FBI has released a PIN warning cryptocurrency users, exchanges, and intermediaries about ongoing attacks to steal cryptocurrencies from vulnerable people.
It says the attacks are so active through social engineering techniques like SIM swapping, support staff communication, account takeovers, etc. Thus, it warns them to remain vigilant and use more authentication methods to be safe.
The Rise in Cryptocurrency Fraud
Cryptocurrency transactions are made on the blockchain, which by its nature cannot be tampered with that easily. Thus, any transaction made through it cannot be reversed.
And since the cryptocurrency transactions happen from wallet to wallet with unidentifiable details, they are hard to track and recover in irregularities.
While these features excited the community for better financial services, they also motivated the cybercriminals to attack vulnerable users with safe harbor defense.
And since these are on rising, the US FBI has issued a TLP: GREEN PIN (Private Industry Notification) to warn various participants in this ecosystem.
Cryptocurrency users, exchanges, and intermediaries like third-party financial services should be aware of the scams and have their accounts protected all the time with various means.
FBI has seen the rise of this illegal activity in three main social engineering techniques;
- SIM Swapping: The threat actor convinces the target’s (unsuspicious user) telecom service provider to port his number to a new SIM (controlled by the hacker). This lets them receive all the communications like messages and verification calls to them and perform hacks.
- Customer Support: This is one of the widely popular impersonation attacks performed by cybercriminals, acting as a customer support executive from the target’s crypto exchange and take over his account or steal funds.
- Account Takeover: This can happen from various means like the above two, Plus remotely hacking the target’s device and obtaining his 2FA keys and credentials.
As these activities are on rising, the FBI suggests few practices like
- Enabling MFA (multi-factor authentication) to all cryptocurrency accounts
- Deny requests to download suspicious tools like remote access applications
- Contacting the exchange and all your cryptocurrency service providers through their official contact information.