While crypto scams and hacking schemes continue growing more sophisticated, industry newcomers are increasingly put at risk.
There is now a crypto stealer that can swiftly confiscate your crypto holdings within three clicks alone. Read below to learn about this efficient yet dangerous attack, and how best to avoid falling victim to it.
The Three Click-Confiscator
The scheme begins with a “hook” – an alluring message that plays to its victims’ sense of urgency.
Samczsun, the Head of Security at Paradigm, provided an example message from a similar attack that targeted him weeks ago:
“You are being sued. You can read a copy of the lawsuit here,” reads the message, providing a link. “You can also write a statement in response. Good evening John.”
As Sam explained, anyone who instinctively clicks the link is just “two clicks away from being pwned.”
“When placed under pressure, even trained security professionals might act instinctively instead of rationally,” he said.
The link provided doesn’t take the user to a web page, but immediately downloads a dropbox file archive instead. In this case, the file is was titled “statement of claim against cryptogeng.eth.zip.”
Anyone believing the claim could have legitimacy may find the name in the title intriguing. “Who is cryptogeng.eth?” you may ask. “Who owns this ENS name? What does it have to do with me?”
By clicking through, the victim is just one click away from compromising his crypto wallet.
The archive in Sam’s example included two files inside. One is titled “cryptogeng.eth.etherscan.com” and the other is titled “statement of claim against cryptogeng.eth.”
Each of these files may appear differently, depending on whether the user has enabled file extensions. Regardless, either file will result in the attacker gaining full access to one’s tokens.
Specifically, both files attempt to steal the user’s wallet data directly, as well as that stored in browser extensions. It even tries to steal one’s Discord session token – an encrypted version of your Discord username and password.
The latter is especially important for big names, who may run Discord servers with large influence. Hackers could abuse these servers to exploit and scam more users.
For example, OpenSea’s Discord has been compromised multiple times already to push NFT scams. Another set of hackers breached the Instagram account belonging to Bored Ape Yacht Club in April, securing $10 million in NFTs.
Just like that, a hacker can seize the funds stored in your crypto wallet – and indirectly scam many others!
How to Protect Yourself
To avoid falling prey to scams like this, remember the following:
- Check Phrasing: Scam messages often contain very clunky phrasing and poor grammar, that’s an immediate red flag. This is especially the case if the message came from an untrusted source.
- Stay Calm: Don’t go hastily following instructions that play to your sense of urgency. Take your time to assess the message when you receive it. If in a phone call, ask the suspicious caller to wait before you answer.
- Double Check Programs: Before clicking on a program, always double-check if it’s legitimate. The moment you run it, it will have full access to your computer. You must be able to trust it.
- Use Cold Storage: Such hacks only apply to hot wallets – wallets that store a user’s private keys on the computer or phone system. By using dedicated hardware wallets like Ledger or Trezor, hackers cannot steal one’s private keys so easily.