Crypto-currency phishing attacks net millions

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 11 Jul 2018
Cyber crooks target crypto-currencies.
Cyber crooks target crypto-currencies.

Cyber criminals are like pickpockets: they go where the crowds are. It's no surprise then, that they are exploiting the 'digital gold rush' brought on by the soaring popularity of crypto-currencies.

Over and above hacking crypto-currency exchanges, exploiting smart-contract vulnerabilities and deploying malicious miners, attackers are also employing their old tricks and are using social-engineering methods that are proving very profitable.

"Their targets are not just the owners of crypto-currency wallets but basically anyone with an interest in the subject," says Kaspersky Lab.

The security giant revealed that, during the first half of this year, its solutions have blocked over 100 000 triggers related to crypto-currencies on fake exchanges and other sources.

"With each attempt, criminals have been trying to involve more and more unsuspecting users in fraudulent schemes."

Traditional techniques

Kaspersky says cyber crooks are employing traditional phishing techniques but are taking it a step further than the commonplace scenarios. They are focusing their efforts on initial coin offering (ICO) investments and the free distribution of crypto coins, and are stealing from amateurs and avid crypto-currency owners alike.

One example would be ICO investors, who are looking to invest in start-ups in the hope of gaining profit in the future. The threat actors create fake Web pages that imitate the sites of official ICO projects or attempt to gain access to their contacts in order to send a phishing e-mail with the number of an e-wallet for investors to send their crypto-currency to.

"The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25 000 worth of crypto-currency after spreading the link through a fake Twitter account," says Kaspersky.

The company cites another example, the creation of phishing sites for the OmaseGo ICO project, which enabled crooks to scam over $1.1 million worth of the crypto-currency.

Giveaway scams

Another method used by cyber criminals involves crypto-currency giveaway scams. The attacker asks victims to send a small amount of crypto-currency in exchange for a far larger payout of the same currency in the future.

"Criminals have even used the social media accounts of well-known individuals, such as business magnate Elon Musk and the founder of Telegram messenger, Pavel Durov. By creating fake accounts or replying to tweets from legitimate users through fake accounts, criminals are able to confuse Twitter users into falling for the scam by clicking on replies from fraudulent accounts."

Raking it in

According to Kaspersky Lab's rough estimates, criminals managed to earn more than 21 000 ETH (the Ether crypto-currency, which uses blockchain generated by the Ethereum platform), or over $10 million at the current exchange rate, using the above-described schemes over the past year. This sum doesn't take into account classic phishing attacks or examples involving the generation of individual addresses for each victim.

Nadezhda Demidova, lead Web content analyst at Kaspersky Lab, says research reveals that attackers are skilled at developing their techniques and resources to ensure their crypto-currency phishing attempts are successful.

Although these schemes are based on classic social engineering techniques, they set themselves apart from traditional phishing, as they are far more profitable, raking in millions of dollars, she explains.

"The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cyber security, to capitalise on user behaviours," Demidova adds.

Better than cure

To protect their crypto-currencies, Kaspersky Lab advises users to follow a few simple rules, starting with remembering there is no 'free lunch' and that offers that seem too good to be true, are.

In addition, the company advises to check official sources for information regarding the free distribution of crypto-currencies. "For example, if you see information about the distribution of coins on behalf of the recently hacked Binance blockchain ecosystem, go to the official source and clarify this information."

Kaspersky also advises to check if any third parties are linked to the wallet transaction to which you plan to transfer your savings.

"One way of doing this is through blockchain browsers, such as or, which allow users to view detailed information about any crypto-currency transaction and identify if the particular wallet may be dangerous."

Next, double check the hyperlink addresses and data in the browser address bar to ensure it's the genuine article. Simple spelling errors or added characters can indicate a phishing site.

"Finally, save the address of your e-wallet in a tab and access it from there, in order to avoid making a mistake in the address bar and accidentally going to the phishing site instead," she concludes.