When it comes to cryptocurrency-related cyberattacks, bad actors have seemingly reduced the use of traditional financial threats such as banking PC and mobile malware, and instead have shifted their focus to phishing.
Russian cybersecurity and anti-virus provider Kaspersky revealed that cryptocurrency phishing attacks witnessed a 40% year-on-year increase in 2022. The company detected 5,040,520 crypto phishing attacks in the year as compared to 3,596,437 in 2021.
A typical phishing attack involves reaching out to investors via fake websites and communication channels that mimic the official companies. Users are then prompted to share personal information such as private keys, which ultimately provides attackers with unwarranted access to crypto wallets and assets.
While Kaspersky could not predict if the trend would increase in 2023, phishing attacks continue the momentum in 2023. Most recently, in March, hardware cryptocurrency wallet provider Trezor issued a warning against attempts to steal users’ crypto by tricking investors into entering their recovery phrase on a fake Trezor site.
In a survey conducted by Kaspersky in 2022, one out of seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks predominantly involve giveaway scams or fake wallet phishing pages, attackers continue to evolve their strategies.
According to Kaspersky, “crypto still remains a symbol of getting rich quick with minimal effort,” which attracts scammers to innovate their techniques and stories to lure in unwary crypto investors.
Related: 5 sneaky tricks crypto phishing scammers used last year: SlowMist
Arbitrum investors were recently exposed to a phishing link via its official Discord server. A hacker reportedly hacked into the Discord account of one of Arbitrum’s developers, which was then used to share a fake announcement with a phishing link.
#CertiKSkynetAlert
We are seeing reports that a phishing link has been posted in the @arbitrum Discord Server.
Do not click on any links until the team has confirmed they’ve regained control of the server.#Phishing #Discord
Stay vigilant! pic.twitter.com/XoqHmOXGeV— CertiK Alert (@CertiKAlert) March 25, 2023
Cointelegraph accessed the phishing link to find that it redirects users to a blank website with the text “Astaghfirullah,” which translates to “I seek forgiveness in God.“ According to Wiktionary, the term can also be used to express disbelief or disapproval.
Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them