As a seasoned analyst with a decade of experience in the crypto space, I’ve seen more than my fair share of scams, hacks, and exploits. The latest AI-generated video targeting XRP holders is just another reminder of the ever-evolving tactics used by these cybercriminals to deceive unsuspecting investors.
The latest crypto scams, hacks and exploits and how to avoid them: Crypto-Sec
New AI scam targets XRP holders
An AI-made video about Chris Larsen, the co-founder of Ripple, has been shared on YouTube. This video appears to be a fraud, much like one that previously featured an AI-generated Elon Musk.
Dramatic music plays throughout the video as the fake Larsen states, “Today is a significant day for everyone who holds XRP.”
Instead of incinerating 150 million XRP every year, as Ripple typically does, the company is choosing to “return it all.
As per the video observed by CryptoMoon, each XRP owner has the chance to double their present holdings by simply visiting the provided website. The audience is encouraged to check out the site promptly to ensure they don’t miss out on what appears to be a significant and unique event.
The video isn’t visible in search results because it’s posted on a hidden page. This suggests that they might be sharing links to it via email or more personal channels, possibly as a way to keep the video off YouTube’s radar and avoid it getting removed.
In these emails, it seems that they might include a web link connected to an XRP Ledger account, urging victims to transfer their money. Unfortunately, the outcome is that they’d never see their funds again. However, we at CryptoMoon were unable to identify the specific website or account being employed in this scheme.
Artificial intelligence (AI) produced scam videos are escalating as a concern in the realm of cryptocurrencies. For instance, at the Bitcoin Conference in 2024, a fraudulent video featuring an AI-generated Elon Musk was transmitted, leading to losses totaling approximately $79,000 in digital currency for victims.
It’s now widely recognized that this scam is a known entity. The creation of these videos suggests that the con artists might have moved away from using Elon Musk as their target, instead choosing to focus on other prominent figures within the crypto world.
Phish of the week: Trader with 10x gain loses it all from ‘transfer’
On October 14th, a trader suffered a loss exceeding $300,000 on the memecoin MicroStrategy 2100 (MSTR2100) due to a phishing scam. This unfortunate incident occurred after the trader had amassed more than ten times their initial investment in potential profits.
It can be inferred that the person who suffered harm agreed to a transaction moving their digital assets to an individual labeled “Fake_Phishing607855” on Etherscan, a well-known blockchain explorer. Since the recipient was identified as a fraudulent account, it’s probable that the initiator of the transaction may not have fully grasped the implications of what they were authorizing.
Five days prior to the surge, specifically on October 8th, the trader procured a total of 335,468 MSTR2100 tokens from the Uniswap cryptocurrency exchange for an investment of around $17,104, which equated to approximately $0.05 per token. Commencing on October 10th, the value of these coins started to escalate significantly. It peaked at a record high of $1.58 on October 13th, only to drop below $1.00 the day after.
At 7:20 a.m. UTC on October 14th, the value of MSTR2100 was around $0.56 per coin according to blockchain data, which meant that the trader’s collection was worth over $188,000 at that moment. This also implied an unrealized profit of approximately $170,000, translating to a return of more than 10 times the initial investment.
Unfortunately, the trader missed the chance to withdraw their profits. Just as they were about to complete a profitable trade, they unwittingly moved all their earnings into a fraudulent account posing as a phishing scam.
Blockchain analytics platform Scam Sniffer detected the strange transaction and reported it on X.
Scam Sniffer didn’t guess how the con artist specifically deceived the trader, but typically, fraudulent activities like this involve creating false websites that mimic trustworthy applications.
The individual often transacted on Uniswap, which means there’s a possibility they encountered a phony version of the platform. If this is the case, the deceptive app might have disguised itself as facilitating a swap transaction, when in reality it was requesting the user to approve a straightforward transfer instead.
Users can often avoid phishing attacks by carefully inspecting transactions before confirming them.
Internet Archive leaks 31 million passwords
Users of cryptocurrencies who also have accounts on the Internet Archive might find it prudent to double-check their passwords and remain vigilant about suspicious emails that claim to originate from the site.
Based on a report from NPR dated October 20th, cybercriminals managed to infiltrate the Internet Archive’s servers and made off with data connected to approximately 31 million user accounts. This stolen information encompassed each account holder’s email address as well as their encrypted passwords or password hashes.
Users who experienced a data breach might encounter phishing attempts via email in the coming days, as the fraudsters now understand that these individuals have an interest in the Internet Archive. Moreover, there’s a possibility that the criminals will employ hash-cracking tools on the stolen hashes, potentially exposing users’ original passwords.
Internet Archive is asking users to update their passwords to ensure that hackers can’t gain access to their accounts. However, if a user has used the same password for both Internet Archive and a cryptocurrency trading platform, there’s a possibility that the trading platform might become vulnerable to unauthorized entry.
As stated in a blog post dated October 17th by the Internet Archive, the intruders not only hacked the website but also altered its JavaScript code. Consequently, the team had no choice but to temporarily take the site offline so they could assess and strengthen their security measures.
Starting from October 21st, two key features on the site have become active again: Wayback Machine and Archive-It. Notably, the site’s blog is running smoothly as well. However, it’s important to mention that all other services such as video and audio streaming, borrowing ebooks through Open Library, and various other functions are still temporarily unavailable.
Incidents of password leaks such as this one remain a concern for both crypto and web users at large. The digital world is actively moving towards the implementation of passkeys, which are based on public-private encryption similar to a digital wallet used for cryptocurrencies. Yet, this transition to passkeys is still in its early phases.
Due to concerns about password theft, some people opt for password managers to safeguard their login credentials. Yet, these tools aren’t foolproof, as demonstrated when LastPass experienced a breach in 2022.
Read More
- DYM PREDICTION. DYM cryptocurrency
- CYBER PREDICTION. CYBER cryptocurrency
- ZK PREDICTION. ZK cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- POPCAT PREDICTION. POPCAT cryptocurrency
- Top gainers and losers
- SKEY PREDICTION. SKEY cryptocurrency
- TURBO PREDICTION. TURBO cryptocurrency
- BTC PREDICTION. BTC cryptocurrency
- MPL/USD
2024-10-21 17:17