Rising Cryptocurrency Scams and How To Avoid Them

Cyble
4 min readFeb 16, 2021

Original post: https://cybleinc.com/2021/02/16/rising-cryptocurrency-scams-and-how-to-avoid-them/

From sophisticated spear-phishing scams to targeted ransomware attacks, cybercrime can take many forms. As the crypto industry has gained ground in recent years, cryptocurrency exchanges have become increasingly vulnerable to cybercriminals’ attacks.

In 2020, Singapore-based digital asset exchange, KuCoin issued an official statement confirming the large, anomalous withdrawals of Bitcoin (BTC) and Ethereum (ETH) tokens from the KuCoin exchange. More than $150 million worth of ERC20 tokens were siphoned. Another instance of cryptocurrency fraud occurred in July 2020 when 130 high-profile Twitter accounts, including accounts of President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple, were compromised to promote a bitcoin scam. The scammers gained unauthorized access to high-profile accounts and released tweets urging users to send money to a specified bitcoin wallet address with a promise of receiving double the amount of bitcoins.

The growing interest in digital currencies is expected to pave the way for an uptick in cryptocurrency investments, expanding the threat landscape of cryptocurrency frauds such as cryptojacking. It is also difficult to monitor cryptocurrency transactions as they are not governed by a central authority and have low regulation levels. This makes cryptocurrency an easy target for criminal activity across the world. According to the Russian cybersecurity firm Kaspersky, 2021 may increase Bitcoin theft and cryptocurrency fraud.

Fake cryptocurrency investment platforms, counterfeit crypto wallet scams, and advanced cryptojacking malware have enabled cybercrooks to earn millions from unsuspecting individuals. Here are some of the common scams used by tricksters to target cryptocurrency users.

  1. Imposter Websites: One of the most famous avenues of cryptocurrency fraud is through fake websites that have been designed to resemble original ones. A surprising number of cryptocurrency investing websites already have fake counterparts that mislead investors into making investments and, in turn, losing digital currency. A great way to avoid such websites is to verify if the website has a small lock icon indicating security near the URL bar. It is also necessary to exercise caution when accessing websites that do not have “HTTPS” in the site address.
  2. Counterfeit Mobile Applications: Similar to fake, insecure websites, hackers and fraudsters have developed countless fake apps that are available for download through the Google Play and the Apple App Store. To identify a fake app from the original, look out for misspelled words, tweaked logos that slightly differ from the original, research the app and check if the developer’s name is correct, and go through the user reviews and check if there are negative comments about the app’s authenticity. Another great way to identify if an app is spurious is through the permissions it seeks for performing its functions on your mobile device. Beware of apps that ask for authorization that they do not necessarily require.
  3. Social Media Manipulation: Fraudulent social media scams involving cryptocurrencies are a type of financial fraud that has actively spread across social networks. It’s relatively easy for fraudsters to create fake social media accounts impersonating high-profile individuals and celebrities of global repute and post misleading content that makes it seem that celebrities are endorsing the investment/content. Through carefully engineered tweets and posts, often from fake accounts, crypto fraudsters lure unsuspecting users into clicking through legitimate-looking URLs hiding malware downloads. Avoid URLs advertising too-good-to-be-true Bitcoin offers and refrain from engaging in financial transactions involving Bitcoin or otherwise through social networks.
  4. Crypojacking: Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers employ two primary methods to secretly mine cryptocurrencies from the victim’s system. The first method involves tricking victims into loading cryptomining code (sent through phishing campaigns) onto their computers. For instance, victims may receive a legitimate-looking phishing email that encourages them to click on a link. Upon clicking the URL, it runs the code that places the cryptomining script on the computer. The other method involves a malicious script injected by cybercriminals on a website or an advertisement. Once a victim accesses the website the script automatically executes. Once successfully loaded, the cryptomining code runs complex mathematical problems on the victims’ system and sends the results to a server that the hacker controls. The cryptomining code runs discreetly and can go undetected for a considerable period of time, making cryptojacking a popular choice for fraudsters.

Cryptocurrency frauds are not expected to slow down in 2021. With renewed interest in Bitcoins, Ponzi schemes, cryptojacking malware, and fake alternative cryptocurrency scams are on the rise. It’s wise to tread wisely when it comes to digital currencies, backing our decisions with detailed research.

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.io.

--

--

Cyble

Cyble is an AI powered cyber intelligence company that empowers organizations with darkweb & cybercrime monitoring and mitigation services. W: www.cyble.io