Users of crypto wallets MetaMask and Phantom, as well as the crypto swap platform PancakeSwap, have been targeted in a crypto phishing scam involving the theft of at least $500,000, according to a report from cyber threat intelligence company Check Point Research.
Scammers are posing as fake customer support staff and luring users on Discord – a platform that brings together different tech communities and others in interest groups – and tricking users into sharing their screen and scanning QR codes to unlock MetaMask wallets, BleepingComputer reported.
Victims of the scam have reported losing their entire crypto portfolios or large portions of them, as well as their NFT collections.
“Just clicked on a scam on Discord and my MetaMask wallet was wiped clean. Nice way to head into the weekend,” tweeted Michael Batnick (@michaelbatnick), who fell victim to one of the scams.
Traders form groups on Discord to discuss the latest on altcoins. Investors share predictions and scammers infiltrate the conversations to fish for newbies and novices who they can lure to share sensitive details of their crypto wallets.
Once the scammers have identified their victims in Discord chatrooms, they send out private messages that appear to either come from the victim’s crypto wallet support team or from an upcoming trading platform giving away free cryptocurrency.
On NFT marketplace OpenSea, users have been warned to be wary of Twitter and Discord interactions after users reported fake support staff stealing popular NFTs such as Bored Apes and Cool Cats.
If users fall for this trick, they are invited to a secondary (fake) “Opensea Support” server where the scammers have control of the victim’s account, enabling the scammers to wipe it clean and dump the empty wallet.
“The reasons for such alleged generosity vary from message to message, but whether the exchange is supporting traders in difficult times or trying to attract new users, the thrust is always the same: The lucky addressee has been randomly chosen to receive an impressive payout in bitcoin or ethereum,” Kaspersky noted.
It is basically a 419 scam, where a “Nigerian princess” offers to share an inheritance with the victim, but the victim has to share personal details first.
The only difference is the attention to detail that the crypto scammers go into before they steal from their victims. They go as far as offering victims two-factor authentication to secure their accounts, plus antiphishing protection. All this to add plausibility to the entire swindle.