Crypto is rife with impersonation scams, don’t let them steal your money

If something sounds too good to be true, it probably is.
If something sounds too good to be true, it probably is.

Impersonation scams and phishing emails plague the cryptocurrency industry at almost every level. 

The latest is a Tuesday, Jan. 23 attack targeting the mailing lists of Wallet Connect, Token Terminal, Cointelegraph and other prominent crypto-related firms via their email provider, MailerLite.

According to research conducted by crypto sleuth ZachXBT, the perpetrators of the crime enriched themselves to the tune of $580,000 in just a few short hours.

On Jan. 23, a coordinated phishing attack hit the mailing lists of multiple high-profile crypto firms, including Cointelegraph. It is understood the affected firms used the same mailing list provider, and the issue is now under investigation.

This sophisticated attack was personalized to the readership of each mailing list, although certain aspects of the crime were the same in every instance. The consistent element in each attack was an invitation to participate in an airdrop via a link in the email.

For the record, Cointelegraph does not issue airdrops of any kind.

In the case of Cointelegraph, the scammers claimed the airdrop was part of “10th Anniversary” celebrations. On Token Terminal, the offer was described as a “Beta Early-Access Airdrop.” At WalletConnect, it was dubbed a “Web3 Inbox Airdrop.”

In another example, scammers took the time to compose a fake news article under the name of a real Cointelegraph reporter. The scam report purported that Amazon was conducting a token sale and encouraged users to follow a link to where the could receive free rewards in exchange for their participation. 

Recent: Making Vitalik Buterin’s cypherpunk dream for Ethereum a reality

Scammers took great lengths to pass off the site as legitimate, complete with ads and copies of actual Cointelegraph articles. They also emulated Cointelegraph’s domain address with the closely worded “cointelegraph.blog.”

In all cases, the basic anatomy of the scam was the same: click the link to collect free money. In reality, the only free money was for the scammers who proceeded to drain victims’ wallets.

Sadly, phishing attempts in crypto are all too common an affair. For the most part, scammers attempt to spoof the email addresses of well-known brands and personalities, often leaving telltale signs of forgery. In this instance, the emails appeared to come from genuine sources, making the con game much harder to detect.

But even with the sophistication of this attack, the criminals made basic errors in executing their crimes, offering additional clues the emails were fake.

Impersonators lurk elsewhere too

Emails are not the only domain of impersonation scammers. The criminals are highly prolific on social media sites, including X.

Sometimes, impersonators pretend to be brands or blockchains. On other occasions, they assume the identities of famous crypto personalities.

MicroStrategy co-founder Michael Saylor is a particular case in point. Saylor is one of the most prolifically impersonated individuals on social media. Earlier this month, Cointelegraph reported that Saylor’s team works to remove around 80 AI-generated fake videos of him daily.

The issue prompted Saylor to take to X and remind his followers, “There is no risk-free way to double your #bitcoin.”

The faked videos are launched from a deluge of accounts purporting to be the MicroStrategy founder — a search for Michael Saylor on the platform borders on the outright absurd. A casual observer could be forgiven for thinking that Michael Saylor is to X what Agent Smith is to The Matrix.

Saylor impersonators on X: Source: X

In the case of Saylor’s deepfake videos, the scammers invited users to scan a barcode, but for the most part, impersonation scammers ask users to click on a link and participate in an airdrop. Airdrops are common among impersonation scammers, so their mention should always raise alarm bells.

Google ad scams

In April 2023, Contelegraph ran a story on another form of common online impersonation.

Decentralized finance protocols, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance and Radiant were among the sites scammers impersonated.

The scammers used Google ads to promote the sites, pushing them to the top of the search listings. With only slight URL changes, users were unaware they had traveled to the wrong site. With guards lowered, users then approved wallet login signature requests, exposing their crypto to scammers.

On-chain analysis by the anti-scam platform ScamSniffer showed that scammers collected a bounty of over $4 million in just one month. The cost of advertising over the period was a mere $15,000, providing a tidy return for their efforts.

The funds were then siphoned to various coin mixers to obfuscate where the money came from.

Human weakness

Impersonation scammers rely on human weaknesses to make a quick buck. Fear, greed, complacency and laziness are the frailties they exploit.

Recent: Crypto community speculates about Bitcoin transfer to Satoshi’s genesis block

Fortunately, there are good ways to protect yourself from most of these. First and foremost, take your time. There’s almost nothing on the internet you can do quickly that you can’t do better slowly, with a little bit of cautious skepticism.

Second, carefully verify websites and social media pages to ensure you are dealing with a genuine article. Use bookmarks where possible; at the very least, don’t click on sponsored links. Lastly, if something sounds too good to be true, it probably is.