It is widely known that Bitcoin has enjoyed immense popularity with underground crime markets because of the anonymity associated with financial transactions. Despite becoming mainstream for traditional businesses and everyday consumer commerce, crypto’s nefarious use remains strong, with ransomware and other criminal actors brazenly seeking to extort payment in Bitcoin and underground markets now utilizing a variety of cryptocurrencies.
The mainstreaming of Bitcoin in particular, along with built-in mechanisms for ensuring a reasonable degree of scarcity, has dramatically driven up the value of the currency. Not surprisingly, threat actors are now looking at new ways of stealing bitcoins, including through sophisticated phishing schemes.
Recent insights from the cryptocurrency risk mitigation firm Proofpoint has revealed a major uptick in phishing schemes now targeting online wallets and exchanges for cryptocurrency like Bitcoin. These attacks are extremely sophisticated and often mimic similar attacks seen for a range of services like online banking, Dropbox, Google, etc. However, this targeting of Bitcoin wallets offers new opportunities for cyber criminals given that these forms of transactions are even harder to detect
Here are a few additional insights:
- Targets: Proofpoint observed a number of phishing templates and email lures that mimic online wallets like Blockchain.com and cryptocurrency exchanges like Poloniex.
- Method: These templates attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly.
- Scope: With the rapid rise of Bitcoin, this trend indicates just how much of a large cybercriminal opportunity there is. In fact, Square released a report which found almost half of millennials have a digital wallet
Here at BTCManager we turned to Patrick Wheeler, Director of Threat Intelligence at Proofpoint for some additional insights on what’s currently taking place in this space:
How significant of an issue is the emergence of these phishing schemes targeting bitcoin wallets?
“The emergence of these phishing schemes targeting bitcoin wallets follows an overarching cybercrime trend: follow the money. The very features of Bitcoin that make it so popular, namely, that it’s largely anonymous, difficult to trace and not controlled by any government or financial institution make it equally appealing to thieves. Bitcoins are like cash in a wallet. Much easier to steal if you have access to the wallet, impossible to recover, and much less likely to be detected.”
What sort of trends have you been seeing in terms of the prevalence of these issues over the past 12-18 months?
“Last year was a record year for phishing in general and these cybercriminals are preying on the human factor with the hope that recipients won’t take the time to ensure an email message’s authenticity and instead will just click. They have established phishing templates and email lures that mimic online wallets like Blockchain.com and cryptocurrency exchanges like Poloniex. Bitcoin has been a very tempting target for theft because most underground services are paid using bitcoins and other altcoins, which means the threat actors are both savvy with cryptocurrencies and have more spending options.”
What is the attack vector? In other words, who and what are being targeted (users, exchanges, etc.)?
“Anyone with a digital wallet or account on cryptocurrency exchange could become a victim of these types of attacks. These attacks attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly. Unfortunately, the anonymous nature of cryptocurrency transactions makes fraud even harder to detect.”
Predictions on what we might see as these attacks continue to progress?
“I predict we will continue to see phishing attacks targeting cryptocurrency wallets and services as overall adoption continues to increase and as long as cybercriminals continue to use them as the currency of choice.”
Can you offer a couple of case examples of recent vulnerabilities and intrusions?
“Sure. Blockchain.com is the largest provider of Bitcoin wallets in the world and its popularity has made the company a frequent target for cryptocurrency phishing. Recently, we observed a phishing scam that regularly updated its email templates to ensure the fraudulent email matched the design changes to the legitimate Blockchain.com website. In fact, the fraudulent landing page had also been upgraded and was extremely difficult to distinguish from the legitimate site. The criminals even went as far as to add app store icons that linked to the real Blockchain application.”
What are 2-3 key things that users need to know in order to better protect themselves from these crypto intrusions?
“Consumers should guard their credentials carefully and be vigilant for typo-squatted domains and unexpected notifications from wallet and exchange services. When in doubt, always contact the service through their established email address. More importantly, online wallets and exchanges should never be considered trusted storage for cryptocurrencies.”