Category: Scams

Categories
NFTs Scams Social media Solana Tokens

MonkeyBall NFT Drop Ends in Disaster with Buyers Losing SOL

A new game being developed on Solana called ‘MonkeyBall’ has caused mayhem as angry investors take to Twitter to voice their concerns about the project.

The project was aiming to drop 5,000 Monkey NFTs on its website on January 7 at 12am AEST. But the launch countdown timer on the website didn’t even finish before a message popped up saying “drop ended”, leaving many users disappointed and angry.

MonkeyBall NFT drop closed before the countdown finished. Source: Twitter

Some users were persistently refreshing the web page, even hundreds of times, and a few were able to create a 2 SOL transaction to mint an NFT. However, the SOL was sent to MonkeyBall but no NFT was returned appearing in the wallet, leaving investors out of pocket.

The subdomain used for the drop (monkeydrop2022.monkeyball.com) did appear in the DNS a few minutes before the official countdown ended, which hackers could have used to exploit the drop and execute mint transactions to chew up the supply.

Failed Token Launch, Failed NFT Drop and Broken Promises

The MonkeyBall team also muted the Discord and Telegram communities throughout the drop, leaving users in the dark as to what was actually going on.

Some YouTubers did some investigative work to try to find out what happened. They revealed several flaws in the drop, including coding errors, bot prevention flaws and whitelist logic ambiguities.

Token Launch IDO Mayhem

This failed NFT drop comes after the project had previously promised the $MBS token launch on Starlaunch IDO, which after investors had put their money in was suddenly delayed without notice, leaving unanswered questions about the project’s integrity.

Starlaunch used Fractal to process the KYC for the MonkeyBall IDO, which experienced some problems, allowing investors to put money into the launchpad – even though they were not eligible to participate from their location – leaving a lot of investors angry and out of pocket.

Was Solana to Blame for the Failed Drop?

The MonkeyBall team has blamed Solana for the failed drop but investors are not buying it, as it appears the Solana blockchain was working fine at the time of mint:

That said, there have been some problems with the network lately after Solana suffered DDOS attacks on January 4, and it did have some downtime.

SOL users have expressed their outrage on Twitter and Reddit. One Redditor, angry for the constant delay, claimed that Solana Status was lying to its users, insisting the network had been working “completely fine” and that the delay problems might be related to slow internet connections.

Is MonkeyBall a Rug Pull?

Crypto News Australia has reported on a lot of scams in 2021 including countless rug pulls from NFT projects, to mention but a few recent Solana-related examples:

While it cannot be proved that MonkeyBall is a rug pull, we encourage investors to be cautious and take note of the red flags that have appeared. We’ve reached out to the MonkeyBall team to get some comments on this.

If you want to find out more, check out these resources:

Categories
DeFi Scams Tokens

Scam Alert: Security Firm Identifies Arbix Finance $10 Million Rug Pull

Blockchain security firm CertiK has identified Arbix Finance as a rug pull, warning users who have engaged with the protocol to stay way from it and its ARBX token.

Another Rug in the DeFi Space; This Time Users Are Warned

Arbix Finance is a Binance Smart Chain-based protocol that describes itself as a yield-farming aggregator. So far, it has amassed over US$10 million in deposits by users.

CertiK found several red flags in Arbix thanks to its Skytrace tool, which it uses to analyse the risk of fraud. Some of the firm’s initial findings were that investors’ funds had been allocated in unverified pools through the depositor contract, which were later drained by the Arbix team.

The protocol’s underlying code was purposefully made to allow developers to mint millions of ARBX tokens, with roughly 4.5 million tokens minted to only one wallet.

The exploited contract was not in the audit scope that was done for Arbix. The project inserted eight ‘mint()’ functions to a newly deployed ARBX ERC20 contract, which allowed the owner to mint any amount of ARBX tokens to any address.

CertiK statement

Arbix Disappears Amid Accusations

It appears that Arbix Finance quietly disappeared shortly after the accusations were made – the project’s website and Twitter account are gone, and the ARBX token dropped to $0.

Discerning between a legit DeFi project with goals and a scam is difficult for newcomers in the space. While CertiK managed to warn users before more damage was done, some warnings come too late. In November last year, Crypto News Australia reported how the creators of DeFi token launch Monkey Jizz rugged investors out of US$300,000 worth of BNB.

Categories
Crypto News NFTs Scams

OpenSea Freezes 16 NFTs Worth $2.2 Million Following Phishing Scam

A Bored Ape collector’s NFTs have been stolen in a phishing attack, prompting top NFT marketplace OpenSea to step in and freeze the assets on its site as some community members tried to get them back.

On December 30, an NFT collector was the victim of a successful phishing attack which led the hacker to a collection of Bored Ape Yacht Club (BAYC) and other NFTs worth an estimated US$2.2 million:

Collector Todd Kramer, who runs the Ross+Kramer art gallery in New York and East Hampton, revealed in a series of tweets that he was hacked after clicking a malicious link fronting as a Dapp. The attack resulted in him losing 16 of his NFTs, with Kramer stating in a now deleted tweet: “I have been hacked. […] all my apes gone. [T]his just sold [referring to his profile picture] please help me”, further pleading with the OpenSea and NFT community to assist in any way.

BAYC has been one of the most successful NFT projects so far, with celebrities including talkshow host Jimmy Fallon and rapper Eminem also owning a few. So far, nearly US$1 billion has been spent on trading Bored Ape Yacht Club NFTs. 

Community Works to Return Stolen NFTs

Some buyers found the activity questionable as these NFTs were being sold for fractions of their value and had been flagged as suspicious by the marketplace:

After word got out, some community members approached Kramer to either sell back (albeit at a loss) or give back some of his NFTs.

The end result of the stolen BAYC and MAYC NFT fiasco has not been disclosed publicly, but it seems a few individuals helped ease Kramer’s worries and have assisted him in retrieving some of his stolen NFTs.

Freezing NFTs Brings Up Questions

After Kramer’s NFTs were stolen, OpenSea – the largest NFT marketplace – froze the assets, so they can’t be traded. In an earlier tweet, Kramer said: “All Apes are frozen […] Waiting for OpenSea team to get in”. This can be seen on OpenSea, where the items can no longer be bought or sold.

The deleted tweet from Todd Kramer, which was captured on archive.org. Kramer claims all the apes were frozen in the tweet.

This comment attracted criticism from the community since a third party was getting involved, which goes against the idea of true decentralisation. One Twitter user commented: “Feels pretty anti-crypto to be asking third parties to do this and ideally they shouldn’t be able to.”

Even famed software engineer Grady Booch added his opinion about the lack of decentralisation in this case when he commented:

Silly me. And here I thought that the code is the law and that one of the very ideas of cryptocurrencies was the elimination of any possibility of centralised intervention. Hypocrites; every one of you.

Grady Booch

Lack of Operational Security Partly to Blame

In the end, one can be sure that if other owners were in Kramer’s shoes, they would be thankful. One other mistake on his part was not practising good operational security – Kramer’s stolen NFTs were stored on a hot wallet connected to the internet, rather than using a cold wallet that requires physical action on the part of the holder to verify transactions.

Phishing has been a growing problem in the crypto space, with cybersecurity company PhishLabs reporting a tenfold increase in such attacks on crypto exchanges in the first half of 2021, compared to the previous year.

Categories
Crypto News Gaming NFTs Scams Solana Tokens

SolGame NFT Rug Pull, Website and Social Media Shut Down

SolGame, a decentralised P2E (Play-2-Earn) NFT-focused project on Solana, appears to have pulled the rug after investors reported that the protocol’s social media channels and official website were shut down, denying them access to their money.

SolGame Offline – Developer Identified

On Christmas Day, a Twitter user by the name of Millesimal reported he had lost his money on Solgame after the official website, solgame.org, was shut down and the Discord channel deleted. The user managed to track down the developer, but there isn’t much information on either his whereabouts or his persona.

The project promoted the game using the voice actor of the Squid Game frontman and other promoters such as Plasma Crypto and NFT YouTuber Pingue. The presale was conducted and tokens sold out quickly, but the project was drifting away from customers and ultimately decided to delete all communication channels.

Yet Another Rug on the Solana Network?

Solana has been a fast gainer in the crypto market, with many innovative developments and interesting projects coming to the platform. Just last week, Crypto News Australia published a list of five interesting Solana NFT projects launching soon.

But scammers have tried to take advantage of the rising popularity of NFT projects on the network. On August 14, Solana suffered its first and biggest rugpull to date after Luna Yield, a cross-chain yield aggregator, stole nearly US$10 million from liquidity pools and quickly deleted its official website.

Categories
Bitcoin Crypto News Hackers Illegal Monero Scams

New Spider-Man Movie Torrent Contains Malicious XMR Mining Program

Cybercriminals have to keep up with the latest trends in order to continue running their scams, so it comes as no surprise they’re exploiting the popularity of blockbuster movie Spider-Man: No Way Home as a way to launch crypto-malware attacks.

Fans are urged to be careful when downloading pirated copies of the newest edition of the film as cybercriminals have uploaded a Monero miner code on a torrent download file.

Scammers Hiding Crypto Miner Malware in Torrent Files

Experts from ReasonLabs have reported details of a new malware attack in which scammers embed a Monero (XRM) miner code on a torrent download file for the Spider-Man film. The warning was first issued on December 23, along with details that the torrent file for the movie is named “spiderman_net_putidomoi.torrent.exe” in Russian.

The name translates to “spiderman_no_wayhome.torrent.exe” and the filename has led experts to believe that the malware did in fact originate from a Russian torrenting website.

Once the file is downloaded, the crypto-malware exploits the computer’s power to mine Monero, a privacy coin that operates with untraceable transactions. This type of attack is not as severe as others and does not affect computer performance, but will drive a victim’s power bill sky-high due to its massive energy consumption. Police agents have conceded that hackers are using legitimate names, so the program tends to go unnoticed by antivirus software.

Researchers at ReasonLabs have provided an example of the malware’s details:

What the malware file meta looks like. Source: ReasonLabs

In order to keep from downloading the malware, users are urged to look carefully at aspects such as the file type. A real film should end with the suffix “.mp4” while a crypto-malware file ends with “.exe”. Fans should be especially cautious when downloading content from the internet and are discouraged from downloading a file in Torrent and from other non-official sources.

News of the scam came soon after Bitcoin penny stock BitTorrent soared 80 percent ahead of its Mainnet Launch, which took place earlier this month.

Crypto Scams Continue on the Rise

As more crypto projects launch, more opportunities are created for scammers to take advantage of unwitting users. Late last month, Crypto News Australia published an article detailing a Threat Horizons report released which indicated that 86 percent of hacked accounts were being used to mine cryptocurrencies. Poor security measures were cited as the main reasons for malicious actors being able to infiltrate accounts.

Although the scam found in the Spider-Man torrent is not particularly dangerous, last month an insidious and highly sophisticated crypter was found in the crypto community. Named the “Babadeda” crypter, the malware is still targeting crypto enthusiasts on the popular community chat app Discord.

Categories
Banking Bitcoin CBDCs Crime Crypto News Investing Russia Scams

Russia Central Bank Moves to Ban Investment in Crypto

According to a report by Reuters, the Central Bank of the Russian Federation (CBR) is looking to ban crypto investments. In a directive issued earlier this week, the bank has also barred mutual funds from investing in digital currency.

Russia Rebels Against Crypto

The Russian Federation, which has long argued against cryptos – citing concerns of risks to financial stability, money laundering, and possible financial terrorism – has yet again spoken its mind.

After issuing concerns over the security implications associated with cryptos, the federation eventually gave them legal status in 2020 but banned their use as a means of payment. Following this, the central bank is now in talks with market players and experts regarding a possible overall ban on cryptos.

Should a ban be approved by lawmakers, it would apply to new purchases of crypto assets but not those made in the past. Russia’s current stance amounts to a “complete rejection” of all cryptos, a source close to the bank has said.

According to the bank, the annual volume of crypto transactions conducted by Russians amounts to about US$5 billion, with CBR first deputy governor Ksenia Yudaeva claiming the use of cryptos lowered the efficiency of monetary policy. According to Yudaeva, “The situation in developed market countries more and more resembles the so-called shadow financial system.”

CBR Seeks to Ban Mutual Funds from Investing in Crypto

Adding to the bad news for investors, Russia has issued a directive that prohibits Russian mutual funds from directly or indirectly investing in crypto assets.

According to the CBR, funds cannot invest in digital currencies or in “financial instruments, the value of which depends on the price of digital currencies”. The proposal issued by the CBR, in line with its hard stance on decentralised digital money, comes after the regulator urged stock exchanges to avoid trading securities tied to cryptocurrencies in July 2021.

Despite its firm stance against cryptos, Russia is currently working on a Ruble-backed central bank digital currency (CBDC). A pilot program was set for launch this month, but the deadline has been moved with a prototype expected to be created in “early 2022”.

Hacking a Cause of Concern for Russia

Hacking has become a hot topic in the crypto world as the incidence continues to rise. Of particular concern is the involvement of Russian-based hackers. In October, Google’s Threat Analysis Group (TAG) spent a good deal of time fending off hackers attacking the accounts of YouTubers to hijack and repurpose them to run ads for crypto scams. TAG had found that the perpetrators of the campaign were recruiting hackers from a “Russian-speaking forum”.

Last month, the US Department of Justice announced charges against a REvil ransomware affiliate responsible for the hack against the Kaseya MSP platform in which ransom demands totalled US$767 million. Law enforcement has also impounded an additional US$6.1 million from another REvil ransomware affiliate, Russian national Yevgeniy Polyanin, who remains at large.

Categories
Crypto News DeFi Scams

Chainalysis Report Shows Scam Revenue Rose 81% in 2021

Cryptocurrency scams, particularly rugpulls – when a team behind a project cuts and runs with investors’ funds – have become the main issue for trusting the crypto space, especially for newcomers. Now a recent report from Chainalysis has revealed that crypto scam revenues have risen by 81 percent in 2021.

Crypto Scams Skyrocket in 2021

In 2020, the number of scams dropped considerably compared to 2019, but it appears that new forms of deceiving investors, such as rugpulls, are dramatically increasing, according to Chainalysis’ 2022 Crypto Crime Report.

Crypto scam value by year. Source: Chainalysis

Rugpulls accounted for 37 percent of 2021’s crypto scam revenues. Another factor that propelled scammers to deceive naive investors was the rise of Finiko, a massive Ponzi scheme targeting Russian-speaking countries. Finiko was shut down by authorities and its founders were arrested, but not before investors lost US$1.5 billion worth of crypto.

However, things aren’t as bad as they look, as Chainalysis has found a way to protect users from scams. Cryptocurrency platform Luno partnered with Chainalysis to help the blockchain to identify scammers’ addresses, thus halting users’ transfers before they were processed.

The other good news is that the average scam lifespan has been decreasing compared to previous years, starting from 2013.

Lifespan of scams by year. Source: Chainalysis

The Market is Maturing

Another glimmer from Chainalysis’ report is that the crypto market appears to be maturing, as the relationship between crypto prices and scam activity appears to have ended.

New scams by year and average victim transfer size. Source: Chainalysis

Chainalysis Makes Waves in the DeFi Ecosystem

Chainalysis is one of the most trusted blockchain data platforms in the space. Besides crypto crime reports, the firm also provides an annual Geography of Cryptocurrency report, outlining the fastest-growing crypto adoption rates in countries worldwide.

Last month the firm partnered with the Commonwealth Bank of Australia, opening an office in Canberra to strengthen its presence in the Pacific region.

Categories
Blockchain Crypto News Crypto Wallets Gaming Hackers Scams

96 Private Keys Stolen From Vulcan Forged Crypto Gaming Platform in $140 Million Theft

A hacker who exploited Polygon gaming platform and NFT marketplace Vulcan Forged was able to steal a total of over 4.5 million of the $PYR native token, valued at US$140 million at the time of the December 14 attack. A total of 96 users’ wallets were accessed by the hacker via private keys.

‘Darkest Day in our History’

CEO Jamie Thomson described the situation as “the darkest day in the Vulcan Forged history” in this video posted on the company’s Twitter account:

The hacker was able to attack the Vulcan Forged servers, gaining access to the vending credentials of the semi-custodial wallets and then extracting the private keys of the game’s users. To prevent any repeat of the exploit, Thomson says the platform will in future be using nothing other than decentralised wallets “so we never have to encounter this problem again”.

Full Refunds and a Heartfelt Apology

Refunds have been made to every wallet that had the game’s native $PYR tokens stolen, and Vulcan Forged will also be reimbursing the loss of any Matic and Eth tokens stolen from users. Ending with a sincere apology to the community, Thomson said: “obviously sorry doesn’t cut it, but we are sorry”.

It has been a disappointing outcome for the Vulcan Forged team, not to mention players and investors. $PYR dropped in value by over 30 percent in the 24 hours post the hack.

In a similar incident last month, the bZx DeFi protocol had funds drained from its Binance Smart Chain (BSC) and Polygon contracts after one of the developers had his private key stolen in a phishing attack.

Categories
Blockchain Crypto News DeFi Ethereum Scams

$31 Million Stolen in MonoX DeFi Hack

The decentralised finance (DeFi) market has been hit by yet another hack, with US$31 million in a variety of cryptos stolen from MonoX Finance in the latest episode.

MonoX released a statement in which it apologised to users and regretted its security measures had somehow been breached:

First, we want to extend immediate, sincerest apologies toward the incident and we assure you our entire team and partners are all working on this right now. Security of users’ funds is of utmost importance to us and we have had multiple security audits and a security adviser firm that work with us on an ongoing basis. However, unfortunately, we were still exploited.

DeFi Déjà Vu

The hacker attached MonoX Finance’s smart contracts, exploiting the single token liquidity platform and draining the funds of tokens across Ethereum and Polygon.

MonoX, which launched last month on Polygon and Ethereum, is a DeFi platform that offers liquidity pools in which traders can place their tokens and receive tokens in return. Rather than a standard pool model, MonoX pools function by grouping a deposited token “into a virtual pair with our virtual cash stablecoin (vCASH)”.

The hack netted US$18.2 million in wrapped ether (WETH) and US$10.5 million in Polygon (MATIC). Polygon, formerly Matic, is a proof-of-stake blockchain that helps take some of the load from the Ethereum blockchain. Other tokens taken included WBTC, LINK, GHST, DUCK, MIM and IMX.

In August, the largest DeFi hack on record took place on the Poly Network, a multi-chain platform that provides interoperability between blockchains. The attack, which took place on the Binance Smart Chain, Ethereum and Polygon, siphoned off a record-breaking US$600 million.

‘REKT By Their Own Token’

The hack was made possible via price manipulation of the project’s native token, MONO. The platform explained that the price of MONO tokens was artificially boosted, enabling the hacker to use tokens to buy the other assets in the pools at much cheaper rates.

Hacks, Hacks, and More Hacks

DeFi hacks have become increasingly prevalent, with devastating effects on a range of projects. Earlier this year, Zabu Finance, a DeFi project built atop the Avalanche blockchain, was exploited for around US$3.2 million worth of its native token, Zabu, plummeting its price to zero in minutes.

Categories
Crypto News Crypto Wallets Cryptocurrencies DeFi Scams

New Malware ‘Babadeda’ is Targeting Crypto Users on Discord

A highly sophisticated and very dangerous crypter is loose in the crypto community. It has been named the Babadeda crypter and is targeting NFT and DeFi users.

Babadeda translates to Grandma-Grandpa – a Russian language placeholder used by the crypter itself, giving away hints to its origin. The malware is targeting cryptocurrency enthusiasts on the popular crypto community chat app Discord. Since May this year, bad actors have been fooling users into downloading Babadeda, disguised as a legitimate app.

The scammers are able to lure victims by taking over popular crypto channels in the NFT and DeFi communities on Discord, posing very convincingly as the official Admin. Users are being fooled into clicking on and downloading a malicious file that will install the crypter on their machine. The code is so sneaky that it is able to evade detection by most anti-malware software, successfully hiding within the computer’s files by masquerading as a known application.

Once on a victim’s machine, masquerading as a known application with a complex obfuscation also means that anyone relying on signature-based malware effectively has no way of knowing Babadeda is on their machine – or of stopping it from executing.

Morphisec blog

Links to Babadeda Posted as Official Announcements

The threat actor sends users a private message or posts a link through the Admin chat inviting them to download an application related to the channel. Below is an example of the Discord Channel for blockchain-based action-adventure game Mines of Dalarnia, where a link to Babadeda has been posted as an official announcement, appearing to come from the channel’s own Admin account.

If a user clicks on the provided URL, they will be rerouted to a fake decoy site whose branding is almost exactly the same as that of the project it is imitating. The attackers use very advanced measures to ensure the delivery chain looks legitimate, even to the most technically aware users. Through cybersquatting, they can make the URLs of the decoy websites resemble those of genuine ones. They even use SSL certificates generated by Let’s Encrypt to further appear completely legitimate and add to the deception.

When the user clicks on “download app” from the decoy site, the malicious installer embeds the Babadeda crypter onto the victim’s machine. Then it’s game over.

Discord is a Dangerous Place for the Average Degen

The takeaway: be careful and go slowly. Discord is rife with scams like this. You can have all the fancy malware protection money can buy, but if you accidentally click on a dodgy link and install a malicious application on your computer, you could leave yourself open to an attacker who can empty the contents of your crypto wallet quicker than you can figure out what happened.

In related news, two weeks ago Crypto News Australia reported on the Fake MetaMask Google Ad scam, a phishing/ad scam directing victims to the fake site maskmeta, instead of the official metamask.io url. It’s another cautionary tale.