Major nonfungible token (NFT) marketplace OpenSea announced a service upgrade on Saturday, which requested that users migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract. However, in the hours that followed, 32 users of the platform became victims of a targeted email phishing attack which resulted in an anonymous entity stealing $1.7 million worth of ETH. OpenSea CEO, Devin Finzer published a tweet thread explaining that the breach was orchestrated via fake email scams which assured users of their OpenSea identity, convinced them to sign a digital message with their wallet, and therefore unknowingly …

Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts. According to a report from cybersecurity firm Intel471, One Time Password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack. A Telegram bot known as ‘BloodOTPbot’ charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20 to $100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services …

Binance CEO Changpeng Zhao has alerted the crypto community against a 'massive' SMS phishing scam targeting Binance customers. On Friday, CZ tweeted alerting users of a phishing scam campaign directed at Binance users through SMS. There is a massive Phishing scam via SMS with a link to cancel withdrawals. It leads to a phishing website to harvest your credential as in the screenshot below. NEVER click on links from SMS! Always go to https://t.co/9rMMAmtCxH via a bookmark or type it in. Stay #SAFU pic.twitter.com/erNwe90FN1 — CZ Binance (@cz_binance) February 4, 2022 As per the screenshot shared by CZ, the scam …

On Tuesday, Solana nonfungible token (NFT) project Monkey Kingdom, which has received notable backing from American DJ Steve Aoki, announced via Twitter that hackers made off with $1.3 million of the community's crypto funds through a security breach on Discord. According to its developers, the hack first occurred with the breach of Grape, a popular solution for verifying users on Solana. Hackers then used the exploit to take over an administrative account, which posted a phishing link in the Monkey Kingdom Discord's announcement channel. Users who followed the link connected their wallets expecting they would receive an NFT but instead …

A new report shared by Google’s Threat Analysis Group (TAG) highlights an ongoing phishing campaign against YouTube creators, typically resulting in the compromise and sale of channels for broadcasting cryptocurrency scams. The TAG attributes the attacks to a group of hackers recruited in a Russian-speaking forum that hacks the creator’s channel by offering fake collaboration opportunities. Once hijacked, the YouTube channels are either sold to the highest bidder or used to broadcast cryptocurrency scams: “A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on …

As a tech-friendly region, Dubai is never short of new and promising projects, including crypto and blockchain, but the influx of new cryptocurrencies makes it harder for newcomers to distinguish shady campaigns from reliable ones. The Dubai Media Office announced that the authorities have never approved a digital currency named Dubai Coin, which saw a 1,000% jump when the project launched as “the official digital currency of Dubai” earlier this week. “It’s not the official cryptocurrency of the city,” the announcement warns. “The website promoting Dubai Coin is an elaborate phishing campaign that is designed to steal personal information from …

Crypto wallet provider MetaMask has alerted its users of a new phishing bot that attempts to steal their seed phrases. In a tweet published Monday, MetaMask warned users that the bot attempts to direct users to a purported “instant support” portal where they are prompted to enter information into a Google Docs form. PHISHING ALERT!: a new type of phishing bot is becoming active. Comes from an account that looks “normal” (but few followers) Helpfully suggests filling out a support form on a major site like Google sheets (hard to block). Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE — MetaMask …

Crypto asset lending platform, Celsius Network, has revealed an email server breach that resulted in malicious phishing links being sent to customers. An April 15 announcement notes that some of Celsius’ customers have been receiving emails and SMS messages directing them to a malicious website impersonating the Celsius platform. The messages claim the link would direct them to a new web wallet from Celsius, purporting to offer $500 to users who create a wallet using the link. Celsius asserts the phishing links were sent after “an unauthorized party managed to gain access to a back-up third-party email distribution system which …

Two decentralized finance projects are reportedly being targeted by a DNS spoofing attack. According to reports from Monday morning U.S. time, PancakeSwap and Cream Finance, two projects deployed on Binance Smart Chain, are phishing users into entering their private key on the website. Cream Finance is inaccessible as of the time of writing, but PancakeSwap still loads correctly and showcases the phishing attempt. Upon trying to connect MetaMask, the page loads a fake window requesting the user to input their private key. This also happens on browsers like Safari, where MetaMask is unavailable. There are almost no occasions when a …

Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of user funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask. The warning was issued under the headline, “ALERT: Malicious Crypto Browser Extension — Masked MetaMask” and reported the company had seen “an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen.” In response to online criticism that MetaMask is not doing enough to steer its users away from potentially harmful websites and downloads, MetaMask’s chief product officer Jacob …

Major Australian cryptocurrency exchange BTC Markets accidentally exposed the full name and email addresses of all of its customers in a marketing email sent to each affected individual on Dec. 1. The emails were sent in batches of 1,000, meaning that each customer was sent the name and email address of 999 other users. BTC Markets is in the process of reporting the incident to the Office of the Australian Information Commissioner, with Bowler noting the exchange will be “taking guidance from the OAIC” on how to respond to the breach moving forward. Speaking to Cointelegraph, BTC Markets CEO Caroline …

Many crypto owners fall prey to common crypto theft schemes, including phishing traps. How can the average crypto user identify and avoid these attacks to prevent the potential loss of funds? Know the source Phishing emails are sometimes successful in their attempts to trick users into downloading programs, clicking on something they shouldn’t, or just linking them to a page where they can enter personal information like their seed phrase. In July, hardware wallet Ledger reported a data breach that affected the personal data of many of its users, some of whom continue to be the target of phishing attacks. …