CyberSecurity news
FlagThis - #unidentified
|
Waqas@hackread.com
//
CoinMarketCap, a leading cryptocurrency data website, has been hacked, resulting in the theft of approximately $43,000 in cryptocurrency from 110 users. The attackers exploited a vulnerability in CoinMarketCap's animated logo, injecting malicious code that displayed a fake wallet verification popup. This popup prompted users to connect their crypto wallets and approve ERC-20 token access, enabling the scammers to drain their funds. Wallet providers like MetaMask and Phantom were quick to flag the site as unsafe, displaying browser warnings against using the platform. CoinMarketCap has since confirmed the removal of the malicious popup.
The attack, which ran for only a few hours, utilized a sophisticated phishing kit known as Inferno Drainer, a well-known crypto-drainer phishing kit. Security firm C/side linked the malicious code to Inferno Drainer. Data gleaned from a Telegram channel known as TheCommsLeaks revealed a live dashboard used by the attacker, showing real-time wallet connections, token transfers, and total values drained. Early figures showed 67 successful hits and over 1,300 wallet connections, with the payout quickly exceeding $21,000 in the initial wave. The individual behind the attack is reportedly a French-speaking actor known online as Zartix and Spadle, associated with an underground community called The Com. This community is also linked to the Scattered Spider group. The incident highlights the growing risks within the cryptocurrency space, where trusted platforms can be exploited through sophisticated scams. This incident serves as a reminder of the importance of caution when connecting wallets to online platforms and the need for robust security measures to protect users from these kinds of attacks.
Share:
References :
Classification:
|