Impersonation scams and phishing emails plague the cryptocurrency industry at almost every level.
The latest is a Tuesday, Jan. 23 attack targeting the mailing lists of Wallet Connect, Token Terminal, Cointelegraph and other prominent crypto-related firms via their email provider, MailerLite.
According to research conducted by crypto sleuth ZachXBT, the perpetrators of the crime enriched themselves to the tune of $580,000 in just a few short hours.
Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.
— ZachXBT (@zachxbt) January 23, 2024
~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh
On Jan. 23, a coordinated phishing attack hit the mailing lists of multiple high-profile crypto firms, including Cointelegraph. It is understood the affected firms used the same mailing list provider, and the issue is now under investigation.
This sophisticated attack was personalized to the readership of each mailing list, although certain aspects of the crime were the same in every instance. The consistent element in each attack was an invitation to participate in an airdrop via a link in the email.
For the record, Cointelegraph does not issue airdrops of any kind.
In the case of Cointelegraph, the scammers claimed the airdrop was part of “10th Anniversary” celebrations. On Token Terminal, the offer was described as a “Beta Early-Access Airdrop.” At WalletConnect, it was dubbed a “Web3 Inbox Airdrop.”
In another example, scammers took the time to compose a fake news article under the name of a real Cointelegraph reporter. The scam report purported that Amazon was conducting a token sale and encouraged users to follow a link to where the could receive free rewards in exchange for their participation.
Recent: Making Vitalik Buterin’s cypherpunk dream for Ethereum a reality
Scammers took great lengths to pass off the site as legitimate, complete with ads and copies of actual Cointelegraph articles. They also emulated Cointelegraph’s domain address with the closely worded “cointelegraph.blog.”
In all cases, the basic anatomy of the scam was the same: click the link to collect free money. In reality, the only free money was for the scammers who proceeded to drain victims’ wallets.
Sadly, phishing attempts in crypto are all too common an affair. For the most part, scammers attempt to spoof the email addresses of well-known brands and personalities, often leaving telltale signs of forgery. In this instance, the emails appeared to come from genuine sources, making the con game much harder to detect.
But even with the sophistication of this attack, the criminals made basic errors in executing their crimes, offering additional clues the emails were fake.
Impersonators lurk elsewhere too
Emails are not the only domain of impersonation scammers. The criminals are highly prolific on social media sites, including X.
Sometimes, impersonators pretend to be brands or blockchains. On other occasions, they assume the identities of famous crypto personalities.
MicroStrategy co-founder Michael Saylor is a particular case in point. Saylor is one of the most prolifically impersonated individuals on social media. Earlier this month, Cointelegraph reported that Saylor’s team works to remove around 80 AI-generated fake videos of him daily.
The issue prompted Saylor to take to X and remind his followers, “There is no risk-free way to double your #bitcoin.”
⚠️ Warning ⚠️ There is no risk-free way to double your #bitcoin, and @MicroStrategy doesn't give away $BTC to those who scan a barcode. My team takes down about 80 fake AI-generated @YouTube videos every day, but the scammers keep launching more. Don't trust, verify. pic.twitter.com/gqZkQW02Ji
— Michael Saylor⚡️ (@saylor) January 13, 2024
The faked videos are launched from a deluge of accounts purporting to be the MicroStrategy founder — a search for Michael Saylor on the platform borders on the outright absurd. A casual observer could be forgiven for thinking that Michael Saylor is to X what Agent Smith is to The Matrix.
In the case of Saylor’s deepfake videos, the scammers invited users to scan a barcode, but for the most part, impersonation scammers ask users to click on a link and participate in an airdrop. Airdrops are common among impersonation scammers, so their mention should always raise alarm bells.
Google ad scams
In April 2023, Contelegraph ran a story on another form of common online impersonation.
Decentralized finance protocols, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance and Radiant were among the sites scammers impersonated.
The scammers used Google ads to promote the sites, pushing them to the top of the search listings. With only slight URL changes, users were unaware they had traveled to the wrong site. With guards lowered, users then approved wallet login signature requests, exposing their crypto to scammers.
On-chain analysis by the anti-scam platform ScamSniffer showed that scammers collected a bounty of over $4 million in just one month. The cost of advertising over the period was a mere $15,000, providing a tidy return for their efforts.
The funds were then siphoned to various coin mixers to obfuscate where the money came from.
Human weakness
Impersonation scammers rely on human weaknesses to make a quick buck. Fear, greed, complacency and laziness are the frailties they exploit.
Recent: Crypto community speculates about Bitcoin transfer to Satoshi’s genesis block
Fortunately, there are good ways to protect yourself from most of these. First and foremost, take your time. There’s almost nothing on the internet you can do quickly that you can’t do better slowly, with a little bit of cautious skepticism.
Second, carefully verify websites and social media pages to ensure you are dealing with a genuine article. Use bookmarks where possible; at the very least, don’t click on sponsored links. Lastly, if something sounds too good to be true, it probably is.