QR Code Scam Targets Crypto Holders Amid Latest Cybersecurity Threats

Recent updates in the crypto world have highlighted significant cybersecurity threats, including a new QR code scam and vulnerabilities in Bitcoin and SNARK-based systems.

Bitrace Alerts Users to QR Code Scam

Bitrace, a blockchain analysis firm, has issued a warning about a new QR code scam targeting cryptocurrency holders. The scam operates by tricking users into authorising wallet access through a fraudulent payment test. Fraudsters propose token swaps at favourable rates and request a “small repayment test” via a QR code, leading victims to a third-party site where their wallet access is compromised.

Between July 11 and July 17, 27 users fell victim, losing a combined $120,000 in USDT. The stolen funds were laundered through multiple addresses and a Cambodian exchange. Bitrace urges users to verify the legitimacy of counterparties and is developing a “one-click risk check tool” to enhance user protection.

USDT funneled through five addresses into Huionne addresses (Source:Bitrace)

New "Dark Skippy" Exploit Threatens Bitcoin Wallets

Security researchers have identified a new exploit, "Dark Skippy," which threatens Bitcoin hardware wallets. This method allows hackers to extract private keys from hardware wallets using just two signed transactions. Unlike previous attacks that required numerous transactions, Dark Skippy uses malicious firmware to embed parts of the user’s seed words into nonces, which can be decoded using Pollard’s Kangaroo Algorithm.

Dark Skippy Attack Advantages (Source:Dark Skippy)

The researchers suggest that hardware wallet manufacturers implement secure boot and anti-exfiltration protocols to mitigate these risks. Users are advised to keep their devices in secure locations and consider using tamper-evident bags.

SNARK Vulnerabilities Uncovered by Imperial College London

Imperial College London researchers have exposed significant vulnerabilities in SNARK-based systems. The study, presented at the Science of Blockchain Conference, identified issues such as under-constrained and over-constrained circuits, as well as computational errors. These vulnerabilities compromise the system’s ability to verify proofs accurately.

The study highlights challenges such as adapting to different abstraction levels and optimizing circuits for efficiency. The research aims to improve the security and functionality of SNARKs, which are crucial for privacy and scalability in blockchain technologies.

WazirX to Restore User Balances After $235 Million Hack

Indian crypto exchange WazirX has announced plans to restore user balances following a $235 million hack. The breach, which targeted WazirX’s Safe Multisig wallet on Ethereum, resulted in the theft of significant amounts of Shiba Inu (SHIB) and Ethereum (ETH). The exchange will reverse all trades conducted after the withdrawal halt on July 18 and restore users’ portfolios to their state before the incident.

The recovery process will involve undoing trades and fees from July 18 to July 21 and addressing deposits made after this period in a future update. This decision aims to ensure fairness for affected users.

These developments underscore the growing need for vigilance and robust security measures in the cryptocurrency space.