Connect with us

The schoolboy confessed to NFT fraud for $ 340 thousand and returned the money

Published

on

Someone HEERR tricked out 88 ETH from the Creature Toadz community, but was exposed and returned the money.

On Thursday, October 21, an unknown attacker hacked into the Discord server of the Creature Toadz NFT project and tricked community members into sending him money. In total, the hacker managed to lure out more than 88 ETH from the victims (over $ 340 thousand at the exchange rate at the time of the crime).

Posing as a moderator, the attacker shared a web link where community members could allegedly mint Creature Toadz. Minting is the (often paid) process of creating an NFT, which consists in creating a digital signature that represents the NFT on the blockchain. Until the deception was revealed, the victims managed to transfer 88 ETH to the hacker. According to the project team, their Discord server remained hacked for 45 minutes.

It is noteworthy that the hacker later returned all the money. Some believe that he initially had no intention of profiting from someone else’s expense, and compare the attack to an attack on the Poly Network, when the hacker who hacked the platform also returned the money. However, in reality, the attacker could simply be afraid of the consequences, since the specialist managed to reveal his identity.

An anonymous NFT analyst under the pseudonym OKHotshot found out who owns the Ethereum wallet to which the victims transferred funds. After analyzing the “paper trail” left by the hacker in Ethereum transactions, the analyst told Crypto Briefing, he linked it to a Twitter user under the pseudonym HEERR.

In a discussion of the Twitter Spaces hack initiated by Creature Toadz investor writer Andrew Wang, HEERR publicly claimed responsibility for it.

OKHotshot, who was a spokesman for Twitter Spaces, noticed that the hacker he had figured out was on the listener list. The analyst contacted him personally and in front of everyone demanded to return the money. Then HEERR, whose real name still remains unknown, joined the discussion as a speaker, not a listener, and confessed everything. Introducing himself as a 17-year-old high school student, he stated that the break-in was just a joke, and from the very beginning he did not plan to keep money for himself.

However, OKHotshot doesn’t believe the hack was just a joke. According to the analyst, pretending to be holy simplicity was the only way for a hacker to escape punishment. Whether the hacker confessed or not, OKHotshot still intends to reveal his real name.

Shortly after the meeting on Twitter Spaces ended, HEERR transferred all the money to the address of the project team. Currently, Creature Toadz is not going to report the hacker and is busy returning funds to the victims. Creature Toadz’s scheduled real minting is set to take place on Friday, October 22nd.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

Instagram said it is strengthening the protection of its underage users

Published

on

The head of Instagram is due to speak at a hearing in the US Congress on December 7 and talk about the measures taken by his service to protect children.

Tuesday, December 7th, Instagram administration stated the intention to carefully select the content recommended for teens and to nudge them to other areas if they get hung up on one thing. On its blog, the service announced a few more changes that will affect teenagers.

Instagram chief Adam Mosseri is due to speak at a hearing in the US Congress on Wednesday, December 7, and talk about the measures taken by his service to protect children online.

Recently, Instagram and parent company Meta Platforms (formerly Facebook) have come under fire for the potential harm to the mental health and safety of children online.

According to Mosseri, Instagram will disable the ability for users to tag or mention teenagers who are not their followers. Starting in January 2022, teenagers will have the opportunity to massively delete their content, previously set “likes” and written comments.

The service looked at control tools to limit potentially harmful or sensitive content to teens through search, hashtags, short videos (Reels) and featured pages, Mosseri said.

Instagram is also launching a Take a Break feature for users in the US, UK, Canada and Australia, which will remind users to distract themselves if the user is stuck in the app for a long time.

In March 2022, Instagram will launch its first parental control tool that will allow parents and guardians to see how much time a teen is spending on the app.

In September of this year, the Instagram administration decided to postpone the launch of the version of the application for children for now, and now the press service of the service has confirmed that the Instagram management does not intend to return to this project yet.

Continue Reading

Security

Israeli authorities strengthen oversight of cyber technology exports

Published

on

The move follows a series of scandals involving Israeli spyware developer NSO Group.

Israel’s Defense Export Control Agency has decided to tighten oversight over the export of offensive cyber products. Companies buying Israeli cyber technologies will have to sign a declaration to use the products “only for the investigation and prevention of terrorist attacks and serious crimes.” Countries that violate the terms of use may be subject to sanctions, “including restricting and / or shutting down the cyber system.”

As the Associated Press reported, the decision was made just days after another NSO Group spyware scandal. US diplomats in Uganda have been targeted by a software tool developed by the NSO Group. Spyware, developed by the Israeli company NSO Group, has been used to hack iPhone smartphones by at least nine US foreign policy officials.

The NSO Group has faced a flood of international criticism over accusations that it helps governments spy on political opponents and human rights defenders. However, according to the company itself, its product is intended solely to help countries in the fight against crime and terrorism. Israel’s Defense Ministry has also drastically reduced the list of countries to which Israeli companies are allowed to sell their cyber technology. If earlier the list included 102 countries, now it has been reduced to 37. In particular, Israel’s new allies Morocco and the United Arab Emirates, in which cases of human rights violations are known, were excluded from it.

Continue Reading

Security

Life360 service is suspected of selling geodata of children to third parties

Published

on

The company is one of the largest providers of confidential information on the personal data market.

Specialists of the non-profit organization The Markup spent investigation into the service Life360, which allows tracking the geolocation of children. As it turned out, the company is one of the largest providers of confidential information in the personal data market.

The Markup contacted two former employees of the so-called “data brokers” Cuebiq and X-Mode. Life360 made about $ 16 million in 2020 from selling user data to dozens of different companies, according to whistleblowers. In addition, two former Life360 employees also told the organization about the company’s additional source of income.

According to a former X-Mode employee, the raw location data from Life360 was one of the most valuable offerings on the market due to the sheer volume and accuracy of the data. A former Cuebiq employee joked that the company would not be able to carry out its marketing campaigns without the constant stream of location data from Life360.

The privacy policy of the application specifies the transfer of personal data, but the wording of the document actually allows the company to “transfer information to third parties in a form that allows you to identify the user.”

The functionality of the service allows you to prohibit the transfer of data, but this is not directly communicated to the user. This function is hidden in several sub-items of the settings, and consent to the use of information for commercial purposes is activated by default.

Whistleblowers said the company did not maintain adequate user anonymity and only removed names or home addresses prior to the sale. The rest of the information made it possible to easily identify the identity of the user. Any organization could become a buyer of data from Life360; the company did not enter into transactions only with government agencies.

The founder of the company, Chris Hulls (Chris Hulls) was unable to confirm or deny the results of the investigation.

Continue Reading

Most Popular