Threat Information Report
Contribute by sharing malicious activities you've encountered.
Lucky Star Rug Pull
The strategy employed by the malicious actor(s) appears rather straightforward yet carefully executed. LSC tokens were illicitly withdrawn, converted to BUSD, and ultimately consolidated into a single address (0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896). Funds were finally moved to MEXC Global Exchange Link : https://medium.com/sentinel-protocol/a-closer-look-at-the-lucky-star-rug-pull-a-1m-cryptocurrency-heist-79112df2f4f5 Link : https://twitter.com/CertiKAlert/status/1711440972796604521 Address that launder BUSD : 0x23f8c805306Bf27AB8bf3cEbEce4B778acfFd896
Email Scam
Hello pervert, I've sent this message from your Microsoft account. I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisеly. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS and Windows. I guess, you already figured out where I’m getting at. It’s been a few months since I installed it on all your dеviсеs because you were not quite choosy about what links to click on the intеrnеt. During this period, I’ve learned about all aspects of your private life, but оnе is of special significance to me. I’ve recorded many videos of you jerking off to highly controversial роrn videos. Given that the “questionable” genre is almost always the same, I can conclude that you have sick реrvеrsiоn. I doubt you’d want your friends, family and co-workers to know about it. However, I can do it in a few clicks. Every number in your contact Iist will suddenly receive these vidеоs – on WhatsApp, on Telegram, on Instagram, on Facebook, on email – everywhere. It is going to be a tsunami that will sweep away everything in its path, and first of all, your fоrmеr life. Don’t think of yourself as an innocent victim. No one knows where your реrvеrsiоn might lead in the future, so consider this a kind of deserved рunishmеnt to stop you. I’m some kind of God who sees everything. However, don’t panic. As we know, God is merciful and forgiving, and so do I. But my mеrсy is not free. Transfer 1400$ to my Litecoin (LTC) wallet: ltc1qsv3zptrkyzvve4cn02w827pjjzqjlaw0r4400d Once I receive confirmation of the transaction, I will реrmanently delete all videos compromising you, uninstаll Pegasus from all of your devices, and disappear from your life. You can be sure – my benefit is only money. Otherwise, I wouldn’t be writing to you, but destroy your life without a word in a second. I’ll be notified when you open my email, and from that moment you have exactly 48 hours to send the money. If cryptocurrencies are unchartered waters for you, don’t worry, it’s very simple. Just google “crypto exchange” or "buy Litecoin" and then it will be no harder than buying some useless stuff on Amazon. I strongly warn you against the following: * Do not reply to this email. I've sent it from your Microsoft account. * Do not contact the police. I have access to all your dеviсеs, and as soon as I find out you ran to the cops, videos will be published. * Don’t try to reset or destroy your dеviсеs. As I mentioned above: I’m monitoring all your activity, so you either agree to my terms or the vidеоs are рublished. Also, don’t forget that cryptocurrencies are anonymous, so it’s impossible to identify me using the provided аddrеss. Good luck, my perverted friend. I hope this is the last time we hear from each other. And some friendly advice: from now on, don’t be so careless about your online security.
Email Scam
Hello pervert, I've sent this message from your Microsoft account. I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisely. Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS and Windows. I guess, you already figured out where I'm getting at. It's been a few months since I installed it on all your devices because you were not quite choosy about what links to click on the internet. During this period, l've learned about all aspects of your private life, but one is of special significance to me.
Address is used in Phishing scam
There are reports that this address was used in a Phishing scam. Please exercise caution when interacting with it. Reported by GoPlusSecurity.
USDT Approval Scam
This is a USDT Approval scam, where victims approve an address to withdraw unlimited USDT from their accounts. This address is called approved spender address. A method of "Transfer From" was used to send funds from victims to address receiving victim funds. Link : https://support.token.im/hc/en-us/articles/900006746566-My-USDT-was-sent-out-from-my-wallet-without-my-consent-How-did-that-happen
Address Poisoning that involves user lost 68m worth of USD
On May 3, 2024, there was a theft of 1,155.28 WBTC worth over $68 million as a result the «dust» attack.https://twitter.com/realscamsniffer/status/1786374327740543464However, on May 10th, all WBTC that has been swapped to ETH was returned to the user 0x1E227979f0b5BC691a70DEAed2e0F39a6F538FD5. Although all funds have been returned to user, we will continue to remain threat actor wallets as blacklist for attempting illegal activity, Link : https://cointelegraph.com/news/trader-loses-68-million-address-poisoning-scam
WazirX Exploit
On 18th July 2024, WazirX, a prominent cryptocurrency exchange, experienced a catastrophic security breach resulting in a loss of over $235 million. The attack was meticulously planned and executed over 10 days, ultimately compromising their multisig wallet by upgrading it to a malicious implementation. Link : https://x.com/WazirXIndia/status/1813981143437611440?lang=enAttacker Address that move funds to Tornado : https://etherscan.io/address/0x361384e2761150170D349924A28d965f0Dd3F092
LiFi Protocol Exploit
On July 16, 2024, LiFi Protocol experienced a significant security breach that exploited the LiFi Diamond Contract. The exploit led to the loss of approximately $9.7 Million in various stablecoins and other assets at the time of writing. The attacker was able to drain funds from users who had granted infinite approvals to the contract. The LiFi Protocol team has taken immediate steps to contain the breach and mitigate further risks.Link : https://x.com/lifiprotocol/status/1813207291778215955 Link : https://li.fi/knowledge-hub/incident-report-16th-july/Attacker Address that move funds to Tornado : https://etherscan.io/address/0x8B3Cb6Bf982798fba233Bca56749e22EEc42DcF3
