Airdrops Continue To Be A Regular Attack Vector For Cryptocurrency Phishing

You are currently viewing Airdrops Continue To Be A Regular Attack Vector For Cryptocurrency Phishing

Airdropping, the process of giving away free coins or tokens to wallet addresses to promote awareness of a new cryptocurrency has been a popular marketing stunt but has also opened the door for hackers to gain access to a wallet through phishing.

Hackers and cryptocurrency scammers are sending custom tokens that lure victims to visiting untrustworthy sites built for phishing to steal cryptocurrency from their wallets.

One cryptocurrency enthusiast and Solidity developer, going by the moniker, “Shegenerates”, has been vocal about the scams after she became a target herself.

In a tweet on Thursday, she wrote that someone sent her “airdropped” tokens supposedly worth $30,000, but in reality, it was a “sophisticated scam.”

Shegenerates broke down the process of the hacker to reporters with Motherboard.

“Scammers send a useless token, which can’t be rejected by the recipient due to the nature of blockchains. This kind of token “airdrop” has become a popular way for web3 projects to reward early users and investors when, say, a protocol launches a governance token.”

The token Shegenerates highlighted was named after a website, which is an unsual move.

According to Shegenerates, that website is a phishing site that asks victims for permission to access their Metamask crypto wallet. If the victim approves, then the scammers can drain their funds.

With the continuing rise of value of cryptocurrency, scams are on the rise. These scams are not only targeting crypto exchanges and companies, but also individual traders and those who own Bitcoin, Ethereum, or any other cryptocoin or token.

“We’re seeing an increasing number of phishing scams that attempt to take control of peoples’ web wallets. This one is novel because people are being sent (“airdropped”) tokens, and directed towards a website that claims to be a decentralized exchange,” said Tom Robinson, the co-founder of blockchain analysis firm Elliptic.

“The scam is luring them to a site where they’re told they can sell the tokens they’ve been given—but the site actually steals whatever is in their wallets.”

Interestingly, the scammer appears to have added their own liquidity to the token to make it look like it’s worth something when the victim attempts to swap it on a decentralized exchange like Uniswap.

According to Shegenerates, attempts to swap the tokens have resulted in failed transactions, which are posted to the blockchain forever and may indicate to scammers which victims are willing to interact with tokens of unknown provenance for a quick profit. It would also mean that the scammer would reap a fee reward in the event of a successful swap.

It’s unclear how many people have been targeted or have actually fallen for this scam. Jonathan Levin, the co-founder of blockchain monitoring firm Chainalysis, said that this kind of scam “is gonna be something hard to combat.”

In her tweets, Shegenerates warned people to never interact with tokens or smart contracts that get sent out of the blue, and to never go to custom websites that are specific to a token.

“If a token name has a domain name in it, that is a big red flag not to go to that website and get phished,” she wrote.

Protecting Your Cryptocurrency Against Phishing

Cryptocurrency and the blockchain stand to be a major driving factor in the technology of the future. However this popularity has attracted an element of cybercrime. There are several tools internet users should use to increase their online protection. One of these tools is SaferNet.

SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories

Typically, a user would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all internet users. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.

Leave a Reply