The expert told how he was able to return $ 4,000 in cryptocurrency to the victim of a phishing attack
Harry Denley, director of security for the MyCrypto service, posted on his blog a story about how he managed to help a user who became a victim of phishing.
Denley found a fake version of Trust Wallet in the Google Play store with a high rating, a lot of reviews and downloads.
At startup, the application prompted the user to enter a recovery phrase, and after that it gave an error message. This limited its functionality..
After unpacking the application, Denley discovered a vulnerability in the attackers’ web server, which consisted in a public file with error logs. The application code passed all data to the API in the Telegram messenger. This allowed Denly to spam the bot, as a result of which he began to upload all information to the error logs..
He was also able to read the messages that the attackers exchanged among themselves. It turned out that one of them uses the nickname “George” and writes in Turkish. Among other things, they sent messages about the amount of assets on the victims’ wallets and phrases for their recovery..
Subsequently, hackers noticed Denly’s activity, but during that time he managed to withdraw “a good amount of funds” from the hacked wallets. After that, he tried to find the owners of these wallets and came across one Twitter user who reported that $ 10,000 was stolen from him through the Trust Wallet application. Denley asked him to confirm the ownership of the address by signing a certain message with a key and returned the intercepted assets, the value of which, according to the victim, was almost $ 4,000..
Users, who could install a malicious wallet and enter the recovery phrase into it, Denly suggests creating a new address and transferring all assets to it. He also recommends paying special attention to the authenticity of cryptocurrency applications..
It is easy to buy cryptocurrency on our exchange omg usd p2pb2b.io