Scammers are coming up with clever tricks to steal crypto. One new scheme involves posing as inexperienced users who share the seed phrase to a funded wallet online, luring others into a trap. According to Mikhail Sytnik, an analyst at cybersecurity firm Kaspersky, these scammers often leave comments under finance-related YouTube videos using fake accounts.
In a blog post on Dec. 23, Sytnik explained how these comments usually ask for help transferring Tether between wallets and then include a seed phrase.
The goal is simple: bait people into accessing the wallet, only to have their own crypto stolen when they try to move funds. It’s a sneaky tactic that preys on both curiosity and greed.
Kaspersky Drops More Details on the Fake Crypto Wallet Keys
A wallet discovered by Sytnik held around $8,000 in USDT on the Tron network, set up as bait for thieves. To move the USDT, a thief would need to send a small amount of TRX, Tron’s native token, to cover network fees.
Here’s where the trap comes in: as soon as TRX is sent to the bait wallet, it’s automatically transferred to another wallet controlled by scammers. The bait wallet is a multi-signature setup, requiring multiple approvals for any outgoing transactions.
“This means sending USDT to a personal wallet isn’t possible, even after covering the fees,” Sytnik explained. “It’s a clever setup designed to frustrate would-be thieves.”
He also pointed out that this scam targets other scammers, likening it to a digital version of Robin Hood tactics. Sytnik warned against trying to access wallets, even if someone provided the seed phrase. He also urged caution when dealing with strangers online who make claims about crypto opportunities.
This isn’t the first time scammers have targeted their own kind. In July, Kaspersky uncovered a more elaborate scheme. Scammers on Telegram lured victims with links to legitimate crypto exchanges, hiding malware in files disguised as exploitable data. This method aimed to steal not just crypto but sensitive data and assets from victims’ devices.
Kaspersky Reveals 135% Spike in Interest for Crypto-Stealing
Discussions about crypto-drainers—malware that quickly empties cryptocurrency wallets—have skyrocketed on the dark web in 2024, according to Kaspersky’s latest Security Bulletin. The report also highlights a 40% jump in ads for corporate databases on a major dark web forum, pointing to a growing focus on data breaches among cyber criminals.
Other trends include a shift from Telegram back to forums, the rise of Malware-as-a-Service for distributing stealers and drainers, and an increase in cyber threats targeting the Middle East.
Interest in crypto-drainers has grown significantly. Kaspersky experts noted a 135% rise in dark web threads discussing drainers, from 55 in 2022 to 129 in 2024. These malware tools, which first appeared three years ago, are designed to trick users into approving fraudulent transactions, allowing attackers to steal funds. Common tactics include fake airdrops, phishing websites, malicious browser extensions, deceptive ads, harmful smart contracts, and counterfeit NFT marketplaces.
Dark web forums are buzzing with posts about drainers, ranging from buying and selling the malware to recruiting teams for distribution. This surge reflects a troubling trend in the growing sophistication of crypto-related threats.
Stay connected with TurkishNY Radio by following us on Twitter and LinkedIn, and join our Telegram channel for more news.
FAQs
Is it safe to use Kaspersky anymore?
Yes, it’s safe to use. Many experts believe the ban on Kaspersky has more to do with politics than actual security risks.
Is Kaspersky blocked in the US?
The US government has banned the sale of Kaspersky security software, including updates for existing installations. This decision has effectively forced the company to leave the US market.
Why is Kaspersky blocking every website?
If a Kaspersky program blocks your website, it could mean the site has been hacked or contains harmful code, like phishing links. If an application you use is blocked, it might be due to a false detection by Kaspersky.