Crypto Fraud: Phishing and Data Stealing Malware

In continuation of our section on types of crypto scams, we decided to tell you about probably the most popular solution from attackers - phishing and data-stealing malware.
In the world of cryptocurrencies, where security and anonymity are key, phishing and malware have become a common method of fraud.

These methods are used by criminals to steal personal data and access cryptocurrency wallets. Understanding how they work and being aware of security methods are important tools in the fight against cybercrime in the cryptocurrency space.
Phishing: What It Is and How It Works
Phishing is a cyberattack in which scammers use fake emails, websites, or social media posts to trick users into obtaining their sensitive data, such as logins, passwords, and wallet access keys.

An attacker can choose one of many options to provide you with a phishing link:
Sending an e-mail letter
Contextual advertising of a phishing resource
Indicating a phishing link during a conversation in the messenger
Placement of native advertising of a phishing resource in articles and reviews
Most often, users end up on sites masquerading as real services. If the deception is successful, the site prompts you to enter the login and password for the simulated service, the SEED phrase of the crypto wallet, or download a malicious file.

Phishing attacks pose a serious threat in the world of digital security, especially in the cryptocurrency space. The success of such an attack for an attacker means:
Access to accounts and services: Fraudsters get the opportunity to manage your online accounts.
SEED Phrase Hijacking: This gives attackers full access to your cryptocurrency wallets.
Infection of devices with clippers: These malware replace copied data, such as crypto wallet addresses.
Personal Data Collection: Used for further social engineering attacks.
Results of Successful Phishing
Access to accounts and services
When you receive authorization from the service, if possible, the attackers take all your funds. If this requires any additional confirmation from you for withdrawal (SMS, authorization code), a fraudster may contact you under the guise of a technical support employee of this service and ask you to provide a confirmation code from your e-mail or Authenticator.
Hijacking the SEED phrase
If attackers get your SEED phrase, they get full access to your funds. In some cases, they can steal funds immediately, in others, they can wait until the amount increases. There are situations when phishing operators do not check each SEED phrase they receive, but sell them in batches to other scammers.

If attackers get your SEED phrase, then nothing more is required from you. Funds can be stolen immediately or wait if there are too few of them there.
We at AML crypto specifically leaked the data of the new blockchain address to track the path of the funds. But the attackers expected more than 20 USDT from us. And only endurance allowed us to wait for the original moment.
Infection of devices with clippers
In a scenario where a phishing attack directs a user to a decoy site in order to convince them to download a file containing malware, the implementation complexity increases. This is explained by the need to bypass the user's antivirus programs and firewalls. Unfortunately, many users either do not use an antivirus at all, or set the firewall to the minimum level of protection, which plays into the hands of scammers. Adding to the risk is the habit of some users to download content from unreliable sources, such as torrents, which may contain hidden malware.

One particularly dangerous form of malware are so-called clippers. These programs work in an extremely clever way: when you copy a cryptocurrency address from the messenger to make a transaction, the clipper quietly replaces it with the scammer’s address in the clipboard. As a result, when you paste the address into the recipient field, you are unknowingly sending your funds not to the intended address, but straight to the scammer.
Collection of personal data
Another type of phishing is sites that collect your personal data. Then, using this information, scammers can try to gain your trust and convince you to take certain actions, such as confirming P2P transactions or withdrawing funds.
How to recognize and examples of phishing
How to Recognize Phishing
Fake Websites: Phishing website addresses may differ from the real ones by just a few characters. Always check URLs.
Unsolicited Requests: Be wary if you are asked to enter sensitive information, especially if you were not expecting such a request.
Double-check information about the official websites of services new to you.

Phishing email example
The attackers send a letter to the victim on behalf of the exchange. In this case, the attackers used complete spoofing of the sender. The goal is to convince the victim to confirm receipt of funds as part of a P2P transaction, before actually receiving the funds.

Example of a phishing site
Metamask is a non-custodial crypto wallet that allows you to receive, store and send cryptocurrency assets. Official site:
Along with the original solution, search results may also contain phishing resources. In some cases, attackers use contextual advertising to ensure that their phishing resource is located above the original solution.
The attackers quickly purchased domain metamask . ru, creating a website that exactly copied the design and text of the official MetaMask website. The only difference was the RU domain zone. This subtle difference has led to many users mistakenly using the fake site by entering their SEED phrases, thereby giving scammers access to their accounts.

Example of a phishing site
Original MyEtherWallet address
Phishing site MyEtherWallet
To hide their fraud and not arouse suspicion among users, after receiving the SEED phrase, the attackers implemented a redirection function to the official solution.

Example of an AppStore phishing application
SushiSwap is a popular decentralized exchange (DEX). Currently 12/26/2023 Sushi Swap does not have its own application in the AppStore.
A fraudulent application called “SushiSwap Finance”, developed by CD&W Trading Company Limited, was discovered in the AppStore. Despite the apparent reliability, due to a 4-star rating and a number of positive reviews, you should be extremely careful, since such reviews are often the result of manipulation and cheating. When using this application, users are asked to enter their SEED phrase, which leads to the inevitable loss of all funds stored in their crypto wallets.
Actions in case of fraud
If you are a victim of such fraud, it is important to:
Take screenshots of the phishing message/site and the original one. This will be required to explain the situation to law enforcement agencies.
Record the domain name, data from WhoIS services, DNS records
Take a screenshot of your browser history, where you can see the login dates on the fraudulent resource
If there are funds in your cryptocurrency wallet, immediately transfer the assets to another wallet.
Record all contacts if there was interaction with intruders
Contact law enforcement agencies.
If funds have been stolen, investigate the diversion of assets or seek professional help to block the stolen funds.
Precautionary measures
Change Passwords: At the slightest suspicion that your data has been compromised, immediately change all passwords.
Two-Factor Authentication: Be sure to use two-factor authentication to enhance the security of your accounts.
Ultimate Care: Check website domain names carefully, paying attention to every detail and symbol. If in doubt, check the creation date of the domain name using whois services. Original solutions last significantly longer than phishing solutions.
SEED Phrase Management: In the event of a possible leak of your SEED phrase, immediately transfer all funds to a new crypto wallet.
Keep Your Antivirus Software Up to Date: Install and update your antivirus software regularly, even if you use Apple devices. The widespread belief about their absolute safety is a myth. If you need to open a file received from the Internet, then do it in the sandbox, or at least check it through
To avoid such crypto fraud schemes, you should be extremely careful and cautious. Carefully study the sites you visit and the software you use.

Simple actions and a little bit of your time will save your money and nerves! What to do if you do become a victim of crypto fraud (hopefully not) read here.

We also remind you to check the risks associated with your counterparties in the blockchain. The question "how to check high risk in cryptocurrency" is answered by special aml services such as our Btrace. AML address verification in our solution will take only 3 seconds, but will save you from a lot of risks. And the first check is absolutely free.
Just Try Btrace
Check it out for free — we will give you a unique opportunity to look at cryptocurrency wallets through the eyes of an exchange compliance manager and see how our service works in practice.



We also recommend