Experts have discovered a new online cryptocurrency fraud scheme

Attackers have started to swindle cryptocurrency in comments under YouTube videos, Kaspersky Lab experts told Izvestia on December 24. They swindle people's digital assets by spreading a real cid phrase from crypto wallets with Tether USD (USDT) tokens as bait.

As the experts explained, the scammers post the cid phrase in the comments under a video published on the video hosting site, which is dedicated to financial topics. The message is left on behalf of a supposedly naive user who, as if unaware of basic security measures, posted confidential data from his cryptocurrency wallet into the public domain for consultation.

The cryptocurrency wallet contains USDT (Tether) tokens, and a cid-phrase is enough to gain access to the funds. Therefore, unscrupulous users, seeing the comment, can try to withdraw digital assets. In doing so, they can see the USDT balance and transaction history.

When a user tries to access the wallet using a cid-phrase, he finds that withdrawing USDT requires paying a fee in TRX (Tron) tokens, which are not in the wallet. If he transfers his TRX to pay such a "commission", these funds are redirected to another wallet controlled by fraudsters, experts said.

The experts also noted that the decoy wallet is configured as an account with multiple signatures, which requires additional permissions to authorize any transactions. Therefore, even if the victim tries to transfer funds after paying the "commission", it will be impossible.

Bad marks: how scammers cheat Russians through schemes with likes

Victims are offered simple jobs and swindled out of large sums of money

"In this scheme, fraudsters rely on people's desire for quick "earnings". As a result, users themselves fall into the trap. We urge to be vigilant and adhere to ethical principles when working with cryptocurrencies and in general when conducting any financial transactions on the Internet. Attackers continue to improve their methods, so it is extremely important to stay informed and cautious," said Olga Svistunova, Senior Content Analyst at Kaspersky Lab.

In order not to fall for the tricks of scammers, the company recommended to critically and ethically treat opportunities to get cryptocurrency, use only verified crypto wallets and exchange sites, as well as install a reliable security solution on computers and smartphones, which will prevent going to phishing sites or launching malware.

Earlier, on November 17, Evgeny Pankov, project manager of the .RU/.RF domain coordination center, told Izvestia about the observed steady growth of phishing attacks conducted via messengers, especially Telegram and WhatsApp (owned by Meta, an organization recognized as extremist and banned in Russia). According to him, 2,374 domains imitating Telegram were blocked in Runet in the first 10 months of this year, and 1,036 domains imitating the second messenger were blocked.