Hackers have found a new way to scam crypto professionals on LinkedIn by pretending to be recruiters from well-known companies and spreading malware that drains victims’ wallets. These cybercriminals use legitimate tools, such as video interview platforms, and provide convincing job materials to build trust.
Despite LinkedIn’s efforts to remove millions of fake profiles, the platform struggles to stop these advanced scams. The increasing sophistication of such attacks remains a major concern for the crypto industry. On December 28, Web3 security expert Taylor Monahan revealed how scammers are targeting professionals through LinkedIn with wallet-draining malware.
The scammers create fake LinkedIn profiles that appear trustworthy and reach out to users with casual messages. They claim to represent established companies, offering job opportunities that seem too good to pass up. Many victims are drawn in, even if they aren’t actively looking for new roles. To seem more credible, these attackers use professional tools like the Willo Video platform, often used by crypto companies. They provide detailed job descriptions and interview questions, asking victims to record video responses. However, the platform shows fake technical issues, disabling the camera and microphone.
At this point, the scam escalates. Victims are directed to a link with supposed troubleshooting instructions, which actually infects their devices. Once victims follow these steps, hackers gain control over their systems. The attack often includes a fake Chrome update, which, instead of fixing the problem, compromises the victim further. As Monahan explained, “If you follow their instructions, you are fked. They vary depending on your system, but once you do it, Chrome will prompt you to update. It’s not fixing the issue; it’s fully fking you.”
The exact amount stolen through these scams remains unknown. However, the method resembles earlier incidents, such as an attack on employees of Ginco, a Japanese crypto wallet company. Hackers stole $305 million in Bitcoin from the DMM Bitcoin exchange using similar social engineering techniques. The FBI, Japan’s National Police, and the Department of Defense Cyber Crime Center investigated this breach, underlining the rising threats on platforms like LinkedIn.
While LinkedIn has made progress in tackling fake accounts, the challenge persists. The platform’s 2024 fraud report revealed that it removed over 80 million fake profiles in six months. Automated systems blocked 94.6% of these accounts during registration or shortly after. However, attackers continue to refine their methods, making it difficult to stop them completely.
This growing trend highlights the need for increased vigilance in the crypto industry. Professionals must remain cautious and verify the authenticity of recruiters and job offers. With hackers constantly evolving their tactics, staying informed is key to avoiding such traps.