Cybercriminals have now found a new way to steal passcode of your cryptocurrency wallets. Scammers are now monitoring tweets containing specific ‘crypto’ keywords and responding to them with malicious links.
In just few seconds, these scamming bots will respond to tweets with specific crypto wallet keywords such as ‘MetaMask’, ‘TrustWallet’. Once such phrases are included in a tweet, Twitter bots will automatically reply posing as ‘fake support agents’— with malicious links designed to steal your cryptocurrency wallet and all your crypto coins.
It should be noted that targeting specific keywords is possible through Twitter APIs, a feature from Twitter which enables to monitor every public tweet.
Digital currencies such as Bitcoin, Ethereum or Dogecoin, are stored in something called a ‘wallet’, which can be accessed by using your ‘private key’—the crypto equivalent of a super-secure password— without which the crypto owner cannot access the currency. All your coins are stored on the blockchain, and the private key is required to authorise transfers of those coins to another person’s wallet.
Unfolding the scam
Bleeping Computer conducted a test, to see how cryptocurrency scam works. The first test was to pack a tweet with numerous keywords and see what would happen.
Within seconds of posting, the company reported that it received several replies from scam accounts pretending to be MetaMask and TrustWallet support accounts. “Tweets containing the words ‘support,’ ‘help,’ or ‘assistance’ along with the keywords like ‘MetaMask,’ ‘Phantom,’ ‘Yoroi,’ and ‘Trust Wallet’ will result in almost instantaneous replies from Twitter bots with fake support forms or accounts,” the company said.
Now, to steal the passcode, the threat actors have set up support forms on Google Docs and other cloud platforms, asking the user for their email address, the problem they are having, and their wallet’s recovery phrase.
A recovery phrase, also known as seed phrase, is a list of 12 to 24 words generated by your crypto wallet. You use this phrase to recover your wallet in the event that you misplace it, damage it, it gets stolen or becomes otherwise inaccessible.
To further convince you to put your sensitive information, scammers will mention their ‘encrypted cloud bot’ that will allegedly help secure the details you’ve been submitting in the form.
However, the scammers share a common purpose— to steal the recovery phrases for a victim’s wallet, and once they get a hold of it, they will gain access to your crypto wallet, and will be able to transfer any crypto assets you own to their own wallets.
Twitter told BleepingComputer that using Twitter APIs to spam is against the rules and that they are actively working on new methods to prevent these attacks.
You should never share your wallet’s recovery phrase with anyone. The recovery phrase is only for you, and no legitimate support person from ‘MetaMask’, ‘TrustWallet’, or elsewhere will ever ask for it.
The safety of wallets depends on how the user manages them. The biggest danger in cryptocurrency security is the individual user perhaps losing or giving out the private key. Online wallets are the easiest wallet to set up and use but are also the most susceptible to cyber-attacks. One way to secure your cryptocurrency is to use an offline wallet instead of the online one.