Cryptocurrency exchange Uniswap has warned users about a new scam in which scammers pose as executives and create fake websites.

Scammers use the names and images of real Uniswap executives to create fake social media accounts and websites. They then use these accounts to contact users and offer them the opportunity to invest in a new project.

Scammers are also sending phishing emails that appear to be from Uniswap. These emails contain links to fake websites that look like the real Uniswap website.

If you receive an email or message from someone claiming to be from Uniswap, please be sure to verify their identity before clicking any links or providing any personal information. You can do this by contacting Uniswap directly.

Here are some tips to help you avoid falling victim to this scam:

Be suspicious of any unsolicited messages or emails from people claiming to be from Uniswap.

Never click on links in emails or messages from people you don't know.

Always verify the identity of the person you are speaking with before providing any personal information.

Be careful about the information you share on social networks.

Keep your software up to date.

Use a strong password and two-factor authentication.

If you have been scammed, you should report it to the authorities and to Uniswap. You can also report it to the Federal Trade Commission (FTC) at ftc.gov/complaint.

Here are some additional tips to help you stay safe online:

Use a secure browser, such as Google Chrome or Mozilla Firefox.

Install a security extension, such as AdBlock Plus or uBlock Origin.

Be careful which websites you visit.

Only download files from trusted sources.

Keep your software up to date.

Use a strong password and two-factor authentication.

By following these tips, you can help protect yourself from online scams.

#Uniswap #Scam #scams #scamalert

Cyber scammers have increased their use of hidden mining due to increased law enforcement activity and heavy regulation

Over the past 12 months, the number of hidden mining (cryptojacking) cases worldwide has increased by 399%. This is according to data from the SonicWall report.

Cybercriminals are increasingly resorting to remote hacking of servers. And cryptocurrency mining devices. Recent data suggests that cybercriminals have become more likely to use this method due to increased law enforcement activity and strict regulation.

Hidden mining, or cryptojacking, is a cybercrime involving the unauthorized use of someone else's devices (computers, smartphones, tablets, or servers) to mine cryptocurrency. It is often conducted through vulnerabilities in mobile apps, web browsers and their permissions and remains unnoticed by the victim.

In the UK, cryptojacking incidents have increased by 479% since 2022. In the US, there were 214 million such attacks in 2023 alone. And that's a 340% increase from the year before.

Our experts note that in June, Google Cloud launched a program to compensate customers for up to $1 million in losses from hidden mining. If an attacker bypasses the cloud service's built-in defenses. Users with special subscriptions will be able to get compensation for their losses. A subscription to Security Command Center Premium includes specialized hidden mining detection capabilities built into the Google Cloud infrastructure. The service scans virtual machine memory for malware. It can also detect compromised identities. And which allow attackers to access cloud accounts and quickly inject malware.

#cryptojacking #scamalert

Scammers took advantage of market participants’ interest in meme cryptocurrencies on “bitcoin pizza day”

Scammers earned tens of thousands of dollars on “bitcoin pizza day. In doing so, taking advantage of market participants’ interest in meme-based cryptocurrencies. The creators of several holiday-themed tokens absconded with the assets of gullible investors.

On May 22, the cryptocurrency community celebrated the 13th anniversary of the first purchase for bitcoins. It happened in 2010, when computer developer Laszlo Heinitz bought two mushroom pizzas for 10 thousand BTC.

According to Dextools, the capitalization of tokens BTCPizza, BPizza, PizzaDay and EthPizza. Which were created during the last week, at their peak reached about $150 thousand.

The creators of BPizza, after the token reached a capitalization of $100k, imposed a 100% sales tax on the coins. This was done to prevent investors from selling them. Issuer EthPizza disabled token sales when the asset’s capitalization reached nearly $40k.

BTCPizza is now labeled as a Honeypot – where fraudsters prescribe in the token’s smart contract the ability to withdraw coins only to certain wallets. PizzaDay plummeted in value to zero after a spike in value followed by a rapid series of sales.

Our experts noted that the desire of investors to buy tokens with no fundamental value. And all this followed a rapid and significant rise in the market capitalization of the meme cryptocurrency Pepe in just a few weeks. Investors are hoping to get lucky, buying tokens that could collapse in value at any moment. And then they complain that they were scammed and media didn’t warn them that it was dangerous. So once again we warn you that you can lose 100% of your investment in such projects.

#BTC #bitcoinpizzaday #scamalert #cryptonews #Binance

Scammers use a variety of techniques to steal users’ money, some of which only require knowing your wallet address, a Forta Network researcher said.

Scammers spun up at least 7,905 blockchain wallets in May to collect crypto they steal from ordinary users, according to a blockchain security company Forta Network. Forta, which has recently launched its own token, operates a network of bots that detect various kinds of scams on Ethereum, Binance Smart Chain, Polygon, Optimism, Avalanche, Arbitrum and Fantom blockchains.

Christian Seifert, researcher-in-residence at Forta who previously worked at Microsoft’s security research division, told CoinDesk that Forta’s algorithms can detect various kinds of anomalous behavior while scanning transactions on blockchains.

Some of those anomalies are attacks on users’ wallets. For some of the attacks, scammers rely on social engineering – sniffing around for user's personal information or deploying tricks to get crypto users to reveal their passwords or seed phrases. Other attacks only require knowing a victim’s wallet address.

“A lot of attacks are social engineering attacks: users are being lured to a website, a website asks them to connect their wallet, a transaction pops-up, a user approves it and their money is gone,” Seifert said.

‘Ice phishing’ The most prevalent kind of attack in May was the so-called “ice phishing” technique, which accounted for 55.8% of all the attacks registered by Forta. Unlike the more obvious or well-known phishing attacks (ice phishing is a play on the more common “phishing” attacks seen across the Web), this type does not aim directly for users’ private information.

Instead, an ice phisher tricks a victim into signing a malicious blockchain transaction that opens access to the victim’s wallet so the attacker can steal all the money. In such cases, victims are often lured onto a phishing website designed to mimic real crypto services.

These scams rely on "token approval" transactions, one of the most common uses for non-custodial Web3 wallets that enable users to grant smart contracts a certain amount of access to their wallets. On its support page, MetaMask, the makers of the most popular Ethereum crypto wallet note that when granting token approval transactions "you're firmly in control and hold ultimate responsibility for everything you do. That's why it's critical you know exactly what you're signing up for when you confirm token approvals."

In a similar scam to the one mentioned above, attackers attempt to trick users into interacting with various decentralized applications (dapps), including decentralized exchanges (DEXs). Such schemes often create an illusion of a new lucrative opportunity, like an airdrop of some new token, and exploit the common tendency to fall for FOMO, or the fear of missing out, Seifert said. However, instead of interacting with a legitimate service, a user forfeits control over their assets to an attacker by signing a token approval transaction.

“Users click, click, click and transactions pop-up, often with a timer, and users approve them without checking,” Seifert said.

According to Seifert, there are two crucial steps to ice phishing: “luring a victim onto a [malicious] website and creating a positive narrative. “A variation of the ice phishing attack is to trick users into sending native assets to the scammer directly. This is achieved by signing a 'security update' function of the scammer's contract,” Seifert said, adding that usually, small amounts of crypto is stolen this way.

NFTs, airdrops and address poisoning

Some attacks target traders of non-fungible tokens (NFT). For example, scammers have developed techniques that takes advantage of quirks in NFT infrastructure, like the Seaport protocol introduced by OpenSea and used across many NFT marketplaces. To sell NFTs on Seaport, users create sell orders by signing a transaction that is broadcasted locally on the platform – rather than the wider Ethereum network, to save money on transaction fees.

Attackers sniff around for users with valuable NFTs and try trick them into approving transactions that would sell their valuable holdings at a fraction of the market price. NFT traders today are often aware of the many ways they can be exploited. Some of the highest-profile crypto heists in recent years have targeted influential NFT figures. This has led to evermore targeted and sophisticated phishing attacks.

For the “address poisoning” attack, attackers study the transaction history of their victims’ wallets and look for addresses they interact with the most. They then create a blockchain address that would look familiar to their target and send the victim a transaction with little-to-no value. This transaction is meant to “poison” an intended victim's transaction history by putting the malicious address in a place where they may mistakenly copy and paste it when they make their next transaction.

But often, the simplest exploits remain effective. For instance, Seifert said attackers often use recognizable brands when designing social engineering exploits that earn victims’ trust or attention. That was the case with the fraudulent tLINK token that Chainlink (LINK) holders received in early June, when an attacker airdropped a supposedly new token to the LINK holders. The scammers included an offer for users to exchange tLINK for actual LINK tokens on a phishing website in the description field of the airdropped token, Seifert said. And if they took that offer, they would have gotten burned.

What makes such attacks trickier is that attackers can allocate fraudulent ERC-20 tokens to a legitimate smart contract and then execute a function that transfers those fake tokens to anyone that holds a targeted token, according to Forta. This makes it look like users got an airdrop from the legitimate contract, while it’s nothing but scam.

Attacks like that do not even require much reconnaissance work from attackers: all they need to know about victims is their wallets addresses.

Transaction hygiene With hackers and scammers getting ever more industrious, it’s important to always pay attention to the addresses your wallet interacts with, Seifert said. Ideally, wallets need to have security features built in, he said, adding that at the moment, Forta provides its database of fraudulent addresses to the ZenGo wallet. Forta assigns blockchain wallets different risk scores referring to their involvement in potential scammy behavior, Seifert said.

“We have a set of detection bots, machine learning models that monitor transactions in real time and look for specific conditions and behavior, for example, for contracts with lines like “security update” in their code,” he said.

#airdrop #scamalert #googleai