• 16 October, 2024
News

Slowmist Issues Warning For Crypto Users in Wake of Apple’s Messaging Exploit

Slowmist Issues Warning For Crypto Users in Wake of Apple’s Messaging Exploit

Apple recently released security updates to neutralize two zero-day exploits. These vulnerabilities were part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus, and targeted a member of a civil society organization in Washington, D.C. Slowmist has issued an urgent warning in this context, advising crypto professionals to promptly update their Apple products to mitigate potential risks.

The vulnerabilities were discovered by Citizen Lab, an internet watchdog group, which then reported them to Apple. In response, the tech giant issued a patch to address these security loopholes. These vulnerabilities were particularly concerning as PassKit attachments containing malicious images were delivered through messages, requiring no interaction from the victim to compromise the device.

This Apple incident comes on the heels of another significant cybersecurity event that jolted the cryptocurrency community. On September 6, a phishing attack led to a staggering loss of $24.23 million for a prominent investor in the crypto space. Identified by the Ethereum address “0x13e382”, this investor, often referred to as a “crypto whale”, had significant holdings in Lido Staked ETH (stETH) and Rocket Pool ETH (rETH).

Security firm PeckShield was among the first to report the incident, via a Twitter thread:

The attacker executed the theft with remarkable precision, carrying it out in two separate transactions. The first transaction involved 9,579 stETH, and the second comprised 4,851 rETH. At the time of the theft, these assets were valued at $15.63 million and $8.58 million, respectively. The stolen assets were then converted into 13,785 ETH and 1.64 million Dai. A significant portion of the Dai was transferred to the cryptocurrency exchange FixedFloat.

Web3 security firm Scam Sniffer disclosed that the investor had unintentionally granted token permissions to the fraudsters. These permissions were granted through “Increase Allowance” transactions, a feature of ERC-20 tokens that enables third parties to spend tokens via smart contracts. The stolen funds were partly transferred to FixedFloat, while the remainder was dispersed across three other addresses:

For individuals who fell victim to this scam, Slowmist advised checking their Blockscan Chat and completing a recovery form available on their website. The firm noted that additional verification would be necessary to confirm the victim’s identity, after which some information about the scammer could be disclosed.

This event has amplified existing concerns about the adequacy of security measures among liquid staking providers. Prior to this incident, several Ethereum liquid staking providers, including Rocket Pool and StakeWise, had initiated self-limit rules, vowing not to control more than 22% of the Ethereum staking market.The Apple security update and the phishing attack serve as poignant reminders that cybersecurity threats are a universal concern. They are not limited to individual users but extend to large-scale investors in the cryptocurrency arena. Despite technological advancements in security protocols, the crypto industry remains an attractive target for sophisticated phishing attacks and other forms of cybercrime.

Bitcoin Surges 2% to $26.3k Sparking Investor Confidence
Read Previous

Bitcoin Surges 2% to $26.3k Sparking Investor Confidence

XRP Diamond Pattern Unfolds, Showcasing Extremely Bullish Signs
Read Next

XRP Diamond Pattern Unfolds, Showcasing Extremely Bullish Signs