Security News
According to Web3 anti-scam platform ScamSniffer, miscreants with the Pink Drainer crew posing as journalists from well-known crypto news sources, including Decrypt and Cointelegraph contacted victims and interviewed some of them. "By analyzing the malicious websites created by Pink Drainer in the past month, we found that many Discord hacks are related to them," the researchers wrote.
A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks. According to ScamSniffer analysts, Pink Drainer successfully compromised the accounts of 1,932 victims to steal roughly $2,997,307 worth of digital assets on the Mainnet and Arbitrum.
Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole. The U.S. Department of Justice also charged Bilyuchenko with conspiring with Russian national Alexander Vinnik to run the unlicensed BTC-e Bitcoin trading platform between 2011 and 2017.
The Atomic Wallet app's makers first reported June 3 that some folks were complaining some crypto had been taken from their wallets and deposited in strangers' accounts, with others saying their wallets had been emptied completely. The developer, headquartered in Tallinn, Estonia, says Atomic Wallet is a noncustodial app, meaning that users own the 12-word backup phrase and private keys to their coins, rather than the app maker, and that security is within the users' control.
The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen. Atomic Wallet is a mobile and desktop crypto wallet allowing users to store various cryptocurrencies.
DOUG. Password manager cracks, login bugs, and Queen Elizabeth I versus Mary Queen of Scots of course! Our last story of the day: Don't panic, but there's apparently a way to crack the master password for open-source password manager KeePass.
Just days after releasing the second - and supposedly more stable and secure - version of its decentralized finance app, Jimbos Protocol over the weekend was hit by attackers who stole stole 4,090 ETH tokens from the project worth about $7.5 million. The developers behind the Arbitrum-based app were the apparent victims of a flash loan attack and now are scrambling to track down the light-fingered coders and retrieve the lost funds.
The FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia - some of which enslave visitors and force them to participate in cryptocurrency scams. "Criminal actors assign debts to victims under the guise of travel fees and room and board, and use victims' mounting debt and fear of local law enforcement as additional means to control victims. Trafficked victims are sometimes sold and transferred between compounds, further adding to their debt," said the FBI. Advocacy groups and media report similar tactics, with victims targeted online and promised lucrative jobs abroad with travel fees and other benefits paid.
A cryptocurrency phishing and scam service called 'Inferno Drainer' has reportedly stolen over $5.9 million worth of crypto from 4,888 victims. The malicious websites created with Inferno Drainer target 229 popular brands, including Pepe, Bob, MetaMask, OpenSea, Collab.
A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services Elastic Compute Cloud instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil.