According to the latest report from analytics platform PhishLabs, the total volume of phishing attacks in the crypto industry in the first half of 2021 increased by 22 percent compared to the same period in 2020. At the same time, the activity of phishing scammers on cryptocurrency exchanges has grown sharply almost tenfold, which is a negative sign.
As a reminder, phishing is attacks that force the victim to disclose secret information to fraudsters. Usually, under the guise of companies or well-known persons, they send fake messages with a veiled request to share the aforementioned data on duplicate sites they have created in advance or simply in private messages in instant messengers.
First of all, scammers are interested in the so-called mnemonic phrases that users generate when creating accounts in cryptocurrency wallets. Since private keys are generated from these phrases, stealing them allows you to gain access to all the assets on the address.
Such phrases are needed, for example, to restore hardware wallets. However, you should never enter them on websites or in various applications – which, among other things, may turn out to be fake.
Sometimes fraudsters are interested in sensitive data such as passwords and logins. They are used to log into the accounts of cryptocurrency exchanges in order to then withdraw funds to their wallets. And it is this scheme that is most actively used by hackers now.
The problem of the cryptocurrency industry
It is noteworthy that a significant portion of phishing attacks take place on social networks, where cryptocurrencies are discussed. Moreover, more than half – 54.7 percent – of all attacks are a whole combination of different strategies of attackers, whether it is sending fake messages, fake draws of digital assets, and much more.
PhishLabs founder and CTO John LaCourt commented on the situation. Here is his remark, in which the expert shares his attitude to what is happening. The quote is from Decrypt.
Attackers continue to use phishing to steal confidential information. In addition, they are developing more sophisticated ways to interact with victims in the cryptocurrency space.
Accordingly, and although this tactic of stealing coins is old and well-known, scammers still use it. Nevertheless, sometimes it is quite difficult to distinguish a fake letter from a real message from a cryptocurrency exchange – especially if it arrives at night. Our colleague also fell for a similar trick.
Sometimes the consequences of phishing are more painful. For example, in September 2020, it became known about the loss of 1400 BTC by a cryptocurrency investor, who had been keeping them since 2017. He made a mistake and was using an old version of the cryptocurrency wallet. Read more about the story in a separate article.
According to sources, in the second quarter of 2021, the number of phishing attacks on cryptocurrency exchanges increased by an average of 13 percent. At the same time, analysts expect that the cryptoindustry “will continue to be subjected to aggressive attacks from fraudsters via social networks.” Here is an expert commentary.
As crypto markets develop, hackers’ approaches to compromising exchanges, asset owners and other participants in the cryptosphere are changing.
Fortunately, the anti-hacker trend is already making headway – thanks to the incident with the Colonial Pipeline attack, malware and phishing issues have begun to be actively discussed at the highest levels of the US government. PhishLabs is confident that it is government initiatives that will have a big impact on reducing the activity of fraudsters in the cryptosphere.
We believe that it will definitely not be possible to completely get rid of hackers and scammers in the cryptocurrency industry, so you need to be able to deal with them. In particular, be as careful as possible with all kinds of letters in your own e-mail and definitely not follow the links that strangers send in private messages on Telegram. Also, do not forget about reliable ways to protect your account on the exchange. It is better not to start money on trading platforms without two-factor authentication. In this case, it will be possible to at least minimize the possible amount of losses.