‘Year of the Phish’? Socially-Engineered Attacks Populate Crypto in 2020

When it comes to cryptocurrency-related crime, every year seems to have its own particular ‘flavor’. 2018 was the year of massive exchange hacks (remember ?); 2019 was seasoned with an air of massive ponzi schemes (, ) with a few scandals thrown in the mix ( anyone?)
So far in 2020, however, the most memorable crypto-related criminal moments seem to be taking a new shape. As cryptocurrency exchanges have continued to beef up their security measures, and global regulators and law enforcement are learning how to curb crypto crime, criminals are increasingly attacking from a new angle: socially-engineered cyber attacks.

Of course, these kinds of manipulative tactics have been a part of the cryptosphere since its inception: even outside of the cryptosphere, cyberattacks that exploit human trust are as old as time (or at least as old as the internet). Phishing, stolen identity scams, and many other kinds of exploitative scams are, unfortunately, very popular.
So far this year,  socially-engineered attacks appear to be playing an outsized role in crypto’s scam landscape. Is 2020 crypto’s ‘Year of the Phish’?
2020’s most prominent crypto scam so far was a socially engineered attack on Twitter
After all, it certainly seems that the most memorable crypto-related cybercrime story of the year so far was based on multiple angles of trust exploitation.
On July 15th, the tweeted out messages saying that they would double the amount of Bitcoin that was sent to their wallet addresses and send it back. This is called a “Giveaway” scam.

Joe Biden’s Twitter account was one of many that were compromised in the July attack.
Dozens, or even hundreds, of unsuspecting users sent a total of more than $100,000 to the bitcoin addresses they believed to be associated with Barack Obama, Elon Musk, Joe Biden, and many others.
How did this happen?
Legend has it that a vampire can’t enter your house unless they are invited in–and, sure enough, when from the  Twitter accounts in questoin, it was because an unsuspecting Twitter employee accidentally handed him the keys to the kingdom.
Indeed, Clark’s attack was designed to manipulate and exploit human trust from beginning to end: he reportedly used phishing email tactics to convince a Twitter employee that he was a coworker in the company’s IT department. He then got the employee to provide their credentials, allowing him to access Twitter’s ‘God mode.’
”Giveaway” scams are not a new thing for the cryptocurrency space
However, Graham Ivan Clark’s attack on Twitter–while it may be the most famous crypto-related cyberattack this year–is only one of many socially-engineered cyberattacks in the crypto space.
In fact, just this week, attacks that closely resembled Clark’s attack on Twitter have rocked the world of Youtube.
Specifically, hackers appear to systematically be taking over prominent Youtube channels. They hackers then change the names of the channels, and then post videos urging viewers to send Bitcoin with the same promise that Clark offered victims on Twitter: that their coins would be doubled and sent back to them.
Business Insider that unlike the Twitter scams, the exploited Youtube accounts don’t appear to have been compromised through a widespread security breach of Youtube’s internal operations. Rather, hackers appear to have only gotten ahold of the credentials for the specific accounts they’re interested in hacking.
The hackers also appeared to take advantage of the SpaceX landing that occurred last week as a means of getting more clicks on their videos: the names of the compromised channels were changed to terms like “SpaceX” or “Elon Musk” to exploit the increased interest in SpaceX’s collaboration with NASA.
Esports commentator Rod Breslau also pointed out that some of the channels’ livestreamed Bitcoin scam videos may have used ‘viewbots’–bots that artificially inflate the number of views that a channel has–to heighten their visibility.

there are currently three YouTube live streams each with 50,000+ viewbot viewers from abandoned/bought Minecraft channels among others promoting a fake SpaceX website asking you to send them Bitcoin

— Rod Breslau (@Slasher)

Youtube appears to have an ongoing problem with crypto scam videos and accounts
Youtube’s crypto hack problem isn’t just limited to last week’s events.
In mid-July, Finance Magnates reported that to make the same kinds of fraudulent promises: “send us your crypto, and we’ll double it and send it back.”
On July 12th, Charles Hoskinson, the founder of the Cardano (ADA) cryptocurrency network, posted publicly on Twitter about the scams: “it has come to my attention that a scam has been floating around using my conference keynote to promote a giveaway…this is a scam. Please report it to YouTube. We will take legal action if we can against those responsible.”
Around the same time, however, CoinDesk reported that a number of other fake videos and accounts had sprung up under the identities of Ethereum founder Vitalik Buterin, Gemini founders Tyler and Cameron Winklevoss, and others.
Other than removing reported videos, it’s still unclear what Youtube is doing to try and curb these scams. A Twitter user alleged that the fraudsters behind the fake Youtube videos “are also putting [their videos] in youtube ads which is insane,” he asked. “Is youtube ignoring this for revenue? How are they not vetting the ads?”

The fraudsters are also putting them in youtube ads which is insane. Is youtube ignoring this for revenue? How are they not vetting the ads?

— Darko Gospavic (@darko08)

Finance Magnates reached out to Youtube, but didn’t immediately receive a response. Comments will be added as they are received.
Scammers are becoming “more professional and dangerous”
In addition to co-opting the identities of individuals within the cryptocurrency sphere, however, hackers also seem to be increasingly taking on the identities of platforms.
Specifically, blockchain trading and analytics firm Whale Alert published a study in July with findings that crypto scammers are increasingly building fake cryptocurrency exchanges.
Some of these fake exchanges may take on the appearance of existing, legitimate crypto exchanges, while others may set up shop on their own before disappearing with users’ funds. The fake exchanges are also a “convenient” way for hackers to rack up large amounts of users’ personal data: identity records, credit card numbers, bank account information, and more.
In its report, Whale Alert that “the change in method and the increase in quality and scale suggests that entire professional teams are now behind some of the most successful” of these fake exchanges, and that “it is just a matter of time before they start using deepfakes, a technique that will surely revolutionize the scam market.”
And indeed, on the whole, Whale Alert noted a trend in cryptocurrency fraud after the mid-July Twitter attack: “the scale and the boldness of the attack confirm our fears that the scammers are becoming more professional and dangerous.”
Specifically, “what started with mostly bulk sent sextortion emails and malware has now evolved into fake enterprises offering round-the-clock ‘customer support’ with dozens of websites and thousands of fake social media accounts used for promotion.”
The crypto scam industry may soon be worth $50 million per year
This apparent increase in professionally built, socially-engineered cyberattacks appears to also have dramatically increased the amount of money that hackers have managed to abscond with.
Indeed, Whale Alert’s report found that scammers’ BTC income appears to have surged throughout the first six months of this year.

Source: Whale Alert
“So far we have been able to confirm 38 million US dollar in bitcoin alone stolen by scammers over the past 4 years (excluding Ponzi schemes, which are a billion-dollar industry on their own),” the report said, “$24 million of which [were stolen] during the first 6 months of 2020.”
At the moment, Whale Alert seems to believe that this will only get worse: “by the end of 2020, we predict [the crypto scam market] will have grown over twenty-fold since 2017 to an annual revenue of at least 50 million US dollars.”
Quashing the growth of the crypto scam industry
Can anything be done to stop the growth of the cryptocurrency scam market?
It seems that yes, falling victim to these kinds of scams is certainly preventable: the social media platforms that are being used to spread these scams are certainly taking action.
Twitter, for example, told users that “we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.

— Twitter Support (@TwitterSupport)

Other platforms–including Youtube–appear to have taken an approach to quick response and removal of fraudulent cryptocurrency-related accounts and videos.
Additionally, regulators and law enforcement agencies around the world seem to be continuously learning and developing strategies for dealing with crypto-related fraud.
The ultimate responsibility for cryptocurrency safety may lie with the crypto community as a whole
However, Whale Alert alleges that the primary responsibility of fraud prevention at the moment lies on the cryptocurrency community.
For example, while crypto giveaway scams may seem like they may only affect the most gullible among us, legitimate blockchain and cryptocurrency platforms often hold legitimate crypto giveaways.
Therefore, “established blockchain companies play a big role in normalizing the idea of free money through giveaways and should be more thoughtful about what message they carry outwards and stop with these kinds of promotions altogether,” Whale Alert argues.
Additionally, crypto companies should use their power and presence to effectively communicate the risks of the fraudulent crypto world to their users: “as the gateway between fiat and cryptocurrencies, exchanges especially should be actively educating newcomers on the dangers in blockchain and prevent them from sending anything to known or suspected scam addresses.”

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *