Hackers are Increasingly Targeting Crypto for Scams

  • By David Lukic
  • Published: Dec 09, 2021
  • Last Updated: Mar 18, 2022

Cryptocurrency has gained increasing popularity in recent times. However, a new trend shows cybercriminals and other threat actors are also drawn to these crypto platforms, moving from targeting users via emails.

What’s Happening?

Hackers and cybercriminals are leveraging Google Ads to steal cryptocurrency wallets.

Unlike conventional phishing attacks where hackers send phishing links via email, these scamming groups are cloning popular platforms and wallets like Phantom and Metamask, and bidding for related keywords on Google Ads and Google Search, placing them sometimes next to the original sites, in order to target victims’ crypto wallets.

The ads contain malicious links, which usually redirect targets to a phishing website. According to CheckPoint Research, it is estimated that more than $500,000 worth of cryptocurrencies were stolen in days from compromised accounts this past weekend.

The Phantom and MetaMask wallets are the most popular wallets for the Solana and Ethereum ecosystems, which makes them a great target to trick users into giving up their wallet passphrase and private key.

What are the most Common Crypto Scams in 2021?

There are many reasons why people use cryptocurrency, some reasons including payments, to invest, or because it offers some anonymity. Bitcoin and Ethereum are some of the popular cryptocurrencies, but there are many different cryptocurrency types and new ones are still being created.

Due to this, it can be very confusing for a beginner in crypto, and it is easy for them to fall into scams since most of the related applications and concepts are unfamiliar. Hence, it is important to keep in mind some pitfalls to avoid bad results when dealing with cryptocurrency.

Blackmail. Scammers can send threatening emails and claim to have access to your personal information. They can use this to demand payment in crypto to prevent the release of your information.

Paying for Non-Existent Treatments or Equipment. Scammers have been known to lure customers by offering products that claim to accept payment in cryptocurrencies for products that do not actually exist.

Investment Scams. Cybercriminals often take advantage of the complexities of cryptocurrency to promote fraudulent investments in a “new” cryptocurrency to take a victim’s money. A recent example is the Squid game crypto coin which turned out to be a scam.

Crypto Phishing. The common way that cybercriminals steal cryptocurrency is by cloning sites and creating phishing variants of the URLs. 

Hackers Targeting Crypto for Scams

What are the biggest hacks this year?

Hacks involving millions of dollars are happening frequently and, as these platforms are largely unregulated, there's no guarantee that customers get their money back.

  • In November, DeFi platform bZx lost around $55 million in various cryptocurrencies after a developer fell prey to a phishing attack.
  • $610m was stolen from the Chinese platform Poly Network in August in what is likely to be one of the biggest cryptocurrency thefts ever. In a strange turn of events, the hacker returned all the funds and customers have started being reimbursed.
  • In March and May this year, hackers stole from the wallets of at least 6,000 customers of cryptocurrency exchange Coinbase Global Inc (COIN.O).

How can I protect myself from crypto scams?

If something unexpected happens, such as sending cryptocurrency to the wrong person or having your digital wallet stolen or compromised, it is unlikely to find anyone who can step in to help you recover your funds, and it is likely that all the bitcoins from the compromised address will be transferred. In most cases, the crypto exchange does not have provisions to identify the thief, block further transactions, or return them to the legitimate cryptocurrency address.

Here’s how you can protect yourself from becoming a victim of a crypto scam:

  • Examine the browser URL. Always double-check the browser URL before accessing a website.
  • Look for the extension icon. To understand if you are accessing a website or an extension, the extension will contain an extension icon near it.
  • Never give out your passphrase. You should never give out your passphrase and no one should ask for that either.
  • Skip the ads. Always look at the first website in your search and not in the ad, as these may mislead you to get scammed by cybercriminals.
  • Verify Accounts. Always verify that a vendor/charity is legitimate and accepts cryptocurrency before sending payments/donations.
  • Do Your Research. Always research potential investment opportunities before committing.
  • Crypto Payment As the Only Option. Be wary of anyone who says you must pay by cryptocurrency. 

What are companies and governments doing?

Unlike U.S. dollars deposited into a bank account, cryptocurrency accounts are not backed or insured by a government. If you store cryptocurrency with a third-party company, and they eventually get hacked or go out of business, the government has no obligation to get your money back.

However, law enforcement has started taking strict actions against cyber criminals as evident from the latest ransomware attack shutdowns from incidents that have disrupted critical services and businesses globally.

And while most virtual currency activity is legal, these virtual currencies remain the primary mechanism for ransomware payments.

As cyber-criminals employ even more elaborate schemes to convert technology into tools of digital extortion, law enforcement has expressed the commitment to continue improving the cyber resiliency of critical infrastructure across the nation.

An example is when the U.S. Treasury Department sanctioned the Chatex cryptocurrency exchange for aiding in ransom transactions and assisting ransomware gangs. In the U.K, an individual was charged with the theft of $784,000 worth of cryptocurrency.

New phishing campaigns are being introduced every day by cybercriminals and this trend is expected to continue in the near future. Always double-check the URLs before clicking and currently, avoid clicking on crypto wallets in Google Ads.

You can also report fraud and other suspicious activity involving cryptocurrency to the FTC at ReportFraud.ftc.gov and the U.S. Securities and Exchange Commission (SEC) at sec.gov/tcr.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is a Time-based One-time Password (TOTP)?

What is a Time-based One-time Password (TOTP)?

Authentication is the process that verifies the user's identity to control access to resources, prevent unauthorized users from gaining access to the system, and record user activities (to hold them accountable for their activities).

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

Corporate Fraud: Detection, Prevention, and the Role of Corporate Fraud Attorneys

The growing scale of organizations and the more opportunities to push the boundaries have led to an upsurge in corporate fraud in recent years.

Is Upwork Legit and How To Protect Yourself?

Is Upwork Legit and How To Protect Yourself?

Doing business online has become simpler with the development of the Internet and mobile technologies. In general, both freelancers and clients benefit from the freelancing platforms.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close