The rise of cyberattacks continues to challenge the crypto industry, with hackers constantly refining their tactics. A new wave of scams targeting industry professionals via LinkedIn has come to light, showing the growing sophistication of these malicious schemes.
On December 28, Web3 security expert Taylor Monahan exposed a social media-based scam designed to distribute wallet-emptying malware. These cybercriminals pose as recruiters from reputable companies, using professional platforms and tools to build trust and lure victims.
How the LinkedIn Crypto Scam Unfolds
Attackers start by creating fake LinkedIn profiles that appear trustworthy. They then initiate casual conversations, claiming to represent well-known companies and offering attractive job opportunities. This tactic often succeeds in engaging even those who are not actively seeking employment.
To further their deception, scammers use legitimate tools such as the video interview platform Willo, which is often used by established crypto companies. Victims are given detailed job descriptions and interview questions, which add an air of professionalism. They are then instructed to record their responses on video. However, the platform deliberately blocks the camera and microphone, citing technical issues.
At this stage, the scam escalates. Victims are directed to a “How to Fix” link containing harmful instructions. Following these steps compromises their devices. Once executed, victims unknowingly allow scammers to gain control, potentially emptying their crypto wallets.
If you follow their instructions, you’re screwed. They vary depending on whether you’re on Mac/Windows/Linux. But once you do, Chrome will prompt you to update/restart to ‘fix the problem.’ It’s not fixing the problem. It’s completely screwing you, Monahan said.
It was unclear how much these scams stole from crypto users at the time of publication. However, this scheme mirrors past incidents, including a high-profile attack that targeted employees of Ginco, a Japanese crypto wallet software company. Hackers reportedly stole $305 million worth of Bitcoin from the DMM Bitcoin exchange using these social engineering techniques.
The breach, investigated by the FBI, Japan's National Police Agency and the Department of Defense's Cybercrime Center, highlighted the growing threats on platforms like LinkedIn.
While LinkedIn has taken significant steps to combat fake accounts, the challenges remain substantial. In its 2024 fraud report, the platform revealed that more than 80 million fake profiles were removed in just six months. Automated systems blocked 94.6% of these accounts, either upon registration or through proactive restrictions.
The article Hackers Use LinkedIn to Scam Crypto Users appeared first on BeInCrypto Brasil.