AI scam targets Ripple holders and memcoin trader loses it all: Crypto-sec
The latest crypto scams, hacks and exploits and how to avoid them: Crypto-Sec
New AI scam targets XRP holders
A new artificial intelligence-generated video is circulating YouTube. The likely scam is similar to one that earlier featured an AI-generated Elon Musk, but it now features Ripple co-founder Chris Larsen.
Dramatic music plays throughout the video as the fake Larsen states, “Today is a significant day for everyone who holds XRP.”
He claims that instead of burning 150 million XRP as Ripple usually does on an annual basis, the company is “giving it all back.”
According to copy of the video seen by Cointelegraph, every XRP holder can double their current holdings by visiting the website. Viewers are urged to visit the website in order to not miss out on this “historic” opportunity.
AI-generated video of Chris Larsen. Source: RippleUs.
The video is published on an unlisted page, which prevents it from showing up in searches. This implies that the channel may be sending out links to it through email or other relatively private means, which it may be doing to prevent the video from being discovered by YouTube and taken down.
These emails likely contain a website URL with an XRP Ledger address where victims are asked to send their funds, only to lose them forever. However, Cointelegraph could not determine the website or address being used.
AI-generated scam videos are becoming an increasing problem in the crypto space. A similar video featuring an AI-generated Elon Musk was broadcast during the Bitcoin 2024 conference , and victims lost over $79,000 worth of cryptocurrency because of it.
The scam has become well-known, and the existence of these videos implies that scammers may have given up on the Elon Musk theme, turning to other well-known figures in the cryptocurrency space.
Phish of the week: Trader with 10x gain loses it all from ‘transfer’
On Oct. 14, a trader lost over $300,000 worth of memecoin MicroStrategy 2100 (MSTR2100) in a phishing attack after having wracked up more than 10x in unrealized gains.
The victim signed a transaction transferring their coins to the attacker known on Etherscan as “Fake_Phishing607855.” Given that the receiving account was a known scammer, the sender likely did not understand what they were signing.
Just five days before the attack, on Oct. 8, the trader purchased 335,468 MSTR2100 tokens from the Uniswap crypto exchange for $17,104, at an average price of approximately $0.05 per coin. Then, beginning on Oct. 10, the coin began to pump. It reached an all-time high of $1.58 on Oct. 13 before declining below $1.00 the following day.
MSTR2100 price chart, Oct. 8—Oct. 14. Source: CoinMarketCap.
At the exact time of the attack, 7:20 a.m. UTC on Oct. 14, MSTR2100 was worth approximately $0.56 per coin, making the trader’s stash worth more than $188,000, blockchain data shows. This meant that the trader’s unrealized gains were over $170,000, representing a more than 10x rate of return.
Sadly, the trader never got to cash out their winnings. Before they could close out their successful trade, they transferred their entire stash to a fake phishing account.
Blockchain analytics platform Scam Sniffer detected the strange transaction and reported it on X.
Source: Scam Sniffer .
Scam Sniffer did not speculate on what exact method the attacker used to trick the trader. However, phishing scams usually rely on fake websites that pose as trusted apps.
The victim was a frequent user of Uniswap, so they may have fallen prey to a fake version of that exchange. If so, the fake app may have pretended to offer a swap transaction when it was in fact asking the user to sign a simple transfer.
Users can often avoid phishing attacks by carefully inspecting transactions before confirming them.
Internet Archive leaks 31 million passwords
Crypto users with registered Internet Archive accounts may want to review the passwords they used and be extra cautious of emails they receive purporting to be from the site.
According to an Oct. 20 report from NPR, hackers broke into the Internet Archive servers and stole data associated with 31 million user accounts, including each user’s email address and “encrypted passwords” or password hashes.
Users effected by the data breach may be subject to email-based phishing attempts in the near future, as the scammers now know that these users are interested in Internet Archive. In addition, the attackers could use hash-cracking software on the stolen hashes, which could potentially reveal users’ plaintext passwords.
Internet Archive is requiring users to change their passwords, so the attackers shouldn’t be able to access theiraccounts. But if a user happened to use the same password on both Internet Archive and a crypto exchange, the exchange may be at risk of unauthorized access.
Related: Authy 2FA app leaked phone numbers that may be used for text phishing
According to an Oct. 17 blog post from Internet Archive, the attackers also “ defaced ” the website’s javascript. This forced the team to “bring the site down to access and improve our security.”
As of Oct. 21, two of the site’s services have resumed: Wayback Machine and Archive-It. In addition, the site’s blog is functioning normally. However, all of its other services are still closed, including video and audio streaming, open library ebook borrowing, and other functions.
Service availability message. Source: Internet Archive.
Password breaches like this one continue to pose a threat to crypto users and to web users in general. The web industry is working to replace passwords with passkeys that rely on public-private cryptography and work similarly to a cryptocurrency wallet. However, this transition is only in its beginning stages.
Magazine: Fake Rabby Wallet scam linked to Dubai crypto CEO and many more victims
Because of the threat of password breaches, some users have taken to using password managers to secure their passwords. However, those can be breached as well, as happened with LastPass in 2022.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
The Daily: Hyperliquid set for HYPE token launch, MARA purchases $615 million in bitcoin and more
Tax on Bitcoin (BTC) and Cryptocurrencies from Russia!
The Russian Federation Council has approved a new tax bill for cryptocurrency mining and trading.
Tornado Cash Decision from the US Will Benefit These Altcoins the Most!
10X Research founder Markus Thielen assessed the impact of the Tornado Cash decision.
Another Country Makes a Move for Bitcoin! The First Step Has Been Taken for a Strategic BTC Reserve!
Vancouver Mayor Ken Sim has announced plans to add Bitcoin to the city's balance sheet in an effort to diversify the city's investment portfolio.