Business, Cryptocurrency

Cold crypto wallet phishing scams spread across the internet

Brendyn Lotz

11th July 2023

Cold or hardware wallets for cryptocurrency are often safer than hot, or online wallets.
However, Kaspersky has uncovered a complex phishing scheme that targets cold wallet holders with promises of free XRP.
The attackers trick users into connecting their wallet to the internet and lift funds from the wallet when they do.

The prevailing logic among cryptocurrency owners is that a cold wallet which doesn’t rely on an online system is safer for storing your investment. However, even these offline solutions are in the crosshairs of cybercriminals.

Cybersecurity purveyors Kaspersky have uncovered a phishing campaign targeting cryptocurrency owners around the world. First detected in March of this year, Kaspersky says it has detected some 85 000 scam emails targeting owners of hot and cold cryptocurrency wallets.

But how are cybercriminals targeting offline, cold wallets?

The attack starts with an email purporting to be from Ripple and offering the target a chance to win XRP tokens in a giveaway. The link in said email directs to a blog post that looks like it could be Ripple. Within this blog post there is a direct link to register.

“Already at this point, the scam shows a few differences from mass attacks on hot wallets: instead of sending the user a link to a phishing page, the scammers used a more sophisticated immersion trick with a blog post. They also went so far as meticulously copying the design of the Ripple website and registering a domain name that was nearly identical to the exchange’s official domain. This is called a Punycode phishing attack. At first glance, the second-level domain is identical to the original one, but a closer look will reveal that the letter “r” has been replaced with a Unicode character that uses a cedilla:

https://app[.]xn--ipple-4bb[.]net -> https://app[.]ŗipple[.]net/

Also, the scam site is hosted in the .net top-level domain, rather than .com, where the official Ripple website is located. This may not raise any red flags with the victim, though, as both domains are widely used by legitimate organizations,” Kaspersky outlines.

The fake website then guides the user through the process of connecting their cold wallet to its respective API to receive the funds. From there the attackers use two APIs to verify account details and request funds. The stolen funds are sent to an intermediate account before being sent on to the intended account which makes them harder to track.

“Scammers understand one thing just fine: the harder it is to get to the loot, the bigger it is likely to be. Therefore, attacks on hardware wallets, which many consider bullet-proof, use far more sophisticated tactics than those employed against the users of online crypto storage services. Although hardware wallets are indeed more secure than hot wallets, users should not lower their guard. Check every detail carefully before giving any website access to your wallet, and refuse to connect if anything smells fishy,” advises Kaspersky.

Furthermore, the firm offers the following advice:

“Purchase from official sources: Only buy hardware wallets from official and trusted sources, such as the manufacturer’s website or authorised resellers.
Inspect your wallet: Scan your new hardware wallet for any signs of tampering before using it.
Verify the firmware: Always verify that the firmware on the hardware wallet is legitimate and up to date. This can be done by checking the manufacturer’s website for the latest version.
Secure your seed phrase: When setting up your hardware wallet, make sure to write down and securely store your seed phrase. A reliable security solution will protect your crypto details stored on your mobile device or PC.
Use a strong password: If your hardware wallet allows for a password, opt for a strong and unique one. Avoid using easily guessable passwords or reusing passwords from other accounts.”

“We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets. It is crucial to verify the authenticity of the sender and exercise caution before clicking on any links or providing sensitive information,” comments Roman Dedenok, a security expert at Kaspersky.

The total market capitalisation of cryptocurrency is estimated to be $1.19 trillion according to CoinMarketCap with Bitcoin accounting for nearly $600 billion of that cap. Ripple’s XRP meanwhile has a market cap of $25 billion and tokens trade at $0.47 a piece. While not as valuable as Bitcoin or Ethereum, cold wallets can often contain large sums of cryptocurrency and can be incredibly lucrative for ne’er-do-wells.

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.