In what ESPN Major League Baseball reporter Jeff Passan called the “biggest news day” of his life, scammers hijacked his Twitter account to promote an NFT giveaway. With the MLB and the Players Association (MLBPA) engaged in a long-winded deadlock over a labor deal that resulted in canceled games, Passan had just broken news regarding an important agreement between the two parties concerning the international draft. hey remember that time i got hacked on the biggest news day of my life — Jeff Passan (@JeffPassan) March 10, 2022 However, with eyeballs waiting on the next development from Passan, his account …

A hacking group that infiltrated Nvidia servers last month is attempting to sell software that could unlock crypto mining hash rate limiters on the firm’s flagship graphics cards. A South American hacking group going by the name LAPSUS$ claims to have stolen a terabyte of data from Nvidia servers in late February. The group is now offering software in the form of a customized driver to unlock limiters the company has put on its high-end graphics cards. Nvidia stated that it became aware of the incident on Feb. 23, and stated, according to reports on Mar. 2: “We are aware …

Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …

The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …

Major nonfungible token (NFT) marketplace OpenSea announced a service upgrade on Saturday, which requested that users migrate their listed assets from the Ethereum (ETH) blockchain to a newly created smart contract. However, in the hours that followed, 32 users of the platform became victims of a targeted email phishing attack which resulted in an anonymous entity stealing $1.7 million worth of ETH. OpenSea CEO, Devin Finzer published a tweet thread explaining that the breach was orchestrated via fake email scams which assured users of their OpenSea identity, convinced them to sign a digital message with their wallet, and therefore unknowingly …

Laura Shin, a cryptocurrency journalist and host of the Unchained Podcast, claimed to have discovered the identity of the individual behind an exploit which drained more than 3.6 million Ether from Germany-based startup Slock.it’s The DAO in 2016. According to a Tuesday Bloomberg report, Shin claimed that she had “extremely strong evidence” that Mimo Capital co-founder Toby Hoenisch was responsible for removing more than 3.6 million Ether (ETH) from The DAO in June 2016 — roughly $50 million at the time. An unknown hacker used an exploit to drain roughly a third of The DAO’s ETH supply, forcing developers to …

On February 11th, two days before the Super Bowl and Coinbase’s $14 million color-changing QR code advert, an engineer was desperately trying to reach out to Coinbase management and the development team. Anyone here can get me a direct line with someone at @coinbase , preferably management or dev team, possibly @brian_armstrong himself? I'm submitting a hacker1 report but I'm afraid this can't wait. Can't say more either, this is potentially market-nuking. DMs open. — Tree of Alpha (@Tree_of_Alpha) February 11, 2022 Tree of Alpha had discovered “a flaw in the new Advanced Trading feature would have allowed a malicious …

Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …

After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million of cryptocurrencies. The team has also released a compensation plan to reimburse the users’ losses. On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX). 1/3 We recently identified the "phantom functions" code pattern, which would have led to likely the largest crypto hack ever. Your code may …

Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts. According to a report from cybersecurity firm Intel471, One Time Password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack. A Telegram bot known as ‘BloodOTPbot’ charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20 to $100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services …

Developers from the Ethereum Layer 2 scaling project Optimism announced that a “critical bug” had been identified and subsequently patched earlier this month. The bug, which could have enabled hackers to create as much ‘ETH’ in a Optimism account balance as they wished, was first discovered by white hat hacker and iOS jailbreak software Cydia developer Jay Freeman. Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. …

As the cryptocurrency market has grown, so too have the number of bad actors looking to exploit vulnerable decentralized finance, or DeFi, protocols, and projects for their own gain. Earlier this month, the Ethereum-Solana Wormhole token bridge suffered the biggest hack of 2022, with $321 million lost due to a signature verification vulnerability. Such exploits have gotten increasingly sophisticated over the years. But blockchain security firms like HashEx are keeping up the pace just as hackers upgrade their tactics. During the past few years, HashEx has audited more than 700 DeFi smart contracts that secure over $2 billion worth of …