A new year has come, and new hacks and scams are brewing in the cryptocurrency world. Besides the classic old ransomware, phishing emails, and fake investment platforms, some other tactics to steal are getting quite popular among cybercriminals. These attacks have evolved in tandem with the maturation of the crypto space, emphasizing the pressing need for enhanced security measures. That’s an important decrease compared with 2022 and previous years, but it’s, by no means, an insignificant figure. Frauds, scams, darknet markets, malware, sanctioned entities, and other stolen funds in stablecoins, Bitcoin, Ether, and more altcoins are included in their report. According to estimates by over $24 billion were received by illicit addresses in 2023. Chainalysis, The message seems clear: we have to take good care of our coins. To do this, besides applying some basic measures, we also need to know about potential threats. Let’s discover what the scammers are up to lately. Smishing Maybe you’ve already received a text message (SMS) of this style: “Coinbase informs you of an approved transaction for $570 in BTC on 01/30/24. If you don’t recognize this operation, cancel here [Link].” Or perhaps a or friend could ask you for some coins after losing their wallet overseas, or a dubious crypto exchange is showing you an enticing offer to join their website. stranded relative The “smishing” pattern is similar in all cases: it this way: you receive an SMS, often from an unknown number, asking you for private information or urging you to click a link after using diverse excuses and fake identities. IBM defines “Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals. The term “smishing” is a combination of “SMS”—or “short message service,” the technology behind text messages—and “phishing.” Coinbase this in their quarters, indeed. Some “smishers” tricked their employees via SMS into sharing institutional credentials. Luckily, the incident was quickly spotted, and the scammer was blocked. To avoid being a victim yourself, always check the phone number sending the text (even this number can be faked though), and don’t click on links sent via SMS unless you fully know and trust the source and recognize the domain the link leads to. experienced Romance Scams (Pig-butchering) This scheme isn’t new, but it’s growing exponentially. Losses of at least $1 billion in the US were reported for 2022, while the cybersecurity firm Verafin that Scammers are hunting especially non-tech savvy worldwide, but it could happen to anyone, everywhere. Whole criminal networks are working on it, and experts a higher severity for 2024. estimated $3.8 billion were stolen with these scams in 2023, taking up to $1 million per victim. elder people are predicting Social media, chats, apps, and forums have let us connect with all kinds of people globally, and they’re not always to trust. Scammers could start pretending to like the same things as their victims, visiting the same websites or online events to start a fake friendship. In other cases, they directly write via Facebook, Discord, Twitter (X), or dating apps like Tinder. They’re patient, as they can talk daily with their victims for months. They can include sobbing stories about a financial crisis, shipping fees, kids back home, a medical emergency, or you name it. Payments are often asked in cryptocurrency. Just when they have a certain level of trust, or even after declaring their undying love for the victim, they start asking for money or expensive favors. On the other hand, instead of asking directly for money or things, they can recommend a crypto investment platform, talking about how they got juicy earnings with it. Of course, this is all fake, and they’re either owners or part of the staff of such a fraudulent scheme. As the US Federal Trade Commission : “If an online love interest asks you for money [or to invest money] — that’s a scam.” advised Fake QR Codes / Quishing These days, it’s quite common to find Quick Response (QR) codes everywhere. They’re just small squares with a monochrome pattern inside, easy to scan with any smartphone to discover a wide array of digital stuff: restaurant menus, payment systems, websites, emails, app installers, crypto addresses, and… malware. Or fraudulent sites. Or not the crypto address you intended to send funds to. As the Aura cybersecurity team , QR codes aren’t always safe to scan. , and quickly share it digitally (via social media, chats, mail, fraudulent websites, etc.) or physically (by printing it). In this last case, it’s even common to paste a fraudulent QR code over a legitimate one —for instance, in parking lots. explained It’s pretty easy for anyone, everywhere, to create their own QR image with a customized link or data This type of scam is often called “Quishing,” from the fusion between QR and phishing. It can affect all kinds of QR users, including the ones with a crypto wallet. They could find an enticing offer or airdrop via social media, scan a QR code, and be sent to a malicious website that either asks for their private keys or installs malware. Fraudulent QR Generators Another way to scam crypto users using QR codes is by building a fraudulent QR Generator platform. In this vein, found out that in 2019. In these platforms, when the user tried to generate a QR code for their BTC address, the system would automatically generate a code for the scammer’s BTC address instead. ZenGo “4 out of the first 5 results presented when querying Google [Bitcoin QR Generator] were leading to scammer sites” That doesn’t seem to be the case anymore, as we’ve checked by ourselves. However, this type of scam isn’t over but has apparently moved to private coins like Monero (XMR), as pointed out. That’s why it’s always important to visually check every crypto address and URL before sending funds or typing credentials. recent reports AI Threats We’re likely in the Artificial Intelligence (AI) boom in every industry. And that also includes the crime sector. AI tools are growing in sophistication, availability, and user-friendliness, something that had to be noticed by cyber-criminals. , thanks to a myriad of free tools online. Today, it’s possible to , copy exact faces on video (deepfakes), and generate quite convincing written content clone voices Therefore, a scenario in which a loved one calls you asking for some urgent financial help, and you recognize their voice (even if it’s not them), it could happen. Several experts are already advising to create a family password to prevent this kind of scam. The AI videos may be more difficult to spot since cyber-criminals can modify any original video to make its participants look like someone else (like a celebrity) and/or talk about something else entirely —like an “incredible” crypto investment platform. That’s what happened to Ottawa News in January 2024. a story of an elderly couple that suffered a common crypto scam, and, two weeks later, a fake video of them appeared on social media, based entirely on the original story. They published However, in the fraudulent version, they were recommending the use of a dubious crypto investment platform. https://www.youtube.com/watch?v=e5y3qSB3PLo&embedable=true How to know what’s real, then? In the case of video deepfakes, to check facial expressions, blinking, lip movements, and the angles of light. If any of these traits look weird in some sense, it’s likely a deepfake. Besides, common sense could help a lot: is this famous person or news portal really recommending a get-rich-quick scheme? Probably not. If it sounds too good to be true, it’s likely not true. it’s advisable Fake Trading Bots Some other times, scammers don’t even need to use real AI technology, but just pretend they’re using it. Numerous crypto investment websites claim that they use the help of bots, automated trading algorithms, and AI, in general, to invest or trade with the funds given by their customers, promising impossibly huge returns. This is all false, of course. Only when the user tries to withdraw their supposed earnings is that they realize there are no funds there, crypto or otherwise. The US Commodity Futures Trading Commission (CFTC) : Commonly, they create fake dashboards for the victims to check on the “growth” of their investment, while in reality, they took everything from the start. warned about this “Fraudsters are exploiting public interest in artificial intelligence (AI) to tout automated trading algorithms, trade signal strategies, and crypto-asset trading schemes that promise unreasonably high or guaranteed returns. Don’t believe the scammers. AI technology can’t predict the future or sudden market changes.” Discord Hacks Discord is a useful communication platform, used by millions worldwide. That also includes most of the cryptocurrency world: it’s weird for a crypto project, coin, or brand not to have its own Discord server to share with its community. A fact that’s widely known by cybercriminals, who happily mingle inside that community, waiting for a chance to scam someone. This could be not that different from common phishing, but the major problem here is that Trusting the leaders and moderators, the users would click on those links and potentially lose their crypto funds and Non-Fungible Tokens (NFTs). hackers are targeting crypto servers on Discord and somehow snatching the accounts of the admins to publish fake announcements and malicious links. have suffered this attack, including popular NFT brands like the Bored Ape Yacht Club (BAYC), Mars Cats Voyage, Known Origin, and Homeless Friends. Other crypto servers like , , , , , , , and even have briefly passed through this hack as well, with different results. Numerous crypto projects Orbiter Finance Metakey Arbitrum Sei Network Polemos Valheim Sui Network Obyte It’s important to remember that, unlike cryptocurrencies, Discord and other chat platforms weren’t designed for security since the beginning. Always remember to check the announcements first in other sources (especially official websites/blogs) before sending any funds or typing credentials on external websites. Apply security measures! Now that you know some potential threats, you surely can apply some measures to protect your crypto funds and personal data. You can also install additional security tools, like a browser extension for (of course, be skeptical about anything that promises “security”). They can help you to identify and block phishing or fraudulent websites. Keep your devices and antivirus software updated. web3 security If you don’t know the sender (phone number, email, or URL), don’t open them. Never click on links of questionable origins, whether they arrive by SMS, email, or social media. , especially in cryptocurrency. Be cautious of emotional manipulation and maintain a healthy level of skepticism. Don’t blindly trust when asked for money or given investment recommendations or replace them with textcoins, usernames, or emails . This feature is available through the wallet (Send and Receive Tabs). Always double-check your crypto addresses and QR codes, in Obyte In Obyte, it’s possible to delete your backup words (after saving them elsewhere), , and connect via the private browser Tor. Be sure to activate every security feature available on social media (like 2FA) and in your personal crypto wallet. require a password for sending funds and opening the wallet Featured Vector Image by Freepik
