Bitcoin News, Crypto News
Strange ‘Null Address’ iVest Hack Leaves Millions of PCs Exposed to ‘Sinkclose’ Malware: Crypto-Sec
Aug
Understanding Recent Crypto Exploits and Vulnerabilities
A look into recent threats and how to protect yourself in the crypto landscape.
DeFi Exploit: iVest Suffers Donation Attack
On August 12, iVest Finance, a decentralized finance (DeFi) protocol, experienced a significant exploit totaling $156,000. This information comes from QuillAudits, a blockchain security firm.
Typically, transferring tokens to a null address (0x0) results in permanent loss. However, the iVest protocol triggers a _MakeDonation function when tokens are sent to this address, which incorrectly reduces the sender’s balance by double the intended amount, according to QuillAudits.
Through repeated exploitation of this function, the attacker managed to extract over $156,000 worth of BNB and iVest tokens, most of which came from funds deposited by other users.
iVest describes itself on its website as merging “SocialFi and DAO governance with innovative tokenomics” to benefit its members and support community projects.
AMD Malware Vulnerability: “Sinkclose” Affects Millions
A significant vulnerability dubbed “Sinkclose” was identified in AMD processors on August 9, impacting millions of PCs. This finding is particularly alarming for users of software wallets such as MetaMask and Coinbase Wallet.
Sinkclose can enable attackers to create a “bootkit” that evades antivirus detection and remains virtually undetectable by the operating system. If a user’s device is compromised by Sinkclose-related malware, removal becomes extremely difficult, as even reformatting the hard drive and reinstalling the OS may not eliminate the infection.
This vulnerability was unveiled by cybersecurity researchers Enrique Nissim and Krzysztof Okupski at the Defcon hacker conference on August 10. According to a report from Tom’s Hardware, AMD has issued mitigation patches for many affected processors, although some older models will not receive updates due to being outside the support window.
The Sinkclose vulnerability raises crucial concerns for cryptocurrency users. It may necessitate replacing compromised devices rather than attempting to clean them. For users handling basic crypto transactions without Web3 applications, utilizing a hardware wallet might reduce potential risks. However, this option may not suffice for those engaged with Web3, as these applications often require users to trust their PCs to display transaction data.
Users with AMD processors are encouraged to ensure their firmware is updated to the latest version, as announced patches include mitigation strategies.
Phishing Incident of the Week: Web3 Gamer Loses $69,000 in Tether
On August 9, a Web3 gamer fell victim to a phishing scam, resulting in a loss of Tether (USDT) valued at over $69,000.
At 10:33 PM UTC, the victim inadvertently approved a malicious account labeled “Fake_Phishing401336” to access their USDT. Only a minute later, the attacker executed two transactions: one worth $58,702.42 and another for $10,359.25, totaling $69,061.67.
The blockchain security platform Scam Sniffer detected these transactions and reported on the attack.
The victim had previously engaged in trading Web3 gaming tokens and memecoins. Token approval phishing scams represent a common threat in the Web3 space, where attackers trick users into visiting malicious sites posing as trusted apps, often misrepresented URLs.
Upon confirming an approval transaction via the malicious app, attackers can drain the user’s targeted wallet. This instance highlights the risks Web3 users face with token approval phishing scams.
To protect against losses, Web3 users should verify both the URL and contract address of any site requesting token approvals to avoid falling victim to costly scams.