Numerous cryptocurrency scams have emerged since the rising price of some currencies, notably Bitcoin and Ethereum, made them highly lucrative.
These scams have become increasingly common over recent months, but the methods behind them are not new. Some scammers pretend to be holding large sums of money that they will ‘giveaway’ once the victim has sent them a smaller amount of currency. Others offer large amounts of a new cryptocurrency in exchange for a small amount of an established one.
Scams involving Initial Coin Offerings (ICOs), through which the public are invited to invest in a new currency, are particularly popular amongst criminal groups. In 2018, the US Securities and Exchange Commission (SEC) filed at least 12 separate cases against organisations that had set up allegedly fraudulent ICOs, with tens of millions in purported profits. This week, the BBC reported that scammers accessed Twitter accounts for high profile brands had been hijacked by fraudsters and used to promote fake giveaways of cryptocurrency.
Although this allowed a malicious script to be injected into all websites that use the plugin, the attackers only targeted a specific Cryptocurrency exchange. The plugin was modified to include a component that checked for a specific identifier for the exchange’s withdrawal page. If detected, a second script replaced the victim’s intended destination Bitcoin addresses with one used by the attackers.