With over 420 million investors worldwide and expanding every day, cryptocurrency ownership is a widening attack surface. What is more, with many casual investors into the cryptocurrency market many newly minted owners may find themselves in an unfamiliar territory given that they may be new to the platform, exchanges and general process surrounding cryptocurrency which can help play into the hands of attackers.

We continue to capture many unique cryptocurrency attacks targeting customer wallets. One of the latest versions was masquerading as a legal claim resolution for held crypto funds regarding the Voyager platform bankruptcy. Voyager filed for bankruptcy back in August of 2022 after citing volatility in Crypto markets and default of a loan made to Three Arrows Capital. This news left platform users reeling while scrambling to discover if their funds would be recovered and that process would drag on for many months with much uncertainty. Threat actors would, naturally, never let a good crisis go to waste.

The phishing email urged the recipient to transfer the recovered funds within a 30-day window. However, the “Withdraw Now” link within, led to a nonrelated site – mail�.]pinknwhitenailsspaa.]com.

If the user clicks the button, they are redirected to another site – investivoyagert.]com (look-a-like site). This site urges the target to connect their wallet to receive the fictitious funds. However, it really allows the attacker to submit requests (possibly hidden) for funds directly which could result in the loss of any assets within.

Another cryptocurrency platform we see targeted often is Coinbase. This attack example claimed that your wallet is frozen and verification steps are required to regain access to your account. The data management platform BlueKai, now owned by Oracle, is leveraged in the payload link to redirect unsuspecting Coinbase users to the attacker’s compromised domain. The attackers built out five “identity verification steps” highlighted below which transfer your Coinbase wallet over to the bad actors.

Cryptocurrency is here to stay, and as new investors decide to take the plunge these funds will only become an increasingly attractive target for threat actors.

• Be cautious of any online service -- any device connected to the internet is vulnerable 
• Encrypt your wallet with a strong password
• Use a hardware wallet that’s disconnected from the internet, when possible
• Regularly back up your wallet and store your backups in multiple locations
• Use multisignature security, which helps maintain control of your coins even if one of your devices is compromised
• Generate, write down and hide your wallet’s mnemonic seed -- a group of words you can use to restore your wallet in the event of a hardware failure
• Don’t share private keys or passwords
• Be aware: if something seems too good to be true, it may be a scam

Security Fundamentals list thanks to cnet.