Month: August 2023

Enlarge (credit: Getty Images)

The FBI is advising potential NFT buyers to be on the lookout for malicious websites that use “drainer smart contracts” to surreptitiously loot cryptocurrency wallets.

The websites present themselves as outlets for legitimate NFT projects that provide new offerings. They’re promoted by compromised social media accounts belonging to known NFT developers or accounts made to look like such accounts. Posts frequently try to create a sense of urgency by using phrases such as “limited supply” or by referring to the promotion as a “surprise” or the result of a previously unannounced token minting.

“The spoofed websites invite victims to connect their cryptocurrency wallets and purchase the NFT,” FBI officials wrote in a Friday advisory. “The victims unknowingly connect their cryptocurrency wallets to a drainer smart contract, resulting in the transfer of cryptocurrency and NFTs to wallets operated by criminals.”

Enlarge / Cover of the book From the Earth to Mars. (credit: Multiverse Media Inc.)

When did spaceflight begin? There is no single answer.

For newcomers to space, the beginning of time can be traced to as recently as December 2015. That's when SpaceX landed its Falcon 9 rocket successfully for the first time, opening the modern era of rapid, reusable spaceflight. Increasingly, anything that came before feels anachronistic.

But for those with a bit more perspective, the dawn of spaceflight can be pushed back further back into time, to the 1957 launch of the Soviet Sputnik satellite that shocked the world. This small orbiting spacecraft kicked off the frenetic space race that culminated with NASA's Apollo 11 Moon landing just a dozen years later.

Enlarge (credit: Jose A. Bernat Bacete)

Travel rewards programs like those offered by airlines and hotels tout the specific perks of joining their club over others. Under the hood, though, the digital infrastructure for many of these programs—including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy—is built on the same platform. The backend comes from the loyalty commerce company Points and its suite of services, including an expansive application programming interface (API).

But new findings, published today by a group of security researchers, show that vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers' “loyalty currency” (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs.

The researchers—Ian Carroll, Shubham Shah, and Sam Curry—reported a series of vulnerabilities to Points between March and May, and all the bugs have since been fixed.