Don’t Fall for these Scams Top Tips, Tricks & Insights to Keep You Safe & Secure in Web3 — Crypto Security Truths: Issue 17
Weekly Review of Top Cybersecurity Incidents, Topics, Tools and Issues in Web3, Crypto, and Blockchain Ecosystem
We have been capturing as much as we run across every week to find you clear examples of what not to do in the Cryptoverse in terms of risk, safety and security. We have captured a long list of topics this week in the following headings: Hacks, Malware, Phishing, Scammers, Crime, News, Tools, Researcher, so buckle up and learn how to protect yourself better in Crypto.
18 Oct 24–25 Oct 24
Don’t forget you can vote up to 50-times a day for your favorite articles. We accept more than 1-vote.
Introduction
This week’s cyber and crypto security overview brings into focus a variety of increasingly intricate scams, hacks, and regulatory incidents affecting Web3. Transak, a major crypto payments provider, endured a third-party breach affecting over 92,000 users’ data, underscoring the vulnerabilities within third-party integrations in crypto services. In malware developments, attackers continue targeting Web3 users through sophisticated phishing campaigns such as video call scams and address-copying traps, exploiting users’ trust and basic security gaps. Phishing schemes were notably prevalent, targeting platforms like Uniswap and social media accounts, and resulting in significant financial losses. Meanwhile, the scammers’ ecosystem saw meme coins and influencer-led promotions capitalize on market hype with deceptive tactics, highlighted by incidents like $SHAR’s pump-and-dump and Jaypeg’s payout scandal. Crime operations, from the FBI’s ZM Quant market manipulation sting to Lazarus Group’s expanding laundering network, spotlighted advanced on-chain surveillance and law enforcement efforts against illicit activities in crypto.
Hacks
Transak Security Incident
Crypto payments provider Transak recently disclosed a breach involving a third-party KYC vendor, attributed to a ransomware group claiming access to personal data beyond Transak’s initial report. The breach exposed basic identity details for up to 92,554 users, but no internal systems were compromised, and no financial data was affected. As Transak partners with major platforms like Metamask, Trust Wallet, and Coinbase for fiat-to-crypto transactions, the incident may impact numerous crypto users and industry stakeholders. In response to the breach, Transak has enhanced its security measures, including implementing hardware-based MFA, improving monitoring systems, and conducting regular vendor security audits. The company is committed to transparency, actively notifying affected users and engaging with partners and regulators to ensure compliance and rebuild trust. [ ZachXBT on Telegram and Transak Blog ]
Analyst Takeaway: The Transak breach illustrates the enduring vulnerability of user data within crypto-linked services. Given Transak’s partnerships with major wallets, this incident stresses an industry-wide urgency for enhanced data security. It’s clear that as ransomware groups grow more sophisticated, both service providers and users must adopt more stringent data protection measures. Firms with access to PII need to harden their defenses and consider real-time data monitoring to minimize damage when incidents inevitably occur. The only real defense against malware is Warden, more details are below.
Malware
Video Call Scam Alert
A widespread phishing campaign targeting Web3 users involves impersonators tricking victims through scripted video call prompts. Web3 security influencer Tay highlighted that individuals seeing specific pop-ups should immediately disconnect from the internet, power off their device, and seek assistance from SEAL Security. The scam targets high-profile users and leverages AppleScript on Macs and similar scripts on PCs, allowing attackers to seize financial accounts and social media profiles. [ tayvano_ on X ]
Analyst Takeaway: The video call phishing scam is a sophisticated attack that capitalizes on our trust in familiar formats, like video chats, to infiltrate sensitive accounts. It’s a stark reminder that social engineering is evolving to more advanced levels, specifically targeting high-profile Web3 figures. Users must remain vigilant about emerging threats that use legitimate-looking tools to bypass basic security barriers, and security platforms like SEAL are essential for immediate response. Education and preparedness are the front line here, especially for those holding valuable crypto assets.
Phishing
Address Copying Scam
A user reportedly lost $57,000 after mistakenly copying a malicious address from a transaction history. This case underscores the risks of copying addresses directly from transaction logs, which can be contaminated by attackers to divert funds. [ The Real Scam Sniffer on X ]
Inferno Drainer Resurgence and Sale
Inferno Drainer, a notorious crypto-draining tool flagged by ScamSniffer in 2023, has returned to the scam scene after a brief hiatus, selling its infrastructure to a new entity called “Angel Drainer.” Following this transition, Angel Drainer is continuing the scam operations, marking an evolving scam landscape that includes high-profile drainers like Pink and Venom. Various anti-scam teams such as BlockMageSec and Wallet Guard remain vigilant in monitoring and targeting this ongoing threat. [ saiyangod0x on X ]
MuratiAI’s Compromised Account
The Twitter account of MuratiAI was recently hacked and used to post phishing content, highlighting the persistence of social media account compromises within the crypto ecosystem. [ The Real Scam Sniffer on X ]
Uniswap Permit2 Phishing Loss
A victim unknowingly signed a phishing request on Uniswap’s Permit2 platform over a month ago, suffering minor losses at first. Failing to revoke the authorization, he transferred $162,000 recently, only to find it compromised, highlighting the risks of unchecked permissions in decentralized finance. [ The Real Scam Sniffer on X ]
Phishing Ad Scam on Soneium
A user searching for “Soneium” on Google fell victim to a phishing ad, leading them to a fraudulent website. After connecting their wallet and signing a phishing transaction, they lost their assets almost immediately. Scammers capitalized on slight misspellings like “someium” to trick users, emphasizing the importance of verifying website authenticity and avoiding ad links. [ The Real Scam Sniffer on X ]
Reminder to Avoid Google Ads
The crypto community warns users to be cautious of Google ads, as scammers often buy ads using real crypto URLs to lure victims. When clicked, these ads may redirect to phishing sites. Using ad blockers can help reduce exposure to these deceptive ads, which have become a prevalent risk for crypto users. [ FairsideNetwork on X ]
BEAM Token Phishing Loss
A victim lost $148,000 in BEAM tokens through a phishing scheme that had approval access from 115 days prior. This incident underscores the importance of regularly reviewing and revoking wallet permissions to protect valuable assets from long-standing, unrevoked authorizations. [ The Real Scam Sniffer on X ]
Scroll Airdrop Phishing Warning
Following the announcement of Scroll’s first airdrop, scammers are exploiting excitement around the event by posting phishing links disguised as official comments. Users are advised to verify information directly through official sources and to avoid clicking on links in comments or unofficial channels to prevent falling victim to phishing. [ The Real Scam Sniffer on X ]
Analyst Takeaway: These recent phishing scams spotlight recurring issues around the dangers of unchecked permissions and phishing-ad fraud. Address manipulation scams, especially on platforms like Uniswap’s Permit2, highlight the need for proactive permission audits and cautious digital behavior. With phishing ads slipping past Google’s filters, the crypto community must prioritize secure browsing habits and consider the added safeguard of ad blockers. Until platforms enhance anti-phishing defenses, users themselves must actively mitigate risk by employing layered security practices.
Scammers
Meme Coin Marketing Gimmicks Exposed
A new meme coin, $SHAR, has hit the scene with a flashy claim: 50 “tier 1” influencers allegedly onboarded to promote it. But as revealed by ZachXBT, 60% of $SHAR was quietly sniped and then split across over 100 addresses. This type of fast-sell maneuver isn’t new, but it’s a classic reminder of the murky practices behind meme coin launches — and how influencers might not always act in the best interest of their followers. Classic play 🤡 [ ZachXBT, WazzCrypto and Bubblemaps on X ]
Jaypeg and the Meme Coin Payout Debacle
ZachXBT uncovered a scandal where crypto influencer Jaypeg agreed to promote a meme coin in exchange for 2% of its supply. After deleting messages and denying he ever received the tokens, the blockchain showed otherwise — revealing he cashed out nearly $2.2K. Jaypeg claimed the address he provided was “random” and made a $2K charity donation in response. Despite his attempt to clear his name, this incident highlights the trust issues brewing within crypto’s influencer ecosystem and serves as a cautionary tale for those looking to invest based on influencer endorsements. [ ZachXBT on X ]
Fake WLFI Token Rugs Investors
The infamous fake WLFI token circulating across BSC has finally rugged, catching some unaware investors off-guard. Polyzoa’s bot previously detected this duplicate of the legitimate World Liberty Financial token, alerting users to the scam circulating on multiple blockchain networks. This incident underlines the critical need for investors to check token legitimacy thoroughly, especially with look-alike tokens increasingly appearing in DeFi.Remember, when you see duplicate tokens, red flags should be waving! 🚨 [ Polyzoa_xyz on X ]
Red Pill Copycats Crash Out
Four knock-off “Red Pill” coins launched recently — only to rug shortly afterward. The original Red Pill, $RPILL, remains the only one left standing. With new projects hoping to ride the hype, this case reminds us of how quickly unoriginal tokens can crash out, leaving only their genuine counterparts behind. If you’re looking to get #redpilled, it might be best to stick with the original. [ rpillfinance on X ]
The Vanishing Act of NFT Founders
NFT influencer Baer openly questions where all the once-active NFT founders have gone. The silence of many projects and their creators is frustrating for the community, who are left wondering if the founders simply “rugged” their projects and disappeared. While a few names like Frank and Dak Daze are still around, many founders’ absence has fueled community disappointment and hints at unresolved tensions within the NFT space. [ BaerEvo_ on X ]
Meme Coins on Solana: Not Dead, Just Playing the Game
A debate has sparked on whether influencers like Tate truly dumped Solana meme coins to zero. Some argue that price dips in the meme coin world are not necessarily the end, but rather part of the “meme game” on Solana. Meme coin enthusiasts suggest that as wild as the market may appear, price swings and volatility are just part of the scene, especially in Solana’s fast-paced trading landscape. [ Bubblemaps on X ]
The False Promises of Paid Group Indicators
Crypto influencer “join my paid group for the best indicators” schemes are increasingly scrutinized as some traders question the legitimacy of paid signals. Amid recent discussion, goodalexander noted that ETH is currently generating less search volume than “stepmom,” casting doubt on some of the hype. This trend warns crypto investors to think twice before buying into paid groups claiming to offer “exclusive” insights and encourages seeking out authentic analysis instead. [ 0xngmi on X ]
The Mystery of “Steve” and FBI Wallet Connections in Nakamigos
Speculation around “Steve,” a figure in the Nakamigos community, has grown after TruthLabs began questioning connections between his project and FBI wallets. Some claim that Steve might be using a bot network to boost engagement, while others see these alleged links as “Cap” — baseless rumors. Either way, the wild speculation has drawn in the curious, sparking debates over authenticity, influence, and legitimacy in the crypto sphere. Only time (and proof) will tell! 🕵️ [ Allcity77 and Truth Labs on X ]
Analyst Takeaway: The meme coin ecosystem continues to expose itself as a high-risk playground where influencers and so-called “paid groups” promote pump-and-dump schemes. Cases like $SHAR and Jaypeg’s payout illustrate the conflict of interest influencers often have, and they reinforce the necessity for due diligence. As copycat tokens and paid signal groups proliferate, investors are increasingly reminded of the importance of skepticism and transparency. The onus is on the community to scrutinize these actors closely and demand more accountability.
Crime
Market Maker Wash Trading Sting
The FBI recently brought charges against the market maker ZM Quant (ZMQ) after a sting operation revealed on-chain evidence of wash trading. ZMQ reportedly accepted $2.5K USDT from undercover agents posing as NexFundAI representatives to artificially inflate trading volumes. Through strategic wallet transfers and deliberate liquidity pulls, the FBI orchestrated and documented ZMQ’s manipulation, leading to the seizure of over $1M in assets. This operation highlighted a coordinated response against crypto market manipulation and implicated additional players, including CLS Global and Gotbit. [ Bubblemaps on X ]
Theft or Strategy? US Government Crypto Movement
A high-profile wallet linked to the U.S. government recently saw $20M in crypto assets move to new addresses, sparking speculation and security concerns. On-chain sleuths suggested the possibility of theft due to the funds’ rapid distribution to multiple exchanges and a partial return of $19.2M. This incident underscores the potential vulnerabilities even within government-held crypto assets and raises questions about security practices and the trustworthiness of exchange platforms handling these funds. [ ZachXBT , Cointelegraph and ArkhamIntel on X ]
Lazarus Group’s Expanding Network of Laundered Funds
Blockchain investigator ZachXBT detailed an ongoing investigation into Lazarus Group’s extensive money-laundering network. The group, accused of funneling millions from hacked platforms like Alex Labs and EasyFi, allegedly used privacy protocols and multiple intermediary accounts to disguise fund origins. ZachXBT’s analysis indicates a direct tie to co-founder Yicong Wang, who remains an active player in laundering despite sanctions. With consolidated funds exceeding $17M, this case exemplifies the growing complexity of tracking illicit crypto activity and highlights the role of privacy protocols in facilitating these schemes. [ ZachXBT on X ]
Analyst Takeaway: From ZM Quant’s wash trading to the Lazarus Group’s laundering schemes, recent operations by law enforcement and blockchain analysts reveal just how prevalent market manipulation and fund obfuscation are. These cases underscore a sophisticated yet accessible toolkit for criminals — highlighting how urgently the crypto space needs both self-regulation and external oversight. As these groups adopt increasingly advanced techniques, collaborative efforts by platforms, security analysts, and regulators will be crucial to ensure market integrity.
News
ZachXBT: The Anonymous Crypto Vigilante Recovering Millions from Heists and Scams
Since 2021, ZachXBT, a mysterious figure with only a platypus avatar for an identity, has become a leading force in tracking down crypto criminals. Known for his unyielding dedication, he spends hours tracing blockchain transactions, identifying scammers, and alerting law enforcement to some of the biggest crypto thefts. In August 2023, ZachXBT unraveled a staggering $243 million Bitcoin theft targeting a single victim. This case led him to identify three alleged perpetrators, two of whom have since been arrested, with evidence of them splurging on luxury cars and lavish lifestyles.
His career began after he himself fell victim to crypto scams and now, fueled by public donations, he has traced billions in stolen assets and even influenced the arrests of crypto thieves. From exposing pump-and-dump schemes by influencers to untangling elaborate thefts, ZachXBT has made a name as the “crypto private eye,” dedicating his life to ensuring justice in a field rife with fraud.
Example:
In one high-profile case, ZachXBT meticulously tracked stolen funds from the defunct Genesis exchange, identifying the thieves through blockchain traces and linking them to social media profiles flaunting their ill-gotten gains. He also investigated fraudulent NFT projects like “Bored Bunny” and “Billionaire Dogs Club,” revealing the schemes behind what were mere cartoon .jpg images promising exclusive perks but ultimately deceiving investors.
ZachXBT’s relentless efforts have recovered millions and brought some of the world’s most elusive crypto criminals to justice, proving that anonymity can be a powerful tool in the fight for transparency and accountability in the crypto world. [ Wired ] [ ZachXBT on X ]
Crypto Tax Cuts in Japan or Safe Haven for Global Elite to Launder Funds?
Japan’s Democratic Party of the People recently promised to reduce taxes on Bitcoin and crypto, should they win the upcoming election. As part of a broader strategy to attract blockchain investments, this proposal has received significant attention, reflecting the evolving global stance on crypto taxation and regulatory support. This move may foster growth for Japan’s crypto markets, potentially encouraging other nations to rethink their regulatory approaches. [ Truth Labs on X ]
The Rise and Fall of the “CT Guy”
A recent satirical Twitter post encapsulates the cyclical journey of a typical crypto trader — known colloquially as “CT Guy” — who moves from initial skepticism to enthusiasm and back to regret. This light-hearted yet insightful breakdown highlights the psychology behind crypto trading cycles, especially during bull and bear markets, and underscores the importance of measured investments within the volatile crypto space. [ Mikelppolito on X ]
TruthLabs Calls Out Alleged Intelligence Assets in Crypto
TruthLabs, a crypto-focused investigative outlet, drew attention by alleging that prominent figures like Coffeezilla and Cobratate are covert intelligence assets within the industry. Engaging with followers, TruthLabs suggested that theatrical personas could be part of a larger strategy to sway public opinion. This claim touches on the broader debate surrounding authenticity in the crypto space and the influence of high-profile “truth-seekers” on public sentiment. [ Truthlabs on X ]
Analyst Takeaway: ZachXBT’s relentless investigations are redefining what’s possible in crypto crime-solving. By uncovering schemes and tracking down scammers, he embodies the power of blockchain transparency paired with community action. Zach’s recent breakthroughs not only recover stolen funds but also restore public trust in an often-misunderstood industry. This commitment to justice, paired with Japan’s favorable crypto tax policy shifts, signals a new era where blockchain advocates are equipped to stand against crypto’s murkier side. His story is a powerful testament to crypto’s capacity for transparency when in the right hands.
Tools
Drosera Academy: Empowering Web3 Security on a Budget
Drosera Network recently launched Drosera Academy, a Web3 platform providing cost-effective security tools for developers. Recognizing the financial strain that comprehensive security measures can place on Web3 projects, Drosera Academy offers resources designed specifically for blockchain developers, marking a shift towards accessible and proactive project security. [ DroseraNetwork on X ]
Pocket Universe — Airdrop Scams on the Rise
A social media advisory warned users of the rising prevalence of airdrop scams, specifically targeting projects on platforms like Scroll_ZKP. These scams often employ bots to lure victims into clicking fraudulent links under the guise of airdrops. The message encourages vigilance and highlights Pocket Universe’s protective measures, drawing attention to the evolving threat landscape and the need for enhanced scam detection in blockchain projects. [ 1c4m3by on X ]
Analyst Takeaway: The resurgence of drainer tools like Inferno Drainer, now rebranded as Angel Drainer, highlights the adaptability of cybercriminal tools. As platforms like BlockMageSec and Wallet Guard counter these tools, it’s evident that the battle between security and exploitative technology is ongoing. Crypto users and developers alike must stay on top of permissions, exploit trends, and actively employ defensive tools to mitigate risk. Security teams need to focus on tool monitoring and automated alerts to catch these evolving threats before they cause significant harm.
Research
Collection of 538 On-chain Hacks
Want to dive deep into the anatomy of DeFi hacks? Check out this resource listing over 500 past incidents, complete with re-creations in Foundry. Whether you’re in security or just want to learn from past exploits, this library of PoCs (proof-of-concepts) is pure gold for Web3. 🌐 Kudos to @1nf0s3cpt for putting this together — let’s build a safer space for everyone! 🚀[ chrisdior777 on X ] [ DeFihackedlabs on Github ]
Disclaimer: For educational purposes only. Always hack responsibly. ⚠️”
How to Analyze Memecoins to try and stay safe while being a degen
🕵️♂️ As memecoin season ramps up, so do scams. If you’re jumping in, remember: hype alone doesn’t mean safety. Analyze contracts, check liquidity, and don’t fall for tokens that seem ‘too good to be true.’ Stay sharp and protect your wallet! 💸[ Polyzoa_xyz for highlighting Web3Marmot scam meme coin steps on X ]
Steps to Identify a Scam Meme Coin
- Monitor Liquidity Movement: Watch for rapid shifts in liquidity. If developers withdraw funds or liquidity pools shrink suddenly, it may indicate an exit strategy. Keep an eye on fund movements within the project.
- Conduct On-Chain Analysis: Examine wallet distribution to identify potential risks. High centralization, where a few wallets hold most tokens, can suggest manipulation. Tools like @bubblemaps or @InsightXnetwork can help with this analysis.
- Be Cautious with New Listings: If a coin quickly rises to the top of Dexscreener with little information, treat it as a red flag. Scam tokens often appear suddenly to catch traders off guard before disappearing just as fast.
- Check the Community: Investigate the project’s Telegram and Twitter groups for genuine activity. Be wary of excessive bot engagement with generic hype phrases, which can indicate scams.
- Evaluate Social Engagement: Analyze the nature of interactions on Twitter. Authentic conversations are crucial; if most replies seem spammy or bot-generated, exercise caution. Use services like @TweetScout_io to gather insights about a project’s Twitter followers.
- Don’t Rely on Surface Metrics: Avoid basing decisions solely on volume and holder numbers, as these can be manipulated. Investigate the project thoroughly — check the team, their code, and transparency. If things feel rushed or shady, it’s best to steer clear.
- Final Reminder: If something seems too good to be true, it likely is. Always do your own research and avoid letting fear of missing out (FOMO) cloud your judgment. Stay safe!
Vulnerability in Github — Allowing Private Key Extraction
Heads up for projects using secp256k1-node
: A recently disclosed vulnerability (CVE-2024-48930) allows private key extraction over ECDH! While it’s an older library, it’s a reminder to vet dependencies regularly. Simple public key validation can prevent this exploit. Kudos to devs for the quick CVE assignment and fix. [ bantg on X ]
How to Ride this Next Bull Cycle — Top 100 Coins (NFA)
Memecoins or utility coins? 🤔 While the top 100 coins are mostly utility-based, some say smaller-cap memes offer better odds for big returns. But keep in mind, memes come with risks. Are you sticking with long-term utility, or chasing meme gains? We bring this up because chasing further down the risk curve increases your probability of being scammed, hacked, phished or falling for social engineering (e.g. rug-pull, pig-butchering, pump-dump, slow-rug, etc…). Stay safe and secure. [ IncomeSharks on X ]
Analyst Takeaway: With growing speculation around “Steve” and FBI wallet connections, the boundaries between genuine user activities and covert operations are blurring. As TruthLabs continues its investigation, these rumors underline a vital need for the community to prioritize transparency and maintain a critical eye on influencer-driven narratives. Distinguishing fact from fiction is crucial as new insights emerge, which will help crypto remain a decentralized but credible domain. Thus, understanding how to analyze meme tokens and realizing that the top-100 tokens might be an alpha play using tools are key. While if your a developer keeping track of CVEs and vulnerabilities will keep you and your protocols off the p0wned leaderboards.
Conclusion
These developments emphasize that crypto security remains volatile, with ransomware groups, phishing scams, and manipulative influencer tactics evolving and finding new ways to exploit users. Incidents like Transak’s breach and the proliferation of phishing schemes highlight the urgent need for companies to integrate stronger third-party security measures, such as Warden and user education on avoiding such traps. The increasing frequency of influencer-based scams, especially within the meme coin sector, signals the importance of transparency and thorough due diligence before investing based on endorsements. Finally, the takedowns of wash-trading rings and laundering networks demonstrate that coordinated efforts by law enforcement and security analysts are crucial in tackling these highly organized criminal activities. However, the sophistication of these schemes shows that security efforts must continually adapt to the agility of cybercriminal tactics in the crypto ecosystem.
Thanks for getting this far in our article. Don’t forget that you can vote up to 50-times a day for your favorite articles on Medium. We accept more than 1-vote, as it helps us spread the Cybersecurity insights into Crypto. The more people that see this information, the more people we can help. We should share information about criminals and scammers to help protect each other, just like we pick up stray trash and put it in the trash can.
Further Resources about Cyber Strategy Institute:
If interested in other analysis, checkout our other Medium articles, our Indpeth Analysis Articles and for more of a daily understanding of the Cryptoverse follow our Twitter account. Relying on a dying Cybersecurity model is not a foundation for success; that is what Warden changes for the good!
Warden
It is designed leveraging a Zero Trust model, stopping all known bad and unknown malicious threats. This starts by defending at the kernel level, so that any software does not know it’s been placed into a sandbox. We call this the “Inception Protection” model, which will not allow any program to impact your systems. No other system can do this on the market today. Protect your digital life, your families or your organization today with Warden!
If you want a 50% Discount on your purchase, then sign up for our newsletter, and we will send you the code for your support. Just reply to your first email saying you would like a discount.
Cyber Strategy Institute
Medium: https://cyberstrategy1.medium.com/
Twitter: https://twitter.com/CyberStrategy1
X: https://x.com/Warden_Secure
Website: https://cyberstrategyinstitute.com
Protect Yourself, Family or Business Today with Warden!
https://cyberstrategyinstitute.com/personal-protection-warden