Attackers seeking cryptocurrency gains have pivoted from targeting platforms to hitting users, often via social media.

According to new research from Cyjax, threat actors have also begun to use X (formerly Twitter) with a mixture of fake impersonator accounts to promote cryptocurrency scams and malware.

Fake Accounts

In Q1 2024, 1,517 fake accounts promoting cryptocurrency scams were detected with companies including zkSync, Inscribe, and Optimism being impersonated.

Takeovers of major social accounts for the Securities & Exchange Commission and Mandiant were also taken over to promote bogus cryptocurrency offers.

In mid-March, Cryptocurrency researcher “ZachXBT” discovered an account impersonating and typosquatting the well-known cryptocurrency trader “Ansem” replying to tweets from the legitimate Ansem account who had posted about a presale of a token called $BULL. The link redirected to a wallet drainer which would steal users’ funds, leading to over $2.6 million being stolen, with one user losing $1.2 million alone.

Joe Wrieden, intelligence analyst at CYJAX, said: “As X begins to clamp down further on malicious attacks, threat actors may start to abuse other platforms such as TikTok and Instagram through short-form content. Crypto is continuing to rise and the opportunities seem endless but investors should be careful of who they can trust because they’re not the only ones that see profits.”

Enhanced Romance Scams

Also, pig butchering scams have cost victims millions of dollars in a souped-up romance scam, whilst a phishing attack saw an attacker leverage a vulnerability in an email service provider to impersonate web3 companies, stealing more than $600,000. 

Also the use of drainer malware is now commonly used by cryptocurrency phishing threat actors as it does not require the attacker to convince the victim to send funds, as a victim is only required to connect the wallet to the malicious code. In one attack, a victim lost a total of 111.6 million ALI tokens - approximately $4.3 million.

Cyjax said while user-oriented attacks have been a threat to cryptocurrency since its inception, market changes combined with the simplicity of scamming through platforms such as X have made it one of Q1 2024’s largest threats.