Scammers

Last month, crypto user and NFT artist Princess Hypio told her followers she lost $170,000 in crypto and non-fungible tokens after a scammer convinced her to play a game with them on Steam. 

While she was “mindlessly” playing with the scammer, they were secretly stealing her funds and hacking her Discord. The same tactic was used on three of her other friends, she wrote in a post on Aug. 21 on X. 

Source: Princess Hypio

It turns out, the tactic has been around for a while and is known by some as the “try my game” scam, which users have been reporting for years in different forms.

Speaking to Cointelegraph, Kraken’s chief security officer, Nick Percoco, said these methods have become an increasingly popular attack method

“Try my game” hack: How it works 

The crypto version of the scam involves a hacker joining a Discord server or group, lying in wait, learning about how users interact with each other and later using that information to gain trust.

The hacker then asks users if they own crypto or NFTs, often feigning interest to ask questions and gauge what digital assets they might own. In Princess Hypio’s case, they had a Milady NFT, which resulted in her being targeted.

After identifying a target with crypto, the hacker invites victims to play a game, sending a link to a server with Trojan malware that provides access to user devices, which allows them to steal personal information and drain any connected wallets.

In Princess Hypio’s case, the ploy involved convincing her to download a game on Steam by offering to buy it for her. The game itself was safe, but the server on which the game was being hosted was malicious.

She lost $170,000 from the attack, she said.

It comes only days after Discord released its deceptive practices policy explainer, warning that promoting or carrying out financial scams on the social platform violates the terms of use. 

“These scams do not exploit code; they exploit trust. Attackers impersonate friends and pressure people into taking actions they normally would not take,” said Percoco. 

“The biggest vulnerability in crypto is not code, it is trust. Scammers exploit community spirit and curiosity to take advantage of good intentions.” 

Attackers embed themselves in communities, learn the culture, mimic trusted friends, and then strike, he said. 

Scammer tactic moving past crypto 

In February, a user under the handle RaeTheRaven posted to the Malwarebytes forum that they had fallen prey to the “infamous scam” after someone they thought was a friend sent a link. A Reddit forum that started in July also warned of scams targeting gamers. 

Another person reported being hit with the scam back in July, which resulted in a ransomware demand. Source: Malwarebytes

Percoco told Cointelegraph that while the crypto industry tends to see these scams first, the tactic spreads across sectors.

He said the best way to avoid being snared is to have a “healthy skepticism,” confirm identities through another channel, avoid running unknown software, and remember that “doing nothing is safer than taking a risky step.”

“If something feels rushed, generous, or too good to be true, it almost always is. Do not trust, verify.” 

Fake recruitment campaigns even worse 

However, Percoco also said that while the Discord scams are on the rise, a more widespread trend in crypto currently involves fake recruiters. 

Related: North Korean hackers target crypto devs with fake recruitment tests

In a recent June case, a North Korea-aligned threat actor targeted job seekers in the crypto industry with malware designed to steal passwords for crypto wallets and password managers.

“Discord impersonation is rising quickly, but the most widespread trend we are tracking today is fake recruitment campaigns where victims are lured with job offers and tricked into clicking phishing links,” Percoco said.

 Magazine: XRP ‘cycle target’ is $20, Strategy Bitcoin lawsuit dismissed: Hodler’s Digest, Aug. 24 – 30

Source link