New tricks in cryptocurrency scams: Disguising as newcomers to lure victims by leaking mnemonic phrases.
Kaspersky analyst Mikhail Sytnik recently pointed out that a new scam technique is circulating, where scam groups use new accounts to 'deliberately leak' the mnemonic phrases of cryptocurrency wallets in YouTube comment sections.
These scammers will pose as cryptocurrency newcomers, leaving comments under finance-related videos asking: How to transfer $USDT to another wallet while publicly revealing the complete mnemonic phrase.
This seemingly naive behavior is actually a carefully designed trap. When malicious actors attempt to use these mnemonic phrases to access wallets, they will find approximately $8,000 worth of $USDT (TRC20 token standard) inside. However, to transfer this $USDT, a small amount of $TRX (the native token of the Tron blockchain) must be paid as a fee.
Image source: Kaspersky Blog New tricks in cryptocurrency scams: Disguising as newcomers to lure victims by leaking mnemonic phrases.
Kaspersky analysts point out that when you transfer $TRX to the wallet to pay the fee, these $TRX will be immediately transferred to other wallets controlled by the scammers.
Only then will you realize that this 'bait wallet' is a multi-signature wallet that requires multiple authorizations to conduct transfer transactions, hence even if you pay the 'fee', trying to transfer $USDT will be in vain.
Also be cautious of scams in fake crypto KOL TG groups.
In addition to the scams on YouTube, blockchain security company Scam Sniffer has also revealed another type of scam conducted through Telegram.
Scammers will create fake X (formerly Twitter) accounts impersonating well-known figures in the crypto space, inviting users to join Telegram groups and claiming to provide investment insights.
Image source: X/ScamSniffer New tricks in cryptocurrency scams: Scammers impersonate crypto KOLs to create fake groups.
Once users join the Telegram group, they will be required to pass a verification through a bot called 'OfficiaISafeguardBot', but this is actually a 'fake verification bot' that injects malicious PowerShell code, causing you to download and execute malware, compromising your computer system and cryptocurrency wallet.
According to Scam Sniffer's observations, similar malicious software has led to several cases of private key theft. It is known that at least two victims lost over $3 million after clicking malicious links and signing transactions.
Since December this year, there have been an average of 300 fake crypto KOL X accounts per day, a significant increase compared to an average of 160 in November.
Kaspersky shares 3 tips to help you avoid cryptocurrency scams.
In the face of numerous cryptocurrency scam techniques, Kaspersky provides three important recommendations:
Even if you discover someone else's mnemonic phrase in the YouTube comment section or right in front of your door, do not attempt to access someone else's cryptocurrency wallet; the most basic preventive measure is to be an honest person.
Cryptocurrency holders should continuously pay attention to the latest trends in cryptocurrency scams to ensure they understand current threats. At the same time, it is crucial to install reliable protection software on their devices.
Any information provided by strangers should be double-checked. This is because scammers may disguise themselves as newcomers in the crypto world or pretend to be experienced trading experts.
Web3 security platform Cyvers also warns that during the end-of-year holiday season, due to increased online transaction volume, phishing attacks may surge, and users need to be more vigilant.
For more information on preventing cryptocurrency scams, please refer to our previously compiled (Cryptocurrency Scam Self-Rescue Guide).
[Disclaimer] The market has risks, and investments should be approached with caution. This article does not constitute investment advice; users should consider whether any opinions, viewpoints, or conclusions herein align with their specific circumstances. Invest at your own risk.
‘Seeing someone leaking a mnemonic phrase? Be careful, they might be scamming you! Kaspersky reveals new tricks in cryptocurrency scams’ This article was first published on ‘Crypto City’
