Here are some crypto-security-related incidents and events that occurred last week that I recommend you be aware of.
- Android emerges with yet another vulnerability, this time with its fingerprint scanners. Tencent and Zhejiang University presented a new attack vector called BrutePrint, which allows attackers to hack a device’s biometric system to gain control. Physical Security of devices is often an oversight, but as people often use phones for 2FA and crypto wallets, keep tabs on your devices.
- Asymmetry Finance announces their discord server was compromised. Thankfully, the compromise only led to a phishing link with a fake airdrop. The team has since recovered the discord.
- Krebs on Security published a short interview with a crypto spammer who targeted people on Mastadon. The spamming group earned around 2K by using bots for spamming phishing messages in Mastodon instances. This article gives interesting insights into the bot operations targetting crypto users prevalent on Twitter, Mastodon, and other social media networks.
- ScupyTrooples, of Alchemix tweeted about a new Discord hack targetting DAOs. The vector, a Bookmarklet Hack, attacks a user’s Discord Master Token to bypass their password and 2FA. The attack involves someone simply asking to interview a DAO member. The DAO member then loses their master token if they join the interviewer’s discord server, allowing the attacker to take control of that Discord account. This scam has already hit a few DAOs, including LandWorks.
- Tayvano_ on Twitter reports a ‘huge’ increase in spearphishing attacks. Spear phishing differs from regular phishing attempts in that they target specific individuals and usually leverage publically available information. These attempts seem to take the form of convincing phishing emails or shared documents. Be extremely cautious when opening emails with documents and links.
These are just a few crypto-related security events we have seen this week. Make sure to check in on our Activity Feed each week for updates.