The crypto craze has gained significant traction within Telegram, fuelled by the platform’s introduction of mini Web3 games for in-app entertainment. However, this surge in interest has also attracted crypto scammers, who have ramped up malicious activities on the app. Security firm Scam Sniffer has issued a warning about scammers exploiting Telegram groups to target potential victims and drain their crypto wallets. So far, Telegram has not responded to these developments.
Scam Sniffer, in a post on X, reported that crypto scammers are creating fake accounts impersonating popular influencers. These fraudulent profiles actively comment on posts to identify and target potential victims.
“They comment on legitimate posts, inviting users to “exclusive” Telegram groups promising alpha and investment insights. Once in the Telegram group, users are immediately prompted to verify through OfficiaISafeguardBot. This fake bot creates artificial urgency with extremely short verification windows,” the security firm posted on X.
During the verification process, scammers inject a malicious code called PowerShell onto the device’s clipboard. According to Scam Sniffer, once executed, this code can breach the security of crypto wallets.
In April, Telegram CEO Pavel Durov claimed that Telegram’s userbase could soon hit the billion mark. Essentially, Scam Sniffer believes that scammers using the PowerShell code could be exposing thousands of crypto investors on the platform to financial risks.
In addition, the app has started letting users send and receive cryptocurrencies like Tether from within chats – a feature that scammers can exploit to obtain personal details like wallet addresses from their victims to eventually scam them.
“We’ve seen numerous cases recently where similar malware led to private key theft. Many users have fallen victim to these sophisticated attacks,” the cybersecurity firm noted.
How Can Telegram Users Protect Themselves
Experts from the global Web3 sector have repeatedly warned users to be cautious of strangers initiating conversations about finances and investments. In light of a recent scam on Telegram, Scam Sniffer strongly advises against executing unknown commands.
With social media’s global reach, users are encouraged to verify profiles carefully, especially as platforms like Instagram and X now allow anyone to purchase verification badges.
The security firm also urges users to immediately report and block strangers who pressure them to verify their identity to join suspicious groups.
7/7 :warning: This represents a new evolution in crypto scams – moving beyond simple phishing to combine social engineering with malware.
Stay vigilant and share this to protect others. :closed_lock_with_key:
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) December 10, 2024
With the increasing number of hacks targeting web-connected hot wallets, crypto holders are advised to research the use of cold wallets to better protect their assets.
Data Around Crypto Scams
In July this year, the Securities division of the Washington State Department of Financial Institutions (DFI) issued a warning against scammers posing as professors or academicians on social media to fish for unsuspecting victims.
In September, the FBI reported that people have lost more than $5.6 billion (roughly Rs. 47,029 crore) last year through cryptocurrency-related frauds. The number of cryptocurrency-related complaints represented about 10 percent of the total number of financial fraud complaints with associated losses adding up to almost 50 percent of the total losses
