Kaspersky: Crypto Phishing Attacks Rise by 40% in 12 Months
The landscape of cryptocurrency-related cyberattacks has shifted, with bad actors moving away from traditional financial threats such as desktop and mobile banking malware and instead focusing on phishing scams. Kaspersky, a Russian cybersecurity and anti-virus provider, reported a 40% year-on-year increase in cryptocurrency phishing attacks in 2022, with 5,040,520 attacks detected compared to 3,596,437 the previous year.
Phishing attacks involve fraudulent communication channels and websites that resemble official companies, with users asked to provide personal information such as private keys, which can then give attackers access to cryptocurrency wallets and assets. While Kaspersky could not predict if this trend will continue in 2023, phishing attacks remain a serious threat.
Trezor, a hardware cryptocurrency wallet provider, issued a warning in March against attempts to steal users’ cryptocurrency by tricking them into entering their recovery phrase on a fake Trezor site. In a 2022 survey conducted by Kaspersky, one in seven respondents admitted to being affected by cryptocurrency phishing.
We are seeing reports that a phishing link has been posted in the @arbitrum Discord Server.
Do not click on any links until the team has confirmed they’ve regained control of the server.#Phishing #Discord
Stay vigilant! pic.twitter.com/XoqHmOXGeV
— CertiK Alert (@CertiKAlert) March 25, 2023
Phishing attacks often involve giveaway scams or fake wallet phishing pages, but attackers are continually evolving their techniques to lure unsuspecting crypto investors. Kaspersky noted that “crypto still remains a symbol of getting rich quick with minimal effort,” which makes it an attractive target for scammers.
In a recent incident, investors in Arbitrum were exposed to a phishing link via the platform’s official Discord server. A hacker reportedly gained access to the Discord account of one of Arbitrum’s developers, using it to share a fake announcement with a phishing link. The link redirected users to a blank website with the text “Astaghfirullah,” which can mean “I seek forgiveness in God” or express disbelief or disapproval, according to Wiktionary.