Amount Stolen:: $4,600,000
Date:: February 13th, 2024
Tags:: 🔑 👛
Duelbits, a crypto casino and sports betting platform, experienced an exploit on February 13, 2024. The attacker gained access to a Duelbits wallet. The root cause of this exploit appears to be a loss of wallet access control. The attacker stole various assets, including ETH, BNB, BUSD, USDT, SHIBA INU, and ApeCoin, totaling a loss of 4,643,315 USD. The stolen funds were bridged, exchanged to ETH, and transferred to another EOA address.
Searching open source information for the name led us to a GitHub profile of the developer. After establishing contact with the developer, we confirmed that he had fallen victim to the malicious actor pretending to be a recruiter from Capital One in January, 2024. In an email exchange with ReversingLabs, he revealed that he had been contacted from a LinkedIn profile and provided with a link to the GitHub repository as a “homework task.” The developer was asked to “find the bug,” resolve it and push changes that addressed the bug. When the changes were pushed, the fake recruiter asked him to send screenshots of the fixed bug — to make sure that developer executed the project on his machine.
Note: this appears to be a different developer?
Capital One Technical Interview - Python Skills test
-
0x3933924FAf011aE8d24e44beE450b3d78E46a666
-
0x0428eEfB47fB6ffb870C6b9608dA4C72bC7645f5
-
0x07a0594bd0b05c6e11053aec4eec72b4f9306e38 - May 29th, 2024: 1760 ETH in 23 deposits to Tornado Cash. 1 more txn to TC on June 7, 2024
- akamaitechnologies[.]online