The use of blockchain vulnerabilities by hackers in the process of theft is quite an ordinary and even commonplace situation. So, at the end of April, the DeFi projects Rari Capital and Fei Protocol reported a loss of $77 million as a result of a hack. A little earlier, $600 million was stolen from the blockchain of the Axie Infinity gaming world using the Ronin Network sidechain. But the criminal world does not stand still, but tests new technologies. Recently, a group of innovative cyber crooks used the official Instagram account to hack. We are talking about the Bored Ape Yacht Club universeю How to avoid "theft" of tokens? Read about it in our new article.
Innovations in the world of burglaries and thefts
Bored Ape Yacht Club users could not expect a trick from the verified account of the creators of the most popular collection on Instagram. But the scammers easily hacked it and posted a link to a clone of the official website, explaining the change of address as a “promotion” for the distribution of NFTs. Unsuspecting users switched to a resource carefully slipped to them in order to receive free tokens and opened access to their wallets. Having received complete freedom of action, the scammers stole $3 million.
It may sound absurd, but the situation repeated again - already as part of a completely official action. Some users lost their NFTs as a result of following the suggested links. According to unofficial estimates, the production of "hijackers" exceeded $6 million.
And it's not just about Instagram. Similar incidents are recorded on other platforms: Twitter, Telegram, Facebook, Discord.
According to the Crypto Crime Report 2022 from Chainalysis, the constant increase in cyber threats in social networks is observed against the backdrop of the rise of crypto crime, breaking all previous records last year. On a global scale, the mining of crypto wallets owned by scammers is estimated at almost $14 billion, which is 80% more than in 2020. Losses of this magnitude are becoming increasingly difficult to ignore, which is why crypto companies and tech giants are forced to constantly tighten security measures.
Today, the most popular ways of cyber-thefts have become the creation of clones of accounts of official pages or their banal hacking, experts conclude.
The extremely popular Twitter platform in the crypto community is famous for the dominance of spam bots and account clones. More than $ 2 million was stolen from social network users - and this is only with the help of fake accounts of Elon Musk. This tactic operates not only in the crypto-currency sector of Twitter, but also in other communities of the platform.
It should be understood that overnight a great number of malicious accounts appeared, actively advertising non-existent NFT “distributions”. This role can be played by ordinary spam bots - automated social media accounts that imitate a flurry of activity. They post and tag users just like the accounts of real people.
It got to the point where Twitter reported 5% of spam profiles or fake accounts in its Q1 2022 earnings report. But the company does not see this as a threat. But Elon Musk publicly questioned the stated figure: according to his calculations, the number of fake accounts on the social network could be much higher.
Perhaps everything will change in the near future. Elon Musk, who announced the purchase of Twitter, plans to clean up and supplement the functionality of the social network with new and more advanced options.
"Theft" of personal data and accounts
Often, modern scammers create perfect clone copies of accounts of real crypto companies or hack existing profiles. For example, the developer of the NFT collection Yuga Labs set up two-factor authentication in his Instagram account, but this did not help - it was successfully hacked.
Hacking with such a level of protection was most likely carried out thanks to the voluntary or involuntary help from one of the top managers of the company. This does not mean that the person has colluded with the attacker. It is enough to ingratiate yourself and lure out valuable information - as if by accident and in passing.
A similar tactic has previously been used to hack Twitter accounts. One of the most resonant incidents dates back to 2020 - then verified and reputable accounts unanimously posted publications about the distribution of bitcoin. Among the hacked profiles was the page of US President Joe Biden!
Discord is also famous for hacks. The account of the Fractal trading platform was compromised even before the announcement of the official launch of the NFT collection. Many users received fake links to buy tokens and lost about $150,000.
Security is the most important thing, and Web 3 is not ready yet?
Hacker attacks radically slow down the development of not only individual startups, but the industry as a whole. It is necessary not only to hire security specialists, but also to order a code audit.
Some crypto enthusiasts are sure that changes for the better are possible with the transition to Web 3. After all, then the Internet will become decentralized, since it will begin to function on blockchain technology. All platforms will be owned and operated by users. At the same time, developers will be able to create special tools to remove spam and verify user identities. Today, online platforms are run by the largest technology companies.
But for the crypto industry, a massive transition to web3 is not yet interesting. Just because the social networks bring millions of subscribers to some blockchain companies and crypto services, so abandoning popular sites can lead to a significant decrease in the audience.