Researchers at Proofpoint this week said they’ve observed a sharp rise in these scams, which target users of Ethereum and Bitcoin and typically request that victims send a small amount of the currency in exchange for a much larger payout in the same cryptocurrency.
The scams, which peaked in April, are an easy way for attackers to prey on the hype around cryptocurrency – with one observed scammer making away with more than $21,000, said Proofpoint.
“The success of this scam shows that threat actors continue to look for new ways to exploit the human factor – and people are inclined to fall for scams that can net them hot commodities like cryptocurrencies,” wrote Proofpoint in a post about the scam on Wednesday.
These scams typically start with a tweet or an email, which entice potential victims to send cryptocurrency to a wallet with the promise that more will be sent back. These tweets may say things like “There’s an ongoing promotion by Ethereum that just started! I also wanted to share this awesome news! I’ve personally received 92 ETH after just sending 9.2 ETH!”
As scammers lay the social engineering groundwork, they will also develop fake Twitter accounts impersonating exchanges, developers, and celebrities to try to further prompt users to click.
When a user clicks the link or enters the URL from the image, they are generally taken to a landing page prompting them to send a certain amount of cryptocurrency to a payment address.
The template attempts to establish legitimacy by showing a number of fake transactions, falsely suggesting that large amounts of coins are being sent back to those who send small amounts of coins to the scammer’s wallet, researchers said.
Interestingly, “In other cases, scammers do not promise rewards but instead emulate crowdfunding models, as in … a page promising to help free Julian Assange,” according to Proofpoint.
The scam is reportedly working. When researchers investigated some of the wallet addresses associated with the scam, they found that “some of them are growing and do not reflect the ‘giveaway’ nature of the intended interaction.” Typically, a scammer will also use a new wallet for each scam – but researchers said they also observed some reuse.
In one case, researchers followed an Ethereum wallet that appeared 10 times in their data. The scammer dumped the wallet on May 5, collecting a fairly hefty amount of $21,700 in earnings.
“Searching through the wallet transactions, it appears that the actors may have better luck phishing with Ethereum as opposed to Bitcoin,” said researchers.
Proofpoint said they would continue to monitor these scams given the rebounding cryptocurrency values. Meanwhile, users should keep a keen eye out for these types of scams.
“As with most of these scams, if it seems to good to be true, it probably is, but the appeal of nearly-free cryptocurrency and new approaches to social engineering, primarily via hijacked conversations on social media platforms, are proving too tempting for many users,” they said.