A phishing campaign targeting cryptocurrency users across the globe was unearthed by Kaspersky. The scheme showcases the ever-evolving tactics used by cybercriminals, reflecting cryptocurrency’s increasing appeal.
During European Spring (March – May) in 2023 alone, over 85,000 scam emails containing both hot and cold wallets were detected. This nefarious campaign reached its peak in March, with more than 34,000 intercepted malicious messages. A report revealing the intricacies of these two distinct email attack techniques highlights the difference between hot and cold cryptocurrency storage methods.
With over 400,000,000 cryptocurrency wallet owners globally, the spike in popularity of hot wallets come from their accessible nature. Online storage services like crypto exchanges and dedicated apps have become prime targets for cybercriminals.
Phishing attacks aimed at hot wallet users typically employ relatively simple tactics, often exploiting non-technical individuals. Fraudulent emails impersonate crypto exchanges, urging users to validate transactions or reconfirm wallet security.
The links redirect unsuspecting victims to fake web pages that actively prompt them to enter their seed phrase, which is an essential element for wallet recovery. By gaining access to the seed phrase, scammers can seize control of the victim’s wallet and transfer funds to their own accounts.
In contrast, cold wallets are entirely offline storage systems, like a dedicated device or a private key jotted down on paper. Hardware wallets are a prevalent type of cold wallet. They have garnered favor among users storing substantial cryptocurrency holdings due to their enhanced security measures.
However, Kaspersky researchers recently discovered a targeted phishing campaign specifically tailored to exploit cold wallet owners. Initiating the campaign, an email masquerades as a prominent cryptocurrency exchange, Ripple, enticing recipients with the promise of participating in an XRP token giveaway.
“We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets. It is crucial to verify the authenticity of the sender and exercise caution before clicking on any links or providing sensitive information,” states Dedenok, a security expert at Kaspersky.
Instead of directing victims to a phishing page, scammers employ a more sophisticated technique by creating a deceptive blog post that mimics the Ripple website’s design. The blog offers users the chance to enter a giveaway of XRP tokens, the platform’s internal cryptocurrency, by following a specified link. Scam victims visiting a fake Ripple page resembling the official domain are prompted to connect hardware wallets to the site.
This interaction allows scammers to gain access to victims’ accounts and initiate fraudulent transactions.