Crypto-Sec is our bi-weekly roundup of stories and tips about cryptocurrencies and security.

She is voiced by Amazon Polly

Crypto-Sec is our bi-weekly roundup of stories and tips about cryptocurrency and cybersecurity.

Biggest phishing scam of the week: TAO owner loses $11.2 million

In the largest phishing attack reported to date in June, a user of the artificial intelligence platform Bittensor (TAO) then lost more than 28,000 tokens worth $11.2 million. The attack was reported by on-chain investigator ZachXBT via his Telegram channel.

ZachXBT reported that the attacker split the funds among 18 different wallet accounts, which he then combined into 16 accounts. The 16 accounts then linked the TAO network tokens to Ethereum and exchanged them for ETH and USDC stablecoins using three different decentralized exchanges.

Splitting funds across multiple wallets and then repackaging them is a common tactic of fraudsters and aims to circumvent money laundering detection systems on centralized exchanges. It appears to be this pattern of splitting and recombining that led ZachXBT to conclude that this was a phishing attack.

A cryptocurrency phishing attack is a type of scam in which an attacker creates a fake website that appears to be part of a legitimate protocol, such as a decentralized exchange or lending app. But the site is actually malicious and not authorized by the legitimate protocol team. When a user allows the fraudulent app to spend their tokens, it steals them instead of doing what the user expected.

Phishing scams are one of the most common ways that cryptocurrency users lose money following an attack.

White Hat Corner: Microsoft fixes zero-click vulnerability.

According to Security Week, Microsoft has fixed a vulnerability that could have allowed attackers to execute code on Outlook users’ devices without them needing to download or execute a file. Cybersecurity company Morphisec reportedly discovered the flaw.

A potential attack simply requires the user to open a malicious email rather than having to download or execute a file. For this reason, Morphisec called the flaw a “zero-click vulnerability.”

Morphisec reported that the flaw allowed attackers to “exfiltrate data, gain unauthorized access to systems, and perform other malicious activities.”

Cryptocurrency wallets use key vault files stored on the device to sign transactions. It is therefore possible that these files were stolen in such an attack and resulted in cryptocurrency losses.

Despite the fix provided by Microsoft, some devices may still run older versions of Outlook. Users are therefore advised to update their Outlook clients as soon as possible, the report said.

Microsoft classified the vulnerability as “important” but did not describe it as “critical.” The flaw affected earlier versions of Outlook 2016, Office LTSC 2021, 365 Apps for Enterprise, and Office 2019, but newer versions of these apps are not vulnerable.

Read also


Become a digital crypto nomad in Bali like me: here’s how


“Deflation” is a stupid way to manage the token economy…and other sacred cows

DeFi Exploit of the Week: UwU Lend Exploited Twice

DeFi protocol UwU Lend On Ethereum was exploited twice by the same attacker in three days. The first attack took place on June 10 and drained $20 million from the protocol, while the second attack on June 13 drained another $3.7 million, according to reports from blockchain security platforms Peck Shield and Cyvers.

In a “The team has now identified the vulnerability, which was specific to sUSDe Market Oracle and has now been resolved,” he claimed.

According to blockchain security platform Peck Shield, the attacker manipulated the sUSDe oracle used by the protocol, causing it to display false prices. This allowed some liquidity pools to lend $20 million more than they otherwise could have. The attacker then took this money and did not repay the loans.

To explain in more detail: the protocol’s sUSDe oracle used an average price derived from multiple liquidity pools. Using large flash loans, the attacker was able to change prices in four of these pools: FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHUSDe. This affected the price recorded by the sUSDe Oracle, which in turn changed the collateral requirements for loans in the protocol. The attacker used these changed requirements to obtain unsecured loans, which allowed him to default on the loans and abscond with the borrowed funds.

about: What are flash loans in DeFi?

Of the depleted funds, $14.4 million was sent to an account ending in EB70, and another $4.6 million was transferred to an account ending in 5EB6. The loot consists entirely of Ethereum (ETH), as the attacker exchanged all other tokens for Ether immediately after the attack.

On June 12, the UwU team announced that it had paid off bad debts from Tether (USDT), DAI and crvUSD, allowing these markets to restart.

about: UwU Lend was hacked for $20 million

However, the day after this announcement, Cyvers announced that the attacker had implemented a second exploit against UwU Lend. This second attack targeted the uDAI, uWETH, ulUSD, uFRAX, uCRVUSD and uUSDT pools, draining $3.7 million from them.

The UwU Lned exploit had repercussions, which resulted in the fall of the Curve CRV token and the liquidation of a stable position of $140 million by its founder Michael Egorov, owner of several palaces.

This led to reports that Egorov proposed burning 10% of the CRV token supply, worth $37 million, to help stabilize the token’s price.

Unfortunately, the spoiler story was a hoax tweeted by an Egorov impersonator trying to phish users. The real Egorov told Cointelegraph:

“This information was tweeted by a fake account (imposter), accompanied by a fraudulent link. Few journalists have not verified the authenticity of the information and published information on this topic.

Read also


Moving on… Why aren’t more law schools teaching blockchain, DeFi and NFTs?


Cryptocurrency Experts: Can FUD Ever Be Useful?

Deepfake Scams: OKX User Loses $2 Million

According to a translated report from Chinese cryptocurrency media Wu Blockchain, an OKX user lost more than $2 million to a deep scam created by artificial intelligence (AI). The attackers purchased Lai J. Fang Chang’s personal data from Telegram and used it to create an “AI-created video app for changing mobile phone numbers.”

The video allegedly tricked OKX platform employees into authorizing changes to Chang’s password, email address, and Google Authenticator device, bypassing all authentication checks at two factors. The attackers then withdrew all of Chang’s cryptocurrencies to wallet accounts under their control.

According to the report, OKX is currently investigating the attack.

about: AI-Driven Cryptocurrency Crimes Are Just Getting Started – Elliptical Report

CEX: SomaXBT claims cover-up of Lykke exchange hack

On June 9, blockchain researcher SomaXBT accused the Lykke exchange of hiding its $22 million losses following a June 4 hack. The researcher began looking into the issue after noticing that many Lykke users were complaining about not being able to withdraw funds. The exchange reportedly stated on Discord that the platform was under maintenance.

But after investigation, SomaXBT discovered that more than $19 million worth of Bitcoin (BTC) and Ethereum had been transferred from multiple wallet accounts to a new address, which it believes implies a possible hack of the exchange . The researcher claimed that Lykke is “still trying to hide this fact,” as five days have passed without the exchange issuing an official statement.

The following day, Lykke acknowledged the attack and apologized to its users for the inconvenience caused by not being able to remove itself. It also promised to refund all users, saying it had “strong capital reserves and a diversified portfolio” to do so.

about: Cryptocurrency exchange Lykke admits to hack after halting withdrawals

Christopher Rourke

Some say he’s a white hat hacker who lives in the black mining hills of the Dakotas and pretends to be a child crossing guard so as not to betray the NSA. All we know is that Christopher Rourke has a pathological desire to track down scammers and hackers.

Leave a Reply

Your email address will not be published. Required fields are marked *