In a perfect example of there being no honor among thieves, a threat actor named 'Water Labbu' is hacking into cryptocurrency scam sites to inject malicious JavaScript that steals funds from the scammer's victims.
In July, the
FBI warned of scam 'dApps' (decentralized applications) that impersonated cryptocurrency liquidity mining services but, in reality, stole a victim's crypto investments.
Liquidity mining is when an investor lends their crypto to a decentralized exchange in exchange for high rewards, commonly generated through trading fees.
However, instead of creating their own scam sites, Water Labbu hacks into these types of fake dApp sites and injects JavaScript code into site's HTML.
