Kaspersky Exposes Global Cryptocurrency Phishing Campaign, Offers Insights and Security Measures

Kaspersky has uncovered a large-scale phishing campaign targeting cryptocurrency users globally, highlighting the increasing risks associated with cryptocurrencies. With over 85,000 scam emails detected in spring 2023, the report reveals the intricacies of attacks on hot and cold wallets. Kaspersky recommends security measures such as purchasing from official sources, inspecting hardware wallets, verifying firmware, securing seed phrases, and using strong passwords.

KUALA LUMPUR, 6 July 2023 – Kaspersky, a leading cybersecurity company, has unveiled a widespread phishing campaign targeting cryptocurrency users worldwide. The campaign demonstrates the evolving tactics employed by cybercriminals, reflecting the growing appeal of cryptocurrencies. With over 85,000 scam emails detected and neutralized by Kaspersky during spring 2023 alone, the company has released an in-depth report shedding light on the intricacies of these attacks and emphasizing the differences between hot and cold cryptocurrency storage methods.

As the number of cryptocurrency wallet owners surpasses 400 million globally, according to Crypto.com, the surge in popularity of hot wallets is attributable to their ease of accessibility. Online storage services, including crypto exchanges and dedicated apps, have become prime targets for cybercriminals due to their constant internet connectivity.

Example of a phishing email targeting Coinbase users

Phishing attacks aimed at hot wallet users typically employ relatively simple tactics, preying on non-technical individuals. Malicious actors impersonate reputable crypto exchanges through fraudulent emails, urging users to verify transactions or confirm the security of their wallets. Unsuspecting victims who click on the links are directed to fake web pages that prompt them to enter their seed phrases – vital elements for wallet recovery. By gaining access to the seed phrase, scammers can seize control of victims’ wallets and transfer funds to their own accounts.

In contrast, cold wallets are entirely offline storage systems, such as dedicated devices or private keys written on paper. Hardware wallets, a prevalent type of cold wallet, have gained popularity among users safeguarding substantial cryptocurrency holdings due to their enhanced security measures. However, Kaspersky researchers recently uncovered a targeted phishing campaign specifically designed to exploit cold wallet owners. This campaign initiates with an email impersonating Ripple, a prominent cryptocurrency exchange, enticing recipients with the promise of participating in an XRP token giveaway.

Example of a fake Ripple blog

Instead of redirecting victims to a phishing page, scammers employ a more sophisticated technique by creating a deceptive blog post that mimics the design of the Ripple website. This blog offers users the opportunity to enter an XRP token giveaway by following a specified link. After following the link to a fake Ripple page using a domain name closely resembling the official Ripple domain (a Punycode phishing attack), victims are prompted to connect their hardware wallets, such as Trezor or Ledger, to the scam website. This interaction allows scammers to gain access to victims’ accounts and execute fraudulent transactions.

Trezor Connect: confirming the connection to the scam site

During spring 2023, Kaspersky’s antispam solutions successfully detected and blocked over 85,000 scam emails targeting cryptocurrency users. The campaign peaked in March with more than 34,000 intercepted malicious messages. Kaspersky continued safeguarding cryptocurrency users in April and May, thwarting approximately 19,902 and 30,816 scam emails, respectively.

Commenting on the situation, Roman Dedenok, a security expert at Kaspersky, stated, “We are witnessing a significant surge in the popularity of cryptocurrencies, necessitating user vigilance and the implementation of robust security measures to protect digital assets. It is crucial to verify the authenticity of the sender and exercise caution before clicking on any links or providing sensitive information.”

To read the full report on the cryptophishing campaign, visit Securelist.com.

In order to ensure the safety of crypto assets, Kaspersky experts recommend the following measures:

  • Purchase from official sources: Only buy hardware wallets from trusted sources, such as the manufacturer’s website or authorized resellers.
  • Inspect your wallet: Before using a new hardware wallet, scan it for any signs of tampering.
  • Verify the firmware: Always ensure that the firmware on the hardware wallet is legitimate and up to date. Check the manufacturer’s website for the latest version- Secure your seed phrase: When setting up your hardware wallet, securely store and protect your seed phrase. Consider using a reliable security solution like Kaspersky Premium to safeguard your crypto details stored on your mobile device or PC.
  • Use a strong password: If your hardware wallet allows for a password, choose a strong and unique one. Avoid using easily guessable passwords or reusing passwords from other accounts. Consider utilizing Kaspersky Password Manager for effective and secure password management.

Author: Terry KS

Share This Post On