- Blockletter
- Posts
- Crypto Security Alert: Null Address Hack, Sinkclose Malware, and a Costly Phishing Scam
Crypto Security Alert: Null Address Hack, Sinkclose Malware, and a Costly Phishing Scam
Latest Crypto Scams and Threats—How to Protect Your Assets
In the ever-evolving world of cryptocurrency, new threats seem to pop up daily. From exploits in DeFi protocols to vulnerabilities in hardware, the risks are real. Here’s a roundup of the latest incidents and tips on how to protect yourself.
1. iVest Finance Falls Victim to Null Address Hack
On August 12, DeFi protocol iVest Finance was exploited in a $156,000 hack. The attacker took advantage of a flaw in iVest's system where sending tokens to a null address triggered a _MakeDonation function, doubling the loss of tokens for the sender. The hacker repeatedly exploited this flaw, draining significant funds from the pool.
iVest’s Response: The iVest team acknowledged the breach, assuring users that they’ve identified the exploit and will work with a security firm to conduct a full audit. They’ve also promised to replace the stolen funds and resume normal operations once the audit is complete.
2. Millions of PCs Vulnerable to Sinkclose Malware
A newly discovered vulnerability named “Sinkclose” has put millions of PCs at risk, particularly those using AMD processors. Unveiled at the Defcon hacker conference, this flaw allows attackers to install bootkits that are nearly impossible to remove—even by formatting the hard drive. This poses a serious threat to crypto users, especially those running software wallets like MetaMask or TrustWallet.
What You Can Do: If you’re using an AMD processor, ensure your firmware is updated. Unfortunately, some older models won’t receive patches, making it necessary to consider upgrading your hardware. For those handling cryptocurrency transactions, a hardware wallet might provide some protection, though it’s not foolproof against this vulnerability.
3. Web3 Gamer Loses $69,000 in Phishing Scam
On August 9, a Web3 gamer lost over $69,000 in Tether (USDT) due to an approval phishing scam. The victim unknowingly approved a malicious contract, allowing the attacker to drain their funds. This type of scam is common in the Web3 space, where attackers disguise malicious apps as legitimate platforms to trick users into granting token approvals.
How to Avoid Phishing Scams: Always double-check URLs and never approve transactions unless you are 100% sure of the source. Using a hardware wallet can add an extra layer of security, but vigilance is your best defense against phishing attacks.
Conclusion: Stay Vigilant in the Crypto Space
The recent surge in hacks, vulnerabilities, and phishing scams highlights the importance of staying vigilant. Whether it’s securing your hardware, keeping your software up to date, or being cautious with approvals, taking proactive steps can help protect your assets in this volatile environment. Crypto is exciting, but it’s also a playground for cybercriminals—don’t let them catch you off guard.