Hackers launch 'poison' to steal users' cryptocurrencies

With cryptocurrencies increasing in price and more and more people pouring money into investments, the crypto market becomes a "fertile ground" for hackers. Many crypto holders have lost a large amount of money after being tricked by hackers.

Recently, security research firm Check Point Research has warned about a new form of fraud targeting cryptocurrency holders globally, including Vietnam. Accordingly, hackers will create fake websites or extensions (browser extensions), with the same interface as websites or extensions of popular cryptocurrency wallets, such as Phantom App, MetaMask or PancakeSwap…

Not stopping there, hackers will spend money to buy ads on Google to bring their phishing sites to the top of the search list. Many people who do not double-check the website link mistakenly visit fake websites, instead of the real website of cryptocurrency wallets.

On this fake website, there will be a dialog box to ask the user to log in to the e-wallet account. Many users who did not recognize the fake websites did not hesitate to fill in the login information, then enter the OTP password confirmation code (issued through the smartphone application) to log in to the e-wallet account.

In just a short time, hackers will use these logins (including OTP codes) to access users' e-wallets and steal all the cryptocurrencies contained therein.

In case the victim visits a fake website and creates a new e-wallet, they will be issued a Recovery Phrase (account recovery phrase, which is a 12-word string of English words that users can use to log in). to e-wallets on any device). In case the victim uses this account recovery phrase to log in, they will log into the hacker's account and any funds transferred there will actually be transferred to the hacker's digital wallet.

According to research by security experts Check Point Research, within the last few days, hackers have stolen more than $500,000 worth of cryptocurrency globally thanks to this scam.

On cryptocurrency trading groups in Vietnam, many people have also reflected that they lost all their crypto in their wallets because of the same "tricks" as Check Point Research warned.

Due to the anonymity of crypto-currency interfaces, it is impossible to identify the scammers and steal money from e-wallets, so the victims have to accept the loss of their funds. without being able to identify the culprit.

"I believe we are facing a new cybercrime trend where scammers will use Google's search engine as a means of attack, instead of email phishing like before," Oded Vanunu said. , said Check Point's Director of Vulnerability Research. "According to our observations, every hacker ad on Google is carefully keyword-selected to stand out in the search results. The phishing sites are meticulously designed and identical to each other. real website".

"I urge the crypto community to carefully check the links of the websites they visit to avoid being trapped by hackers at this time," Vanunu added.

Check Point Research's findings set off alarm bells about the quality of ads on Google, as the search engine didn't thoroughly censor the content advertised on its site.

After Check Point published a report on the cryptocurrency scam, Google immediately removed the ads of the fraudulent websites.

"This behavior violated our policies, and we immediately removed the advertising content and suspended the offending ad accounts. We are always adjusting our operating mechanisms to prevent it. these violations," a Google representative said.

According to a study by GOBankingRates, a website dedicated to rating banking and financial services, 2020 was a record year for crypto-related scams, with more than 26,500 reported scams, causing victims to lose more than 419 million USD. The number of crypto-related scams tends to continue to increase sharply in 2021. According to a survey by financial consulting firm Motley Fool, in the first quarter of 2021 alone, there were 14,079 scams. related to cryptocurrencies recorded in the US alone, causing victims to lose more than 215 million USD.

Jessica Tanner

Update 24 November 2021