Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,563
- Points
- 113
Even experienced professionals may not always recognize the threat.
On the X platform (formerly Twitter), a campaign was recently revealed in which attackers pretend to be blockchain security specialists in order to lure users into phishing traps and empty their crypto wallets.
Scammers hack into the accounts of real researchers and operate under their names to gain the trust of victims. These experts include CertiK, ZachXBT, and Scam Sniffer. Criminals spread information about non-existent security threats on the Uniswap and Opensea platforms.
Users are convinced that scammers are stealing their tokens through vulnerabilities in the systems of crypto exchanges. Then victims are offered to "revoke access rights" by clicking on a special link and connecting their crypto wallet.
Phishing sites that people should go to ostensibly to protect their assets are hosted on 'revoketokens' domains.]io' and 'revokea[.]sh'. Once the wallet is connected to these resources, funds flow out instantly.
Specialist ZachXBT said that for the first time found signs of such attacks on November 9. According to him, in the last week alone, fraudsters stole more than $ 300,000 using the described scheme. Even experienced members of the community and experts in the field of cryptocurrencies, including administrators of the vx-underground platform, fell into the trap.
The campaign gained significant scale thanks to posts with the hashtag #UniswapExploit, which in a short time became one of the top trends among users from the United States. This tag was used by bots to draw public attention to fake vulnerability reports.
Hayden Adams, developer of Uniswap, warns that his platform is absolutely invulnerable: no security problems were detected, and the messages of intruders are pure deception.
On the X platform (formerly Twitter), a campaign was recently revealed in which attackers pretend to be blockchain security specialists in order to lure users into phishing traps and empty their crypto wallets.
Scammers hack into the accounts of real researchers and operate under their names to gain the trust of victims. These experts include CertiK, ZachXBT, and Scam Sniffer. Criminals spread information about non-existent security threats on the Uniswap and Opensea platforms.
Users are convinced that scammers are stealing their tokens through vulnerabilities in the systems of crypto exchanges. Then victims are offered to "revoke access rights" by clicking on a special link and connecting their crypto wallet.
Phishing sites that people should go to ostensibly to protect their assets are hosted on 'revoketokens' domains.]io' and 'revokea[.]sh'. Once the wallet is connected to these resources, funds flow out instantly.
Specialist ZachXBT said that for the first time found signs of such attacks on November 9. According to him, in the last week alone, fraudsters stole more than $ 300,000 using the described scheme. Even experienced members of the community and experts in the field of cryptocurrencies, including administrators of the vx-underground platform, fell into the trap.
The campaign gained significant scale thanks to posts with the hashtag #UniswapExploit, which in a short time became one of the top trends among users from the United States. This tag was used by bots to draw public attention to fake vulnerability reports.
Hayden Adams, developer of Uniswap, warns that his platform is absolutely invulnerable: no security problems were detected, and the messages of intruders are pure deception.
