- An attacker targeted Paradigm’s head of security and tried to steal his Bitcoin in three clicks.
- Sam Sun shared details of the compelling hook and how easy it is for individuals to fall prey to Bitcoin hacks.
- Attackers can steal wallet data directly from browser extensions or Discord session tokens when users click on malicious links.
Former white hat hacker and the head of security at Paradigm, a VC firm, was targeted by a hacker recently. Sam Sun told his 86,300 Twitter followers how three clicks and two malicious file downloads could give the hacker access to his Bitcoin.
Hackers target wallet data of users, send malicious links
Sam Sun, a former white hat hacker and the head of security at Paradigm, was recently hit by an attacker in an attempt to steal his wallet data and eventually his Bitcoins. Sun performed malware analysis and broke down the series of events that could have led to a successful attack on his wallet data.
1/ Today, someone tried to hack me with a crypto stealer, so I guess I’ve finally made it
Fortunately, they weren’t successful, but all it would’ve taken was three clicks. Read on to learn about how the attack works, how to protect yourself, and some basic malware analysis️ pic.twitter.com/31qqUoATWL
— samczsun (@samczsun) July 5, 2022
Sun shared the analysis on his Twitter account, revealing how simple it is to be hacked and how attackers are stealing info like wallet data and Discord session tokens to gain access to users’ cryptocurrencies. In the case of Sun, a malicious actor sent a message with a link to arouse his curiosity.
The message read,
Hello
I am sorry to disappoint you.
You are being sued.
You can read a copy of the lawsuit here (Malicious link)
No copyright has been claimed.
You can also write a statement in response, good evening John.
Sun revealed that messages accompanied by malicious links are compelling hooks and when placed under pressure, even trained security professionals might act irrationally and click on the link.
Clicking the link downloads a file to the target’s computer. This is the first step, opening the downloaded file takes the target another step closer to getting hacked. Once the file is opened, the attacker has access to wallet data, browser extensions or Discord session tokens of the target. This gives the malicious actor direct access to your cryptocurrency.
“Hybrid Analysis”, an automated malware analysis service provider, helped Sun identify that the two downloaded files on his device were malicious. Running the files through a malware analysis detector helped him determine that the attacker attempted to steal his cryptocurrency. Therefore, Sun warns his followers against running downloaded programs, files without running them through malware analysis detector.
Results after running both downloads through Hybrid Analysis
Attacks are therefore not limited to the DeFi ecosystem, and cryptocurrency holders are simply three clicks away from losing access to their holdings.
Why KuCoin’s insolvency could have serious implications on Bitcoin price
Analysts at FXStreet evaluated the impact that Mt.Gox’s insolvency had on Bitcoin and revealed that they expect a similar situation in case of KuCoin. For more information and the impact on Bitcoin price, check out this video:
