The wallet address used by the phisher has been associated with multiple crypto phishing websites which attempt to convince users to authorize transactions, often by impersonating known crypto projects or promising token airdrops.
High-profile streamers bail on MrBeast-promoted Creator League after learning there are blockchains involved
YouTuber CDawgVA publicly withdrew from the project on September 3, writing, "I was not told or made aware at any point that there was Blockchain technology and was only made aware of that information when the event went live. I was given assurances that it had nothing to do with NFT's. Given my vocal hatred of such tech, I would never agree to join had I known that."
The creator of the OTK Network, which had agreed to participate in the League, wrote: "We were told there was no NFT/crypto component but looks like that may not be the case."
Creator League issued a statement attempting to downplay its blockchain usage, emphasizing that people who purchased "Creator Passes" were not buying cryptocurrency or NFTs. "The Creator League is not an NFT project and we have never sold tokens," they insisted. "Those buyers who remain uncomfortable with the blockchain technology can request a refund," they continued.
Now, Creator League has been postponed. eFuse, the company behind it, has also just announced a 30% layoff amid company restructuring.
A report by cybersecurity expert Brian Krebs outlines how various experts have come to this conclusion after analyzing a long string of crypto thefts perpetrated against people with otherwise strong security practices. Altogether, the thefts suspected to have been enabled by the LastPass breach amount to more than $35 million.
- "Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach", Krebs on Security [archive]
GMBL offered a "bug bounty" to the attacker, inviting them to return 90% of the stolen funds in exchange for a promise not to pursue legal action. The exploiter later returned 235 ETH (~$382,000), or half what they had stolen.
GMBL promised that "we are going to thoroughly test everything again before re launching".
Once victims visit the fake site, they're prompted to connect their MetaMask wallets to access various services, which would allow the scammers to steal any assets in the wallets.
"The decision was made voluntarily and for business reasons," the email claimed.
Genesis is a subsidiary of the Digital Currency Group (DCG) conglomerate, which has since the beginning of the year seen its Genesis platform enter bankruptcy, shuttered its TradeBlock subsidiary, and is reportedly approaching a deal to sell its CoinDesk crypto media outlet.
Synapse posted on Twitter that they were "investigating unusual activity" on the wallets of one of their liquidity providers, and were "working to get in touch with them".
The $SYN token plummeted almost 25% after the sell-off, later recovering somewhat.
Stake acknowledged the attack on their Twitter account, writing that "We are investigating and will get the wallets up as soon as they're completely re-secured."
Stake is an Australia-based cryptocurrency casino and sports betting platform that has enjoyed endorsements from various celebrities, and which shelled out $100 million in 2022 for an endorsement deal with Drake.
On September 6, the FBI announced that they believed the Lazarus Group was behind the theft. Lazarus is a group of North Korean state-sponsored hackers allegedly responsible for crypto hacks totaling hundreds of millions of dollars.
In a competing lawsuit, Wright Thurston alleges that Schiermeyer unilaterally misused over $600 million in company funds in wasteful actions that were "often for his own personal benefit", including to buy a private jet and hire architects and designers for personal real estate projects.
The $GALA token dropped 5% on the news of the lawsuits.
After user backlash over a cumulative $550,000 in funds that were inaccessible to people who hadn't heard about the breaking change, Starkware re-enabled the ability for people to upgrade their wallets – leading some to question why it was ever disabled in the first place if it could be trivially re-enabled to prevent the loss of half a million in assets.