BleepingComputer reports that malicious decentralized applications or cryptocurrency scam sites are being targeted by a threat actor dubbed "Water Labbu" to exfiltrate funds stolen from scam victims.
Both Ethereum and TetherUSD addresses and balances are being retrieved by the script as it scans wallets on the scam sites, with balances more than 0.005 ETH or 22,000 USDT being targeted for exfiltration by Water Labbu.
In August, Twitter confirmed that an API vulnerability fixed in January led to data exposure, but the company said there was “no evidence” that it was exploited. Now over 5.4 million stolen user information have been shared for free on a hacker forum. On top of that, a security researcher warned that there is an even larger data dump using the same vulnerability.