Fake Solana wallet security update is trying to steal your crypto: Reports

Published at: Oct. 11, 2022

For the last two weeks, unknown hackers have been airdropping nonfungible tokens (NFTs) to Solana cryptocurrency users masquerading as a new Phantom wallet security update, however, instead of an update, it's malware designed to steal their crypto.

According to BleepingComputer, the hackers are claiming to be from the Phantom team and using NFTS titled "PHANTOMUPDATE.COM" or "UPDATEPHANTOM.COM."

After opening the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded by using the enclosed link or the listed website.

To add urgency, the message claims that failing to download the fake security update, “may result in a loss of funds due to hackers exploiting the Solana network.”

The urgency piece is likely related to the Solana-based wallet hack which saw roughly $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope. 

Should a victim follow the fake Phantom update instructions, the process ends with malware being downloaded from GitHub which attempts to steal browser information, history, cookies, passwords, SSH keys and other information from the user. 

Users who may have inadvertently fallen prey to this scam are recommended to take security precautions such as scanning their computer with antivirus software, securing crypto assets, and changing passwords on sensitive platforms such as bank accounts and crypto trading platforms.

Related: Blockchain security firm warns of new MetaMask phishing campaign

In the past, similar malware-spreading campaigns have employed malware dubbed "Mars Stealer" to steal crypto from unsuspecting users.

An upgrade of the information-stealing Oski trojan of 2019, Mars Stealer targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users' private keys.

Tags
Related Posts
Avalanche flash loan exploit sees $371K in USDC stolen
Avalanche-based lending protocol Nereus Finance has been the victim of a crafty hack that saw a user net $371,000 worth of USD Coin (USDC) using a smart contract exploit. Blockchain cybersecurity firm CertiK was one of the first to detect the exploit on Sept. 6, indicating that the attack impacted liquidity pools on Nereus relating to decentralized exchange Trader Joe and automated market maker Curve Finance. CertiK also suggested that underlying protocols themselves were impacted, however, Curve Finance responded via Twitter on Sept. 7, stating “maybe you meant ‘assets impacted,’ not ‘protocols impacted’. Only @nereusfinance and its assets seem impacted.” …
Technology / Sept. 8, 2022
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Tether hit with 500 Bitcoin ransom demand — But says it won't pay
Hackers have threatened to release sensitive company documents supposedly belonging to USDT stablecoin issuer Tether unless the firm sends a 500 Bitcoin (BTC) ransom to a specified address. As revealed by the official Twitter account for Tether on Sunday, hackers purportedly threatened to leak documents that would “harm the Bitcoin ecosystem” if their ransom demands were not met. Tether has already stated that it will not pay the ransom, which amounts to a dollar value of $23.8 million at the time of publication. The firm tweeted: “Today we also received a ransom demand for 500 BTC to be sent to …
Technology / March 1, 2021
Binance recovers $5.8M in funds connected to Ronin bridge exploit
Via a Twitter post on Friday, Changpeng Zhao, CEO of Binance, said that the cryptocurrency exchange recovered $5.8 million spread over 86 accounts in digital assets moved to the exchange by Lazarus Group. Last month, the North Korean cyber-criminal group allegedly stole 173,600 Ether (ETH) and 25.5 million USD Coin (USDC), worth over $600 million at the time, belonging to Axie Infinity's Ronin bridge. As of Friday, the wallet address associated with the Ronin has around $280 million in digital assets remaining. Blockchain forensics company Elliptic recently uncovered that the hackers have been sending the money to centralized exchanges and …
Technology / April 22, 2022
Reversible blockchain transactions would improve cryptocurrency
A proposal out of Stanford University to make crypto transactions reversible is adding a wrinkle to discussions of crime and fraud prevention. Researchers suggested that mutability — the ability to reverse blockchain transactions — would help prevent crime. One of the advantages of cryptocurrency is that it is possible for the market — individuals, traders and banks — to decide if reversibility is wanted. Not only would a new (reversible) cryptocurrency be able to test the acceptance or desire for reversible transactions, it would help to test the idea that reversibility reduces crime. Although cryptocurrency is not a tool of …
Technology / Oct. 5, 2022