Phishing Campaigns Use SVB Collapse to Harvest Crypto

Written by

Security researchers have uncovered several new phishing campaigns using the collapse of Silicon Valley Bank (SVB) as a lure to steal cryptocurrency.

Proofpoint said it spotted lures related to USD Coin (USDC), a digital stablecoin tied to the dollar, that was impacted by the SVB collapse.

“This campaign used messages that impersonated several cryptocurrency brands, which were sent via malicious SendGrid accounts and containing SendGrid URLs. The URLs redirected to several different domains that asked the victim to claim their crypto/redeem to USD,” it tweeted yesterday.

“Clicking the button would try to open a DeFi URL, so the victim would need to have a DeFi handler installed, such as MetaMask wallet. The victim would then be lured to install a smart contract that would transfer the contents of the victim’s wallet to the attacker.”

Read more on crypto phishing scams here: Major Phishing Campaign Targets Trezor Crypto Wallets.

P2P payments tech firm Circle, which was exposed by the failure of SVB, announced that USDC would remain redeemable at a 1:1 rate with the dollar, sparking additional phishing campaigns.

Researchers at Cyble said they spotted several phishing sites impersonating Circle promoting the 1:1 deal. Some request users scan a QR code to proceed, which results in their crypto wallet being compromised, the vendor claimed.

Cyble said it saw a similar tactic at work in a separate phishing campaign featuring sites impersonating SVB and promoting a bogus USDC reward program.

“A QR code will be displayed if a user clicks on the ‘Click here to claim’ button to receive the promised USDC on the phishing site,” said Cyble.

“The victim is instructed to scan this QR code using any cryptocurrency wallet, such as Trust, MetaMask or Exodus. However, scanning the code will result in the compromise of the user’s wallet account.”

What’s hot on Infosecurity Magazine?