TBS Partners

How Bitcoin is stolen, and how you can protect yourself

As Bitcoin and other cryptocurrencies grow in value, the avenues of theft become more developed. So, what should you be looking out for?



It stands to reason that the more valuable cryptocurrencies become, the more likely that people will devise means in which to steal it. Consider the recent Bitcoin heist in Japan as the evolution of the robber blowing a hole in the wall of the safe.



But, record scale or smaller, scammers have been quick to smell opportunity. Front and centre to this is the old method of phishing — the creation of fake sites to steal credentials from unwary users.

The simplest version of cryptocurrency phishing (aka cryptophishing), involves good old-fashioned spamming. In this case, such e-mails appear to originate with providers of cryptocurrency-related services — Web wallets, exchanges, and so on.

However, the messages are far more detailed and sophisticated than the average phishing e-mail. For example, one might be a security alert saying that someone just tried to sign into your account from such and such address using such and such browser — all you have to do is click the link to check to confirm that it wasn’t you, and that everything is fine. In some cases, the potential victim might even have requested such messages on the cryptowallet site, in which case they will notice nothing untoward.



Spoiler alert, everything is not fine from that point. From there, the victim is directed to a fake version of the expected cryptocurrency site and asked to enter their e-wallet credentials. The pickle is that most popular Bitcoin Web wallet sites have a simple, yet recognisable aesthetic, which helps criminals to create convincing imitations.


Three different phishing sites that look like blockchain.info

Three different phishing sites that look like blockchain.info

The stakes are pretty high: Hijacking an e-wallet that contains a few decibitcoin isn’t like stealing a piffling e-mail account — those fetch some 20 cents per bucket on the black market. In e-wallets, criminals see a quick and direct route to some juicy pickings, so they are investing more in phishing messages and making them more plausible.

A more intricate cryptophishing scheme was discovered recently that uses some of the more interesting features of Facebook. Here’s how it works.

Scammers find a cryptocurrency community and create a Facebook page with the same title and design as the community’s official page. They make the address of the fake page similar to the real one, differing by as little as one letter. Spotting the difference is not so easy on Facebook, as you can set any name for your organisation, and these names are favoured to display on the site, as below:

The genuine Facebook page of a cryptoplatform — and a fake one.

The scammers then send phishing messages to members of the real community from the fake page. Personal messages are not suitable for this purpose for various reasons (for example, they can’t be sent to a user on behalf of a page).

So the scammers employ an interesting trick: To target someone, they share the victim’s profile photo on their page and tag them there.

The cunning part is that the profile photo is always visible to everyone — and it is not possible to stop someone from sharing it, or tagging you in Facebook — so the trick is effective even against people who are privacy savvy. The only way to stay protected from such activity is to disable notifications about tags created by unknown users, pages, and communities.



The most interesting bit is in the text of the message scammers use to mark their prey. For example, the message might say that the user is one of 100 lucky recipients of 20.72327239 (yes, the figure is that precise) cryptocurrency units for their loyalty to the platform. And, of course, there is a link for getting hold of the coins.

Note that the message contains detailed terms and conditions for receiving the reward (a minimum number of transactions on the platform, for example). Coupled with the appealingly exact and not excessively high but reasonable amount (about $100–$200), it all seems fairly plausible.


Some more examples of messages from cryptophishing pages on Facebook


So how do you guard against it?

Lately, the cryptomarket may have resembled a magic money tree, but cryptocurrency services are not charities, and they do not give away money for the fun of it. If someone promises you free cryptocurrency, consider a metaphorical knife hiding in their other hand.

  1. Always check every link very carefully. It’s best not to click on links in messages from Internet services at all — instead, type in the address of the service in the address bar of your browser.
  2. Carefully configure your privacy settings to avoid fraudulent schemes in Facebook. See this post for details of how to do that. It’s also not a bad idea to configure Facebook notifications.
  3. Use an antivirus solution with dedicated antiphishing protection. Kaspersky Internet Security is one such solution.


This content was created in partnership with our friends at Kaspersky Lab!

Related posts

Share via