The increased deals with cryptocurrencies such as Bitcoin and its various alternatives have led to the creation of coordinated phishing attacks from the so-called “Bitcoin Airdrops”. Computer users look for several ways to get cryptocurrency assets, an activity that has already been noticed by criminals. This has proven to be one of the most successful strategies since the Bitcoin Airdrop scams seem to be a very used method to steal cryptocurrency recently.
What is a Bitcoin Airdrop Scam?
We have to talk about Bitcoin Airdrop first. This is a way to get cryptocurrency assets by participating in a giveaway. Pentest specialists define an Airdrop as a form of donation from developers of a blockchain in particular to the community interested in cryptocurrency. The Airdrops are planned as a form of marketing that seeks to generate interest and try to boost the value of a project in a positive way.
The most common advertising method is the use of social media profiles, user groups, and Telegram chats. In some cases, potential users are asked to perform various actions, such as post sharing or participating in discussions to be eligible to receive an Airdrop. In some cases, the Airdrop is performed through services, sites and groups affiliated with blockchain operators or service owners.
Several types of Airdrops that serve the cryptocurrency community have been identified. The Airdrops are popular with all forms of digital tokens and cryptocurrency and can adopt various forms. This list shows the differences that are primarily in user interaction requirements:
Simple registration: Only basic requirements are presented to users, such as user’s name, email address and maybe an online wallet address so that funds can be automatically transferred.
Community interaction: This Airdrop prescribes that potential cryptocurrency holders should interact with the community for a given period of time. The moderators will inspect their progress and grant the promised sum when they reach a certain time.
Sharing request: Users complete a registration form that also includes a script that monitors their actions. To successfully complete the registration, they are asked to share the Airdrop launching message in their social network accounts.
Minimum balance holding: This particular Airdrop requires users to maintain a minimum amount of cryptocurrency required in their online wallet for a specified period of time.
Most of the main Bitcoin and virtual currencies Airdrops are made with the specific intention of being a marketing task, as reported by pentest experts. All have the unique characteristics of tracking user’s activities and granting them the cryptocurrency assets when reaching the established objectives.
Bitcoin Airdrop scams warning signs
As there are several types of Airdrop, pentest experts report that malicious users have created different scams. The first and probably most common scheme of scam is the blockchain hijacking. It is made to mimic the developers of a chosen blockchain by setting up a fake page that uses hijacked content such as text, images and designs. After his visit of the false page, the user is offered to participate in an Airdrop. By visiting the Airdrop registration page, the site will ask the user to enter online wallet credentials.
As discussions about initial coin offerings (ICO) and cryptocurrency are mainly available on the Telegram platform, there is another danger alert called Telegram Airdrop scam. This takes advantage of the popularity of the application among the cryptocurrency community through the creation of fake chats, groups and profiles that perform hijacking to the genuine cryptocurrency community. Airdrops are offered by bots to obtain confidential data and online wallet credentials during the alleged Airdrop registration that is offered to victims.
The classic Bitcoin Airdrop donations scam is also being used. This takes the form of a private message to potential victims where they are promises large money in the form of cryptocurrency as a gift from a deceased relative, often originating in a remote country. Users are requested to provide details about them and their online wallets, including private keys. The explanation given is that all this is requested by the attorney or notary in order to release the supposed funds to their accounts.
A well known alternative is the mandatory deposit scam. The user is guided through a step-by-step registration process and is informed that they must make a mandatory deposit (or donation in some cases) to prove their accounts are legitimate. Users are never given anything in return and the funds transferred are immediately withdrawn by criminals.
Pentest specialists report that different groups of hackers have been pointed out for the creation of false exchange portals. This is an advanced phishing practice that requires a lot more effort on the developer side. As a result, the scam can reach a much larger number of potential victims. The creation of false portals means that hackers must simulate transactions and generate data from popular cryptocurrency and their respective values.
These phishing campaigns can be distributed across different channels. One of the most common tactics is to send a massive email in which criminals impersonate blockchains or community forums where the user can be active. They can include the same content as the legitimate site by using text, graphics, and template design. The goal is to persuade recipient users to navigate to a phishing site that steals their credentials or online wallet information.
Users could also receive direct messages or be invited to chat groups that may include links to fraudulent phishing sites. In most cases, messages will spoof community forums and chats content.
All Bitcoin Airdrop scams can be easily identified by detecting the presence of phishing signals.
Information security and pentest experts have issued several recommendations so we may face these phishing campaigns in a proper way:
- Don’t trust any Aridrop: Users should judge whether a particular Airdrop is legitimate or not. This can be done easily by looking for notifications on the official site of the cryptocurrency or in the social media accounts.
- Don’t disclose access information: Never send information that can be used to access your online wallet, such as e-mail, birth date, and public or private keys.
- Don’t interact with unknown sources: many phishing scams use fake sites that copy the design and content of legitimate Airdrops or cryptocurrencies. Before you open links to emails, websites, forums or other sources, make sure that they direct you to the official sites.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.