Crypto Security Report: October 2024

Featuring DPRK operatives infiltrating web3 companies under stolen identities, MetaMask's NGRAVE hardware wallet integration for enhanced user protection, Radiant Capital's $50 million loss via compromised developer devices, and more.

7 minutes
Crypto Security Report: October 2024

Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.

October 2024 was a spooky month for all the wrong reasons. Radiant Capital lost $50 million to one of the most sophisticated DeFi breaches on record—malware-compromised hardware wallets that made malicious transactions look legitimate. DPRK operatives continued infiltrating crypto companies under stolen identities, and the US Treasury sanctioned two exchanges tied to $51 million in Russian ransomware laundering. Meanwhile, Inferno Drainer handed its entire operation over to Angel Drainer, not exactly the kind of scammer succession planning anyone wants to see. On the brighter side, MetaMask continued to fortify the security protections we offer users. MetaMask launched native NGRAVE hardware wallet integration, and expanded its phishing defense work with ChainPatrol. The full breakdown is below, but first...

Robert Ettinger, author of The Prospect of Immortality, is credited as "the father of cryonics." His body is still cryopreserved, following his death in 2011.

NGRAVE hardware wallet integration launches for MetaMask users

MetaMask has launched native integration with NGRAVE, creator of the ZERO hardware wallet. his collaboration means MetaMask users can now enjoy the advanced protection of NGRAVE's technology while moving through the world of web3 with confidence.

"We are excited to partner with NGRAVE to provide our users with another highly secure option for managing their crypto and engaging with the Web3 ecosystem,” shares MetaMask Group Product Manager Alex Jupiter. “MetaMask is all about giving users control over their digital assets, and this integration further empowers them to do so in a way that combines security and convenience."

ChainPatrol and MetaMask phishing warning system blocks malicious URLs in real time

MetaMask Security employs a multi-pronged approach to keeping users safe, including a phishing warning page that tells you when you’re about to interact with a known malicious URL. This warning is powered by Eth-Phishing-Detect with the help of ChainPatrol, the Security Alliance (SEAL), and over 100 community members providing threat intelligence.

Additionally, ChainPatrol is tirelessly helping take down malicious sites that impersonate Consensys brands, including MetaMask and Linea, to further protect users. ChainPatrol offers a public search page to increase visibility, allowing users to check blocklist statuses across various crypto security systems, access detailed reports, and understand the reasons behind the blocking of specific domains.

MetaMask ranks #1 on Coinspect’s top 5 most secure wallets

We're proud of ourselves, and wanted to share the news: MetaMask is ranked #1 most secure wallet on Coinspect. The Security Score, ranging from 0 to 100, is based on four wallet security checklists, which include decentralized app permissions, intent verification, physical access, and threat prevention.

MetaMask's Taylor Monahan uncovers North Koreans infiltrating crypto

DPRK operatives are infiltrating the crypto industry, to fund the regime’s nuclear program by getting hired at crypto companies and stealing funds. The latest Unchained podcast episode features insights from Taylor Monahan, lead security researcher at MetaMask, and Sam Kessler, CoinDesk’s deputy managing editor for tech and protocols. They discuss the methods North Koreans use to embed themselves within the crypto space, the red flags companies should watch out for, and how these operatives utilize blockchain technology to anonymize transactions.

OFAC sanctions Cryptex and PM2BTC exchanges linked to $51M in Russian ransomware laundering

The US Treasury’s Office of Foreign Assets Control (OFAC) recently sanctioned two crypto exchanges, Cryptex and PM2BTC, linked to laundering funds for Russian ransomware gangs and cybercriminals. Cryptex processed over $51 million tied to ransomware, while PM2BTC enabled currency conversions for sanctioned Russian entities. These sanctions aim to disrupt financial networks supporting Russian cybercrime, and prevent U.S. entities from transacting with these exchanges.

Plainshift's minimum viable OPSEC checklist for blockchain developers

“Recently, it’s become apparent to me once more just how poor the state of operational security in the blockchain industry is,” begins this in-depth deep dive. And honestly, it’s hard to argue against this hot take. Plainshift's entire article is definitely worth a read, but the author who goes by the handle Sleepy was kind enough to also create a checklist if you’re short on time.

Radiant Capital $50 million breach targets developer hardware wallets with advanced malware

What happened

Radiant Capital suffered a $50 million loss due to a sophisticated security breach targeting their development team. Attackers compromised devices with malware to execute unauthorized transactions. This incident, focusing on the development team, emphasizes the extreme measures threat actors will take, and the importance of vigilance in cybersecurity best practices.

How users can protect themselves

To enhance personal security and mitigate the risk of similar attacks, users should:

  1. Avoid blind signing: Always understand and verify the details of any transaction before signing, mainly when using hardware wallets. Blind signing can expose users to unauthorized transactions crafted by attackers.

  2. Follow official announcements: Stay updated with official communications from trusted platforms. Official announcements are crucial

DPRK IT workers infiltrate Western crypto companies under stolen identities

What happened

Researchers have identified a series of employment fraud schemes linked to the North Korean government, where nationals use stolen or falsified identities to secure jobs in Western companies. These schemes, documented in the US, UK, and Australia, involve various deceptive practices, including reluctance to appear on camera. Part of a broader campaign to generate revenue for North Korea, these activities have been associated with the NICKEL TAPESTRY threat group, and contribute to the country's weapons programs. Recent operations, such as the Contagious Interview campaign, involve elaborate fake interview processes delivering malware to job candidates in the tech and cryptocurrency sectors. The US Justice Department has also highlighted a multi-year IT worker fraud scheme generating significant revenue for North Korea and evading sanctions.

How users can protect themselves

Organizations can protect themselves from these sophisticated fraud schemes by implementing thorough verification processes for candidate identities, including checks on documentation and conducting in-person or video interviews. Monitoring for unusual behavior during interviews can also help identify potential fraud. Employers should be cautious of requests to change addresses or route payments to money transfer services during onboarding. Additionally, IT staff should limit unauthorized remote access tools, and restrict access to non-essential systems, mitigating the risk of intellectual property theft and unauthorized revenue generation for North Korea.

Inferno Drainer transfers operations to Angel Drainer, escalating wallet-drain threats

Summary

The crypto security landscape faces a potential escalation as Inferno Drainer, a notorious service known for facilitating crypto wallet thefts, has transferred its operations to Angel Drainer. This move could mark a new, more dangerous phase in crypto-draining activities. Inferno's decision to hand over its platform, including its extensive code base and features, to Angel Drainer is based on confidence in Angel's capability to manage and maintain the service. This transition is expected to keep clients' existing functionalities intact. Still, it raises concerns about the strengthened capabilities of wallet drainers, which have already contributed to significant losses in the crypto community.

How users can protect themselves

Given the growing threats in the crypto-draining ecosystem, individuals should exercise increased caution. Protecting oneself involves being vigilant about phishing attempts, often through fake social media accounts and websites. Users should double-check the authenticity of any crypto-related communication, and avoid clicking on suspicious links. Implementing robust security measures for crypto wallets, such as using hardware wallets and enabling multi-factor authentication, can provide additional layers of protection. Staying informed about the latest security threats and following best practices recommended by crypto security experts can help mitigate the risk of falling victim to sophisticated drainers.


This October 2024 report covered the Radiant Capital $50 million breach via compromised developer hardware wallets, DPRK operatives infiltrating crypto companies under stolen identities, and Inferno Drainer transferring its operation to Angel Drainer. Browse previous editions of the MetaMask crypto security report for more threats, trends, and tips for staying safe across the ecosystem.

  • Luker
    Luker

      Jen Luker, known by most as just Luker, is the Director of Product Security at Consensys, where she leads the frontline defenders who protect millions of users from vulnerabilities, emerging threats, and malicious actors across decentralized tech. An active participant in the Ethereum ecosystem since 2017, she has held key roles including Editor at ETHNews and Project Manager at MyCrypto. Luker is a regular speaker at industry conferences, the author of MetaMask's monthly Crypto Security Report, and an official ETH Security Badge holder as designated by The DAO. She's also a passionate advocate for continuous education and security awareness as essential pillars for the future of Ethereum and blockchain technology.

      Read all articles