Cybercriminals are increasingly targeting cryptocurrencies

As cryptocurrencies and non-fungible tokens (NFTs) become more mainstream, cybercriminals are increasingly turning to them as a new method of financial mining, security experts have warned.

Researchers have observed numerous targets, demonstrated by cybercriminals with regard to digital tokens and finances, such as traditional scams that exploit corporate email compromise (BEC) to target individuals, as well as activity targeting financial organizations. (DeFi), which facilitates the storage of cryptocurrencies and transactions for possible tracking. on the activity.

Studies from Proofpoint showed that these two types of threats contributed to approx. $ 14 billion in cryptocurrency losses in 2021. In fact, the BEC tops the list of attack types that UAE CISOs face. expects to face in the coming months, with 35% of CISOs worried about potential BEC attacks.


Sherrod DeGrippo, vice president of research and threat detection at Proofpoint, explained that economically motivated attacks targeting cryptocurrencies have largely merged under pre-existing attack patterns seen in the phishing landscape before the outbreak of blockchain-based currency.

“Common techniques seen when targeting cryptocurrencies via email include the collection of credentials, the use of basic malware thieves targeting cryptocurrency credentials, and requesting the transfer of cryptocurrencies such as BEC,” revealed she. “These techniques are viable methods of capturing sensitive value that facilitate the transfer and consumption of cryptocurrency.”

There are several DeFi apps and platforms – such as cryptocurrency exchanges – that people can use to manage their cryptocurrency, she added. “These platforms often require usernames and passwords, which are potential targets for financially motivated threat actors.

Although public keys can be securely shared, researchers see actors requesting the transfer of cryptocurrency funds via BEC-style emails that include public keys controlled by threat actors and cryptocurrency addresses. These email campaigns rely on social engineering to ensure the transfer of funds from the targeted victims.

Users, she pointed out, should be aware of common social engineering and exploitation mechanisms used by threat actors aimed at stealing cryptocurrencies.

In 2022, Proofpoint observed regular attempts to compromise users’ cryptocurrency wallets using ID collection. This method often relies on providing a URL in a formatted email body or subject line that redirects to a landing page to collect credentials. In particular, these landing pages have begun to search for values ​​used for the transfer and conversion of cryptocurrencies.

Proofpoint researchers have also observed several examples of phishing threats that create and implement phishing sets to harvest both login credentials for cryptocurrency-related sites and credentials. or cryptocurrency wallet passwords. Phishing kits allow hackers to implement an effective phishing site, regardless of their skill level. These are pre-packaged file sets that contain all the code, graphics, and configuration files that need to be implemented to create a credentials registration web page.

DeGrippo explained that these are designed to be easy to implement and recyclable. They are usually sold as a zip file and are ready to unpack and implement without much “behind the scenes” technical knowledge or skills.

She added that 2022 also saw an increase in BEC specifically for cryptocurrencies. These requirements are mostly seen in the context of employee targeting, by using spoofing as deception and often exploiting advanced fee fraud, extortion, pay redirection or invoicing as themes. The initial BEC email often contains the secure values ​​for public consumption, including public keys and cryptocurrency addresses.

“By mimicking a device known by the user and entering a public key or address controlled by the actor, actors try to trick users into voluntarily transferring money from their account to it based on social engineering content. It’s like how actors use routing and bank account numbers in BEC phishing campaigns, ”said DeGrippo.

Copyright © 2022 Khaleej Times. All rights reserved. Provided by SyndiGate Media Inc. (

Leave a Comment