BanklessTimes
Home News Cybersecurity Experts Alarm About New Crypto Wallet Attacks

Cybersecurity Experts Alarm About New Crypto Wallet Attacks

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
July 6th, 2023
  • During the spring of 2023, the malicious campaign distributed 85,000 scam emails
  • The scammers create a fake blog post imitating Ripple’s website to access cold wallets

Cybersecurity experts at Kaspersky have discovered a new form of cyberattacks via email, which targets hot and cold crypto wallets, the most popular way to store crypto. During the spring of this year, the malicious campaign distributed 85,000 scam emails. Their number peaked in March, when over 34,000 malicious emails were sent, Info Security Magazine wrote.

Hot wallets “too easy” to access

Kaspersky experts commented that hot wallets have become too popular. The latest statistics show more than 400 million people have one. They’ve become too easy to access and, what’s more, crypto is becoming more popular as well. Security expert Roman Dedenok said:

We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets.

The fact that hot wallets are constantly online has made them a prime target. Apps and crypto exchanges have also become targets for cybercriminals.

Scammers target cold wallets via fake XRP giveaway

Even though cold wallets are entirely offline, they are also vulnerable. Kaspersky researchers wrote about a targeted phishing campaign specifically aimed at cold wallet owners. The criminal sends an email on “behalf” of a prominent cryptocurrency platform like Ripple, inviting the recipient to take part in an XRP token giveaway.

The scammers create a fake blog post imitating Ripple’s website instead of directing victims to a phishing page. The user enters the token giveaway by clicking on a link. They are taken to a fake Ripple page, the domain name being very similar to the official Ripple domain.

Then, the victim is prompted to connect their hardware wallet, which lets the cybercriminal access and take over their account.

The experts advise crypto users holding assets to buy hardware wallets only from trusted and official sources, use unique and strong passwords, store the seed phrase safely, and inspect new wallets for signs of tampering at regular intervals.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.