The expert told how he was able to return $ 4,000 in cryptocurrency to the victim of a phishing attack
Harry Denley, the security director of the MyCrypto service, posted on his blog a story about how he managed to help a user who was a victim of phishing.
Denley found a fake version of Trust Wallet on the Google Play store with a high rating, lots of reviews and downloads.
At startup, the application prompted the user to enter a recovery phrase, and after that it gave an error message. This limited its functionality.
After unpacking the application, Denley discovered a vulnerability in the attackers' web server, which consisted in a public file with error logs. The application code transferred all data to the API in the Telegram messenger. This allowed Denly to spam the bot, as a result of which he began to upload all information to the error logs.
He was also able to read the messages that the attackers exchanged with each other. It turned out that one of them uses the nickname "George" and writes in Turkish. Among other things, they sent messages about the amount of assets in the victims' wallets and phrases for their recovery.
Subsequently, the hackers noticed Denly's activity, but during that time he managed to withdraw "a good amount of funds" from the hacked wallets. After that, he tried to find the owners of these wallets and came across one Twitter user who reported that $ 10,000 was stolen from him through the Trust Wallet application. Denley asked him to confirm the ownership of the address by signing a specific message with a key and returned the intercepted assets, which, according to the victim, were worth almost $ 4,000.
For users who could install a malicious wallet and enter a recovery phrase into it, Denley suggests creating a new address and transferring all assets to it. He also recommends paying special attention to the authenticity of cryptocurrency applications.
Vulnerability in Ledger Live, BRD and Edge wallets could lead to re-spending of bitcoins
A critical vulnerability has been discovered in popular cryptocurrency storage services Ledger Live, BRD and Edge. With its help, attackers could make the user think that he received bitcoins, although this was not the case.
The vulnerability was revealed by the creators of the ZenGo wallet. They notified the developers of the respective services of their discovery and agreed not to disclose this information for 90 days in accordance with the principles of responsible disclosure. ZenGo characterize the problem they identified as a “re-spend vulnerability,” that is, technically using the same bitcoins for more than one transaction. The developers of vulnerable wallets disagree with this definition.
The vulnerability arises from the "Replace-by-Fee" function in Bitcoin, which allows replacing a transaction in process with a new one with a higher fee. This feature can be useful if a transaction, for example, is stuck in a mempool due to increased network load.
ZenGo states that the vulnerable wallets were designed in such a way that an attacker could convince a victim, such as a merchant, to provide him with a product or service, while the transaction was still pending and then canceled before being included in the blockchain. Hackers can perform the described procedure cyclically, hence the name of the vulnerability "Big Spender" (English - "BigSpender").
The root cause of the problem lies in the user interface of the wallets. Not all of them clearly indicate when a transaction is still in progress or has been canceled. In contrast, some wallets update the user's balance in such a way as to reflect the payment that has not yet been received.
The ZenGo developers explained that they stumbled upon the bug when they experimented with the Replace-by-Fee function for their own wallet, noting that they deliberately did not look for vulnerabilities in the software of other teams. Finding a possible attack vector, they decided to check the rest of the wallets and found out that Ledger Live, BRD and Edge implemented the Replace-by-Fee function "incorrectly".
All three teams, speaking to The Block, confirmed that ZenGo had contacted them, but disagreed with their terminology.
“Re-spending has never been successfully demonstrated in any of the communications with ZenGo,” said Samuel Sutch, CTO of BRD. According to him, the attack should be classified as a "denial of service" type, since "due to the compromised final payment value in the user's wallet, his access to assets could potentially be limited for several days." BRD has already fixed the issue.
Ledger CTO Charles Guillaume called the vulnerability "just a simple user interface bug." However, the company will release an updated version of Ledger Live, which will include warnings about pending transactions.
In Edge wallets, the problem turned out to be less pronounced, since in certain cases they may incorrectly display the user's balance, but this is solved by re-syncing. The fix is currently being prepared.
The Block: Bitcoin futures market fell 30% in June and now Flaming with fire
At the same time, against the background of a fall in trading on traditional exchanges, the trading volume on decentralized platforms has grown significantly. According to Dune Analytics, $ 1.51 billion worth of deals were concluded on decentralized exchanges in June, up 70% from May. In addition, this is the maximum trading volume on decentralized exchanges. The previous record was in March, but the volume of trading in June was 46% higher.
Considering that the trading volumes on traditional platforms decreased, and on decentralized ones - increased, the share of decentralized exchanges (DEX) also increased significantly. If in May DEX occupied 0.84% of the market, in June their share increased to 2.1%.
Bitcoin futures trading volume fell by 40% to $ 332 billion.For comparison, in May, futures trading volume set a new record and reached $ 557 billion, while the total cryptocurrency futures trading volume in May was $ 602 billion.
Balancer Grows 200% On First Day Of Trading To Become One Of The Largest DeFi Projects
The Balancer exchange protocol for automated market making launched its own token on the Ethereum mainnet on Tuesday. According to The Block, on the first day about 1,000 Ethereum wallets became recipients of tokens, and the initial emission was 35,435,000 BAL.
Soon after the launch, the token became available for trading on Balancer's own platform and the Uniswap decentralized exchange, where its price rose from $ 7 to $ 22. At the same time, trading volumes remained relatively low.
On June 1, Balancer launched a liquidity mining program. Then the team noted that the awards will not be distributed immediately, since the smart contract still required improvement.
For 3 weeks, the liquidity providers received 435,000 BAL. In the future, they will receive 145,000 BAL weekly. In total, up to 65 million tokens will be issued, of which 25 million belong to the team and investors, and 10 million were allocated for the further development of the project.
According to the DeFi Market Cap, the total capitalization of projects in the field of decentralized finance has reached $ 6.7 billion.Balancer is the second largest project on the list with an estimated capitalization of $ 577 million, second only to Compound, whose token previously rose from levels of about $ 20 to $ 300.
The name certainly is alligned to this Bigspender lol, but this is some knowledge learnt here though thanks guyx