How crypto gets stolen

How crypto gets stolen


How crypto gets stolen

The simplest method of Crypto phishing is sending old-fashioned spam mailings. In this spam emails, cybercriminals imitate the providers of cryptocurrency-related services — Web wallets, exchanges, and so on. The messages are more detailed and sophisticated than the average phishing email such as they can include a security alert message saying that someone just tried to sign into your account from such and such address using such and such browser — all you have to do is click the link to check that everything’s fine.

This is one of the oldest phishing methods that cybercriminals obtain your email by either extracting it from a Slack channel or by obtaining crypto-related site databases. The first advice would be therefore to have a separate email address and password for non-essential services such as chat services, forums and news portals.

Once the victim clicks the links in fake email, he/she is directed to a fake version of the expected cryptocurrency site and demanded to submit their e-wallet credentials. Since, the most popular Bitcoin Web wallet sites look quite simple, yet recognizable, they help criminals to create real-like imitations.

Cyber criminal mostly cannot spoof the actual domain name of the service they’re using to phish with. Therefore always look at the sender email when receiving a suspicious email. Moreover, double-check the domain and its extension.

Bitcoin transactions are instant, and not reversible, makes the currency a prime target for malicious actors. Despite there have been many advancements in Bitcoin wallet security, they are not perfect, and many of the more secure features take time and effort to use properly.

Bitcoins can be hacked in a variety of ways. Since the basic motive is to seize e-wallet account, cybercriminals use many ways to get e-wallet credentials. 

5 Ways cybercriminals steal cryptocurrencies:

They use email to manipulate cryptocurrency users

As I displayed above, cyber criminal, obtain your email and send spear phishing attacks designed to manipulating you into entering your credentials to a fake cryptocurrency web page prepared by cyber criminal. 

They use Google Adwords Phishing 

A more recent method of phishing is done by abusing search engine ad networks such as Google Ads to display phishing sites and fool users into clicking the phishing site. For instance, a cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets. Cybercriminals purchased Google Adwords posing as online ads for the legitimate and popular Bitcoin wallet website.

When searching in google on crypto-related keywords such as “blockchain” or “bitcoin wallet,” the spoofed links would appear at the top of search results. When clicked, the link would redirect to a “lander” page and serve phishing content in the native language of the geographic region of the victim. Despite, it’s a very simple trick, it can be also incredibly effective, with researchers estimating that the gang has made approximately $50 million worth of Bitcoin in the past three years.

Chat phishing

More recent technique of crypto money phishing done platforms such as WhatsApp, Skype and Telegram, as well as SMS.

As displayed in the above image a phishing message with a seemingly legitimate URL ( which in fact refers to a phishing URL ( is send to the victim. Once user clicks on the link, he/she will be redirected to the fake page.

SMS Phishing (Smishing)

There can be also a spoofed SMS case that is sent to a personal phone number. Seemingly legitimate, the SMS is actually from a cybercriminal looking to steal cryptocurrencies.

If we look at the above image, it may look as if it’s a real message sent by Coinbase. The name of the sender is Coinbase, and you’re greeted with your real name. Who else aside from Coinbase would know your real name, number and the fact that you have a Coinbase account?

Social Media Phishing

An interesting crypto phishing scheme has been discovered recently that uses features of Facebook. Scammers find a cryptocurrency community and create a Facebook page with the same title and design as the community’s official page. They make the address of the fake page very similar to that of the real one.

Cybercriminals send phishing messages to members of the real community from the fake page. They target someone, they share the victim’s profile photo on their page and tag them there.

The most interesting bit is in the text of the message cybercriminals use to mark their prey. For example, as in the picture above, the message might say that the user is one of 100 lucky recipients of 20.72327239 (yes, the figure is that precise) cryptocurrency units for their loyalty to the platform, of course, there is a link for getting hold of the coins.

How to prevent crypto phishing

  • Do not click on the link before checking them very carefully. Instead of clicking the on links, type in the address on your browser.
  • Do not download the attachment in your inbox.
  • If you take an email from the service you use, do not reply till you have verified the sender is legitimate.
  • Do not use open Wi-Fi networks while using e-wallet or other important banking transactions.
  • Use an updated antivirus application to avoid all kind of malware.
  • Update your entire system and software.



Source list:

[1] Drozhzhin, A. (2018). Phishing for cryptocurrencies: How bitcoins are stolen.

[2] Medium. (2017). Crypto Phishing Explained — 4 Ways You Could Lose Your Cryptocurrencies to Phishing.

[3] Coinbrief. (2018). How Bitcoins Can Be Stolen: Botnets, Viruses, Phishing, and More.

[4] Cluley, G. (2018). How a Bitcoin phishing gang made $50 million with the help of Google AdWords.

Report Page