Live Markets, Charts & Financial News

Approval phishing scams ‘a much bigger problem’ than first thought

4

Since May 2021, a staggering $2.7 billion has been lost to consent phishing attacks — and a multinational operation has led to the identification of one victim in the middle of a scam.

A large-scale operation has been launched to thwart cybercriminals involved in “consent phishing.”

According to Chainalysis, such attacks involve tricking an unsuspecting victim into signing a malicious blockchain transaction — often through a fake cryptographic application.

Once this is complete, this means that scammers can spend some of the tokens inside their wallet at will – potentially draining someone’s life savings in certain circumstances.

Source: Chainalysis

A particularly infamous incident in September 2023 resulted in one person losing $24.23 million worth of ETH deposited in his wallet.

Since May 2021, a staggering $2.7 billion has been lost to consent phishing attacks, with a blockchain analytics firm warning that it is “a much bigger problem than previously known.”

As a result, Chainalysis says it has now launched “Operation Spincaster,” which aims to identify compromised wallets before any lasting damage occurs.

Rapid searches in six countries identified more than 7,000 potential cases — with losses between those cases totaling nearly $162 million.

In a particularly startling development, one victim was contacted and notified that she was in the midst of an ongoing scam, meaning that the consent given to her attacker could be revoked before hundreds of thousands of dollars worth of cryptocurrency was stolen.

Operation Spincaster shows how law enforcement agencies are increasingly leveraging the intelligence provided by blockchain analytics, which leverages the transparency of the technology to monitor how illicit funds flow through the ecosystem.

The National Crime Agency says 230 British victims have been identified as a result, and has vowed to bring the perpetrators to justice wherever they may be. Celestino Calabrese, acting head of the agency’s illicit finance division, said:

This work has helped protect victims here in the UK and provided us with the opportunity to go after organised crime groups that cause serious harm. Many of these groups are based overseas and use sophisticated methods to gain the confidence of uninformed investors.

While some police forces have begun hiring cryptocurrency investigators, such departments are often experimental and sometimes understaffed. Such operations — when combined with cooperation from cryptocurrency exchanges used to move stolen funds — help give law enforcement agencies the extra manpower they need to get results. As Robin van Wiel of the Dutch National Police said:

By the end of the sprint, we were able to set up detection methods and freeze several wallets to prevent further loss of funds to victims. The relationships and collaborative efforts built through Operation Spincaster are a pivotal step in our efforts to disrupt and prevent fraud within the ecosystem.

Binance participated in Operation Spincaster, and says the initiative will now expand to more countries. In addition to tracking the flow of funds, exchange employees are also tasked with identifying victims, informing them of the scam, and providing education to help them stay safe in the future.

According to Chainalysis, educating crypto users is a crucial first step in reducing fraud — and unfortunately, even experienced investors can become vulnerable to phishing attacks. The company added:

Cryptocurrency exchanges have significant leverage in detecting and preventing consent phishing scams. Proactively implementing transaction monitoring capabilities—rather than reacting—and a robust risk management strategy are essential to effectively combat and prevent such threats.

In terms of top advice for the public as consent phishing continues to be an ongoing threat, the company says cryptocurrency owners should be extremely cautious if they are urgently asked to send money or provide personal information – even if the source of the request appears to be official.

Often, doing some independent research via search engines and social media can help verify the validity of such a request. It’s also about trusting your instincts – as the old saying goes, if it sounds too good to be true, it probably is.

Phishing for consent is the latest sign that cybercriminals are constantly changing their tactics as awareness of their methods grows — and becoming more aggressive during a bull market. With hacks occurring with alarming frequency, investing in cryptocurrencies is fraught with risk… and that could be a major stumbling block in the quest for wider global adoption.

Comments are closed, but trackbacks and pingbacks are open.