The failure of FTX has caused unease and fear among cryptocurrency holders. Cybercriminals do not hesitate to play it.
Phishing escalates into crypto projects
As the cryptocurrency industry begins to take action to recover from the fall of FTX, the fear caused by the crash has become the bread and butter of cybercriminals. Cryptocurrency holders count the tokens they have left and sometimes report significant losses, now living in anguish over the disappearance of their assets. It didn’t take long for the scammers’ imaginations to run wild, and they are now playing on the negative sentiment of users to make their phishing campaigns more effective.
With that in mind, Project Circle recently alerted its community to a campaign encouraging users to transfer their USDC to fraudulent crypto wallets in exchange for a new version of their assets.
To make the offer more attractive and above all more credible, cybercriminals impersonate the company that issues the tokens while offering a more solid USDC. This is because the promised coin would be less susceptible to the whims of the market while maintaining its peg to the dollar, a condition that the real USDC has lost since the collapse of FTX and cryptocurrencies. At the time of writing, the stablecoin is trading around $0.95.
According to some netizens, another cryptocurrency campaign regarding the USDC would offer to invest tokens in trading in exchange for high returns. Caution is therefore recommended.
Fake after-sales services are swarming
Meanwhile, another type of phishing is said to have recently appeared in the industry. This would pretend to be the customer support teams of major exchange platforms or crypto wallets.
According to Beeping Computer, Coinbase or even MetaMask would be particularly affected by the phenomenon. The principle is simple: Cybercriminals send users an email asking them to confirm a transaction. Victims, who wish to stop this unexpected transfer of their assets, then click a verification link which is supposed to redirect them to an authentication form. Then follows a real procedure that will allow the perpetrators of the prank to collect the information and then use it to empty the wallet of their victim.
Any credentials entered in this step will always be stolen by threat actors. The page then goes to a prompt asking for the 2FA code needed to access the account. Attackers test credentials entered on the legitimate website, triggering a 2FA code to be sent to the victim, who then enters a valid 2FA code on the phishing site. The threat actors then attempt to use the entered 2FA code to log into the victim’s account as long as they act before the time expires.
Extract from Beeping Computer’s Phishing Campaign report
To maximize their chances, the criminals then send the victim to a fake customer support page with a help chat run not by a Coinbase or Metamask employee, but by the scammer himself. By demanding that the account be blocked following an authentication error, it encourages the user to transmit their information and password before accessing the crypto wallet area.
Polkadot acts on its scale against crypto scams
While some companies are still trying to protect themselves by warning their community, Polkadot seems to be stepping up a gear. The project team, in fact, wants to involve its users in the hunt for scams, with a reward up for grabs. In a press release, he announced the establishment of a USDC bounty system that will be paid out to all users fighting against crypto scams.
The bounty encourages the community to detect and remove fraudulent sites, as well as other types of scams, such as fake social media profiles and phishing apps. The bounty will also be paid to create educational materials for users, to bring wallet, exchange and antivirus companies into the fold by integrating our phishing repository, to protect our Discord servers from raids, and to create an anti-scam dashboard.
Extract from Polkadot press release
The different levels of action will then be verified and validated by the community, in order to make it an autonomous initiative. Time will tell if the latter will have been effective over time. Meanwhile, mistrust remains in place for the entire crypto sphere.
All information on our website is published in good faith and for general information purposes only. Any action you take based on information found on our website is entirely at your own risk.