According to a report released by cybersecurity company Darktrace on Thursday, threat actors are using carefully designed social engineering schemes to target cryptocurrency users and drain their wallets. The company stated that these techniques are similar to those used by "Traffer Groups," which employ malware to steal credentials and data.
The social engineering scheme involves gaining user trust by impersonating representatives from fake startups in the AI, gaming, Web3, and social media industries. Compromised X accounts are often involved, and threat actors also supplement their fraudulent activities through Medium articles and GitHub entries.
"Each operation typically begins with the victim being contacted via X messages, Telegram, or Discord," the report stated. "The fake employees of the company reach out to the victims, asking them to test their software in exchange for cryptocurrency payments."
After users download the software, a Cloudflare verification bubble pops up, starting to extract information from the computer. At some point, the credentials for the cryptocurrency wallet are stolen. Reportedly, both Windows and Mac users have been targeted.
The scheme may be similar to the attacks involved in the Meeten event in December 2024. There are also other social engineering attacks targeting cryptocurrency users, including those allegedly orchestrated by certain organizations linked to North Korea.
Cryptocurrency scams, fraud, and theft are rampant in the industry, including schemes like "pig butchering" and "four-dollar wrench attacks." In some cases, they become more sophisticated, relying on social engineering, hacked X accounts, and internal fraud.
On July 7, authorities in Shenzhen, China, warned citizens to be cautious of illegal fundraising schemes, which are partly built around the "killer use case" of cryptocurrency: stablecoins. These organizations are reportedly often fronts for money laundering and online gambling, exploiting the public's limited understanding of certain aspects of cryptocurrency.
Cointelegraph has written about cryptocurrency scams to watch out for in 2025. These include malicious browser plugins claimed to be secure, tampered hardware wallets, and social engineering conducted through fake withdrawal websites.
On July 8, the U.S. Department of Justice unsealed indictments against two men, accusing them of operating a scheme that defrauded investors of over $650 million. Another scheme involved a fake cryptocurrency support scam that used psychological tactics to carry out the fraud.
Related: Death, Divorce, and Lost Keys: Inheritance Issues in Tokenized Real Estate
Original article: “Report: Threat Actors Using ‘Elaborate Social Engineering Scheme’ to Target Crypto Users”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
