1.2 k views

How Your Crypto Could Be Stolen From You in Just Three Clicks

While crypto scams and hacking schemes continue growing more sophisticated, industry newcomers are increasingly put at risk.

A crypto stealer can swiftly confiscate your crypto holdings within three clicks alone. Please read below to learn about this efficient yet dangerous attack and how to avoid falling victim to it.

The Three Click-Confiscator

1. The Hook

The scheme begins with a “hook” – an alluring message that expresses its victims’ sense of urgency.

Samczsun, the Head of Security at Paradigm, provided an example message from a similar attack that targeted him weeks ago:

“You are being sued. You can read a copy of the lawsuit here,” reads the message, providing a link. “You can also write a statement in response. Good evening John.”

Sam explained that anyone who instinctively clicks the link is just “two clicks away from being pwned.”

“When placed under pressure, even trained security professionals might act instinctively instead of rationally,” he said.

2. The Archive

The link provided doesn’t take the user to a web page but immediately downloads a dropbox file archive instead. In this case, the file was titled “statement of claim against cryptogeng.eth.zip.”

Anyone believing the claim could have legitimacy may find the name in the title intriguing. “Who is cryptogenic.eth?” you may ask. “Who owns this ENS name? What does it have to do with me?”

By clicking through, the victim is just one click away from compromising his crypto wallet.

3. The File

The archive in Sam’s example included two files inside. One is titled “cryptogeng.eth.etherscan.com,” and the other is titled “statement of claim against cryptogeng.eth.”

Each file may appear differently, depending on whether the user has enabled file extensions. Regardless, either file will result in the attacker gaining full access to one’s tokens.

Specifically, both files attempt to steal the user’s wallet data directly and store it in browser extensions. It even tries to steal one’s Discord session token – an encrypted version of your Discord username and password.

The latter is especially important for big names, who may run Discord servers with large influence. Hackers could abuse these servers to exploit and scam more users.

For example, OpenSea’s Discord has been compromised multiple times to push NFT scams. Another set of hackers breached the Instagram account belonging to Bored Ape Yacht Club in April, securing $10 million in NFTs.

Like that, a hacker can seize the funds stored in your crypto wallet – and indirectly scam many others!

How to Protect Yourself

Bitcoin live price
price change

To avoid falling prey to scams like this, remember the following:

  • Check Phrasing: Scam messages often contain very clunky phrasing and poor grammar; that’s an immediate red flag. This is especially the case if the message comes from an untrusted source.
  • Stay Calm: Don’t go hastily following instructions that play to your sense of urgency. Take your time to assess the message when you receive it. If in a phone call, ask the suspicious caller to wait before you answer.
  • Double Check Programs: Before clicking on a program, always double-check if it’s legitimate. When you run it, it will have full access to your computer. Therefore, you must be able to trust it.
  • Use Cold Storage: Such hacks only apply to hot wallets – wallets that store a user’s private keys on the computer or phone system. By using dedicated hardware wallets like Ledger or Trezor, hackers cannot steal one’s private keys so easily.
Stay up to date with our latest articles