Cyber Threats
An Investigation of Cryptocurrency Scams and Schemes
We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets worldwide.
The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency and non-fungible tokens (NFTs).
Trend Micro Threat Research has been keeping a close watch on cryptocurrency-related attacks that steal funds through a wide range of stealthy schemes. Using data gathered from Trend Micro™ Smart Protection Network™ (SPN), we investigate the different tactics used by fraudsters to steal assets from unsuspecting users. In our accompanying technical brief titled Keeping Assets Safe From Cryptocurrency Scams and Schemes, we discuss in detail the various mechanisms used by malicious actors.
Despite the plethora of tactics that the threat actors employ, our findings show that their motivation is two-fold: to obtain wallet authorization and steal the users’ mnemonic seed phrases.
The novelty of NFTs and the massive investments they have drawn globally have made them a lucrative target for scammers. For example, some fraudulent schemes involve the creation of counterfeit NFT trading platforms used as phishing sites. Threat actors also use airdropped NFTs as vehicles for phishing links and as a way to lead users to interact with malicious smart contracts. Some actors also create fake social media communities or fake chat groups on popular messaging platforms to reach out to NFT users under the guise of giving assistance. This scheme is meant to lure users into connecting their cryptocurrency wallets for the threat actors to obtain their mnemonic seed phrases and gain access to their cryptocurrency wallets. Malicious actors, who are known to use all possible channels, also resort to using regular spam emails that attempt to lure users into registering to spurious NFT and cryptocurrency trading platforms.
In a similar vein, malicious actors have gone the extent of exploiting users who sympathize with Ukraine following the Russian invasion by sending malicious links through an encrypted messaging app widely used in Eastern Europe. They urge users to download executable files purportedly to attack pro-Russian websites. The files, however, carry malware meant to steal cryptocurrency wallet information that actors can easily sell in the underground.
In total, we discovered 249 fake cryptocurrency wallet apps on Android and iOS that were used to steal funds worth over US$4.3 million. A key finding in our investigation is that the highly targeted nature of the attacks suggests the possibility that user information could have been leaked. These fake cryptocurrency wallets remain in circulation and are thus persistent threats.
Our technical brief provides a comprehensive list of security recommendations that we hope cryptocurrency users and incident responders will find useful.
Implications of the Rise in Cryptocurrency- and NFT-Related Scams
While there is enormous interest in the uses of cryptocurrency and NFTs, the potential gains also come with considerable risks that can lead to the permanent loss of assets.
From a cybercriminal’s point of view, the thriving cryptocurrency environment provides a plethora of opportunities to steal assets, what with its many users and platform vulnerabilities. Cybercriminals take advantage of the fact that cryptocurrency transactions are irreversible and that many cryptocurrency and NFT users do not have sufficient knowledge and experience to navigate the unregulated terrain safely.
It is therefore incumbent upon cryptocurrency and NFT users to arm themselves with the requisite information to ensure that they transact only with legitimate parties through official channels. Consistently observing cyber hygiene practices is also crucial to keeping threats in check.
NFT trading platforms and cryptocurrency service providers, on the other hand, have a long way to go insofar as establishing scam-proof channels for their users. Indeed, the provision of secure channels for safe transactions should not stay in the realm of the ideal. Rather, it must be an ongoing endeavor that takes time to establish. Ultimately, the complex nature of blockchain requires concerted efforts from all stakeholders — the cybersecurity community included — so that assets are kept safe from individuals and groups with ill intent.
With additional insights from Zhengyu Dong and Mickey Jin