The hype around cryptocurrencies seems to have attracted the attention of cyber scammers. Cybersecurity experts have seen a whopping 2,00,000 phishing attacks in the last five months to steal digital currencies from unsuspecting users.
In phishing attacks, hackers use a website or similar-looking interface to lure users into signing in with their credentials. After stealing the credentials, the hackers take control of the victims’ accounts. Kaspersky cybersecurity experts detected around 200,000 attempts to steal users’ digital currencies and credentials since the beginning of 2022. Hackers appear to be targeting the top 20 cryptocurrency wallets. Half of the 200,000 attacks were recorded in the first quarter.
Binance more objective
Of the malicious files discovered, 75 percent were exploiting the Binance exchange. It was followed by Electrum (10 percent) and MetaMask (9 percent).
That the number of such attempts reached the 50,000 mark in April shows the extent of phishing activity. Crypto wallets are the main target for scams and malicious activities. “With the rise of digital currencies observed over the last five years, Kaspersky experts have seen various cybercriminal tactics being used to steal cryptocurrencies, from enticing victims with gifts sent by cryptocurrency exchanges to distributing trojanized DeFi wallets,” a Kaspersky executive said.
“Crypto wallets are the main target of fraudsters because they are the initial storage place for cryptocurrencies and handle large amounts of virtual money,” he said.
Scammers mimic the websites of the original crypto wallets and entice victims to enter a personal seed phrase (a 12- or 24-word secret phrase that ensures the security of the wallet, along with a password and private key).
“Once the user shares their secret phrase, they are redirected to the real website, however, their account and all their savings are now in the hands of the scammer,” it says. Most of the time, scammers distributed Trojan downloaders, programs that download and install new versions of other malicious programs. However, among the files analyzed we also found bankers, spyware and ransomware, she added.
“Crypto phishing scams deserve special attention as they are based on social engineering, these attacks do not require any advanced technical skills to launch, and they work well for scammers,” said Alexey Marchenko, Head of Phishing Methods Research. content in Kaspersky. .
To protect themselves from such attacks, people must be very vigilant. “Unexpected messages about losing money and accounts or transfers, gifts and winnings are almost always a trap. You should always check links carefully,” Marchenko said.
June 15, 2022