SlideShare a Scribd company logo

Web3 + scams = It's a match

Zoltan Balazs, profile picture
Zoltan Balazs

The document discusses various scams and vulnerabilities related to cryptocurrency and web3 technologies. It begins by introducing Zoltan Balazs and his work researching vulnerabilities. It then describes several types of scams, including rug pulls, giveaway scams, advance fee fraud, and hardware wallet scams. Best practices are suggested, such as being wary of unsolicited messages, verifying sources of apps/dapps, and using strong passwords and hardware wallets to protect funds. The overall message is that web3 and cryptocurrency technologies have enabled numerous scams that have impacted many users.

Internet
1 of 133
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Web3 + scams = HiTB Singapore, 2022 Zoltan Balazs, CUJO AI
Web3 + scams = It's a match
Head of Vulnerability Research Lab @ CUJO AI
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Dif fi e-Hellman key exchange, to bypass exploit detection appliances 
 https://www.mrg-ef fi tas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/
Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Dif fi e-Hellman key exchange, to bypass exploit detection appliances 
 https://www.mrg-ef fi tas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/ Co-organizer of the Hackersuli meetup
 Programme committee member of the Hacktivity conference
 Volunteer at IoTVillage
Web3 + scams = It's a match
I ❤ Singapore
I ❤ Singapore
I ❤ Singapore
I ❤ Singapore
What and why
What and why This is a 2 hour presentation compressed into 25 minutes
What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts
What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts I love playing with new technologies
What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts I love playing with new technologies I fi nd blockchain + Web3 fascinating
This presentation is NOT about/for
This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!!
This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers
This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in
This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in Crypto exchange hacks - see six/David's presentation
This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in Crypto exchange hacks - see six/David's presentation Cryptocurrency is used as a form of payment, e.g. ransomware
How did we get here?
How did we get here? Lot of people got rich from cryptocurrencies
How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies
How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD
How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000
How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000 New complex technology with crappy UI
How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000 New complex technology with crappy UI What could possibly go wrong?
Web3 + scams = It's a match
Web3 + scams = It's a match
What is Bitcoin anyway? Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
What is Bitcoin anyway? Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
What is Bitcoin anyway? https://youtu.be/5AN5veSPfY4 Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
Web3 + scams = It's a match
Web3 + scams = It's a match
Introducing the lamb-o-meter
Web3 + scams = It's a match
Step 1: Buy a lot from something what is cheap and has low volume
Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING
Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top
Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT
Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT Optional Step 5: Short on top
Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT Optional Step 5: Short on top
Rug pull
Rug pull Similar to pump and dump
Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever
Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
Giveaway scam
Giveaway scam
Giveaway scam
Giveaway scam
Giveaway scam
Giveaway scam
Advance fee fraud https://www.proofpoint.com/us/blog/threat-insight/ advance-fee-fraud-emergence-elaborate-crypto- schemes
Advance fee fraud https://www.proofpoint.com/us/blog/threat-insight/ advance-fee-fraud-emergence-elaborate-crypto- schemes
Advance fee fraud https://www.proofpoint.com/us/blog/threat-insight/ advance-fee-fraud-emergence-elaborate-crypto- schemes
Advance fee fraud https://www.proofpoint.com/us/blog/threat-insight/ advance-fee-fraud-emergence-elaborate-crypto- schemes
Advance fee fraud https://www.proofpoint.com/us/blog/threat-insight/ advance-fee-fraud-emergence-elaborate-crypto- schemes
What is an NFT anyway? https://twitter.com/zh4ck/nft https://etherscan.io/nft/0x06012c8cf97bead5deae237070f9587f8e7a266d/634517 https://etherscan.io/tx/ 0xfe21bd24d7748890c4deb2453bcd22ab451349fdacb5e812422e16772a664723#eventlog https://etherscan.io/address/0xb77feddb7e627a78140a2a32cac65a49ed1dba8e#code
The “magical” world of NFTs … 1 ETH = 1700 USD
The “magical” world of NFTs … 1 ETH = 1700 USD
The “magical” world of NFTs … 1 ETH = 1700 USD
The “magical” world of NFTs … Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Eminem - 123.45 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Eminem - 123.45 ETH Paris Hilton BAYC - 119 ETH https://etherscan.io/token/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d#readContract https://ipfs.io/ipfs/QmeSjSinHpPnmXmspMjwiXyN6zS4E9zccariGR3jxcaWtq/9055 
 https://cid.ipfs.io/#QmTHcV6mGxHGeeXCnYtV129eRiR8Exni4sT8dDikBWBgzY 1 ETH = 1700 USD
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
https://www.youtube.com/watch? v=IjtPe1h4Ca0
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Web3 + scams = It's a match
Discord scam
Discord scam
Discord servers hacked via bookmarklets Discord scam
Discord servers hacked via bookmarklets Discord scam
Discord servers hacked via bookmarklets Discord scam
Discord servers hacked via bookmarklets Discord scam
Web3 + scams = It's a match
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
HW wallets - Ledger, Trezor
HW wallets - Ledger, Trezor
HW wallets - Ledger, Trezor
Best practices
Best practices don’t trust random people (or celebrities) on social media
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet take time, don’t rush
Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet take time, don’t rush install security extensions like "Wallet Guard" or "Sunrise: NFT scam protector"
Conclusion I can send white-paper if you want
Hack the planet One computer at a time zoltan.balazs@cujo.com https://hu.linkedin.com/in/zbalazs Twitter – @zh4ck www.slideshare.net/bz98 JumpESPJump.blogspot.com

More Related Content

PDF
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
 
PPTX
Embracing Legacy: Learnings from Argentum Online
RequitoLucas
 
PDF
Adversary Pattern Analysis - A Journey with APNIC Honeypot
A. S. M. Shamim Reza
 
PPTX
BITcoin Presentation Financial Management.pptx
BilalAdib
 
PDF
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Casey Ellis
 
PPTX
Hacking the world
Asian School of Cyber Laws
 
PDF
Drupal Camp Bristol 2017 - Website insecurity
George Boobyer
 
PDF
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
 
Embracing Legacy: Learnings from Argentum Online
RequitoLucas
 
Adversary Pattern Analysis - A Journey with APNIC Honeypot
A. S. M. Shamim Reza
 
BITcoin Presentation Financial Management.pptx
BilalAdib
 
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Casey Ellis
 
Hacking the world
Asian School of Cyber Laws
 
Drupal Camp Bristol 2017 - Website insecurity
George Boobyer
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 

Similar to Web3 + scams = It's a match (20)

PPTX
Hacking and Cyber Security.
Kalpesh Doru
 
PDF
Os Nightingale
oscon2007
 
PDF
Befargo
Naeem Shah
 
PDF
The Revolution of Crypto Funding - Building towards a Scamless Future
Ruben Merre
 
PPTX
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
PDF
Crypto currency secrets
Sahir
 
PDF
Using Blockchain to Increase Supply Chain Transparency
Horea Porutiu
 
PDF
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
PPT
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
Case IQ
 
PPTX
Ransomware - what is it, how to protect against it
Zoltan Balazs
 
PPT
What is future of Cryptocurrency | Omega Prime Group
Omega Prime Group Hashtechz
 
PDF
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
DevCamp Campinas
 
PDF
Cryptocurrencies and Blockchain technology
Sabrina Kirrane
 
PPT
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
PDF
Cryptocurrency a-quick-guide-to-understanding-cryptocurrencies
Sahir
 
DOCX
Cryptocurrency
alihaider191777
 
DOCX
Crypto Future
Mark Underdahl
 
PDF
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
Casey Ellis
 
PDF
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
PPTX
Country domination - Causing chaos and wrecking havoc
Tiago Henriques
 
Hacking and Cyber Security.
Kalpesh Doru
 
Os Nightingale
oscon2007
 
Befargo
Naeem Shah
 
The Revolution of Crypto Funding - Building towards a Scamless Future
Ruben Merre
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
Crypto currency secrets
Sahir
 
Using Blockchain to Increase Supply Chain Transparency
Horea Porutiu
 
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions
Case IQ
 
Ransomware - what is it, how to protect against it
Zoltan Balazs
 
What is future of Cryptocurrency | Omega Prime Group
Omega Prime Group Hashtechz
 
Dylan Butler & Oliver Hager - Building a cross platform cryptocurrency app
DevCamp Campinas
 
Cryptocurrencies and Blockchain technology
Sabrina Kirrane
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
Cryptocurrency a-quick-guide-to-understanding-cryptocurrencies
Sahir
 
Cryptocurrency
alihaider191777
 
Crypto Future
Mark Underdahl
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
Casey Ellis
 
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Country domination - Causing chaos and wrecking havoc
Tiago Henriques
 
Ad

More from Zoltan Balazs (20)

PPTX
[ Hackersuli ] Privacy on the blockchain
Zoltan Balazs
 
PPTX
MLSEC 2020
Zoltan Balazs
 
PDF
MIPS-X
Zoltan Balazs
 
PPTX
How to hide your browser 0-day @ Disobey
Zoltan Balazs
 
PPTX
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
PDF
How to hide your browser 0-days
Zoltan Balazs
 
PPTX
Test & Tea : ITSEC testing, manual vs automated
Zoltan Balazs
 
PDF
Hacking Windows 95 #33c3
Zoltan Balazs
 
PPTX
Sandboxes
Zoltan Balazs
 
PPTX
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
PDF
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
PPTX
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
PDF
[ENG] Hacktivity 2013 - Alice in eXploitland
Zoltan Balazs
 
PPTX
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
 
PPTX
[HUN] Védtelen böngészők - Ethical Hacking
Zoltan Balazs
 
PDF
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
PDF
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
Zoltan Balazs
 
PPTX
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
Zoltan Balazs
 
PPT
[ENG] IPv6 shipworm + My little Windows domain pwnie
Zoltan Balazs
 
PPT
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
Zoltan Balazs
 
[ Hackersuli ] Privacy on the blockchain
Zoltan Balazs
 
MLSEC 2020
Zoltan Balazs
 
MIPS-X
Zoltan Balazs
 
How to hide your browser 0-day @ Disobey
Zoltan Balazs
 
Explain Ethereum smart contract hacking like i am a five
Zoltan Balazs
 
How to hide your browser 0-days
Zoltan Balazs
 
Test & Tea : ITSEC testing, manual vs automated
Zoltan Balazs
 
Hacking Windows 95 #33c3
Zoltan Balazs
 
Sandboxes
Zoltan Balazs
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
Zoltan Balazs
 
Hacking with Remote Admin Tools (RAT)
Zoltan Balazs
 
[ENG] Hacktivity 2013 - Alice in eXploitland
Zoltan Balazs
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
Zoltan Balazs
 
[HUN] Védtelen böngészők - Ethical Hacking
Zoltan Balazs
 
[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions
Zoltan Balazs
 
[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012
Zoltan Balazs
 
[HUN] Zombi tűzróka, avagy mire képes egy rosszindulatú böngősző kiegészitő
Zoltan Balazs
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
Zoltan Balazs
 
[HUN] Hacktivity2009 - M&M’s: Mafia & Malware’s
Zoltan Balazs
 
Ad

Recently uploaded (20)

PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PPTX
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PPTX
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PDF
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
PDF
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPT
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
PPTX
innovation process that make everything different.pptx
SoumyadipPaul18
 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PPTX
artificial intelligence overview of it and more
yafotin445
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
QR Codes Qr codecodecodecodecocodedecodecode
SRMediaZone
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PptxGenJS_Demo_Chart_20250317130215833.pptx
itruongva
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
SASE Traffic Flow - ZTNA Connector-1.pdf
mackwell7777
 
Best Practices for Testing and Debugging Shopify Third-Party API Integrations...
CartCoders
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
tcp ip networks nd ip layering assotred slides
pakadamfdp
 
innovation process that make everything different.pptx
SoumyadipPaul18
 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
artificial intelligence overview of it and more
yafotin445
 

Web3 + scams = It's a match

  • 1. Web3 + scams = HiTB Singapore, 2022 Zoltan Balazs, CUJO AI
  • 3. Head of Vulnerability Research Lab @ CUJO AI
  • 4. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack
  • 5. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass
  • 6. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester
  • 7. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html
  • 8. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Dif fi e-Hellman key exchange, to bypass exploit detection appliances 
 https://www.mrg-ef fi tas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/
  • 9. Head of Vulnerability Research Lab @ CUJO AI Zombie Browser Toolkit
 https://github.com/Z6543/ZombieBrowserPack HWFW Bypass tool   Similar stuff was used in PacketRedirect in Danderspritz FlewAvenue by EQGRP 
 https://github.com/Z6543/hwfwbypass Malware Analysis Sandbox Tester tool 
 https://github.com/Z6543/Sandbox_tester Played with crappy IoT devices – my RCE exploit code running on ~600 000 IP cameras via Persirai 
 https://jumpespjump.blogspot.hu/2015/09/how-i-hacked-my-ip-camera-and-found.html 
 https://jumpespjump.blogspot.hu/2015/08/how-to-secure-your-home-against.html Invented the idea of encrypted exploit delivery via Dif fi e-Hellman key exchange, to bypass exploit detection appliances 
 https://www.mrg-ef fi tas.com/generic-bypass-of-next-gen-intrusion-threat-breach-detection-systems/ Co-organizer of the Hackersuli meetup
 Programme committee member of the Hacktivity conference
 Volunteer at IoTVillage
  • 16. What and why This is a 2 hour presentation compressed into 25 minutes
  • 17. What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts
  • 18. What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts I love playing with new technologies
  • 19. What and why This is a 2 hour presentation compressed into 25 minutes Fasten your seatbelts I love playing with new technologies I fi nd blockchain + Web3 fascinating
  • 20. This presentation is NOT about/for
  • 21. This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!!
  • 22. This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers
  • 23. This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in
  • 24. This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in Crypto exchange hacks - see six/David's presentation
  • 25. This presentation is NOT about/for WHOLE CRYPTO WORLD IS A SCAM!!!! Smart contract developers Financial advise on which shitcoin to invest in Crypto exchange hacks - see six/David's presentation Cryptocurrency is used as a form of payment, e.g. ransomware
  • 26. How did we get here?
  • 27. How did we get here? Lot of people got rich from cryptocurrencies
  • 28. How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies
  • 29. How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD
  • 30. How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000
  • 31. How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000 New complex technology with crappy UI
  • 32. How did we get here? Lot of people got rich from cryptocurrencies Lot of people want to get rich from cryptocurrencies Total market capitalisation is around 2 1 trillion USD 2 1,000,000,000,000 New complex technology with crappy UI What could possibly go wrong?
  • 35. What is Bitcoin anyway? Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
  • 36. What is Bitcoin anyway? Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
  • 37. What is Bitcoin anyway? https://youtu.be/5AN5veSPfY4 Let’s hear it from a trusted, 3 Grammy award winner Blockchain expert!
  • 42. Step 1: Buy a lot from something what is cheap and has low volume
  • 43. Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING
  • 44. Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top
  • 45. Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT
  • 46. Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT Optional Step 5: Short on top
  • 47. Step 1: Buy a lot from something what is cheap and has low volume Step 2: Advertise as the NEXT BIG THING Step 3: Sell on top Step 4: PROFIT Optional Step 5: Short on top
  • 49. Rug pull Similar to pump and dump
  • 50. Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever
  • 51. Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
  • 52. Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
  • 53. Rug pull Similar to pump and dump But you are the owner/ developer of the cryptocurrency/token/ whatever Even Conti ransomware group knew about SQUID
  • 65. What is an NFT anyway? https://twitter.com/zh4ck/nft https://etherscan.io/nft/0x06012c8cf97bead5deae237070f9587f8e7a266d/634517 https://etherscan.io/tx/ 0xfe21bd24d7748890c4deb2453bcd22ab451349fdacb5e812422e16772a664723#eventlog https://etherscan.io/address/0xb77feddb7e627a78140a2a32cac65a49ed1dba8e#code
  • 66. The “magical” world of NFTs … 1 ETH = 1700 USD
  • 67. The “magical” world of NFTs … 1 ETH = 1700 USD
  • 68. The “magical” world of NFTs … 1 ETH = 1700 USD
  • 69. The “magical” world of NFTs … Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 70. The “magical” world of NFTs … Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 71. The “magical” world of NFTs … Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 72. The “magical” world of NFTs … Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 73. The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 74. The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 75. The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Eminem - 123.45 ETH Paris Hilton BAYC - 119 ETH 1 ETH = 1700 USD
  • 76. The “magical” world of NFTs … Snoop Dog - 2500 ETH Justin Bieber - 500 ETH Eminem - 123.45 ETH Paris Hilton BAYC - 119 ETH https://etherscan.io/token/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d#readContract https://ipfs.io/ipfs/QmeSjSinHpPnmXmspMjwiXyN6zS4E9zccariGR3jxcaWtq/9055 
 https://cid.ipfs.io/#QmTHcV6mGxHGeeXCnYtV129eRiR8Exni4sT8dDikBWBgzY 1 ETH = 1700 USD
  • 105. Discord servers hacked via bookmarklets Discord scam
  • 106. Discord servers hacked via bookmarklets Discord scam
  • 107. Discord servers hacked via bookmarklets Discord scam
  • 108. Discord servers hacked via bookmarklets Discord scam
  • 110. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 111. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 112. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 113. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 114. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 115. HW wallets - Ledger, Trezor https://whotookmycrypto.com/ ledger-wallet-scams/
  • 116. HW wallets - Ledger, Trezor
  • 117. HW wallets - Ledger, Trezor
  • 118. HW wallets - Ledger, Trezor
  • 120. Best practices don’t trust random people (or celebrities) on social media
  • 121. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp
  • 122. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone
  • 123. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase
  • 124. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts
  • 125. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager
  • 126. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based
  • 127. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect
  • 128. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware
  • 129. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet
  • 130. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet take time, don’t rush
  • 131. Best practices don’t trust random people (or celebrities) on social media check source of the app/dapp don’t send funds to someone you don't trust, or verify via phone block people/email sharing login, password, private key, seed phrase, backup phrase extra careful to interact with KNOWN and unknown smart contracts use password manager enable 2fa, don’t use SMS based use HW wallet if you have a lot to protect keep PC free of malware cold wallet for valuables - like you don’t store your life savings in your pocket wallet take time, don’t rush install security extensions like "Wallet Guard" or "Sunrise: NFT scam protector"
  • 132. Conclusion I can send white-paper if you want
  • 133. Hack the planet One computer at a time zoltan.balazs@cujo.com https://hu.linkedin.com/in/zbalazs Twitter – @zh4ck www.slideshare.net/bz98 JumpESPJump.blogspot.com