According to data provided to Cryptox by CipherTrace, roughly 85-90% of crypto owners fall prey to common crypto theft schemes, including phishing traps. How can the average crypto user identify and avoid these attacks to prevent the potential loss of funds?
Know the source
Phishing emails are sometimes successful in their attempts to trick users into downloading programs, clicking on something they shouldn’t, or just linking them to a page where they can enter personal information like their seed phrase.
In July, hardware wallet Ledger reported a data breach that affected the personal data of many of its users, some of whom continue to be the target of phishing attacks. A number of users have reportedly received convincing-looking emails asking them to download a new version of the Ledger software.
Users were able to identify the con by looking closely at the sender’s email address, ending in “legdersupport.io,” with the “G” and “D” letters switched. Emails arriving at unexpected times stating a user has already been the victim of a scam and requesting information — whether it’s over the phone, email, or through a link — should always be given extra scrutiny.
Authenticity of software updates
In September, an Electrum user reported the loss of nearly $15 million in Bitcoin (BTC) that appeared to be connected to a phishing scam which has been affecting users of the software wallet since 2018.
One of the first reported Electrum attacks — with nearly $1 million stolen — was the result of a user entering private data on a malicious website set up by a hacker. This scam involved a fake wallet update that downloaded malware onto the victims’ devices. When they accessed their wallet, the phony update transferred the entirety of their funds to an address controlled by the scammers.
Though the scam was relatively new two years ago, today a simple Google search or email to the software wallet company could confirm whether a hacker is targeting certain users.
Anti-phishing records often speak for themselves
Fake Google Chrome extensions have tricked many users into giving away the credentials needed to access their wallets. In March, a fraudulent Ledger Live scam extension got away with an estimated 1.4 million XRP — more than $800,000 with the token’s recent surge to $0.58.
However, legitimate companies have been working on ways to limit these attacks for users who rely on web browsers as part of managing their assets. In September, privacy-based browser Brave announced it would be adding anti-phishing solutions from cybersecurity firm PhishFort.
Sharing with the crypto community
Should any user successfully identify and thwart a phishing attack or be the unfortunate victim of one, one method of letting others avoid the same fate is to share their experience through Reddit, Twitter, a personal blog, or even an email to a crypto news publication.
Crypto users can sometimes find information on scammers’ tactics on websites for high-profile targets including Ledger and Trezor, but the pages are often buried deep within troubleshooting FAQ sections.
Spreading the word through social media — while not always reliable — has the potential to provide greater transparency and education in maximizing the security of everyone’s funds.