social engineering attacks

On April 16th, zkSync released a detailed report on Twitter account theft, stating that \”the impersonator forged their identity and claimed to be the official representative of zkS

It is reported that according to the latest research report released by the network security company Darktrace, attackers use generative AI such as ChatGPT to increase the number o

On March 12, PeopleDAO tweets showed that when PeopleDAO’s community vault on the digital asset management platform Safe (formerly Gnosis Safe) issued a monthly contributor award on March 6, it was stolen 76 ETHs (about $120000) by hackers through social engineering attacks. This event has nothing to do with the PEOPLE token contract. PeopleDAO collects monthly contributor reward information through Google Form. The accounting principal mistakenly shared a link with editing rights in the public channel of Discord. After the hacker obtained editing rights through the link, he inserted a payment of 76 ETHs to his address in the form and set it as invisible. Due to the malicious concealment, the team leader did not find it during the review. After downloading the csv file with insertef data, it was submitted to Safe’s CSV Airdrop tool for reward distribution. Since there were 80 transfers in the transaction, 6 of the 9 multi-signature accounts did not notice the malicious transfer. After…