According to a report from threat intelligence provider Cyjax, the recent resurgence of interest in crypto has been matched by a rise in sophisticated phishing scams and other malicious activities targeting the sector.
The crypto market had faced significant challenges in 2022 and ’23, including the collapse of major exchange FTX, but Bitcoin’s meteoric rise from $42k in January to a mid-March peak of $73k — before stabilising around $65k — has reinvigorated the crypto space and attracted a new wave of investors.
This influx, however, has been matched by a rise in malicious activities, ranging from romance scams to complex phishing operations and exit scams, underscoring the need for heightened vigilance among investors, according to Cyjax.
“At the end of 2022, the cryptocurrency market was seemingly eating itself alive, but 2024 has bounced back, and threat actors are cashing in on the opportunities it brings,” said Joe Wrieden, intelligence analyst at Cyjax.
The Cryptocurrency Threat Landscape Report – Q1 2024 – published last month – details the trending ways attacks have been carried out in 2024.
The resurgence of romance scams, also known as “pig butchering” scams — a term derived from the Chinese “shāzhūpán”, which describes fattening pigs before slaughter — has been particularly notable.
A Romance Scam, put simply, is when criminals create fake online identities to foster relationships and eventually defraud their victims.
Recent action by the U.S. Department of Justice to recover $2.3 million in cryptocurrency stolen through scams has brought attention to the severity of these fraudulent activities.
These scams are simple yet lucrative and are often connected to organised crime. They utilise inexpensive or forced labour to expand their operations, which has resulted in the theft of over $100 million in funds.
A significant operation was uncovered in Myanmar, where a “fraud factory” forced workers to execute scams, amassing $100 million in cryptocurrency from July 2022 to February 2024.
Attackers have also become adept at exploiting vulnerabilities and social engineering tactics to impersonate legitimate cryptocurrency firms, tricking users into connecting their wallets to malware-infested sites.
The first quarter of 2024 saw a rise in phishing, including a sophisticated attack that resulted in over $700k in thefts on the MailerLite marketing platform.
Experts first thought it resulted from a ‘dangling DNS’ vulnerability, a type of security hole that attackers can exploit to redirect users to malicious websites. However, attackers had gained access to the admin panel through a customer support employee who was phished.
The breach enabled the distribution of phishing emails masquerading as reputable cryptocurrency firms. These emails offered fake airdrops to lure victims into connecting their wallets to malware known as ‘wallet drainers’.
Unlike traditional scams, which require victims to transfer funds, wallet drainers simply require the victim to connect their wallet to the malicious code, significantly lowering suspicion.
With elections incoming, deepfakes are just the tip of the iceberg, Barry O’Connell reports
‘Zero-value transfer’ attacks represent another sophisticated phishing technique to deceive cryptocurrency users into mistakenly sending funds to a fraudster’s address.
These attacks mimic legitimate recipient addresses closely, often differing only in capitalisation, to lure victims into accepting a transaction of zero tokens to the victim’s address from the spoofed one. These transactions don’t require approval due to their nil value.
The objective is to make the victim believe they have previously interacted with this address, leading them to confuse it with a genuine address during transactions.
This method capitalises on users’ difficulty distinguishing between similar-looking addresses, allowing attackers to target multiple wallets simultaneously and wait for victims to fall into the trap.
The report claims that exit scams, or “rug pulls,” have seen a disturbing rise, with attackers creating fake projects to siphon off investor funds.
Rug pulls typically involve creating a seemingly promising project to attract investment, only for the orchestrators to vanish with the pooled funds, leaving investors with worthless assets.
The process often relies on building trust through endorsements from influencers or reputable figures in the crypto world. Once the project is abandoned, confusion is created, community response is delayed, and theft is maximised.
A key tactic in these scams is ‘wash trading’, an illegal practice of buying and selling assets to feign high market activity and lure more investors.
According to the Cyjax report, the sophistication of these operations suggests a deep understanding of market dynamics and investor psychology.
Social media platform X — formerly known as Twitter — has also impacted crypto scams since Tesla boss Elon Musk bought it.
While malicious activity had occurred on Twitter before it became X, the report claims that the decision to transition X’s verification system to a paid-for model has inadvertently facilitated the proliferation of fake and impersonated accounts, leading to increased fraud.
Leveraging the perceived legitimacy previously conferred by the Twitter verification badge, fraudsters require minimal effort to execute highly lucrative scams.
Scam investigation firm ScamSniffer identified 1,517 accounts mimicking reputable companies like zkSync, Inscribe, and Optimism.
they have created a few more accounts to impersonate @Optimism @zksync @inscribe_app @Portalcoin
can you identify which one is real? https://t.co/Kfbm8PBTVr pic.twitter.com/WdVTSd6e4q
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 1, 2024
Cyjax warns that the ease and effectiveness of these tactics highlight a growing challenge in the digital trust landscape, necessitating increased vigilance from users and platform operators alike.
Account takeovers and malicious advertising have further compounded the issue, with notable incidents including the compromise of the SEC’s X account and the exploitation of the late ‘Friends’ actor Matthew Perry’s profile.
Last year, the social media app witnessed a significant exodus of advertisers, which the Cyjax report partly attributes to a surge in cryptocurrency-related scams facilitated through malicious advertising on the platform.
In December 2023, a notable scam operation exploited Google and X’s advertising systems to disseminate drainer malware, successfully pocketing $58 million.
The report concludes that the shift towards targeting individuals rather than systems represents a significant evolution in the threat landscape.
With an estimated $173 million stolen in Q1 alone, the trend of sophisticated scams, which leverage social media platforms and exploit the bullish market sentiment, is expected to continue.
“As we head into Q2, we expect to see scammers targeting newcomers more on social media platforms. As X begins to clamp down further on malicious attacks, threat actors may start to abuse other platforms such as TikTok and Instagram through short-form content,” added Wrieden.
Cyjax urges investors to exercise caution and scepticism as the crypto market continues its upward trajectory, particularly when engaging with social media platforms and seemingly attractive investment opportunities.
For tech leaders and investors navigating the volatile crypto market, staying informed and adopting robust security measures are essential to safeguarding investments against the ever-evolving threat landscape.
Wrieden concluded: “Crypto is continuing to rise, and the opportunities seem endless, but investors should be careful who they can trust because they’re not the only ones that see profits…”
Subscribe to our Editor's weekly newsletter
Share
