Hackers making money on cryptocurrency scams.
As cryptocurrency continues to boom in 2018, scammers are using cryptocurrency giveaway scams. Researchers observed a rise in these scams, which target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency. The scams peaked which peaked in April, are an easy way for hackers to prey on the hype around cryptocurrency, with one ohacker making more than $21,000. The success of this scam shows that hackers continue to look for new ways to exploit hot commodities like cryptocurrencies.
The scams typically start with a tweet or an email, which baits potential victims to send cryptocurrency to a wallet with the promise that more will be sent back. The tweets may have things like "There's an ongoing promotion by Ethereum that just started! I also wanted to share this awesome news! I've personally received 92 ETH after just sending 9.2 ETH!" Scammers are laying the social media groundwork. They will create fake Twitter accounts impersonating exchanges, developers, and celebrities to try to further intice potential victims to click. When a user clicks the link or enters the URL from the image, they are taken to a landing page prompting them to send a certain amount of cryptocurrency to a payment address.
The template creates an air of legitimacy by showing a number of fake transactions, falsely suggesting that large amounts of coins are being sent back to those who send small amounts of coins to the scammer's wallet. In some cases, scammers do not promise rewards but instead emulate crowdfunding models like a page promising to help free Julian Assange. When researchers investigated some of the wallet addresses associated with the scam, they found that some are growing and do not reflect the "giveaway" nature of the intended interaction. Typically, a scammer will also use a new wallet for each scam but some reuse of accounts have been seen. In one case, researchers followed an Ethereum wallet that appeared 10 times in their data. The scammer closed the wallet on May 5, collecting $21,700 in earnings.
When earching through the wallet transactions, it appears that the scammers may have better luck phishing with Ethereum as opposed to Bitcoin. Researchers continue to monitor these scams since cryptocurrency values are rebounding again. Users should be careful against these types of scams. If it seems to good to be true, it probably is. The prospect of almost free cryptocurrency and new approaches to social engineering, mainly by hijacked conversations on social media platforms, are proving too tempting for many victims.