Cyber Security Weekly Podcast
Episode 335 - Web 3 and Scams - a Hack-in-the-Box takeaway
Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security.
Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes. He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE.
In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It’s a Match!”
Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams.
He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim’s “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection.
Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme.
To avoid falling victim to one of the scams, Zoltán’s advice is “take time, don’t rush.”
Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.