Mastodoning JPNov 23, 2022
Sean Gallagher  🐀 

I was trying to reach someone in threat research at Crypto dot com. But apparently they either don't have a security department anymore or no one knows who to route my communications to. Rumor has it they fired a bunch of their security staff recently.

Anyone know anyone who is there? I have a scam that specifically targets Crypto dot com wallets, and nobody to coordinate research with.

Nov 23, 2022 at 2:08pmWeb
Show threadDave Troy Nov 23, 2022
@thepacketrat something tells me infosec is not their top priority right now.
Show threadseadevNov 23, 2022
@thepacketrat there is a known phishing campaign targeting their brand and others right now that redirects users to “customer support” to have their account drained.
Show threadNicholas WeaverNov 23, 2022
@thepacketrat I doubt they care. A gazillion threat actors have targeted their users, and if an account gets taken over and looted, the cryptocurrency space is a huge proponent in 'blame the user security', because the liability for the account being looted doesn't fall to the exchange.
Show threadGòrdNov 23, 2022
@thepacketrat well that’s concerning. If genesis implodes it won’t really matter 😂
Show thread⚯ Michel de Cryptadamus ⚯Nov 23, 2022

@thepacketrat you may be interested in this 🧵 https://twitter.com/Cryptadamist/status/1595125635567214593

(or in the Dune Analytics CryptoDotCom dashboard contained therein)

⚯ M Cryptadamus ⚯ | @[email protected] on Twitter

“🧵1/Ω Two addresses pumped a cool $80M in "stablecoins" into #CryptoDotCom / #CryptoCom this morning - $60M in $BUSD - $20M in $USDC Most recent CDC cash injections were $USDC denominated. Now it's $BUSD. Something has changed.”

Twitter
Show threadSkip HuntNov 23, 2022
@thepacketrat I put some images there a year or so ago. Had an issue and it was nearly impossible to get any support at all. In fact, just the experience of attempting to interact with them felt like they themselves were doing the scamming. Abandoned them shortly thereafter
Show threadCassandrichNov 23, 2022
@thepacketrat Arguably just letting it be is the greater social good. 🤪 Or just dropping it publicly. 😈
Show threadSean Gallagher  🐀 Nov 23, 2022
@dalias I am doing disclosures to others in the scam scope, but yeah it’ll be public soon enough.
Show threadduncancmtNov 23, 2022
@thepacketrat Immunefi has a bug bounty for Cronos. Maybe they have appropriate contacts? https://immunefi.com/bounty/cronos/
Cronos Bug Bounties | Immunefi

Find bugs and vulnerabilities on Cronos and get paid up to $1,337,133.

Immunefi
Show threadJonah SteinNov 23, 2022
@thepacketrat Not sure but @briankrebs has lots of experience approaching companies about exploits.
Show threadBrianKrebsNov 24, 2022
@jonahstein @thepacketrat happy to help if I can. Always reachable at krebsonsecurity @ gmail dot com
Show threadEl Jefe "Nov 23, 2022
@thepacketrat this is glorious