The new rising threat: Crypto scams using social engineering
The popularity of cryptocurrencies has rendered them a target for hackers. Now, crypto owners need to be more vigilant than ever as hackers are always trying to get ahead to trick their targets.
Researchers have observed several modus operandi used by hackers to steal crypto tokens, one of which is through social engineering. In many cases of crypto fraud, social engineering is a method used by perpetrators to obtain wallet code access information.
One fundamental of social engineering is exploiting the weakest point in a security system: humans. The existence of social media increases a hacker’s efforts and opportunities to target victims. This method was recently used in a hacking case involving a gaming company.
Social engineering in crypto fraud
A group of hackers managed to steal Ethereum and USDC tokens worth 625 million dollars after hacking a crypto wallet belonging to a game developer, Sky Mavis. The tokens taken were the property of game users.
According to the media, the theft occurred not because of a technical error, but because it was carried out using social engineering. This was discovered after an investigation revealed that hackers entered the network using a private ‘key’.
How the perpetrator successfully stole the key is a lesson that the victim’s company learned the hard way. The perpetrator contacted one of Sky Mavis’ employees via LinkedIn, pretending to be a company that wanted to recruit him and offered irresistible benefits.
The employee was enticed by the salary offered to him. He also answered all the questions prepared by the perpetrators. Furthermore, the recruitment process and interviews seemed to be running smoothly and appropriately, so the employee had no reason to raise suspicion.
At one point during the recruitment process, he received a pdf file containing details of the job description. Unfortunately, the file was actually malware used by the perpetrator to infect the employee’s device. The employee opened the file and the malware began infecting the device, until the perpetrator was able to obtain the ‘key’ to the company’s crypto wallet.
This socially engineered crypto scam is not the first of its kind. In 2020, the twitter accounts of several prominent figures were hacked to post the same tweet asking their followers to send bitcoin. In 2021, perpetrators managed to get investors’ money through the crypto token ‘Squid Coin‘.
Preventing crypto fraud
Of the many fraud cases, what victims have in common is that they do not conduct enough due diligence on foreign persons or entities. A founder of a DAO (decentralized autonomous organization) once explained how healthy amounts of skepticism saved him from crypto fraud.
First, he conducted due diligence on individuals and entities with which his company cooperated. Aside from that, he always made sure to thoroughly read all agreements. That’s when he discovered that there was something wrong with a cooperation agreement that supported the perpetrator to transfer all tokens to his wallet.
Learning from the case, companies need to ensure the objective that due diligence should be the cornerstone of their business plans, regardless of whether they are new to cryptocurrencies, a CEO, or an ICO.