When it comes to cryptocurrency-related cyberattacks, bad actors appear to have reduced their use of traditional financial threats like desktop and mobile banking malware, shifting their focus to phishing.
Russian cybersecurity and antivirus provider Kaspersky has revealed that cryptocurrency phishing attacks will increase by 40% year-on-year in 2022. The company detected 5,040,520 cryptocurrency phishing attacks throughout the year, compared to 3,596,437 in 2021.
A typical phishing attack involves contacting investors through fake websites and communication channels that mimic official companies. Users are then prompted to share personal information, such as private keys, which ultimately provides attackers with unauthorized access to encrypted wallets and assets. Phishing attacks will continue to do so in 2023, although Kaspersky cannot predict whether this trend will increase in 2023. More recently, hardware cryptocurrency wallet provider Trezor issued a warning in March against a fake Trezor website that was trying to steal users' passwords by tricking investors into entering recovery phrases.
In a survey conducted by Kaspersky in 2022, one in seven respondents admitted to being influenced by cryptocurrency phishing. While phishing attacks mostly involve giveaway scams or fake wallet phishing pages, attackers are constantly refining their tactics.
According to Kaspersky, “cryptocurrency remains the symbol of getting rich quick with minimal effort,” which has attracted scammers to innovate their techniques and stories to lure unwary cryptocurrency investors. Arbitrum investors were recently exposed to phishing links via their official Discord server. A hacker reportedly breached the Discord account of one of Arbitrum's developers, which was then used to share fake announcements with phishing links.
