The latest crypto scams, hacks and exploits and how to avoid them: Crypto-Sec

New AI scam targets XRP holders

A new artificial intelligence-generated video is circulating YouTube. The likely scam is similar to one that earlier featured an AI-generated Elon Musk, but it now features Ripple co-founder Chris Larsen.

Dramatic music plays throughout the video as the fake Larsen states, “Today is a significant day for everyone who holds XRP.”

He claims that instead of burning 150 million XRP as Ripple usually does on an annual basis, the company is “giving it all back.”

According to copy of the video seen by Cointelegraph, every XRP holder can double their current holdings by visiting the website. Viewers are urged to visit the website in order to not miss out on this “historic” opportunity.

AI-generated video of Chris Larsen. Source: RippleUs.

The video is published on an unlisted page, which prevents it from showing up in searches. This implies that the channel may be sending out links to it through email or other relatively private means, which it may be doing to prevent the video from being discovered by YouTube and taken down.

These emails likely contain a website URL with an XRP Ledger address where victims are asked to send their funds, only to lose them forever. However, Cointelegraph could not determine the website or address being used.

AI-generated scam videos are becoming an increasing problem in the crypto space. A similar video featuring an AI-generated Elon Musk was broadcast during the Bitcoin 2024 conference, and victims lost over $79,000 worth of cryptocurrency because of it.

The scam has become well-known, and the existence of these videos implies that scammers may have given up on the Elon Musk theme, turning to other well-known figures in the cryptocurrency space.

Phish of the week: Trader with 10x gain loses it all from ‘transfer’

On Oct. 14, a trader lost over $300,000 worth of memecoin MicroStrategy 2100 (MSTR2100) in a phishing attack after having wracked up more than 10x in unrealized gains.

The victim signed a transaction transferring their coins to the attacker known on Etherscan as “Fake_Phishing607855.” Given that the receiving account was a known scammer, the sender likely did not understand what they were signing.

Just five days before the attack, on Oct. 8, the trader purchased 335,468 MSTR2100 tokens from the Uniswap crypto exchange for $17,104, at an average price of approximately $0.05 per coin. Then, beginning on Oct. 10, the coin began to pump. It reached an all-time high of $1.58 on Oct. 13 before declining below $1.00 the following day.

MSTR2100 price chart, Oct. 8—Oct. 14. Source: CoinMarketCap.

At the exact time of the attack, 7:20 a.m. UTC on Oct. 14, MSTR2100 was worth approximately $0.56 per coin, making the trader’s stash worth more than $188,000, blockchain data shows. This meant that the trader’s unrealized gains were over $170,000, representing a more than 10x rate of return.

Sadly, the trader never got to cash out their winnings. Before they could close out their successful trade, they transferred their entire stash to a fake phishing account.

Blockchain analytics platform Scam Sniffer detected the strange transaction and reported it on X.

Scam Sniffer did not speculate on what exact method the attacker used to trick the trader. However, phishing scams usually rely on fake websites that pose as trusted apps.

The victim was a frequent user of Uniswap, so they may have fallen prey to a fake version of that exchange. If so, the fake app may have pretended to offer a swap transaction when it was in fact asking the user to sign a simple transfer.

Users can often avoid phishing attacks by carefully inspecting transactions before confirming them.

Internet Archive leaks 31 million passwords

Crypto users with registered Internet Archive accounts may want to review the passwords they used and be extra cautious of emails they receive purporting to be from the site.

According to an Oct. 20 report from NPR, hackers broke into the Internet Archive servers and stole data associated with 31 million user accounts, including each user’s email address and “encrypted passwords” or password hashes.

Users effected by the data breach may be subject to email-based phishing attempts in the near future, as the scammers now know that these users are interested in Internet Archive. In addition, the attackers could use hash-cracking software on the stolen hashes, which could potentially reveal users’ plaintext passwords.

Internet Archive is requiring users to change their passwords, so the attackers shouldn’t be able to access theiraccounts. But if a user happened to use the same password on both Internet Archive and a crypto exchange, the exchange may be at risk of unauthorized access.

Related: Authy 2FA app leaked phone numbers that may be used for text phishing

According to an Oct. 17 blog post from Internet Archive, the attackers also “defaced” the website’s javascript. This forced the team to “bring the site down to access and improve our security.”

As of Oct. 21, two of the site’s services have resumed: Wayback Machine and Archive-It. In addition, the site’s blog is functioning normally. However, all of its other services are still closed, including video and audio streaming, open library ebook borrowing, and other functions.

Service availability message. Source: Internet Archive.

Password breaches like this one continue to pose a threat to crypto users and to web users in general. The web industry is working to replace passwords with passkeys that rely on public-private cryptography and work similarly to a cryptocurrency wallet. However, this transition is only in its beginning stages.

Because of the threat of password breaches, some users have taken to using password managers to secure their passwords. However, those can be breached as well, as happened with LastPass in 2022.