TL;DR
- Crypto scammers have shifted their activity to Telegram, using sophisticated malware instead of traditional phishing methods.
- The use of fake verification bots is the new tactic to steal personal information and funds from victims.
- Losses from these attacks are hard to track, making scams even more damaging to users.
Crypto scammers have made an alarming shift in their tactics, now focusing on Telegram as the primary platform to execute their frauds. According to the security firm Scam Sniffer, attacks have increased by 2,000% since November of last year, surpassing traditional phishing methods in volume.
Instead of using the typical deception tactics that involve connecting digital wallets to fraudulent websites, cybercriminals have begun distributing malware through fake verification bots. These bots are found in trading groups, airdrop groups, and “alpha” groups on Telegram, where users are invited to complete verifications to access exclusive content. By installing this software or running its code, attackers gain full access to users’ passwords, can scan wallet files, and steal browser data. These increasingly sophisticated methods are designed to remain undetected, allowing scammers to continue exploiting users.
Evolving Attacks: More Sophisticated and Harder to Detect
According to Scam Sniffer, scammers have evolved their techniques as users become more aware of traditional frauds. The new malware method not only gives attackers access to more information but also makes losses much more difficult to trace, complicating investigations and claims. This shift is indicative of how scammers are adapting to heightened awareness and the tightening security measures of platforms.
Scammers have also begun using fake Cloudflare verification pages, where users are asked to copy and paste a verification text that secretly injects malware into their clipboard, enabling the theft of sensitive information without the victims realizing. This added layer of complexity makes it even harder for users to identify fraudulent activity.
In addition to these changes, cybercriminals are now targeting legitimate cryptocurrency project communities, making group invitations appear more harmless and less suspicious. This adaptation is a clear sign that attackers are improving their social engineering strategies, especially by leveraging platforms like Telegram. They are using established networks and communities to manipulate users into falling for these advanced scams.
While the exact losses from these malware attacks are difficult to quantify, a report from Cyvers revealed that crypto thefts totaled $2.3 billion in 2024, marking a 40% increase from the previous year. Although losses in December were lower, these attacks remain an increasing threat, and users must be extremely cautious with links and bots they encounter on Telegram.
