Home Blog Scammers in the cryptocurrency space are fighting over stolen assets

Scammers in the cryptocurrency space are fighting over stolen assets

by Arif
0 comment

Researchers in the field of cybersecurity have found a hacker who was responsible for hacking cryptocurrency fraud websites and redirecting cash that had already been stolen to his own wallets. This hacker had previously raked in hundreds of thousands of dollars via this scheme.

According to Trend Micro, a threat actor going by the name “Water Labbu” discovered and penetrated 45 scam websites, then substituted the wallet addresses of the victims with his own. In this manner, whatever money that the con artists manage to mislead other individuals into sending them will ultimately end up in his possession.

The majority of the sites are just bogus mining pools for liquidity. In order to generate a liquidity pool, legitimate cryptocurrency mining pools require their users to lend their digital assets to decentralized exchanges. This allows the pool to operate. Due to the existence of this liquidity pool, cryptocurrency traders are now able to trade their tokens directly (in a decentralized manner, as opposed to a centralized manner where a single entity provides the liquidity). Receiving a cut of the trading fees allows the lenders to generate a profit for themselves.

Users are required to connect their wallets to the liquidity mining pool before they may lend out their cryptocurrency holdings. Fake websites, on the other hand, do little more than wait for users to link their wallets before emptying them out completely. There is a significant amount of work to be done, including the creation of bogus apps as well as participation in social media activities to promote fraud. Water Labbu sidesteps all of it, allowing the original con artists to carry out all of the laborious work on their behalf.

“In one of the examples we investigated, Water Labbu manipulated an IMG element to load a Base64- encoded JavaScript payload via the “error event,” Trend Micro’s study noted.

This is what is known as an XSS evasion method, and it is used to get over Cross-Site Scripting (XSS) filters. The injected payload will then generate another script element, which will load yet another script from the delivery server located at tmpmeta.com.

The script searches for new wallets that have a balance of at least 0.005 ETH or 22,000 USDT, and then, depending on the platform (Windows or one of the two mobile devices), it either performs the transfer or begins the search again.

Trend Micro reminds users that in order to protect themselves from these types of fraud, users should be very careful while linking their wallets and should ensure that they have done their research before handing up any of their tokens.

You may also like

Leave a Comment

Our Company

Lorem ipsum dolor sit amet, consect etur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis.

About Links

Useful Links


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

Exploring the Mughal heritage in Lahore 10 Best Crypto Currencies 2023 United Kingdom Considers Introducing a Digital Pound Pakistan Locally Manufactured 19.7 Million Smart Phones In 2022; Highest Ever In One Calendar Year

@2021 – All Right Reserved. Designed and Developed by PenciDesign

Facebook Twitter Instagram Linkedin Youtube Email