A new malicious campaign relying on email attacks has been discovered targeting the most popular forms of cryptocurrency storage: hot and cold wallets.
Discovered by cybersecurity experts at Kaspersky, the campaign delivered 85,000 scam emails during the spring of 2023 alone. The campaign peaked in March, with more than 34,000 intercepted malicious messages.
According to the firm, the surge in popularity of hot wallets, which have over 400 million users worldwide, is due to their easy accessibility.
“We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets,” commented Roman Dedenok, a security expert at Kaspersky.
These online storage services, including crypto exchanges and dedicated apps, have become prime targets for cyber-criminals due to their constant internet connectivity.
Phishing attacks on hot wallet users typically employ simple tactics, preying on non-technical individuals. Scammers impersonate well-known crypto exchanges through fraudulent emails, urging users to verify transactions or confirm the security of their wallets.
Read more on this kind of attack: Crypto-Exchange Used to Launder Ransomware Transactions Dismantled
In contrast, cold wallets are entirely offline storage systems, such as dedicated devices or private keys written on paper.
In their advisory published today, Kaspersky researchers said they also uncovered a targeted phishing campaign specifically designed to exploit cold wallet owners. It begins with an email impersonating the prominent cryptocurrency exchange Ripple, enticing recipients with the promise of participating in an XRP token giveaway.
Instead of directing victims to a phishing page, scammers create a deceptive blog post that mimics the design of the Ripple website. The blog allows users to enter the token giveaway by following a specified link.
Victims who follow the link are directed to a fake Ripple page with a domain name closely resembling the official Ripple domain, using a Punycode phishing attack. They are then prompted to connect their hardware wallets enabling scammers to access their accounts and initiate fraudulent transactions.
To ensure the safety of crypto assets, Kaspersky experts recommend purchasing hardware wallets only from official and trusted sources, inspecting new hardware wallets for signs of tampering, verifying the legitimacy and updating firmware, securely storing the seed phrase and using strong and unique passwords.