Previously, I was able to return $4k of stolen funds to a user. I recently made another recovery to the tune of over $10k.

Centralized exchanges come with their drawbacks and may not fulfill all of the goals generally associated with crypto philosophies, but there are instances when custodial elements can become beneficial. For example, in the wake of the recent Twitter hack, it was revealed that Coinbase blocked user attempts to send over $280,000 in Bitcoin to the scam address.

In the case of my recent experience, Binance was able to provide an assist by passing along our information to the owner of the victimized address, giving them the option to reach out and resolve this.

The phishing technique used in this case was sophisticated in the sense that it mimicked two separate UIs to steal a user’s secret (private key, keystore file, mnemonic phrase). It can be convincing to unsuspecting users. …

Hundreds of millions of users were exposed to crypto scam tweets from compromised Twitter accounts. What happened?

Note: This is a high-level overview of the events that occurred. To see a detailed timeline of every single account and tweet, view this spreadsheet.
You can also view the
massive tweet thread that we tweeted in realtime.
For screenshots of all the tweets, view
this imgur album.

On July 15, around 40 (possibly more) Twitter accounts — with hundreds of millions of combined followers — were compromised and began tweeting out forms of trust-trading scams.

These scams netted more than $100,000 in cryptocurrency and the actions made waves throughout the internet.

*Last updated Friday, July 17 @ 12:20PM PT*


11:23AM PT · Jul 15, 2020
In the first of a series of unfortunate events, popular crypto Twitter account “AngeloBTC” is hijacked and asking for funds. …

This is a special occurrence.

We write a lot about phishing, but it’s not every day that you have the opportunity to save phished funds and give them back to the victim.

This user unfortunately installed a fake version of Trust Wallet via the Google Play store.

We’ve written about malicious APKs in the past that target cryptocurrency users, but they were hosted on third-party sites. The one we are writing about today was actually in the official Google Play store, highly ranked, and had a lot of user reviews, downloads, and a decent 3 and 1/2 star rating.

Image for post
Image for post
Note: the namespace of the app is `com.trust.manager.app` whereas the official namespace is `com.wallet.crypto.trustapp`. Obviously, these namespaces are not for humans.

I downloaded this app into a sandbox and decompiled it with apktool. I was expecting keys to be sent to a Firebase database, per usual, but this one operated differently. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store