In Brief

• Cyber Security Agency of Singapore warns of hackers exploiting WordPress plugin vulnerabilities.
• SQL Injection technique used to access sensitive data through price ticker and coins list plugins.
• Protect your crypto assets by staying informed and securing your website against potential threats.

Singapore’s cyber security regulators caution that websites employing WordPress crypto widgets, especially price ticker and coins list plugins, can extract sensitive visitor information.

This reiterates the growing sophistication of hackers in their efforts to steal cryptocurrency.

WordPress Crypto Widgets At Risk

The Cyber Security Agency of Singapore (CSA) explained that hackers use SQL Injection to exploit WordPress crypto widgets’ price ticker plugins. This technique targets data-driven applications, posing a serious security risk.

“Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the ‘coinslist’ parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.”

From there, it was explained that users are subject to their sensitive information being extracted from the hackers, which puts sensitive information such as passwords and even crypto wallets at risk.

“This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.”

In recent times, hacking has grown increasingly sophisticated, fueled by the growing amounts of money in the crypto industry.

Sophisticated Hacking Trends on the Rise

In December 2023, BeInCrypto reported hackers conducting phishing campaigns on Google and social media, resulting in the theft of millions of dollars in crypto from victims.

Get to know Godleak

Godleak crypto signal is a  service which provide profitable crypto and forex signals for trading. Godleak tried to provide you signals of best crypto vip channels in the world.

It means that you don’t need to buy individual crypto signal vip channels that have expensive prices. We bought all for you and provide you the signals with bot on telegram without even a second of delay.

Godleak crypto leak service have multiple advantages in comparision with other services:

•  Providing signal of +160 best crypto vip channels in the world
• Using high tech bot to forward signals
• Without even a second of delay
• Joining in +160 separated channels on telegram
• 1 month, 3 months , 6 months and yearly plans
• Also we have trial to test our services before you pay for anything

For joining Godleak and get more information about us only need to follow godleak bot on telegram and can have access to our free vip channels. click on link bellow and press start button to see all features

Join for Free

☟☟☟☟☟

https://t.me/Godleakbot

Also you can check the list of available vip signal channels in the bot. by pressing Channels button.

“A ‘Wallet Drainer’ has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months.”

However, Chainalysis highlighted in its recent crime report that revenue from crypto hacking decreased by approximately 54.3% in 2023 compared to the previous year.

Furthermore, Scam Sniffer found that Wallet Drainers took about $295 million from around 324,000 victims in 2023.

However, while hacking attacks have a widespread impact, the community usually responds quickly, usually within 10-50 minutes.

Meanwhile, Scam Sniffer notes that airdrops, organic traffic, paid advertising, and hijacked Discord links are not as easily detected.

However, individuals in the crypto industry must remain vigilant against crypto wallet hacks and also their social media accounts.

Hackers are increasingly targeting influential social media accounts to spread malicious links to a large following, which presents a potentially more lucrative opportunity for them.

In September 2023, Ethereum co-founder Vitalik Buterin had his X (formerly Twitter) account compromised. Shortly after hackers took control of the account, they posted a fraudulent ConsenSys link, swindling almost $700,000 from unsuspecting followers.