Check out the biggest breaking crypto market updates for today:
Sam Bankman-Fried Found ‘Chilling’ In JFK Airport Lounge On $250M Bail Bond
Images of FTX founder Sam Bankman-Fried “chilling” in the business class lounge at New York’s John F. Kennedy International Airport, almost three days after being released on a personal recognisance bail bond, have been trending all over Crypto Twitter.
The images, which were shared on Twitter by user @litcapital, show SBF sitting in a lounge chair with access to a laptop and mobile phone.
He was reportedly accompanied by his parents, FBI agents and lawyers.
Subsequent images showed SBF on an American Airlines flight disguised with a beanie and seated next to a suited executive in first class:
The images ignited discussions around how SBF told Maxine Waters, chair of the United States House Financial Services Committee, that he had no access to his personal or professional data despite having access to his laptop and mobile device.
Some also wondered how SBF was able to afford the business class tickets amid FTX’s bankruptcy proceedings. “Great to see customer funds are still being put to good use!” said a community member.
A recent court filing revealed that defunct crypto exchange FTX paid a retainer of $12 million to Sullivan & Cromwell LLP (S&C) right before filing for Chapter 11 bankruptcy.
Since Aug. 26, 2022, FTX made payments worth nearly $3.5 million to S&C to avail their legal services.
Defrost Finance Hacked In Attack Some Say May Have Been A Rug Pull
According to an announcement from Defrost Finance, the DeFi protocol is currently being investigated for a hack.
The announcement came after investors reported losing their staked MELT and AVAX tokens from their MetaMask wallets.
However, according to blockchain security firm Peckshield’s “community intel,” the exploit could have been a rug pull that made off with $12 million. Security firm Certik has also stated that it had been unable to contact members of the team.
A rug pull, or exit scam, can occur when developers create and establish a liquidity pool and then remove the funds and disappear after investors have bought the related token. The total value of funds locked on Defrost Finance, which peaked at $95 million in February, was about $13 million in recent weeks, DeFi Lalama data shows. That dropped to less than $93,000 on December 25th.
If the attack is a rug pull, it’s an unusual one. Usually the team behind the scheme goes silent and can’t be contacted. Defrost Finance, however, announced the attack and said in a tweet that it’s willing to negotiate with the people responsible for a return of the funds.
Still, an attempt to reach the firm through Twitter failed because direct messages have been disabled on the account. Blockchain security firm Certik tweeted Dec. 26 that it tried “to contact multiple members of the team but have had no response.” An accompanying graphic said it confirmed DeFrost as an exit scam.
DeFiYield, which offers a security layer for smart contracts to help investors avoid getting scammed or hacked alongside a cross-chain digital asset management platform, said it conducted an audit of Defrost Finance a year ago, and highlighted the smart contract vulnerability used in the hack.
Last year, crypto investors lost over $2.8 billion to rug pulls, according to a report by Chainalysis. Rug pulls accounted for 37% of the over $7.7 billion in total illicit revenue from crypto scams that year.
The 2022 figure is likely to be higher: a report from blockchain risk monitoring firm Solidus Labs showed that fraudsters deployed over 117,000 scam tokens through December 1, 41% more than in all of 2021.
400M Twitter Users’ Data Is Reportedly On Sale In The Black Market
According to a tweet by cybercrime intelligence firm Hudson Rock, a private database containing private emails and linked phone numbers belonging to 400 million Twitter users is up for sale on the black market.
Hudson Rock stated,
“The private database contains devastating amounts of information including emails and phone numbers of high-profile users such as AOC, Kevin O’Leary, Vitalik Buterin & more” adding, “In the post, the threat actor claims the data was obtained in early 2022 due to a vulnerability in Twitter, as well as attempting to extort Elon Musk to buy the data or face GDPR lawsuits.”
Hudson Rock said that while it has not been able to fully verify the hacker’s claims given the number of accounts, it said that an “independent verification of the data itself appears to be legitimate.”
Web3 security firm DeFiYield also had a look at 1,000 accounts given as a sample by the hacker and verified that the data is “real.” It also reached out to the hacker via Telegram and noted that they are actively waiting for a buyer there.
If found true, the breach could be a significant cause for concern for Crypto Twitter users, particularly those who operate under a pseudonym.
However, some users have highlighted that such a large-scale breach is hard to believe, given that the current amount of active monthly users reportedly sits at around 450 million.
At the time of writing, the purported hacker still has a post up on Breached advertising the database to b buyers. It also has a specific call to action for Elon Musk to pay $276 million to avoid having the data sold and face a fine from the General Data Protection Regulation agency.
If Musk pays the fee, the hacker says they will delete the data and it will not be sold to anyone else “to prevent a lot of celebrities and politicians from Phishing, Crypto scams, Sim swapping, Doxxing and other things.”
The breached data in question is understood to have come from the “Zero-Day Hack” on Twitter, in which an application programming interface vulnerability from June 2021 was exploited before it was patched in January this year. The bug essentially allowed hackers to scrape private info, which they then compiled into databases to sell on the dark web.
Alongside this supposed database, two others have previously been identified, with one consisting of around 5.5 million users and another thought to contain as many as 17 million users, according to a November 27 report from Bleeping Computer.
The dangers of having such info leaked online include targeted phishing attempts via text and email, sim swap attacks to get ahold of accounts and the doxing of private information.
People are being advised to take precautions such as making sure two-factor authentication settings are turned on for their various accounts, via an app and not their phone number, along with changing their passwords and storing them securely and also using a private self-hosted crypto wallet.