The scam is part of a growing trend of sophisticated cyber threats, including a surge in scammers impersonating others on X and targeting Web3 workers with malware.
Scammers and other cybercriminals are now combining social engineering with fake Telegram verification bots to inject malware into unsuspecting computers that steals cryptocurrency.
In the ever-evolving landscape of cybercrime, this new development has left crypto and cybersecurity experts on high alert.
This sophisticated scam, unveiled by blockchain security firm Scam Sniffer, has already led to substantial losses and highlights the complex nature of modern cyber threats.
The scam works by creating counterfeit accounts on X (formerly Twitter) that impersonate popular crypto influencers. These scammers then lure followers into Telegram groups with promises of valuable investment insights and exclusive tips. Once users join the Telegram groups, they are prompted to verify their identities through a fake bot named "OfficiaISafeguardBot."
The deception is twofold: The bot creates a sense of urgency by enforcing short verification windows, compelling users to act quickly without fully thinking through the implications. Under this pressure, users are more likely to click on the verification prompt without scrutinizing it closely.
But what sets this scam apart is the technical sophistication behind it. The fake bot doesn't merely verify users; it also injects a malicious PowerShell code that downloads and executes malware, effectively compromising users' computer systems and crypto wallets in one move. This malware is designed to steal private keys from crypto wallets, and once these keys are taken, the victims' funds can be easily transferred to the scammers' control.
Scam Sniffer reported that numerous cases of private key theft have been linked to this specific scam, with at least two victims losing over $3 million each in cryptocurrency assets. The scale and impact of this scam have sent shockwaves through the crypto community, emphasizing the urgent need for heightened awareness and better cybersecurity practices.
Blockchain security experts are quick to point out that malware targeting regular users has existed for a long time. However, the infrastructure behind these attacks is rapidly evolving, becoming increasingly sophisticated.
As successful heists increase in frequency and scale, scammers often adapt their methods into a "scam-as-a-service" model. This means that creators of wallet-draining software, for example, can provide their tools to other phishing scammers, creating a complex web of cyber threats that are becoming harder to combat.
The problem isn't limited to this specific scam. Scam Sniffer also noted a surge in scammers impersonating others on X, shilling sham links and tokens.
Their monitoring system has detected an average of 300 such impersonators daily in December, compared to 160 in November. This increase underscores the growing threat and the urgent need for better user awareness and protective measures.
Meanwhile, cybersecurity firms like Cado Security Labs are reporting similar risks, with Web3 workers being targeted by fake meeting apps that inject malware and steal credentials. This shows that scammers aren't just focused on crypto wallets; they're also aiming to steal access to a wide range of online accounts and platforms.
Crypto mogul buys conceptual artwork of a banana duct-taped to a wall for $6.2M - then eats it in front of the press.