CertiK
Front-running scams rampant on YouTube with 500% surge in 2022: CertiK
Front-running scam bots are significantly gaining traction on YouTube, with the number of dubious videos increasing six-fold in 2022 according to a new report from blockchain security firm CertiK. In the firm’s Dec. 1 report, CertiK explores how a wave of front-running bot scams are promising free returns as high as 10X a day, but ultimately end up swiping people’s funds. Notably, CertiK’s analysis found 84% of videos on YouTube mentioning “front running bot” were scams, with the number increasing 500% from 28 videos in 2021 to 168 videos in 2022: “There are common themes in all of these videos: free code and huge returns. Successful runners won’t give away free code on a social media site, they will sell it for a large amount on underground forums.” The scam itself genera...
Crypto scammers are using black market identities to avoid detection: CertiK
Crypto scammers have been accessing a “cheap and easy” black market of individuals willing to put their name and face on fraudulent projects — all for the low price of $8, blockchain security firm CertiK has uncovered. These individuals, described by CertiK as “Professional KYC actors” would, in some cases, voluntarily become the verified face of a crypto project, gaining trust in the crypto community prior to an “insider hack or exit scam.” Other uses of these KYC actors include using their identities to open up bank or exchange accounts on behalf of the bad actors. According to a Nov. 17 blog post, CertiK analysts were able to find over 20 underground marketplaces hosted on Telegram, Discord, mobile apps, and gig websites to recruit KYC actors for as low as $8 for simple “gigs” lik...
CertiK shares security tips following third BAYC security compromise in six months
On June 4, the popular nonfungible token, or NFT, project Bored Ape Yacht Club (BAYC) suffered its third security compromise this year. Nearly 142 Ether (ETH) ($250,000) worth of NFTs was stolen after hackers gained access to the Discord account of a BAYC community manager and posted a message with a link to a fake website. The link advertised a limited-time free-NFT giveaway to users who connected their wallets, which were then drained of NFTs. During two prior occasions in April, hackers breached BAYC’s Discord and Instagram pages and managed to siphon 91 NFTs, worth over $1.3 million at the time of the second attempt, via a phishing link. As told by blockchain security firm CertiK, hackers quickly moved stolen funds to obfuscation platform Tornado Cash, making it imposs...
Security firms seek to make it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project’s smart contracts, it appears that the exploit was the result of external dependencies. #CommunityAlert @FlurryFi’s Vault contracts were attacked leading to around $293K worth of asset...
CertiK’s identification of Crypto Cars as ‘rug pull’ was a false alarm
In a period of market downturns, rumors of crypto bans and decentralized finance, or DeFi scams, blockchain enthusiasts can be sensitive to the smallest abnormalities within projects they follow and sometimes erroneously fear for the worse. The day prior, CertiK, a leading cybersecurity ranking platform in the blockchain space, issued a warning via Twitter regarding CryptoCars, alleging that it was a “rug pull.” However, the staff quickly deleted the post as it was a false alarm. Via a series of Twitter screenshots obtained by Cointelegraph, CertiK first claimed that the website and Telegram for CrytoCars were down. However, users quickly pointed out that both the CryptoCars website and Telegram apps were still functional, resulting in CertiK rescinding the community alert. Acc...
