Centralized exchanges come with their drawbacks and may not fulfill all of the goals generally associated with crypto philosophies, but there are instances when custodial elements can become beneficial. For example, in the wake of the recent Twitter hack, it was revealed that Coinbase blocked user attempts to send over $280,000 in Bitcoin to the scam address.
In the case of my recent experience, Binance was able to provide an assist by passing along our information to the owner of the victimized address, giving them the option to reach out and resolve this.
The phishing technique used in this case was sophisticated in the sense that it mimicked two separate UIs to steal a user’s secret (private key, keystore file, mnemonic phrase). It can be convincing to unsuspecting users. …
Note: This is a high-level overview of the events that occurred. To see a detailed timeline of every single account and tweet, view this spreadsheet.
You can also view the massive tweet thread that we tweeted in realtime.
For screenshots of all the tweets, view this imgur album.
On July 15, around 40 (possibly more) Twitter accounts — with hundreds of millions of combined followers — were compromised and began tweeting out forms of trust-trading scams.
These scams netted more than $100,000 in cryptocurrency and the actions made waves throughout the internet.
*Last updated Friday, July 17 @ 12:20PM PT*
11:23AM PT · Jul 15, 2020
In the first of a series of unfortunate events, popular crypto Twitter account “AngeloBTC” is hijacked and asking for funds. …
We write a lot about phishing, but it’s not every day that you have the opportunity to save phished funds and give them back to the victim.
We’ve written about malicious APKs in the past that target cryptocurrency users, but they were hosted on third-party sites. The one we are writing about today was actually in the official Google Play store, highly ranked, and had a lot of user reviews, downloads, and a decent 3 and 1/2 star rating.
I downloaded this app into a sandbox and decompiled it with
apktool. I was expecting keys to be sent to a Firebase database, per usual, but this one operated differently. …