# Crypto Security

ALL From Crypto Security

Stay Safe: What Are Account Takeover Attacks?

ATO attacks occur when an attacker gains unauthorized access to a victim’s online account, usually by stealing their login credentials. This could be done through various means, such as phishing scams, social engineering, or brute force attacks.

SlowMist: Beware of WalletConnect Phishing Risks in Web3 Wallets

The SlowMist security team detected a security vulnerability on January 30, 2023, which could lead to phishing attacks through inappropriate use of WalletConnect on Web3 wallets.

Crypto Morning Briefing: Safemoon Hacker Strikes Deal With Developers to Return $7.1M

Microsoft Is Developing Its Own AI Chip To Power ChatGPT; Intel Signals End of Bitcoin Mining Chip Business Amid Cost-Cutting Effort; Apple Crypto Users Potentially Exposed to iOS, MacOS Vulnerabilities

Apple Crypto Users Potentially Exposed to iOS, MacOS Vulnerabilities

Wu Blockchain warned Apple crypto users that operating system vulnerabilities could expose them to attackers. Linking an article from Kaspersky, it was noted that these are “high threat” vulnerabilities applicable to iOS and macOS.

Exploit Targets Crypto Veterans, Drains Over $10M Across 11 Blockchains

An unidentified exploit has drained more than $10.5 million in nonfungible tokens (NFTs) and coins from experienced members of the crypto community who were "reasonably secure" in a wallet-draining operation since December 2022. MetaMask developer Taylor Monahan brought the issue to light, stating that more than 5,000 Ether (ETH) had been stolen, but the extent of the losses has not yet been determined, and no one knows how the exploit works. The exploit targets keys created from 2014 to 2022 and those who are more "crypto native," advising those with assets in a single private key to migrate their funds, split up their assets, or get a hardware wallet. The incident serves as a reminder to use hardware wallets, as Kaspersky detected over 5 million crypto phishing attacks in 2022 alone.

Social Media Crypto Scams

Overall, more than one in four people who reported losing money to all types of fraud in 2021 reported that it started on social media with an ad, post, or a message. The amount lost to social media scams in 2021 was five times that of 2020, and six times from 2018.

Developers Block Potential ‘Eight Figure’ Exploit Involving Cosmos-Based Ethermint

A vulnerability affecting the Cosmos ecosystem and Ethermint was recently discovered by Jump Crypto and blocked before it could cause significant damage. Ethermint, which enables the use of Ethereum smart contracts within the Cosmo ecosystem, was the affected network. The bug could have allowed an attacker to bypass specific smart contract functions and steal transaction fees, leading to denial of service to users. The Evmos Core Development team and the Cronos team collaborated with Jump Crypto to address the issue, including a patch to block transactions with certain messages to eliminate the attack vector. No malicious exploitation occurred, and the Cronos team awarded Jump Crypto a $25,000 bounty for their discovery. The root cause of the vulnerability was improper handling of transactional messages in Ethermint's implementation, specifically the interaction between two message types. The attacker exploited the vulnerability by embedding one message type inside another, bypassing a security feature responsible for deducting gas fees from transactions.

How Crypto Has Revolutionized the Ransomware Game

This is the first article in a series that examines the rise of ransomware, which is critical for crypto businesses to understand because they need to avoid processing associated transactions involving fraudulent addresses.

SEC Warns Investors to Exercise Caution When Investing in Crypto Securities – Clampdown Incoming?

The Securities and Exchange Commission (SEC) has warned investors of an alleged danger posed by crypto assets, saying those offering such investments may not comply with US securities laws.