- Scammer steals $15M in crypto through HitBTC website clone.
- Rise in phishing attacks and impersonation tactics see investors losing alot of funds around the world.
- Users are urged to prioritize security measures and remain vigilant
In a sophisticated cybercrime operation, a scammer has stolen approximately $15 million worth of cryptocurrencies by cloning the user interface of HitBTC, a well-known crypto exchange based in Hong Kong. The scam, which has been active for nearly a year, successfully deceived users into activating a phishing contract, according to SlowMist, a crypto compliance expert.
The intricate scheme involved a smart contract that prompted users to connect their wallets. Unsuspecting victims carried out deposit transactions just as they would on any fair exchange. However, unknown to them, the malicious smart contract tracked their transactions. Once the transaction was signed and confirmed, the scammer gained access to the user’s wallet and swiftly emptied it, draining the remaining assets. The scam primarily targeted the Bitcoin, Tron, and Ethereum networks.
Further investigations by SlowMist revealed that the perpetrator behind this scam was not limited to targeting HitBTC alone. The scammer had also been impersonating other prominent platforms, including Coinone from South Korea and LedgerX, a former subsidiary of FTX. By mimicking reputable web3 tools, decentralized applications (dApps), and exchanges, the fraudster managed to confuse victims and extend the reach of the scam.
Rise in phishing attacks targeting cryptocurrency users
This incident is part of a more significant trend of phishing attacks targeting cryptocurrency users. According to cybersecurity firm Kaspersky, there has been a staggering 40% increase in phishing attacks between 2021 and 2022. This alarming rise indicates that scammers continue to exploit the allure of cryptocurrencies, which are often seen as a quick path to financial success with minimal effort.
A crypto phishing scam operates by deceptively obtaining sensitive information, such as a user’s private key to their wallet. Phishing scams employ tactics to lure their targets, such as promising free cryptocurrency. Fake crypto websites serve as phishing pages, capturing all the details users enter, including passwords and recovery phrases, and delivering them to scammers.
Impersonating notable projects and personalities is a common technique bad actors employ. They create scam Twitter handles that resemble genuine projects to deceive users, using bots for mass tagging campaigns to draw attention to their phishing accounts. Additionally, scammers entice victims with airdrops and giveaways, redirecting them to phishing websites.
One in Three Americans Falls Victim
A survey conducted by cybersecurity firm Kaspersky reported that one in three Americans had fallen victim to crypto theft. The survey, conducted in October 2022 and involving 2,000 American adults, revealed that 47% of respondents aged 18-24 were lured by crypto scammers, despite the belief that Generation Z is tech-savvy. In contrast, only 8% of respondents over 55 fell victim to crypto thefts. The average value of the theft was $97,583, with 15% of respondents losing crypto ranging from $100,001 to $1 million.
In response to such criminal activities, the National Cryptocurrency Enforcement Team (NCET), a division of the United States Department of Justice (DoJ), announced on May 15 that it would pursue exchanges that, despite complying with regulations, enable criminals to launder funds.
The incident involving the cloning of the HitBTC website serves as a stark reminder of the risks associated with the crypto industry. Users must exercise caution and remain vigilant to protect their assets. Always verify the authenticity of websites, double-check URLs, and never share sensitive information or private keys.
As the crypto industry grows, users must prioritize security measures, such as enabling two-factor authentication, using hardware wallets, and staying informed about the latest phishing techniques.