A new wave of crypto scams has emerged, with attackers using fake X accounts to impersonate popular influencers and lure unsuspecting users into fraudulent Telegram groups.
Users are then manipulated into installing malware that compromises crypto wallet data.
Scammers Go Beyond Simple Phishing Scams
According to blockchain security firm Scam Sniffer, scammers comment on legitimate posts, luring users with offers of exclusive investment information and “alpha” advice. Once people join these Telegram groups, they are immediately asked to undergo a verification process through a bot called OfficiaISafeguardBot.
The bot creates a false sense of urgency and pushes users to quickly complete the verification. However, this seemingly harmless step is a trap: upon completing the verification, the bot injects malicious PowerShell code into the user’s clipboard. When executed, the code downloads malware designed to compromise the system and steal sensitive data, including crypto wallet information.
Scam Tracker saying that VirusTotal has flagged the malware as harmful, and that previous cases of similar attacks have resulted in the theft of private keys, resulting in significant financial losses.
“This represents a new evolution in crypto scams: it goes beyond simple phishing to combine social engineering with malware. Stay alert and share this to protect others.”
Rampant scams
Last month, Casa CEO Nick Neuman shared a harrowing story of a phishing scam targeting him. In a post on X, Neuman described a call he received from a scammer posing as a Coinbase support agent. The scammer claimed that Neuman’s password change request had been canceled and encouraged him to click on a link in a suspicious email.
When Neuman began to interrogate the scammer, they dropped the act and revealed the true nature of the operation. The scammer bragged about recently stealing $35,000 from a victim and made it clear that the scam is only targeting wealthy crypto investors.
More recently, a cryptocurrency user under the pseudonym “LeftsideEmiri” reported losing $300,000 due to a social engineering attack. According to the user, the attack began when he received a message containing a link to a KakaoTalk conversation, which was supposedly for a partner meeting. Although the link appeared broken, the user clicked on it believing it to be harmless.
In retrospect, they suspect that clicking the link triggered the installation of malware, which compromised their Ethereum and Solana wallets, along with several other wallets. The user made it clear that he had not approved or signed any transactions, indicating that the attack was covert and took advantage of social engineering techniques to steal funds.
Binance Free $600 (CryptoPotato Exclusive) – Use this link to register a new account and receive an exclusive welcome offer of $600 on Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit: Use this link to register and open a FREE $500 position in any coin!
