Crypto-Sec is our bi-weekly round-up of crypto and cybersecurity stories and tips.
Biggest phish of the week: TAO holder loses $11.2 million
In the largest reported phishing attack so far in June, a user of the Bittensor (TAO) artificial intelligence platform lost over 28,000 tokens worth $11.2 million at the time. The attack was reported by onchain sleuth ZachXBT through his Telegram channel.
The attacker split up the funds into 18 different wallet accounts, which then consolidated them into 16 accounts, ZachXBT reported. Afterward, the 16 accounts bridged the tokens from the TAO network to Ethereum and swapped them for ETH and USDC stablecoin using three different decentralized exchanges.
Reported phishing attack against TAO holder. (ZachXBT)
Splitting up funds into multiple wallets and then recombining them is a common tactic of scammers and is designed to circumvent money laundering detection systems on centralized exchanges. It is this pattern of splitting and recombining that apparently led ZachXBT to conclude that this was a phishing attack.
A crypto phishing attack is a type of scam in which the attacker creates a fake website that appears to be part of a legitimate protocol, such as a decentralized exchange or lending app. But the site is, in fact, malicious and not authorized by the legitimate protocol’s team. When the user authorizes their tokens to be spent by the fraudulent app, it steals them instead of doing what the user expected.
Phishing scams are one of the most common ways for crypto users to lose their funds from an attack.
White hat corner: Microsoft patches “zero-click” vulnerability
According to Security Week, Microsoft has patched a vulnerability that could have allowed attackers to execute code on Outlook users’ devices without requiring them to download or execute a file. Cybersecurity firm Morphisec reportedly discovered the flaw.
The potential attack only…
..
