cross-posted from: https://programming.dev/post/37902936
- Forensic report compiled by the research collective behind the takedown of Block Blasters— Credit: 1989 on X/Twitter.
- G DATA Report.
For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Source: rastaland.TV on X/Twitter— Private front-end.
More context:
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
Source: vx-underground on X/Twitter— Private front-end.
Source: ZachXBT on X/Twitter— Private front-end.
Comments
I’m not into crypto. But how can it being stolen just by reading some file in the computer? Isn’t the private key encrypted with some really secure password? It was stolen while the private key was being used?
Considering how the malware works, it seems that the criminal managed to copy/steal all the browser data of Rastaland, including open sessions, allowing him to login on any site that had an active session/cookies, including that pumpdotfun where the coin was
To keep it short there is two big families of wallets. Hot and cold wallet. Hot wallets are the one that got an internet connection wether it’s a constant one or periodically connecting. Cold wallets are never connected to the internet and often are dedicated hardware devices with the better ones having a Secure Element to store the private key or even sometimes sign transactions directly in it.
Victims of this attacks were using hot wallet on a not-dedicated machine which is consider bad practice. Hot wallets have to be consider more like a physical wallets for daily spends and cold wallet being privilege for long-term saving and monthly or yearly transactions.
I’m not an expert but desktop OS (especially Windows) are not as well contained than phone so I almost never use hot wallet on my computer. Often users are tricked to sign transactions to get stolen but I think if the wallet is unlocked a malware with the right privileges/permissions could easily steals money.