A new malicious campaign that relies on email attacks has been discovered targeting hot and cold wallets, the most common forms of cryptocurrency storage.
Spotted by Kaspersky cybersecurity experts, the campaign delivered 85,000 fraudulent emails in the spring of 2023 alone. The attack peaked in his March, with over 34,000 malicious messages intercepted.
With more than 400 million users worldwide, hot wallets are soaring in popularity due to their ease of access, according to the company.
Kaspersky security expert Roman Dedenoch said: “We are witnessing the continued rise in popularity of cryptocurrencies. With this, users are always vigilant and take strong security measures to protect their digital assets. I have to,” he commented.
These online storage services, including cryptocurrency exchanges and dedicated apps, are prime targets for cybercriminals due to their constant internet connection.
Phishing attacks against hot wallet users typically employ simple tactics that prey on non-technical individuals. Scammers impersonate well-known cryptocurrency exchanges through fraudulent emails, urging users to verify transactions and secure wallets.
For more information on this type of attack, see Crypto exchanges used to clean ransomware transactions dismantled.
Cold wallets, by contrast, are completely offline storage systems, such as dedicated devices or private keys on paper.
In an advisory published today, Kaspersky researchers said they also found a targeted phishing campaign specifically aimed at exploiting cold wallet holders. It begins with an email impersonating the popular cryptocurrency exchange Ripple, luring the recipient with a promise to participate in an XRP token giveaway.
Instead of directing victims to a phishing page, scammers create deceptive blog posts that mimic the design of the Ripple website. The blog will allow users to participate in the token giveaway by following the given link.
Victims following the link are directed to a fake Ripple page with a domain name that closely resembles Ripple’s official domain using the Punycode phishing attack. You will then be asked to connect your hardware to her wallet, allowing the crooks to access your account and initiate fraudulent transactions.
To ensure the safety of cryptocurrencies, Kaspersky experts recommend that hardware wallets be purchased only from official and trusted sources, that new hardware wallets are inspected for signs of tampering, that their legitimacy is and update firmware, store seed phrases securely, and use strong and unique passwords.
