Criminal activity revealed through Telegram snooping, Bloomberg terminals for your NFTs and more!
Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe!
Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.
If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!
Have an awesome week ahead!
Chances are your are a part of numerous Telegram groups and Discord channels that are sitting on mute and have giant notification banners because let’s face it, you never go through all the content. However, both platforms are the prime meeting places for various web3 communities. Discord is inundated with NFT project communities, and Telegram houses everything from airdrops to ‘alpha chats’. If the internet has taught us anything, it is that if something garners attention, it is prone to be targeted for an attack. This edition of the security digest will cover two incidents involving Telegram and Discord - one is a money heist, the other feels like something out of the Jeffrey Epstein case.
This past weekend, Bored Ape Yacht Club’s Discord server was compromised. The hacker was able to compromise community manager Boris Vagner’s and then proceeded to promote various phishing links across the community as well as to Yuga Labs’ Otherside Discord. The hacker was able to scam people of 200ETH. The hack was first noted by on-chain analyst NFTherder who conducted further analysis of 8 other Discord channels that were compromised.
In their assessment, he mentioned that usually scammers are able to pull off something like this via social engineering, but this time, they were able to exploit a Discord bot called Ticket Tool - a bot designed to avoid direct messaging scams. The latest version of the tool had a feature that allowed normal users to bypass permissions and attach web hooks that they can blast to the rest of the Discord, and the rest is history.
Now, if you were not under a rock over the last 2-3 days, you would have most likely come across a Twitter user adyingnobody. In a thread that adyingnobody had written, the individual talked about a Telegram vulnerability that allowed a user to recreate an invite to view the overview page and recent messages within the group without having to join the group. Here is where things get interesting.
From October 2019 - May 2022, the individual collected messages across Telegram of influencers and investors through a script that they had created. adyingnobody monitored messages of ‘influential traders’ in the space and even mentioned this activity as a hobby. Here are some excerpts that were the most interesting:
“For the most popular traders in the community, spying on them became a hobby. From personal events in their lives shared with their closest friend groups, to scams and rugpulls that were created on their way to success, financially and socially on Twitter.”
They went on to talk about various scam artists that had anonymous names, individuals pretending to be who they are not. What was astutely mentioned was how the secure visage of Telegram allowed individuals to feel safer and act more freely. adyingnobody intends on releasing all this information in a 3 part plan:
June 15th: crypto influencers ranging from 800 - 1M in following, and details regarding racism, homophobia, and even sexual assault against members of the crypto community. They also will release information regarding murder and theft of an individual planned by a group of friends.
June 30th: top DeFi project creators, orgies, assault, pedophilia and everything vile under the sun.
July 7: remainder of the content that has been collected over the 3 year time span.
Truth, or engagement farming? Either way they have a lot of eyeballs on their account.
Security does not only pertain to keeping hardware safe, changing passwords and not clicking malicious links. Cybersecurity is the understanding that everything that we ever do has a digital footprint. This is a system that has a permanent memory, especially as we venture further into web3.
UPDATE: Adyingnobody’s Twitter account was suspended, and they recently released the following information through their wallet address:
There is no release tomorrow this is all a hoax
There is no secret orgies or assassinations
There is no twitter employee hiding information
There is no sexual assault, no people and influencers stealing from users or people using alts to prop up projects
These are all fabrications made by myself for attention
I will be dead from suicide you have nothing to worry about so do not bother finding me
Do not send any money or funds to this address and move on
If any message that comes from this address in the future or any messages claim to be dead man switches then assume the private key for this address is compromised and assume it is a fake message by someone else bye
Guess that’s settled.
How to stay safe you ask?
If you use Discord, and are a part of NFT communities, verify your role and then disconnect your wallet from the verifying service - this is usually Collab land. It is also important to note that not all NFT projects are designed with the best interest in mind. So be wary of which NFT Discord channels you grant access into your wallet.
With Telegram, as on any messaging application or social media - you bear the risk of what you share. So, it’s important to be mindful of the fact that the internet is forever - we leave it up to you to decide what to do with this information.
Being an NFT degen is hard work, but Curio can make your life a whole lot simpler. Curio has designed a database where you can track collections that you would like to purchase NFTs, check what NFTs are being launched and get an overview of the NFT market as a whole. Think of OpenSea, but on steroids.
What we liked about this application is that it combines the best of OpenSea features of sales data with the capabilities of Rarity Sniper and the likes that allows us to learn more about the collections - traits and rarity being two of the major searched features. Curio has a neat feature where it tells you the best deal that you could be getting. This feature uses a metric called Rarity points per ETH to determine which is the best deal - pretty neat. Curio has managed to raise $3.5M by some heavy hitters in the web3 space - Gary Vee, Naval Ravikant, JD Kanani and Devin Finzer just to name a few.
We don’t want to do all the talking, so here is the demo for Curio.
Have you been wondering what this whole ETH merge craze is about? Here is a thread that we found that will explain the Ethereum merge in simple terms.
u/Stompya did everyone a favour by sorting subreddits by the size of their community. Any guesses how large the $DOGE community is on Reddit?
Is Your Crypto Safe?
Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!
Here’s some alpha 🚀
Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!
Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 25% off on their purchase and you make $50 per sale!
Have questions regarding out product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.