Modern Phishing Attacks and Cryptocurrency Scams
In recent months, scammers in the crypto industry have significantly increased their activity during the “airdrop season” — mass token giveaways from various projects. According to RBC, since late 2023, many projects have announced free token distributions, making it easier for cybercriminals to operate. Even experienced investors with large capital have fallen victim to their schemes.
According to CertiK, phishing attacks became the most costly vector of crypto losses in 2024, with over $1 billion stolen in 296 phishing incidents, as reported by Cointelegraph. This highlights the scale of the problem: every day, victims lose significant amounts, and the chances of recovering the stolen assets are almost zero.
Real Cases of Cryptocurrency Theft
One of the most notable incidents occurred in May 2024, when a wallet owner lost about $68 million in WBTC. The user mistakenly sent 1,155 Wrapped Bitcoin to scammers as part of a so-called “transaction spam attack,” according to RBC.
Scammers sent numerous small transactions from addresses that differed by just one or two characters, tricking the victim into confusing them. Fortunately, after the incident gained public attention, the scammer returned the stolen funds.
However, this was a rare lucky outcome. Every week, the crypto industry faces attacks resulting in hundreds of thousands of dollars in losses, and recovering stolen assets is nearly impossible.
Other notable cases inсlude the $81.5 million stolen during the Orbit Bridge hack in 2023 and the $400 million theft from the FTX exchange in 2022 using a SIM-swapping attack.
Phishing Attacks: Fake Websites and Fraudulent Permissions
Phishing remains one of the most common methods for stealing cryptocurrency. Scammers create fake websites that visually replicate official project pages. For example, they clone airdrop sites and offer users a chance to “check” or “claim” their bonuses by connecting their crypto wallet RBC.
As soon as the user connects their wallet, scammers immediately withdraw all funds. Recovering them is usually impossible RBC. These fake sites copy the original design down to the smallest details, with links differing by only one character—such as a capital “I” instead of a lowercase “l”—making it nearly indistinguishable RBC.
Another trick is disguising withdrawal permission requests as a standard wallet connection prompt. Most wallets do not warn users about this, so they unknowingly sign a transaction that grants access to all their assets RBC.
Scammers have even learned to forge pop-up windows that appear when connecting a wallet, masking dangerous permissions as harmless notifications RBC.
Phishing also spreads through fake social media accounts. Scammers create impersonator profiles on Twitter (now X) and Telegram that mimic official crypto project pages. After gaining followers, they post comments under official posts promoting fake airdrops and linking to phishing sites RBC.
These comments appear to be part of legitimate posts, making it easy for users to fall for the scam and lose access to their funds. According to RBC, there are dozens of such fraudulent comments under posts by popular crypto projects, which administrators struggle to remove in time RBC.
Phishing Protection Tips
- Verify sources. Always use official information channels. Get airdrop and project links from trusted platforms like CoinMarketCap, Coingecko, or reputable media such as RBC.
- Avoid suspicious links. Never click on links from chats, comments, or unverified Telegram channels. Scammers often buy ads in search engines, causing phishing sites to appear above official ones RBC.
- Use security tools. Install anti-phishing browser extensions like Scamsniffer or Netcraft. These tools alert you when you visit suspicious websites RBC. It is also recommended to use wallets with phishing protection, such as Rabby, which warns about risks when connecting to unknown sites RBC.
- Keep your main funds separate. Use a dedicated wallet with a small balance to test new platforms. Store most of your assets in a secure wallet RBC. Even if you accidentally connect to a phishing site, your main funds will remain safe.
- Enable two-factor authentication (2FA). Do not rely solely on SMS codes. Scammers can perform SIM-swapping to hijack your phone number and access your accounts. It is known that $400 million was stolen from FTX using this method Kaspersky. Use hardware tokens or trusted 2FA apps instead of SMS.
Dusting Attack
A dusting attack is another tactic that relies on user inattention. Scammers create fake addresses that visually match the beginning and end of the victim’s address RBC. They then send tiny amounts of crypto—“dust”—so their address appears in the user’s transaction history.
Scammers hope that the user will mistakenly send large amounts to the fake address RBC. This is exactly how one user lost $68 million in Bitcoin in May 2024, mistakenly sending funds to a disguised address RBC.
To avoid falling victim to a dusting attack, always double-check the recipient’s address and use your clipboard only for trusted data. Never rely on autofill or address history in your wallet.
Fake Job Offers and Earning Schemes
Scammers exploit fake job postings to trick crypto users. They pose as major companies offering remote jobs with high pay for simple tasks Cointelegraph.
Victims are often asked to pay a “resume review fee” or pay for “training.” After payment, the scammers disappear or install malware on the victim’s device to steal personal data and wallet access Cointelegraph.
Chainalysis analysts, for example, discovered a scam website posing as a music label that collected over $300,000 in BTC and ETH from unsuspecting job seekers Cointelegraph.
In early 2025, a group called “Crazy Evil” launched a fake crypto company named “Chain Seeker,” posting jobs on LinkedIn and other platforms. Victims were asked to contact an “HR manager” on Telegram and install a fake “training” app called GrassCall. In reality, it was malware designed to steal wallet data Binance.
Scammers built a convincing fake company with a professional-looking website, social media pages, and employee profiles on LinkedIn. Many victims even shared screenshots of their conversations online, believing they were engaging with a legitimate company Binance.
Other Common Scams
In addition to phishing and dusting attacks, other popular crypto theft schemes inсlude malicious browser extensions disguised as useful tools. These extensions can capture keystrokes, read clipboard data, and rеplace recipient addresses during transactions b24.am. They also give scammers access to saved passwords, private keys, and other sensitive data.
Some scammers use crypto ATMs and kiosks as part of their scams. They impersonate law enforcement or customer support agents, convincing victims to transfer funds to “official” addresses. Such scams have become more frequent, with scammers threatening users with false accusations and demanding crypto as ransom neuron.expert.
SIM-swapping is another major threat, where scammers hijack a user’s phone number to intercept SMS codes for crypto accounts. This method was used to steal $400 million from FTX Kaspersky. Protect yourself by using hardware security keys and avoiding SMS-based 2FA.
Scammers also run pump-and-dump schemes by creating fake tokens or projects promising massive returns. Once the liquidity pool is activated, the token price crashes, and the creators disappear with the funds. Always thoroughly research projects, teams, and technical documentation before investing.
Conclusion
The key to security is not trusting promises of easy money and always staying vigilant. Never share your private keys or seed phrases, even if a site prompts you to “connect your wallet.” Always verify announcements on official project websites or reputable media outlets like RBC, and avoid random links from chats and comments RBC.
Your asset security is your responsibility. Regularly double-check addresses before sending funds, use antivirus software, and follow best cybersecurity practices. Only caution and awareness will help you avoid falling victim to scammers.