Cryptocurrency Opinion and Analysis

Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec

2024.08.12 20:35

Voiced by Amazon PollyVoiced by Amazon Polly

Crypto scams, hacks and exploits and how to avoid them: Crypto-Sec

DeFI exploits: iVest hit with donation attack

Decentralized Finance protocol iVest Finance was the victim of a $156,000 exploit on Aug. 12, according to a report from blockchain security firm QuillAudits.

Transferring tokens to a null address (0x0) usually causes them to be lost forever. However, in the iVest protocol, transfers to the null address cause a _MakeDonation function to be called, which in turn causes “the sender’s balance [to be] incorrectly reduced by double the intended amount,” QuillAudits reported.

QuillAudits reports iVest attackQuillAudits reports iVest attackSource: QuillAudits

The attacker repeated these steps over and over again, successfully draining over $156,000 worth of BNB and iVest tokens from the pool, most of which had been deposited by other users.

Quill stated that it would provide more updates as information becomes available. 

On its website, iVest describes itself as a project that combines “SocialFi and DAO governance with unique tokenomics to support our members and create thriving community projects.” Cointelegraph contacted iVest for comment but did not receive a response by the time of publication.

Malware vulnerability: AMD “Sinkclose” affects millions

Millions of PCs are affected by a vulnerability in AMD processors discovered on Aug. 9, according to a report from Wired. The discovery could be especially concerning for users who run software wallets such as MetaMask, Coinbase Wallet, Trustwallet or others on these devices.

The vulnerability, called “Sinkclose,” allows an attacker to create a “bootkit” that “evades antivirus tools and is potentially invisible to the operating system.” If a user’s device becomes infected with sinkclose-associated malware, it is virtually impossible to remove. Even formatting the hard drive and reinstalling the operating system will not get rid of the malware.

The vulnerability was reportedly discovered by Enrique Nissim and Krzysztof Okupski, researchers for the cybersecurity firm IOActive, and was disclosed at the Defcon hacker conference on Aug. 10.

According to a separate report from Tom’s Hardware, AMD has released mitigation patches for many of the processors affected, and the PCs affected are “flagged to receive an update.” However, some older models will not be patched at all, as they “fall outside of the software support window.” These processors include the “Ryzen 3000 and older processors and Threadripper 2000 and older chips.”

For crypto users, the sinkclose vulnerability could be especially concerning. It implies that if a device with an AMD processor is found to contain malware, formatting the hard drive and reinstalling the OS may not successfully remove it. In this case, a user should consider throwing away the device instead of attempting to “clean” it before installing a wallet. 

For users who only do simple cryptocurrency transfers and do not use Web3 applications, using a hardware wallet may help mitigate the threat of Sinkclose-based malware. However, this is unlikely to help users who use Web3 applications, as these applications usually require users to “blind sign” or trust a PC to display transaction data since the data cannot be displayed on a hardware wallet’s LCD screen.

Given the threat from Sinkclose, users with AMD devices may want to check that their processor or graphics card firmware is updated to the latest version, as the company has announced that the latest patches contain “mitigations” against the vulnerability.

Phish of the week: Web3 gamer loses $69,000 in Tether

A Web3 gamer and memecoin trader lost over $69,000 worth of Tether (USDT) stablecoins from an approval phishing scam on Aug. 9.

At 10:33 pm UTC, the userapproveda malicious account labeled “Fake_Phishing401336” to spend all of their USDT. One minute after this approval, the attacker made two transfers from the victim’s account to other accounts. One of these transfers was for $58,702.42, while the other was for $10,359.25, fora total of $69,061.67.

Blockchain security platform Scam Sniffer detected the transactions and announced the attack on X.

Scam Sniffer reports USDT phishing attackScam Sniffer reports USDT phishing attack(Scam Sniffer/X)

In the past, the victim has traded Web3 gaming tokens such as Heroes of Mavia (MAVIA) and Immutable X (IMX), as well as memecoins like HarryPotterObamaSonic10Inu, MAGA (TRUMP), and Hemule. Other than these facts, not much is known about the victim.

Token approval phishing scams are a common way for Web3 users to lose their tokens. In such a scam, the attacker tricks the user into visiting a website that contains a malicious app. The app is usually disguised as one that the user trusts, such as a video game, NFT marketplace, or memecoin trading app that the user has visited in the past. But in fact, these apps usually reside at misspelled URLs and are not authorized by the company they are claiming to be made by.

When the user pushes a button on the malicious app, it pushes a token approval transaction to the user’s wallet. If the user confirms this approval, the attacker drains the victim’s wallet of whatever token was approved. In this case, the user lost over $69,000 thanks to the scam.

Web3 users are advised to carefully inspect both the URL and contract address of any website seeking token approval. This can potentially save users from costly losses.

Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-SecWeird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec

Christopher Roark

Some say he’s a white hat hacker who lives in the black mining hills of Dakota and pretends to be a children’s crossing guard to throw the NSA off the scent. All we know is that Christopher Roark has a pathological desire to hunt down scammers and hackers.

Source link

Related Articles

Back to top button
bitcoin
Bitcoin (BTC) $ 96,818.94 0.88%
ethereum
Ethereum (ETH) $ 3,341.78 1.83%
tether
Tether (USDT) $ 1.00 0.03%
solana
Solana (SOL) $ 250.96 1.40%
bnb
BNB (BNB) $ 655.55 1.05%
xrp
XRP (XRP) $ 1.41 2.36%
dogecoin
Dogecoin (DOGE) $ 0.422381 0.01%
usd-coin
USDC (USDC) $ 1.00 0.01%
cardano
Cardano (ADA) $ 1.00 3.93%
staked-ether
Lido Staked Ether (STETH) $ 3,339.62 1.67%
tron
TRON (TRX) $ 0.206425 2.04%
stellar
Stellar (XLM) $ 0.570645 19.14%
avalanche-2
Avalanche (AVAX) $ 40.54 1.43%
the-open-network
Toncoin (TON) $ 6.10 2.23%
shiba-inu
Shiba Inu (SHIB) $ 0.000025 1.21%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,952.63 2.24%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 96,382.82 1.04%
polkadot
Polkadot (DOT) $ 8.71 3.43%
chainlink
Chainlink (LINK) $ 17.25 0.26%
bitcoin-cash
Bitcoin Cash (BCH) $ 508.15 1.42%
weth
WETH (WETH) $ 3,340.61 1.81%
sui
Sui (SUI) $ 3.36 1.03%
pepe
Pepe (PEPE) $ 0.00002 1.70%
near
NEAR Protocol (NEAR) $ 6.58 7.94%
leo-token
LEO Token (LEO) $ 8.47 1.40%
litecoin
Litecoin (LTC) $ 96.63 0.97%
aptos
Aptos (APT) $ 12.11 3.68%
uniswap
Uniswap (UNI) $ 10.62 0.75%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,514.55 1.96%
hedera-hashgraph
Hedera (HBAR) $ 0.145927 3.26%
internet-computer
Internet Computer (ICP) $ 11.15 0.43%
usds
USDS (USDS) $ 1.00 0.12%
crypto-com-chain
Cronos (CRO) $ 0.188976 3.88%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.550341 2.24%
ethereum-classic
Ethereum Classic (ETC) $ 28.35 3.52%
render-token
Render (RENDER) $ 7.77 1.94%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.49 6.88%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.10%
kaspa
Kaspa (KAS) $ 0.151544 0.60%
bittensor
Bittensor (TAO) $ 510.76 1.02%
bonk
Bonk (BONK) $ 0.000048 2.19%
whitebit
WhiteBIT Coin (WBT) $ 24.28 1.91%
dai
Dai (DAI) $ 1.00 0.08%
vechain
VeChain (VET) $ 0.043174 5.38%
celestia
Celestia (TIA) $ 8.00 13.27%
arbitrum
Arbitrum (ARB) $ 0.834093 2.10%
filecoin
Filecoin (FIL) $ 5.56 1.83%
cosmos
Cosmos Hub (ATOM) $ 8.47 4.24%
mantra-dao
MANTRA (OM) $ 3.65 0.18%
okb
OKB (OKB) $ 53.56 3.99%