Cointime

Download App
iOS & Android

Security

Beware of Cryptocurrency Investment Scams Using Artificial Intelligence, Says CFTC

Daniel Chartraw, the owner of Crypto-Pal LLC and TDA Global, has been accused of wire fraud for allegedly deceiving investors by falsely claiming to have developed a unique algorithm for generating high returns on cryptocurrency investments. Instead of investing the money, he used it to fund his personal lifestyle. Investment scams, including those related to cryptocurrency, have cost consumers $4.6 billion, and scammers are exploiting the lack of regulation and investors' fear of missing out. To protect yourself, investigate the person offering the investment with the Securities and Exchange Commission's Central Registration Depository and check with your state's securities regulation office.

Stability AI's official Twitter account appears to have been hacked, beware of scams

On January 16th, Stability AI's official account released information about the STAI token contract, which appears to have been hacked. Beware of scams.

CoinMarketCap's official X account is suspected to have been hacked, users should be aware of the risks

the official X account of CoinMarketCap was suspected of being hacked and released contract address information. Users should be cautious of the risks.

Microsoft discovers new macOS vulnerability CVE-2024-44243, allowing attackers to install rootkits

On January 15th, Microsoft Threat Intelligence discovered a new macOS vulnerability, CVE-2024-44243, which may allow attackers to bypass Apple System Integrity Protection (SIP) in macOS by loading third-party kernel extensions. SIP is a security technology that limits the execution of operations that could compromise system integrity, so bypassing SIP would affect the overall security of the operating system.

Bypassing SIP could lead to serious consequences, such as increasing the likelihood of attackers and malicious software authors successfully installing rootkits, creating persistent malicious software, bypassing transparency, consent, and control (TCC), and expanding the attack surface of other technologies and vulnerabilities.

Telegram Safeguard scam extends to Mac users, don't click on unknown links

On January 13th, a user @0xDiyaaa shared a security incident related to the Telegram Safeguard scam, reminding people to increase their security awareness at the end of the year. The user clicked on a TG link disguised as a verification machine in the comment section of a social media platform, and then executed malicious commands, putting their assets at risk. Fortunately, due to having handwritten mnemonic words prepared in advance, they were able to transfer their assets in time and wipe their computer, avoiding greater losses.

In addition, Yu Xian, the founder of SlowMist, also pointed out that this scam has expanded to Mac users. When users see specific instructions in Telegram, the clipboard may have been implanted with malicious code. If they continue to follow the instructions, they will face serious security consequences.

Warning: Cyberhaven's browser plug-ins were implanted with malicious code, and multiple plug-ins were attacked

AabyssTeam founder Yu X issued a security warning that Cyberhaven security company was attacked by a phishing email, which led to the implantation of malicious code in the browser extension it released, attempting to read the browser cookies and passwords uploaded by users. Subsequent analysis of the code found that multiple browser extensions were attacked, including Proxy SwitchyOmega (V3), which affected 500,000 users on the Google Store and has now been addressed. SlowMist founder Yu Xian forwarded the warning and said that this type of attack uses the OAuth2 attack chain, obtaining the "extension publishing permission" of the "target browser extension" developer, and publishing an extension update with a backdoor. Each time the browser is started or the extension is reopened, the update may be automatically triggered, and the backdoor implantation is difficult to detect. Remind wallet extension program publishers not to be careless.

Ministry of Public Security: Telecom fraud groups are using blockchain, virtual currency and AI technology to upgrade their criminal methods

 Beijing Business Daily reported that at a press conference held by the Ministry of Public Security on January 10, it was announced that as of the end of 2024, more than 53,000 Chinese criminal suspects involved in telecommunications fraud in Myanmar's northern region have been arrested, and the "Four Major Families" criminal groups in Myanmar's northern region have been successfully destroyed. The Ministry of Public Security pointed out that although the crackdown has achieved significant results, the crime situation is still severe. Fraudulent groups are constantly upgrading their criminal tools using new technologies such as blockchain, virtual currency, and AI intelligence. These groups are well-organized and engage in illegal activities such as cross-border cooperation in app development, traffic diversion and promotion, and money laundering. Fraudsters tailor their scripts to target victims of different ages, professions, and educational backgrounds, and the victims are widespread. Although the telecommunications fraud park near the Chinese border in Myanmar's northern region has been cleared, there are still many fraudulent dens operating overseas under the guise of "technology parks" and "development zones".

Holoworld AI: X account has been stolen, users need to guard against phishing risks

official X account of Holoworld AI has been stolen. Please do not click on any links and users should beware of phishing risks.

Thai police recently raided and seized 996 Bitcoin mining machines suspected of stealing electricity

the Thai police recently conducted a surprise inspection in Chumphon Province and seized 996 bitcoin mining machines suspected of stealing electricity. The operation was jointly carried out by the second provincial police of Thailand and the provincial power bureau. It was found that these mining machines illegally obtained electricity by bypassing the meter.

According to sources, the mine only operates at night in order to evade regulation. In August 2024, Malaysia also destroyed nearly a thousand illegal mining machines in a similar case. Currently, the police have seized related equipment and launched an investigation.

Hong Kong media: A woman was suspected of being scammed in a cryptocurrency "mining" scam and lost HK$2 million

Hong Kong 01 reported that a woman suspected she had fallen victim to a cryptocurrency scam, losing about HKD 2 million. It is reported that the woman arrived at a certain cryptocurrency exchange today with a series of keys, intending to convert the virtual currency into cash. The exchange found that the website used by the victim was suspicious and suspected to be a fake website, so they reported it to the police. The police arrived at the scene and suspected that the victim had paid someone for mining without fully understanding the situation, resulting in the loss.