The buzz around crypto currencies seems to have attracted the attention of cyber fraudsters. Cyber security experts have seen a whopping 2,00,000 phishing attacks in the last five months to steal the digital currencies from the unsuspecting users.

In phishing attacks, hackers use a similar looking website or interface to lure the users to log in their credentials. After stealing the credentials, the hackers take control of the victims’ accounts. Cyber security experts at Kaspersky detected about 2,00,000 attempts to steal users’ digital currencies and credentials since the beginning of 2022. The hackers seem to be targeting 20 top crypto currency wallets. Half of the 2,00,000 attacks were recorded in the first quarter.

Binance most targeted

Out of the discovered malicious files, 75 per cent were exploiting the Binance exchange. This was followed by Electrum (10 per cent) and MetaMask (9 per cent).

That the number of such attempts reached the 50,000-mark in April shows the extent of phishing activity. Crypto wallets are the primary target for scamming and malicious activity. “With the boom in digital currencies observed over the past five years, Kaspersky experts have seen various cybercriminal tactics used to steal cryptocurrency-from luring victims with gifts sent by crypto exchanges to distributing Trojanized DeFi wallets,” a Kaspersky executive said.

“Crypto wallets are the primary target for scammers because they are the initial place of storage for cryptocurrency and deal with large amounts of virtual money,” he said.

Fraudsters mimic the original crypto wallets’ websites and lure victims to enter a personal seed-phrase (a secret phrase of 12 or 24 words that ensures the security of the wallet, along with a password and private key).

“Once the user shares their secret phrase, they’re redirected to the real website, however, their account and all of their savings are now in the scammer’s hands,” he points out. Most often fraudsters distributed Trojan downloaders, programmes that download and install new versions of other malicious programs. However, among the analyzed files, we also found bankers, spyware and ransomware, he added.

“Phishing crypto scams deserve special attention – because they’re based on social engineering, these attacks do not require any advanced technical skills to be launched and work well for the fraudsters,” Alexey Marchenko, Head of Content Filtering Methods Research at Kaspersky, said.

To protect oneself from such attacks, people must be very vigilant. “Unexpected messages about the loss of money and accounts or transfers, gifts and winnings are almost always a trick. You must always check links carefully,” Marchenko said.

Published on

June 15, 2022