Cointime

Download App
iOS & Android

Security

Rapper 50 Cent claims that his X account was hacked, and the hacker promoted cryptocurrency and defrauded about $300 million

On June 22nd,famous rapper Curtis James Jackson III (stage name "50 Cent") claimed that his former Twitter account and website were hacked, resulting in hackers promoting a cryptocurrency scam and defrauding victims of $30 million.The hackers created a new cryptocurrency called "GUNIT" and used 50 Cent's large following (approximately 12.9 million fans) to attract more investors and drive up the price, then drained its value, causing the token price to plummet to $0.00016. On June 21st, 50 Cent posted on Instagram to his 32.8 million fans about the hack and admitted that a large amount of funds from victims had been lost from the project. "Twitter quickly locked my account. Whoever did this, got $30 million within 30 minutes," 50 Cent claimed, stating that he had no involvement with this cryptocurrency scam.

Security agency: USDT fake recharge incidents occurred on the TON chain, exchanges need to be careful

Security firm Dilation Effect tweeted a reminder that attackers have recently attempted large-scale fake USDT deposits on the TON chain. Dilation Effect's on-chain monitoring system discovered a malicious address deploying a fake USDT token contract with metadata identical to official USDT, and it has been conducting fake deposit tests on major exchanges. Dilation Effect warns that many exchanges have just started supporting USDT deposits on the TON chain, and their systems may not be fully developed, making them vulnerable to fake deposit attacks. Attackers typically start with small test deposits and gradually increase the amount in an attempt to deceive larger amounts of funds. Exchanges should strengthen monitoring, especially for large TON chain USDT deposits, to prevent fake deposit incidents from affecting fund security.

Security agency: Fake USDT recharges appeared on the TON chain, and exchanges need to be careful to prevent fake recharge incidents

Security firm Dilation Effect warned on Twitter that attackers have been attempting large-scale fake USDT (Tether) deposits on the TON chain. Dilation Effect's on-chain monitoring system discovered a malicious address EQBPePiHXhg8XzSRe6FWsDS8s2OHLS1Z2GrW2REL56pMTIKA deploying a fake USDT token contract whose metadata is identical to official USDT, and has been conducting fake deposit tests on major exchanges. Dilation Effect specifically warned that many exchanges have recently begun supporting USDT deposits on the TON chain, and their systems may not be fully developed and may be vulnerable to fake deposit attacks. Attackers typically start with small-scale test deposits and then increase the amount gradually, attempting to deceive larger amounts of funds. Exchanges should strengthen monitoring, especially for large TON chain USDT deposits, and conduct strict reviews to prevent fake deposit incidents from affecting fund security.

Zerotransfer address lost 18,900 BSC-USD due to phishing

According to PeckShield monitoring, Zerotransfer address 0xF744...6817 suffered a zero transfer phishing attack, resulting in a loss of 18,900 BSC-USD.

A certain address suffered a phishing attack, losing about $214,000 in assets

PeckShield has monitored a phishing attack on a certain address, resulting in a loss of 15,000 LINK tokens (approximately $214,000).

CertiK: Employees threatened by Kraken’s security operations team after reporting security vulnerabilities to the company

Blockchain security firm CertiK announced on X platform that they had previously discovered a series of serious vulnerabilities in the Kraken exchange, which could potentially lead to losses of hundreds of millions of dollars. CertiK's investigation showed that Kraken's deposit system was unable to effectively distinguish between different internal transfer statuses, creating a risk of malicious actors forging deposit transactions and extracting counterfeit funds. During testing, millions of dollars in fake funds could be deposited into Kraken accounts and more than $1 million in counterfeit cryptocurrencies could be converted into valid assets, yet the Kraken system did not trigger any alerts. After being notified by CertiK, Kraken classified the vulnerabilities as "critical" and initially addressed the issue. However, CertiK pointed out that Kraken's security team subsequently threatened CertiK employees, demanding the repayment of mismatched cryptocurrencies at unreasonable times without providing a repayment address. In order to protect user safety, CertiK decided to make this matter public, calling on Kraken to stop any threats against white hat hackers and emphasizing the need for cooperation in addressing risks.

Kraken Chief Strategy Officer: Unnamed Researchers Stole Millions of Dollars in Crypto from Kraken

The blockchain security company CertiK has released a white hat hacker attack incident, and the cryptocurrency exchange Kraken has accused the incident of "extortion." Nick Percoco, Kraken's chief strategy officer, said earlier that day that the exchange considered the nearly $3 million loss as a "criminal case" and coordinated with law enforcement agencies to recover the funds after a group of technically savvy researchers used an "isolated vulnerability." Percoco said that these unnamed researchers stole millions of dollars worth of cryptocurrency from Kraken by extracting funds deposited into their accounts before the deposit was completed. He wrote that the attackers "can effectively print assets."

CertiK defended its actions on X, claiming that Kraken had threatened company employees. CertiK also claimed that the total amount of funds demanded by Kraken did not match the stolen cryptocurrency.

In addition, Taylor Monahan, CEO and founder of the Ethereum wallet manager MyCrypto, wrote on Twitter that CertiK should be afraid of Kraken's lawyers, damage to its reputation, and how the controversy could affect CertiK's internal culture.

She also pointed out that speculation about the possibility of internal staff manipulation existed online due to several encrypted projects audited by CertiK having been attacked in the past.

Kraken lost nearly $3 million in ransomware attack after security breach reported

According to Nick Percoco, Chief Security Officer of Kraken, on Twitter, a security researcher reported a "very serious" vulnerability on June 9th, which could artificially increase account balances. The investigation found that recent user experience (UX) changes caused the system to prematurely record funds before deposits were completed, allowing attackers to inflate account balances. Although customer assets were not at risk, the vulnerability allowed attackers to "create" funds for a period of time. Kraken fixed the vulnerability in about an hour (47 minutes) and found that three accounts had exploited the vulnerability, withdrawing nearly $3 million from Kraken's vault, one of which belonged to the researcher who initially reported the vulnerability. This person only increased their balance by $4, which could have proven the existence of the vulnerability and earned them a reward, but they disclosed the vulnerability to others, who then withdrew a large amount of funds. Kraken requested that they provide a complete activity record and return the funds, but their request was refused and they attempted to extort Kraken. Kraken is working with law enforcement to handle this matter, and Percoco emphasized that compliant security research should abide by the rules of the vulnerability bounty program, and behavior that exceeds the rules and extorts is unacceptable.

A Pendle user lost $1.4 million due to signing a phishing signature

According to Scam Sniffer, a Pendle user lost $1.4 million 47 minutes ago due to signing a phishing signature online.

SlowMist: Beware of fake on-chain news impersonating Coinbase officials

The SlowMist security team recently detected a suspicious behavior that appeared to be disguised as the official Coinbase address (0xcd53b841ffa2afba778d03ef928cfe864accca7b). The address attempted to send false messages to users who extracted large amounts of assets from Coinbase Prime through on-chain shouting. The shouting claimed that "due to operational errors during the transaction, users need to return all funds transferred through ETH due to errors, otherwise law enforcement agencies will be contacted." We advise all users to be wary of such phishing behavior and to verify transfer information as much as possible before executing transfer operations to avoid unnecessary asset losses.