One of the leading causes of loss of crypto assets is the download of fake wallet applications from search engines.
Fraudsters take advantage of search engine optimization (SEO) and search engine marketing (SEM) techniques to promote phishing links that lead to counterfeit wallet apps with malicious backdoors, Bitrace said in a recent post.
These fake apps closely resemble legitimate ones in terms of appearance and usage experience, making it easy for unsuspecting users to fall victim.
Once the user synchronizes their mnemonic phrase or deposits assets into the fake wallet, their tokens are lost forever.
A prime example of this type of scam is the fake Bitpie wallet.
A simple search for “Bitpie wallet” yields numerous phishing links on the first page of search engine results.
While the fake wallet’s website may appear identical to the legitimate one, a closer examination reveals inconsistencies in the URL, exposing its fraudulent nature.
Scammers Use Clipboard Hijacking to Steal Cryptos
Another tactic used by malicious actors to steal coins is clipboard hijacking.
This classic attack involves gaining control of a victim’s computer clipboard and replacing copied cryptocurrency addresses with malicious ones.
Cryptocurrency investors commonly use the Telegram messaging app, which fraudsters exploit by embedding malicious code into fake versions of the app.
Through social engineering techniques, attackers convince users to download or update the fake app.
When a user pastes a blockchain address into the chat box, the malware identifies it and replaces it with a malicious address.
As a result, unsuspecting individuals inadvertently send funds to the attacker’s address, unaware of the scam.
In addition to these targeted attacks, cryptocurrency investment frauds often entice users with promises of high returns and low risks.
One such scheme is liquidity staking arbitrage, where users recharge a certain amount of cryptocurrency into a wallet with the expectation of earning a stable income.
However, these websites often embed malicious code in their smart contracts, allowing hackers to gain control of users’ tokens and steal their funds at any time.
To enhance credibility, scammers even ask users to download well-known wallets like OKXweb3 and Trust Wallet.
However, it is essential to remember that wallet services are permissionless, and downloading a reputable wallet does not guarantee the safety of one’s assets.
Users Lost Over $330 Million to Crypto Hacks in Q3
The crypto space has been plagued by a series of hacks and scams since the start of the year, particularly in the third quarter of 2023.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.
One notable event was the Mixin Network attack on September 23. The Hong Kong-based decentralized cross-chain transfer protocol suffered a substantial breach, resulting in a loss of $200 million due to a breach of its cloud service provider.
Another major incident occurred on September 12, when CoinEx, a cryptocurrency exchange, experienced a suspected attack following a substantial outflow from four of its hot wallets. This breach led to losses exceeding $53.1 million across the hot wallets.