Info Alliance
Onchain Detective. 7 Yrs Exp. Co founder Info Alliance. AML, Asset Unblocking and Legal Recovery of Stolen Funds.
0 Följer
16 Följare
21 Gilla-markeringar
0 Delade
Inlägg
Security Advisory: Anatomy of a Crypto Drainer Exploit & Asset Protection Strategies
👎 Crypto Drainer – A malicious script embedded within a web resource that operates via a smart contract, triggered when a user signs a transaction or payload.
👨💻 A drainer is specifically designed to misappropriate crypto assets from users' Web3 wallets (e.g., Trust Wallet, MetaMask) across a single blockchain network or multiple networks simultaneously. The exfiltration of your funds can occur either via automated execution upon signing, or manually by the threat actor at a significantly later time.
To interact with any legitimate decentralized service (such as Uniswap), users must connect their wallet via protocols like WalletConnect and sign a transaction. Because the majority of users implicitly trust this technology and routinely approve pop-up prompts, malicious actors exploit this behavioral pattern. They deploy fraudulent infrastructure—often highly accurate clones of legitimate platforms, prominent crypto projects, or entirely new, fabricated brands.
When interacting with these phishing resources, you will similarly be prompted to connect your wallet and sign a transaction. However, you will often be hit with multiple signing requests. These transactions execute the malicious smart contract, effectively granting it sweeping permissions (token allowances) to manage the wallet and its underlying assets. Once these permissions are authorized, your tokens are automatically or manually siphoned to threat actor-controlled addresses that were pre-coded into the smart contract.
🖥 Security Recommendations:
Execute transactions exclusively on reputable, well-established Decentralized Exchanges (DEXs).Rigorously verify domain URLs against the project's official communication channels to avoid spoofed sites.Compartmentalize your risk: interact with Web3 applications using a dedicated secondary wallet. Always remember to review and sever all active connections in the "DApps" tab of your wallet application after use.Audit your token "approvals" and execute a "revoke" function at the smart contract level. Simply disconnecting from a DApp does not nullify the on-chain allowances you granted when signing the initial transaction. You can audit which smart contracts hold permissions to your wallet and revoke them automatically using tools like revoke.cash, or manually directly through the smart contract interface.
ℹ️ If your assets have been compromised, contact Info Alliance (https://t.me/infoalliance_support). Our team will assist in tracing the illicit fund flows and facilitating the asset recovery process!
#news #scam #scamriskwarning #crypto
👨💻 A drainer is specifically designed to misappropriate crypto assets from users' Web3 wallets (e.g., Trust Wallet, MetaMask) across a single blockchain network or multiple networks simultaneously. The exfiltration of your funds can occur either via automated execution upon signing, or manually by the threat actor at a significantly later time.
To interact with any legitimate decentralized service (such as Uniswap), users must connect their wallet via protocols like WalletConnect and sign a transaction. Because the majority of users implicitly trust this technology and routinely approve pop-up prompts, malicious actors exploit this behavioral pattern. They deploy fraudulent infrastructure—often highly accurate clones of legitimate platforms, prominent crypto projects, or entirely new, fabricated brands.
When interacting with these phishing resources, you will similarly be prompted to connect your wallet and sign a transaction. However, you will often be hit with multiple signing requests. These transactions execute the malicious smart contract, effectively granting it sweeping permissions (token allowances) to manage the wallet and its underlying assets. Once these permissions are authorized, your tokens are automatically or manually siphoned to threat actor-controlled addresses that were pre-coded into the smart contract.
🖥 Security Recommendations:
Execute transactions exclusively on reputable, well-established Decentralized Exchanges (DEXs).Rigorously verify domain URLs against the project's official communication channels to avoid spoofed sites.Compartmentalize your risk: interact with Web3 applications using a dedicated secondary wallet. Always remember to review and sever all active connections in the "DApps" tab of your wallet application after use.Audit your token "approvals" and execute a "revoke" function at the smart contract level. Simply disconnecting from a DApp does not nullify the on-chain allowances you granted when signing the initial transaction. You can audit which smart contracts hold permissions to your wallet and revoke them automatically using tools like revoke.cash, or manually directly through the smart contract interface.
ℹ️ If your assets have been compromised, contact Info Alliance (https://t.me/infoalliance_support). Our team will assist in tracing the illicit fund flows and facilitating the asset recovery process!
#news #scam #scamriskwarning #crypto
How to Avoid "Dirty" Tokens and Account Blocks: Chainalysis Insights
🖥 Chainalysis analysts have calculated that over the last 5 years, approximately $100 billion in "dirty" crypto has been sent to crypto exchanges. About a third of these funds are attributed to sanctioned crypto services, while the remaining volume belongs to the darknet, various types of criminal activities, drainer programs, and malware.
At the same time, "dirty crypto" is mostly concentrated on the largest crypto exchanges, but scammers have also utilized DeFi applications, gambling sites, crypto mixers, and cross-chain bridges for money laundering. The number of "dirty" coins is high. According to the latest Chainalysis data, the volume of illegal transactions using BTC exceeded $2.8 billion per year. This seems like a significant amount, but against the backdrop of the annual volume of illegal transactions of $1-$2 trillion, it is a fraction of a percent.
1️⃣ How can one receive "dirty" tokens?
Exchanges keep records of risky transactions, stolen tokens, and wallet addresses involved in criminal activity. Perpetrators are well aware of this, so they try to exchange them for other clean cryptocurrencies or withdraw them into fiat. Often, "dirty crypto" is used to pay for services or products.
Before reaching the final recipient, coins go through a long chain of transactions. Scammers run them through mixer services, split them into parts, and use unregulated platforms, prepaid debit cards, and gambling sites. Thus, "dirty assets" can end up in wallets not only of scammers. A law-abiding user may quite accidentally become the owner of such "dirty cryptocurrency" — by receiving it as payment or buying it on unregulated platforms.
🟠 Why is "dirty cryptocurrency" dangerous?
The problem is that if "dirty" cryptocurrencies enter your wallet, the rest of the coins in it will be compromised — the exchange will assign an increased risk level to the entire wallet. Exchange security systems regard all assets and transactions of the address as equally "dirty" and suspicious. As a result, assets may be blocked on the account if the wallet belongs to an exchange. In some jurisdictions, for example, the USA, the user may face a heavy fine.
🔍 Upon seeing a risky transaction, regulated exchanges will require proof of the origin of funds (you have most likely already passed verification). Until all circumstances are clarified, they will simply block the account — this is stated in the user agreement.
ℹ️ Therefore, if you conduct a large number of crypto operations, we advise checking every received transaction and all transactions of counterparties. If help is needed, Info Alliance AML officers (https://t.me/infoalliance_support) will be happy to consult you on all possible questions!
#news #scam #scamriskwarning #crypto #BTC
At the same time, "dirty crypto" is mostly concentrated on the largest crypto exchanges, but scammers have also utilized DeFi applications, gambling sites, crypto mixers, and cross-chain bridges for money laundering. The number of "dirty" coins is high. According to the latest Chainalysis data, the volume of illegal transactions using BTC exceeded $2.8 billion per year. This seems like a significant amount, but against the backdrop of the annual volume of illegal transactions of $1-$2 trillion, it is a fraction of a percent.
1️⃣ How can one receive "dirty" tokens?
Exchanges keep records of risky transactions, stolen tokens, and wallet addresses involved in criminal activity. Perpetrators are well aware of this, so they try to exchange them for other clean cryptocurrencies or withdraw them into fiat. Often, "dirty crypto" is used to pay for services or products.
Before reaching the final recipient, coins go through a long chain of transactions. Scammers run them through mixer services, split them into parts, and use unregulated platforms, prepaid debit cards, and gambling sites. Thus, "dirty assets" can end up in wallets not only of scammers. A law-abiding user may quite accidentally become the owner of such "dirty cryptocurrency" — by receiving it as payment or buying it on unregulated platforms.
🟠 Why is "dirty cryptocurrency" dangerous?
The problem is that if "dirty" cryptocurrencies enter your wallet, the rest of the coins in it will be compromised — the exchange will assign an increased risk level to the entire wallet. Exchange security systems regard all assets and transactions of the address as equally "dirty" and suspicious. As a result, assets may be blocked on the account if the wallet belongs to an exchange. In some jurisdictions, for example, the USA, the user may face a heavy fine.
🔍 Upon seeing a risky transaction, regulated exchanges will require proof of the origin of funds (you have most likely already passed verification). Until all circumstances are clarified, they will simply block the account — this is stated in the user agreement.
ℹ️ Therefore, if you conduct a large number of crypto operations, we advise checking every received transaction and all transactions of counterparties. If help is needed, Info Alliance AML officers (https://t.me/infoalliance_support) will be happy to consult you on all possible questions!
#news #scam #scamriskwarning #crypto #BTC
The Secret Vulnerability in Your Wallet: Don't Copy Your Last Address!
⚠️ Let's talk about Zero Transfers - Zero transactions in the blockchain.
This is a partial vulnerability available in blockchains that allows receiving a zero transaction to any user address or sending such a transaction from that same address. Scammers still use this feature today; although most wallets and blockchain explorers mark these transactions as fraudulent and prevent their data from being copied, there are still applications that allow this to be done.
🔍 The essence of the scheme is that after each of your operations (for example, receiving/sending USDT), a zero transaction is automatically made to your wallet address, where the sender's wallet is very similar to the wallet of a real transaction you conducted. This is done so that in a hurry, you might copy the address of the last transaction and, after checking only the first and last characters, send funds to the scammers. Such wallets can have both the same beginning and end of the address simultaneously.
What does it look like?
✅ Real recipient address: TKnnGBuZhtvsomgU3K9dEdWBHA3UfrKTgV
🙅♂️ Scammer-generated similar address: TKmCKgTkFT4GhVRH7h4vN9cGiGhtfrKTgV
👨🏻💻 Recommendations:
Always take your time to check the entire recipient's wallet address, not just the first and last characters.
If a similar situation has happened to you, contact us — we will help track and recover lost assets!
ℹ️ Info Alliance - everything about crypto security!
#news #scam #scamriskwarning #crypto #Chainlink
This is a partial vulnerability available in blockchains that allows receiving a zero transaction to any user address or sending such a transaction from that same address. Scammers still use this feature today; although most wallets and blockchain explorers mark these transactions as fraudulent and prevent their data from being copied, there are still applications that allow this to be done.
🔍 The essence of the scheme is that after each of your operations (for example, receiving/sending USDT), a zero transaction is automatically made to your wallet address, where the sender's wallet is very similar to the wallet of a real transaction you conducted. This is done so that in a hurry, you might copy the address of the last transaction and, after checking only the first and last characters, send funds to the scammers. Such wallets can have both the same beginning and end of the address simultaneously.
What does it look like?
✅ Real recipient address: TKnnGBuZhtvsomgU3K9dEdWBHA3UfrKTgV
🙅♂️ Scammer-generated similar address: TKmCKgTkFT4GhVRH7h4vN9cGiGhtfrKTgV
👨🏻💻 Recommendations:
Always take your time to check the entire recipient's wallet address, not just the first and last characters.
If a similar situation has happened to you, contact us — we will help track and recover lost assets!
ℹ️ Info Alliance - everything about crypto security!
#news #scam #scamriskwarning #crypto #Chainlink
Logga in för att utforska mer innehåll