Spoofed emails and false login pages are being used by cybercriminals to impersonate famous crypto platforms like as Binance, Celo, and Trust Wallet in an effort to steal login credentials and fraudulently transfer virtual cash.
“As cryptocurrencies and non-fungible tokens (NFTs) grow more widespread and get attention for their volatility, the chance of more people falling prey to fraud aiming to exploit people for digital currencies increases,” according to a recent analysis from Proofpoint.
“Attackers now have a new way of revenue extraction thanks to the emergence and dissemination of cryptocurrencies.”
The Microsoft 365 Defender Research Team recently echoed the targeting of sensitive cryptocurrency data by threat actors, warning about the emerging threat of cryware, in which private keys, seed phrases, and wallet addresses are stolen with the goal of siphoning virtual currencies through fraudulent transfers.
The rapid rise in popularity of Web3 in recent years has shifted the phishing environment, allowing for a range of social engineering and exploitation tactics targeted at stealing cryptocurrencies in a number of ways, from credential harvesting to commodity stealer malware.
This includes spam emails with links to malicious URLs that download malware and send visitors to a credential harvesting landing page, as well as phony copycat versions of NFT trading platforms like OpenSea. Others ask prospective victims to type in own seed phrases.
A Trust Wallet-themed enticement was discovered encouraging email recipients, mainly university students, to verify their wallets by inputting the recovery phrases in a phishing attempt identified by the corporate security business in February 2022.
The relative simplicity with which counterfeit landing pages may be generated using phishing kits is a critical facilitator of these personalized operations, enabling less trained threat actors to distribute and run campaigns on a vast scale.
Phishing-as-a-service (PHaaS) providers such as BulletProofLink, who provide phishing templates, spamming services, bulletproof hosting services, and credential gathering services, among other things, are further rewarding the cybercriminal plan.
The kits, which are updated and extended on a regular basis, are meant to look like blockchain[.]com, as well as other NFT and cryptocurrency wallet service providers.
Attempts to assist the fraudulent transfer of digital currencies through business email compromise (BEC) mails that solicit bitcoin under the pretense of vendor payments and contribution requests to help the Ukraine war effort are also common.
The results come as losses from crypto-related crime increased by 79 percent year over year in 2021, according to the US Federal Trade Commission (FTC), with over 46,000 consumers reporting losing over $1 billion in digital currency to fraudsters.
Furthermore, according to Chainalysis, a Blockchain analytics organization, cryptocurrency-related crime reached a new all-time high in 2021, with criminal addresses receiving $14 billion in the year, up from $7.8 billion in 2020.
“Cybercriminal threats to cryptocurrency are not new,” Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said. “However, as the general public experiences growing adoption of cryptocurrency, people may be more likely to engage with social engineering lures using such themes.”
“This year‘s Superbowl advertising brought cryptocurrency into the public, and threat actors have taken advantage of the chance for a fast buck. The unlawful transfer of bitcoin is the simplest means of money extraction.”
The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of cryware wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers.