One of the main causes of loss of crypto assets is the downloading of fake wallet applications from search engines.
Fraudsters leverage search engine optimization (SEO) and search engine marketing (SEM) techniques to promote phishing links leading to fake wallet applications with malicious backdoors, Bitrace said in a recent post.
These fake apps closely resemble genuine apps in terms of appearance and user experience, making it easy for unsuspecting users to fall victim.
Once a user syncs their mnemonic phrase or deposits assets into a fake wallet, their tokens are lost forever.
A prime example of this type of fraud is fake Bitpie wallets.
A simple search for “Bitpie Wallet” yields many phishing links on the first page of search engine results.
Although the fake wallet website may appear identical to the real one, closer inspection reveals inconsistencies in the URL, thus revealing its fraudulent nature.
Fraudsters Use Clipboard Hijacking to Steal Crypto
Another tactic used by bad actors to steal coins is clipboard hijacking.
This classic attack involves gaining control of the victim's computer clipboard and replacing the copied cryptocurrency address with a malicious one.
Cryptocurrency investors typically use the Telegram messaging app, which fraudsters exploit by embedding malicious code into fake versions of the app.
Through social engineering techniques, attackers convince users to download or update fake apps.
When a user pastes a blockchain address into a chat box, the malware identifies it and replaces it with a malicious address.
As a result, unsuspecting individuals inadvertently send funds to the attacker's address, unaware of the fraud.
In addition to these targeted attacks, cryptocurrency investment scams often lure users with promises of high returns and low risks.
One such scheme is liquidity staking arbitrage, where users replenish a certain amount of cryptocurrency into a wallet in the hope of earning a stable income.
However, these websites often embed malicious code into their smart contracts, allowing hackers to gain control of user tokens and steal their funds at any time.
To increase credibility, fraudsters even ask users to download well-known wallets such as OKXweb3 and Trust Wallet.
However, it is important to remember that wallet services are permissionless, and downloading a reputable wallet does not guarantee the security of one's assets.
Users Lost Over $330 Million to Crypto Hacks in Q3
The crypto space has been hit by a series of hacks and scams since the start of the year, particularly in the third quarter of 2023.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and companies in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, around $332 million (Approximately IDR 5.2 Trillion) was lost due to various exploits, hacks and fraud throughout September, marking the highest month in crypto exploits.
One important event was the Mixin Network attack on September 23rd. A Hong Kong-based decentralized cross-chain transfer protocol suffered a major breach, resulting in losses of $200 million (Approx. IDR 3.1 Trillion) due to the breach against its cloud service provider.
Another major incident occurred on September 12, when CoinEx, a cryptocurrency exchange, suffered a suspected attack following massive outflows from four of its hot wallets. This breach caused losses exceeding $53.1 million (approximately Rp. 843 billion) across all hot wallets.
