Researchers describe how cybercriminals target cryptocurrency users


Cyber ​​criminals impersonate popular crypto platforms such as Binance, Celo, and Trust Wallet with fake emails and fake login pages in an attempt to steal credentials and fraudulently transfer virtual funds.

“As cryptocurrency and non-fungible tokens (NFTs) become more mainstream and make headlines for their volatility, more individuals are more likely to fall victim to fraud trying to exploit people for digital currencies,” Proofpoint said in a new report.

“The rise and spread of cryptocurrency has also provided attackers with a new method of financial extraction.”

The targeting of sensitive cryptocurrency data by threat actors was recently reiterated by the Microsoft 365 Defender Research Team, which warned of the emerging threat of cryware in which private keys, seed phrases and wallet addresses are looted with the aim of transferring virtual currencies through of fraudulent transfers.

The rapid popularity of Web3 in recent years has led to a shift in the phishing landscape, paving the way for a variety of social engineering and exploitation mechanisms aimed at stealing cryptocurrencies in a variety of ways, ranging from collecting from login credentials to using malware to steal goods.

This includes spam emails that contain links to rogue URLs that download malware and redirect users to a credentials collection landing page or even fake lookalike versions of NFT trading platforms like OpenSea. Other campaigns urge potential victims to enter their seed phrases.

In a phishing attack detected by the company’s security firm in February 2022, a Trust Wallet-themed lure was observed that urged email recipients, especially college students, to verify their wallets by entering the recovery phrases.

A critical factor that makes these custom campaigns possible is the relative ease with which fake landing pages can be built using phishing kitsenabling less skilled threat actors to disseminate and manage campaigns at scale.

A further boost to cybercrime is phishing-as-a-service (PHaaS) operators such as BulletProofLink, which offer phishing templates, spam services, bulletproof hosting services, and credential collection services, among others.

The kits, which are constantly updated and expanded, are designed to mimic different brands, such as blockchain[.]com as well as other NFT and other cryptocurrency wallet service providers.

Also prominent are corporate email compromise (BEC) attempts to facilitate the fraudulent transfer of digital coins through messages requesting cryptocurrency under the guise of supplier payments and donation requests in support of Ukraine’s war effort.

The findings come as losses from crypto-related crime are up 79% year-on-year in 2021, with the US Federal Trade Commission (FTC) noticing that more than 46,000 people have reported losing more than $1 billion in digital currencies to scams.

What’s more, Blockchain analytics company Chainalysis found it that cryptocurrency-based crime hit a new record in 2021, even as illegal addresses received $14 billion over the year, up from $7.8 billion in 2020.

“Cybercriminal threats to cryptocurrency are not new, but as the general public experiences cryptocurrency adoption, people are more likely to engage in social engineering lures using such themes,” said Sherrod DeGrippo, vice president of threat research and — detection at Proofpoint. †

“Crypto went mainstream with super bowl ads this year and threat actors have taken note of the fast payday opportunity. There is no easier method of financial extraction than the illegal transfer of cryptocurrency.”