SlowMist Warns About Fake Journalists Orchestrating Crypto Thefts

Hack Scam
Last updated:
Author
Ruholamin Haqshanas
Author Categories
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / Sergey Nivens

Security firm SlowMist has issued a warning about a wave of crypto thefts orchestrated by fake journalists. 

In a recent Medium post, the company said the first instance of this malicious campaign was reported on October 14 when a Twitter user named Masiwei alerted the community about a targeted attack on friend.tech for account theft. 

SlowMist’s security team conducted an analysis and discovered that the attackers were sending links containing malicious JavaScript scripts. 

The goal was to trick users into adding these links as bookmarks, laying the groundwork for future malicious activities. 

Shortly after, on October 17, a victim named Double Wan reported that their assets on friend.tech were stolen.

“The SlowMist Security Team immediately assisted the victim in tracking and investigating the theft. Through the efforts of the SlowMist team and the cooperation of OKX, the stolen funds were successfully intercepted,” the report said. 

How Did the Attackers Pulled Off the Hacks?

In order to pull off the hack, the attackers posed as journalists from reputable news agencies and even managed to accumulate a substantial following on Twitter.They then targeted their victims with a malicious JavaScript script. The attackers focused on Key Opinion Leaders (KOLs) as their primary targets, banking on their popularity and the likelihood of receiving interview invitations.Once an interview was scheduled, the attackers would guide the victims to join the conversation on Telegram, providing an interview outline to establish credibility.After the interview concluded, the attackers would ask the victims to fill out a form and open a phishing link provided. This link, under the guise of verification, aimed to deceive users into revealing their friend.tech account information. The victims were instructed to drag a seemingly innocuous “Verify” button to their bookmark bar, which contained the malicious JavaScript script. When clicked, this script would trick users into revealing their friend.tech account password and the associated tokens stored in the embedded wallet Privy, putting both the account and funds at risk of being stolen.

How to Protect Against Phishing Scams

To protect against such phishing attacks, SlowMist recommended users to increase awareness of social engineering attacks, exercise caution when clicking on unknown links, and learn to identify phishing links by checking for misspellings or irregularities in domain names. Furthermore, users are advised to install anti-phishing plugins, like MetaMask’s recently-launched alert feature.As reported, hackers have stolen millions worth of digital assets by performing SIM-swapping attacks on friend.tech users. According to Manifold Trading, a company dedicated to developing tools for the industry, $20 million out of friend.tech’s total locked value of $50 million is at risk. “If you assume 1/3 of FriendTech accounts are connected to phone numbers, that’s $20M at risk from sim-swaps,” the company wrote in a recent post on X. Manifold Trading also noted that friend.tech’s current setup “technically allows a rogue dev to reconstruct private keys via Shamir-Secret-Sharing shares that they can recover from user data in their database,” concluding that the whole TVL is at risk.

More Articles

Blockchain News
Russia’s Zservers Sanctioned by US, UK, and Australia for Aiding LockBit Ransomware
Hassan Shittu
Hassan Shittu
2025-02-12 10:43:48
Price Analysis
Is Bitcoin’s Supercycle Still Alive? Economist Says BTC Could Be Set for a Massive Surge
Arslan Butt
Arslan Butt
2025-02-12 10:33:11
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors