New Types Of Cyberattacks Target Cryptocurrency Users

As the hype around cryptocurrency grows, more newbies (newcomers to crypto) are entering the space. Social media is exploding with influencers telling their followers to buy a new cryptocurrency coin. Crypto-YouTubers will shill for a new project that promises an x amount of returns if you buy the token. This creates an opportunity, for bad actors to find new victims who don’t really understand crypto.

Those who are new to the cryptospace may not fully understand the difference between a public address (where you receive crypto) and a private key (the digital wallet’s secret authorization code). Without having enough knowledge about holding crypto, users can be tricked to providing their private key instead of a public address in order to receive “free” crypto.

Many attacks originate from popular messaging applications like Whatsapp and Telegram. Others come from e-mail, whose addresses were likely obtained from data leaks (e.g. ). Bad actors are taking advantage of users who will believe what they read or watch in group messaging. An enthusiastic follower could lose all their money invested in something that probably is too good to be true.

Even more victims can be from major platform sources that include ads on popular streaming and video sites, where there are URLs that encourage people to visit. Once there, a message on the website will request users to deposit their crypto in order to make more crypto. If that doesn’t sound like a scam, then I don’t know what is.

Unfortunately, there are people who fall for this because the scammers use well known public figures (e.g. Vitalik Buterin of Ethereum or Elon Musk of Tesla) in their ads. Those personalities have nothing to do with the scam itself, but the scammers make it appear as if they were part of their project. This is by showing interview clips of the personalities talking, as if they were promoting the project.

Here are some tips for protection against scams and other attacks targeting crypto users:

  • Keep your private key a secret and never reveal it. If someone else obtains your private key, they can access your cryptocurrency. If someone tells you they need your private key to send you free Bitcoin, do not even bother to reply back.
  • Not everything you read on crypto social media or watch on crypto YouTube is real. Do your due diligence before anything else. If you hear a new token that will 1000x, make sure you research about it first. Some of these projects can either be or .
  • Giving another user crypto does not mean you get more crypto back. In reality, you just gave your money away. There is misinformation being spread by that pretends to be legit. One familiar scam claims that if you deposit let’s say 10 ETH (ether) you will earn back double or 20 ETH. They often use fake testimonies to draw more attention.
  • that target crypto users is becoming common. Hackers will send an e-mail or post a link on a public website or group, which users click. This installs a type of computer virus called , which can do nefarious things behind the scenes without the user ever finding out. This allows the malware to steal personal information, including passwords to cryptocurrency wallets. This is also a vector used for delivering another type of malware called .
  • Be careful where you deposit or send your cryptocurrency. Some websites impersonate real exchanges like . A hacker could target a user by pretending to be working for the company, by sending an e-mail to request the user to change their password. The trick is that the form will ask the user to also enter their old password, which is actually what the hacker wants.
  • Only install trusted wallets from app stores. There are many scam wallets our there, so make sure that the wallet you install has legitimate proof or is popular (e.g. , or ). Some fake wallets will steal your crypto and there is usually no way of getting it back, because the scammers quickly transfer your crypto elsewhere. This can become a long open investigation, so avoid it by using only legitimate sources. If not sure, ask users who have more experience with cryptocurrency.

Note: The information provided is for reference and educational purposes only. Do your own research always to verify facts.



Best practice and implementations for cybersecurity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vincent Tabora

Editor HD-PRO, DevOps, Cybersecurity, Blockchain, Software Development, Engineering, Photography, Technology