Recently, various hacking suspicions have emerged that could be dangerous for some altcoins. The allegations were revealed by the security firm Blocksec. Also, a possible phishing attack was pointed out and popular exchanges such as Binance and Coinbase were asked for help. Here are the details…
Hack alert from security firm: These altcoins could be in danger
Blockchain security platform Blocksec has informed crypto users about “some suspicious behavior” on Binance Smart Chain (BNB Chain). On February 4, Blocksec tweeted that a specific address is suspected of launching an attack on BNB Chain. In detail, the platform determined that “0x52fb0518e43b3d8d6d5af4f12961234a671cfd8e” will launch various attacks on the BSC network “using flash loans of some contracts to collect tokens”.
2/Take one attack tx (https://t.co/CDFIArP2We) as an example, the attack contract (0x9301) directly called the BiswapCall callback of the bot and pretends to be a Biswap pair. The bot contract then transfers tokens to the attack contract and made a dummy trade. pic.twitter.com/YUyoDfRExn
— BlockSec (@BlockSecTeam) February 4, 2023
Interestingly, to make the findings more transparent, BlockSec showed an example of attacking a transaction via a specific user address. As an example, the attack contract (0x9301) directly invokes the bot’s BiswapCall command and behaves like a Biswap pair. The bot contract then transfers the tokens to the attack contract and makes a fake trade. Specifically, through the example, BlockSec highlighted that the network can be attacked with the “fake trade” method.
In a subsequent tweet, BlockSec added that the initial funding came from crypto mixer Tornado Cash. The collected tokens were then transferred from the exploited contract to the attacker. So far, the community has not reacted much to the information. Some said the transactions “seemed like a financial ploy.” Therefore, at this time, mobility on the network has not received a definitive attack label. There are many coins on the BNB network, such as:
Security company points to phishing attack
Following the tweets above, BlockSec pointed to another issue. Binance has urged Coinbase and MEXC Global to investigate a phishing report shared by one of its users. According to the report, BlockSec traced ETH tokens stolen by a phishing address to wallets listed on the aforementioned exchanges. BlockSec analyzed reported wallet transactions using the MetaSleuth analysis tool. Reporting this to the firm, the investor said he was “accidentally attacked by phishing.”
MetaSleuth’s analysis revealed that there were multiple transfers from the accused address to Binance, Coinbase and MEXC Global. Transactions to three wallet addresses were detected on Binance, worth approximately 0.049 ETH, 0.124 ETH, and 0.009 ETH, respectively. One wallet at MEXC Global received around 0.248 ETH, while the address sent 0.064 ETH and 0.049 ETH to two separate wallets at Coinbase. The analysis also showed that the reported criminal sent $2.99 USDC to an unknown wallet.
Hey, @binance @coinbase @MEXC_Global, please help the users and perform an investigation on this.
Our analysis shows that the #phishing address transferred Ether to these exchanges. https://t.co/x2i18jIlYp
— BlockSec (@BlockSecTeam) February 5, 2023
The wallet contained more than 10 ETH worth approximately $16,719. An overview of the address currently listed on Etherscan showed multiple transactions sending ETH to the wallet. Etherscan has tagged the same address as a fake phishing address, according to BlockSec’s report. At this time, Binance, Coinbase, or MEXC Global have not publicly responded to BlockSec’s request. However cryptocoin.comAs we have also reported, based on previous experience, exchanges may investigate the report and take action against the phishing address after detecting suspicious activities.
