Cybercriminals are reducing their use of traditional banking malware and focusing on phishing for their cryptocurrency-related cyberattacks, according to Russian cybersecurity vendor Kaspersky. Kaspersky reported that cryptocurrency phishing attacks increased 40% year-on-year in 2022, with a total of 5,040,520 attacks detected, up from 3,596,437 in 2021. These attacks involve cybercriminals contacting investors through fake websites and communication channels that mimic official companies and asking them to share personal information, such as private keys, which gives them access to users’ wallets and assets.
Kaspersky noted that phishing attacks will maintain their momentum in 2023 and that attackers will continue to evolve their strategies. In a survey conducted by Kaspersky in 2022, one in seven respondents admitted to being affected by cryptocurrency phishing. While phishing attacks primarily consist of sweepstakes scams or fake wallet pages, attackers continue to innovate their techniques to lure unsuspecting cryptocurrency investors.
Recently, Arbitrum investors were exposed to a phishing link through its official Discord server. According to reports, a hacker accessed the Discord account of one of the project’s developers, which was then used to share a fake ad with a phishing link. Cointelegraph accessed the phishing link and discovered that it redirects users to a blank website with the text “Astaghfirullah,” which translates to “I seek forgiveness in God.” The term can also be used to express disbelief or disapproval, according to Wiktionary. Although Kaspersky could not predict whether the trend would increase in 2023, the company noted that cryptocurrencies remain a symbol of getting rich quick with minimal effort, which attracts fraudsters to innovate their techniques and stories to lure unsuspecting cryptocurrency investors.