- Scammers are using fake Telegram verification bots to infiltrate crypto wallets
- The malicious actors are creating fake social media accounts impersonating popular figures like crypto influencers
- They use the accounts to redirect victims to fake Telegram channels
Scammers continue to invent new ways to pocket crypto funds illicitly and are now using fake Telegram verification bots to infiltrate crypto wallets. The malicious actors are first creating social media accounts impersonating popular figures and flaunting lucrative investment opportunities. They use the fake accounts to send people to Telegram where they’re required to complete identity verification using a compromised bot to gain access to the investment opportunity, something that many wouldn’t suspect of being a scamming attempt.
Verification Window Is Very Narrow
According to blockchain security firm Scam Sniffer, the malicious actors are asking those who visit Telegram to use a compromised verification bot that requires victims to complete the identity verification process within a very short time.
1/7 🚨 SECURITY ALERT: New sophisticated scam targeting crypto users through fake Telegram groups.
Attackers are impersonating multiple crypto influencers and using malicious bots for verification. Here’s how it works… 🧵 https://t.co/KaetjSHW1I pic.twitter.com/YwFM5RBl3V
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024
Instead of conducting the verification, the bot installs malware into a victim’s computer. The malicious program is set to compromise crypto wallets and steal private keys. Although Scam Sniffer said that the trick is easy and targets regular crypto users, it revealed that the software and infrastructure being used are “quite sophisticated.”
The blockchain security firm said that it’s the first time scammers are using this method to steal crypto. Scam Sniffer disclosed that malicious actors have stolen more than $3 million using this trick.
“Be Wary of Time-Pressured Verification”
Scam Sniffer has advised crypto users to avoid executing unknown commands, “verify official channels thoroughly, [and] be wary of time-pressured verification” to lower their chances of losing their funds to scammers.
6/7 🛡️ Protection tips:
• Never execute unknown commands ⚔️
• Verify official channels thoroughly ✅
• Be wary of time-pressured verification ⏰
• Use hardware wallets 💎
• Don’t run arbitrary code 🚫
• Avoid installing unknown software 🔒— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024
The new trick comes a few months after scammers turned to hacking the social media accounts of influential figures and directing their followers to wallet drainers.
With scammers combining social engineering with malware, more crypto users are likely to fall victim.
