Investing

Wallet Guard Reveals Massive DDoS Attacks, Says It's Ongoing but Mitigated

gorodenkoff / iStock

On Thursday, March 16th, the security extension Wallet Guard revealed it has been defending a massive DDoS attack combined with a bot attack on its Twitter account since March 13th. At its peak, the attack featured over 600 million attacks per minute over Tor exit nodes. It is still ongoing, but Wallet Guard stated it is fully mitigated.

Wallet Guard Defending Against 3-Day-Long Attack

Through its Twitter account, Wallet Guard revealed it has been defending against a well-organized DDoS attack combined with a bot assault on its social media presence since March 13th. The post-mortem published on its website also explains that the attackers have been reacting to Wallet Guard’s defense efforts by changing strategies and have also struck another security extension, JoinFire.

Wallet Guard’s Twitter account is currently locked as a precaution due to the bot assault and is awaiting a response from the social media platform. The post-mortem postulates that the attack was motivated by the recent appearance of certain wallet drainers that abuse Blur approvals:

We believe this attack was motivated due to the recent introduction of wallet drainers that leverage active Blur approvals to drain a victim in one transaction. This attack is not just on us but all of end-user security; as soon as we mitigated the attackers, they switched over to attacking another security extension, JoinFire and began botting our Twitter account with followers to get it suspended to cut off communication to our users.

A DDoS—distributed denial of service—occurs when several systems flood a targeted system’s bandwidth or resources, usually in an effort to make the targeted system unavailable to its intended users. A DDoS attack employs more than one distinct IP address or machine, frequently coming from thousands of hosts that are usually malware-infected.

Crypto Hacks Remain Commonplace in 2023

Despite the tireless efforts of the community, crypto-related hacks remained very commonplace throughout 2022, and are still very much present in the current year. Late last December, it was reported that the previous year was record-braking as it saw the theft of $3.7 billion in various digital-asset-related attacks.

Already in early January, hackers managed to drain $3.4 million worth of GMX tokens from a DeFi user in a phishing attack. The year also saw numerous notable hijacks of prominent Twitter accounts in an attempt to lure users into falling victim to various cryptocurrency scams. In just a few days in late January, the social media accounts of the online broker Robinhood and the NFT project Azuki were infiltrated to promote different fraudulent projects. Not long after, the official account of a government official from India was similarly misused.

The year also saw the community, and digital asset companies, fight back against hackers and scammers. Late in February, the decentralized platform Oasis revealed it has managed to exploit the exploiter behind last year’s Wormhole attack and steal back the assets. Following the collapse of FTX last November, several “citizen detectives” also rose to prominence with the most notable being ZachXBT on Twitter and Coffeezilla on Youtube who also recently managed to trick a serial scammer into outing himself in a joint scheme.

This article originally appeared on The Tokenist

Want to Retire Early? Start Here (Sponsor)

Want retirement to come a few years earlier than you’d planned? Or are you ready to retire now, but want an extra set of eyes on your finances?

Now you can speak with up to 3 financial experts in your area for FREE. By simply clicking here you can begin to match with financial professionals who can help you build your plan to retire early. And the best part? The first conversation with them is free.

Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.

 

Have questions about retirement or personal finance? Email us at [email protected]!

By emailing your questions to 24/7 Wall St., you agree to have them published anonymously on a673b.bigscoots-temp.com.

By submitting your story, you understand and agree that we may use your story, or versions of it, in all media and platforms, including via third parties.

Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.