-up was immediately removed• 🔧 The third-party API was patched• 🛑 No backend servers or databases were breached• 🤝 Most importantly, CoinMarketCap committed to reimbursing affected usersThey also stated they are reinforcing internal controls and reviewing all external integrations.🧠 Lessons LearnedThis wasn’t a smart contract exploit.It was an exploit of trust, using a familiar interface, a trusted website, and user habits as the entry point.The most dangerous scams aren’t always flashy. This one worked because it looked normal.Even trusted platforms like CoinMarketCap can be used as vectors in supply-chain attacks.✅ How to Protect Yourself Going ForwardHere’s what you can do right now to reduce your risk:1. Don’t approve wallet prompts you didn’t expect.2. Review token approvals regularly with tools like Revoke.cash.3. Use browser extensions that detect wallet drainers (e.g., Wallet Guard, Scam Sniffer).4. Bookmark official dApps and avoid interacting with wallet pop-ups on informational sites.5. Always double-check transactions before signing.🧵 Final ThoughtsThe CoinMarketCap incident wasn’t the biggest crypto exploit by dollar amount—but it was one of the most deceptive.It showed us how fragile the frontend trust layer can be in Web3.As users and builders, we must recognize that security isn’t just about smart contracts. It’s about interfaces. Dependencies. And habits.The drainer wallet may be just one address.But the lesson it leaves behind affects millions.Stay sharp.Stay sovereign.And never blindly click "Connect Wallet."If this helped you or your community, consider sharing it to raise awareness. Security is a shared responsibility in Web3.#CoinMarketCap #Web3Security #WalletDrainer #CryptoScams #InfernoDrainer #Phishing #CryptoNews

1 likes25 reads
intel_guy
intel_guy

June 20, 2025

Blockchain Insights
Nobitex Hack Blockchain Insights: What can we see from Blockchain data ?

On June 18th 2025, Iranian Exchange Nobitex was drained of over 100 million USD of assets including ETH, BSC, POL, AVAX, ARB, BTC, TRX among others. These are some facts obtained from blockchain analysis.1. The incident started with unauthorized access of Nobitex controlled wallets, which were drained and burned to the following vanity addresses. - TKFuckiRGCTerroristsNoBiTEXy2r7mNX - 0xffFFfFFffFFffFfFffFFfFfFfFFFFfFfFFFFDead - 1FuckiRGCTerroristsNoBiTEXXXaAovLX - DFuckiRGCTerroristsNoBiTEXXXWLW65t2. The reason why 100 million USD is as good as lost assets, is because in order to spend the assets from the above 4 vanity addresses, it would require the knowledge of it's private key and its calculation would requires years of brute force computation.Figure 1: Nobitex Compromised Wallets drained of ETHFigure 2: Nobitex Potentially Implementing Safety Procedure3. Using our proprietary tool CATV, that feeds from blockchain data, we are able to derive insights into the actions of the hacking group, and subsequent response from the Iranian Exchange. For instance, 262 ETH was burned from 2 compromised Nobitex wallets, and within a few hours Nobitex managed to restore approximately 6 ETH from the compromised wallets, and moved close to 10,000 ETH from its hot wallet to a potentially new wallet as safetymeasure. This was observed across other tokens and EVM chains too.Figure 3: More than 2000 Compromised Wallets drainedFigure 4: Nobitex Potentially Implementing Safety Procedure4. Similarly, more than 2,000 compromised Bitcoin addresses containing small amounts of BTC were drained a total of approximately 18 BTC. Similar to EVM chain, we saw that around 1800 BTC were moved by Nobitex to a new address potentially as part of its safety procedure.Figure 5: Zero Value Transactions from Vanity Address to VASPs.Figure 6: TransferFrom() function invoked5. Maximum losses were incurred from TRON blockchain, where more than 100,000 compromised wallets were drained, where each wallet held small USDT balances. The most interesting aspect from TRON is that on 20th June 2025, we observed attempts to withdraw funds from the vanity address using Tron's bonk Token TransferFrom() function. While TransferFrom allows another wallet to spend the vanity wallet's funds upon obtaining approval from the vanity address, in this case 0 value transactions were requested by another wallet to make it seem like funds were transferred to several exchanges. However, real spending from the vanity address would need its private key.

Nobitex Hack Blockchain Insights: What can we see from Blockchain data ?
5 likes212 reads
salaryman
salaryman

June 20, 2025

General Discussion
Total scam!

Mail scam are not send by randomly, but your mail actualy already sign up at several sites/airdrop/giveaway etc.This is my dump email for sign up and many thing not personal mail.

Total scam!
1 likes11 reads

Your journey to defend against cyber crime starts here.

Join us to turn your expertise into a force for a safer digital world.

Blog

Web3 Security in 2025: Threat Trends and What You Can Do About Them

Web3 Security in 2025: Threat Trends and What You Can Do About Them

As the blockchain and Web3 space continues to evolve at lightning speed, so do the threats that come with it. From phishing and private key leaks to smart contract exploits, Web3 users and builders face a growing wave of sophisticated attacks. At ChainBounty, we’re building a new kind of defense — powered by the crowd, made for the decentralized web.Here’s a breakdown of the latest Web3 security trends and how you can stay protected.Why Web3 Security MattersDecentralization gives users ownership and control — but it also removes the safety nets of traditional systems. In Web3, there’s no “forgot password” button. A single signature or leaked key can lead to irreversible loss.Unlike Web2, where centralized platforms monitor for threats, Web3 relies on individual responsibility — making security literacy and proactive defense essential.Recent Incidents & Growing LossesThe numbers speak for themselves:2024 saw 760+ major Web3 attacks, resulting in over $2.36 billion in losses — up 31.61% from the previous year.In January 2025 alone, attackers stole $879 million across 40+ incidents.Phishing and wallet-draining scams are becoming more complex and harder to detect — especially for everyday users.The Most Common Threats1. Phishing AttacksFake sites, malicious DMs, fake support channels — phishing remains the #1 threat. In 2024, phishing alone led to over $1.05 billion in user losses.How ChainBounty helps: Our platform tracks community reports on suspicious dApps, domains, and wallet drainers. Users can check before they click.2. Private Key LeaksIf someone gets your seed phrase, your wallet is gone. Period.Losses from leaked keys reached $855 million in 2024, often due to users entering keys into fake apps or “claim” websites.How to protect yourself:Never share your seed phrase or enter it on any unverified site.Use hardware wallets for cold storage.3. Smart Contract ExploitsEven trusted protocols get hacked — especially bridges and DEXs. Code bugs, unverified contracts, and logic errors can drain millions in seconds.What to do:Always check if a project has undergone an audit.Monitor dApp risk reports on ChainBounty before interacting.How the Industry Is RespondingThe Web3 security space is maturing fast. Here are some trends:Security Audits are now a must for serious projects.Decentralized threat intelligence platforms like ChainBounty are emerging — enabling real-time scam reporting and validation.Integrated Web2/Web3 defenses (like Cloudflare’s secure gateways) are helping protect the user experience.What Makes ChainBounty Different?Traditional security relies on closed systems. ChainBounty is powered by the crowd.Decentralized: Anyone can report suspicious activity.Transparent: Every threat is logged and reviewed on-chain.Incentivized: Contributors earn $BOUNTY tokens for validated reports.All reports are added to the Threat Report Database (TRDB), which powers detection tools like ScamHunter and provides APIs for wallet extensions, dApps, and exchanges to preempt phishing.Final ThoughtsWeb3’s growth brings massive opportunity — and massive responsibility. Security isn’t optional — it’s foundational.Stay informed. Stay alert. And remember, you don’t have to fight scams alone. Join the ChainBounty movement, and be part of the defense.👉 community.chainbounty.iosourcesSlowmist 2024/2025 Web3 Security Report: Slowmist Official BlogCertiK 2024 Security Report: CertiK BlogGoPlus Security:GoPlus Security Official WebsiteCloudflare Web3 Security:Cloudflare Official Blog (Web3 Tag)

ChainBounty

ChainBounty

8 hours ago
Web3 Scam Trends: What Thousands of Community Reports Reveal — And How to Stay Safe

Web3 Scam Trends: What Thousands of Community Reports Reveal — And How to Stay Safe

Web3 Scam Trends: What Thousands of Community Reports Reveal — And How to Stay SafeAs Web3 grows, so do the scams. Phishing links, fake dApps, and wallet-draining contracts are more sophisticated than ever. But thanks to the ChainBounty community, we now have a clearer picture of what to watch for.Based on hundreds of real user reports submitted at ChainBounty, here are the most common scam types — and how to protect yourself.1. Fake dApps & Clone SitesWhat happens:Scammers copy real platforms like Uniswap, Blur, or MetaMask and host fake versions under misleading domains. Once users connect their wallets, the fake dApp initiates unauthorized transactions.How to stay safe:Always check the domain name carefully.Bookmark official sites.Use browser plugins like ChainBounty Alerts (coming soon) to auto-flag risky domains.Report suspicious URLs at ChainBounty Threats.2. “Claim Now” Phishing LinksWhat happens:Users are tricked into clicking “claim reward” buttons for fake airdrops. The links usually trigger hidden approve() functions that give attackers access to your wallet.How to stay safe:Don’t click reward links from DMs, replies, or unknown sources.Review every transaction and check the “permissions” granted.Use a burner wallet for experimental dApps or airdrops.3. Fake Airdrops & Drainer TokensWhat happens:Scam tokens show up in wallets, directing users to “claim” more via malicious sites. These often initiate stealthy contract calls to drain funds.How to stay safe:Don’t interact with unknown tokens suddenly appearing in your wallet.Never sign a transaction you don’t understand.Search token contracts on ScamHunter to check for risks before engaging.4. Wallet Draining via Message SignatureWhat happens:Victims sign a message (not a transaction), unknowingly allowing attackers future control over assets via permit() or gasless execution.How to stay safe:Don’t sign messages from dApps you don’t fully trust.Be cautious of “Login to claim reward” or “verify account” requests.Use wallets like Rabby or WalletGuard that warn about suspicious signatures.💡Track it on BountyTrackWhile message signatures themselves are not stored on-chain, BountyTrack can help detect the aftermath — such as abnormal withdrawals or contract calls initiated through signature-based attacks.By analyzing wallet behavior patterns and their interactions with related dApps, users can trace, report, and block suspicious actors before more damage is done.5. Hacked Verified AccountsWhat happens:Even verified Twitter/X accounts — influencers, projects, or DAOs — can get hacked. Scammers then share malicious links under trusted handles.How to stay safe:Don’t trust posts solely based on blue checkmarks.Always double-check URLs.Check replies — often users will flag suspicious behavior.Report phishing attempts to ChainBounty.Why This MattersEvery scam report submitted on ChainBounty is verified by the community and stored in the Threat Reputation Database (TRDB) — an on-chain intelligence source powering alerts and protections across Web3.By participating, users are rewarded.By sharing, you help prevent the next attack.By connecting TRDB with dApps and wallets, phishing can be blocked before it strikes.Get InvolvedIf you’ve encountered a phishing link, fake dApp, or suspicious token:🔗 Submit a report hereHelp make Web3 safer — for you and for everyone else.The more we share, the stronger the defense.

ChainBounty

ChainBounty

13 days ago
ChainBounty Presents: BountyTrack

ChainBounty Presents: BountyTrack

Your Web3 Radar Against Crypto ScamsWith scams growing smarter and wallets vanishing overnight, Web3 urgently needs real-time, community-powered tools for early fraud detection. That’s why BountyTrack exists — and now, it just got a major upgrade.What Is BountyTrack?BountyTrack is a crypto investigation dashboard built for Web3 users, security analysts, and on-chain detectives.Its mission? To help users analyze suspicious wallet activity, detect patterns before damage is done, and ultimately prevent fraud before it spreads.Now supporting over millions blockchains, BountyTrack empowers you to investigate wallet behavior across:Ethereum (ERC20), Bitcoin, Binance Smart Chain, Polygon, Avalanche, Tron, Solana, Ripple, Klaytn, Fantom, Cardano, and more.Key FeaturesMulti-chain wallet tracking : Trace a suspicious wallet’s activity across major L1 chains and sidechains.Token contract filtering: Narrow down results to specific tokens (not just native assets).Time-based investigation: Focus your analysis on specific transaction periods.Source & distribution depth control: Customize how deep to trace transactions in both directions.Visual fraud patterns : Generate intuitive graphs to understand flows and relationships instantly.Visualize flows. Trace origins. Flag scams faster.Real Use CasesSuspect a wallet involved in phishing? Track it and flag it.Lost funds to a fake airdrop? Submit a full on-chain report.A known influencer’s wallet seems compromised? Monitor and alert before followers are harmed.Built for Investigators, Powered by the CommunityWith a simple interface and powerful forensic tools, BountyTrack lowers the barrier for anyone to become an on-chain investigator. Whether you’re a security researcher, DAO operator, journalist, or simply a concerned user — you now have the tools to take action.Stop Fraud Before It SpreadsScams aren’t just a technical problem — they’re a timing problem. The faster we investigate, the faster we can protect.Start your investigation today: https://track.chainbounty.io

ChainBounty

ChainBounty

23 days ago