'I Just Got Drained For Over $650K,' Trader Reveals Mysterious Exploit Sweeping Through Crypto Circles

Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below.

A mysterious exploit is draining the wallets of influential cryptocurrency community members.

"I just got drained for over $650k," a cryptocurrency community member under the username "ItsBoldy" with over 9,000 followers said Monday on X, claiming that he had suffered from a mysterious exploit. "Never thought this s–t would happen to me but here we are."

In a follow-up post, ItsBoldy said that the exploit occurred during a Telegram and Discord call, adding that an associate of his who was on the call also had his wallet drained.

"We didn't click any links, we didn't share anything," they said. "It all happened on a Discord/Tg call. Still trying to figure out how the drain happened."

Don't Miss:

The same firms that backed Uber, Venmo and eBay are investing in this pre-IPO company disrupting a $1.8T market — and you can too at just $2.90/share. Kevin O'Leary Says Real Estate's Been a Smart Bet for 200 Years — This Platform Lets Anyone Tap Into It

Less than 24 hours later, another cryptocurrency community member under the username "Parker" with 137,000 followers on X reported being a victim of a similar attack.

"I was drained for 350 SOL ($60,000)  last week by the guy who seems to be draining everyone," he said. "In 4 years of crypto, I've never been drained."

Parker said the attacker had approached him looking for help to set up an account on Axiom, an emerging decentralized exchange, offering 20-50 SOL upfront for the service. He said the attacker acted confused and pretended to be scared of being hacked, while asking him to also be careful not to reveal any of his information.

"While you're screen sharing, he somehow captures the password of your Axiom wallet (not sure how, because I copied the password off stream and then pasted it)," he said. "Then once you connect your trading wallet, he instantly drains it."

Axiom did not immediately respond to Benzinga’s request for comment.

Trending: 7 Million Gamers Already Trust Gameflip With Their Digital Assets — Now You Can Own a Stake in the Platform

These exploits appear to have been going on for at least a month. A cryptocurrency community member under the username "Gmane" reported suffering from a similar exploit early last month. He linked the exploit to a link to Velox Tools, an obscure tool supposedly designed to search for trading alpha on X.

繼續閱讀

"A Wallet cannot be drained by just connecting to a Telegram or Discord video calls and not performing any other action except from talking to a person (if you are not telling your seed phrase on a call OR sharing a screen with seed phrase / private key on a call)," head of forensics and incident response at blockchain-focused security outfit Hacken Yehor Rudytsia told Benzinga. "The wallet is drained if you, indeed, click malicious links / download malicious files to your device, which compromise it in moments."

While the details of this specific exploit, which appears to be primarily targeting Axiom exchange users, are few and far between, social engineering exploits like this are commonplace in the cryptocurrency space.

Last year, hackers targeted so-called cryptocurrency key opinion leaders on X with bogus partnership offers. The ploy attempted to trick them into downloading malware in the guise of fixing a broken Slack meeting link. The link was, of course, fake.

See Also: If there was a new fund backed by Jeff Bezos offering a 7-9% target yield with monthly dividends would you invest in it?

How To Stay Safe From Social Engineering Attacks

Social engineering attacks typically rely on trust. Scammers inspire trust by leveraging a brand name, building a relationship over time, or presenting often bogus social or financial proof. Below are some tips to help you stay safe from these types of attacks:

Be wary of unsolicited DMs from strangers, especially people claiming to be customer care representatives or affiliated with a major brand. Customer care representatives will almost never contact you first. Be wary of offers that appear too good to be true. They likely are. Always do your due diligence on individuals and businesses proposing partnerships or employment opportunities. Always double-check URLs using tools like ScamAdviser and Scam Sniffer. Never disclose private information such as your password or seed phrases.

Read Next: The ECG Hasn't Changed in 100 Years — This AI Upgrade Could Help Detect Heart Disease Years Earlier

Image: Shutterstock

This article 'I Just Got Drained For Over $650K,' Trader Reveals Mysterious Exploit Sweeping Through Crypto Circles originally appeared on Benzinga.com

查看留言