A group of scammers actively uses technology to deceive the world of cryptocurrencies.
In the world of cryptocurrencies, where innovation and technology go hand in hand, a new threat has emerged for investors and users. Scammers armed with advanced artificial intelligence and deepfakes are creating increasingly sophisticated deception schemes, putting the security of digital assets of millions of people around the world at risk.
The group of attackers, codenamed CryptoCore, stands out among others for its clever tactics and, unfortunately, successful deception of numerous victims. Their arsenal of tools is impressive: deepfake technology for creating fake videos, hacked YouTube accounts with millions of subscribers, and professionally designed websites. All together, it creates a convincing illusion of legitimacy, forcing users to voluntarily send their cryptocurrencies to scammers wallets.
The main principle of operation of CryptoCore is based on the exploitation of human trust in well-known brands, celebrities and significant events. Attackers masterfully disguise their messages as official communications from trusted sources, whether they are social media accounts or pages of popular events. This tactic allows them to parasitize the reputation of respected individuals and organizations, misleading even the most cautious users.
The mechanism of deception is honed to the smallest detail. The victim is usually redirected to an elaborate fake site that promises quick and easy profit. To enhance the effect and create a sense of urgency, scammers often use limited-time "exclusive" offers. The potential victim is inspired with the idea that if she does not take the chance immediately, she will miss out on a unique opportunity to earn money.
The success of CryptoCore's operations is based on three key factors: careful preparation before each "event", a sophisticated technical infrastructure, and the ability to quickly distribute fraudulent content to the widest possible audience through popular social platforms.
The process of preparing for an attack includes several stages. First of all, hackers break into accounts with a large number of subscribers, most often on YouTube. Hacking techniques range from sophisticated phishing campaigns to the use of malware distributed through email. After gaining access to the account, scammers carefully prepare deepfake content, waiting for the right moment to distribute it.
On the day of the planned "event", the captured account is completely transformed. The background image, channel description changes, and fake content is added – all to increase the credibility. When users start searching for information about an official event, they are more likely to come across fake content, given the large number of subscribers to the hacked account.
The scale of CryptoCore's activities is astounding. During the six-month study period, more than 1,200 cryptocurrency wallets used in fraudulent schemes were identified. Most often, attackers operated with cryptocurrencies such as Ethereum, Bitcoin, Tether and Dogecoin. The total turnover of funds on these wallets was about 5.4 million US dollars, which indicates the colossal scale of the problem.
YouTube, as the world's largest video sharing platform with an audience of billions of users, has become a major target for CryptoCore attacks. Analysis of the hacked accounts showed that more than 20% of them had more than a million subscribers. The largest share, approximately 36%, fell on accounts with an audience of 100 to 500 thousand people. This choice is not accidental – a large number of subscribers not only provides a wide reach, but also adds a semblance of legitimacy to fake messages.
Deepfake technology has become a key tool in the arsenal of scammers. Fragments of real speeches and interviews of famous personalities are used to create convincing fakes. For example, to simulate content related to SpaceX and Elon Musk, attackers used footage from events such as SpaceX All Hands 2024, Starship Flight Test and Starship Update 2022. In the case of Michael Saylor, founder of MicroStrategy, scammers created fake videos with headlines like "Bitcoin - digital energy of the future with Michael Saylor" or "10 rules for success in the crypto world from Michael Saylor."
Statistics collected for the period from January to June 2024 revealed 340 different domains used to distribute CryptoCore fraudulent schemes. The analysis showed that the most frequently exploited topics were MicroStrategy, SpaceX and Tesla-companies and brands that are closely associated with the world of cryptocurrencies and innovation.
The technical side of CryptoCore operations is impressive for its complexity. Scam websites are built on the basis of obfuscated JavaScript scripts, which significantly complicates their analysis and detection. This approach allows you to effectively hide cryptocurrency wallet addresses, constants, and other critical elements that form dynamically generated content. QR codes of wallets that are often used to simplify the process of transferring funds are generated by a separate obfuscated script and stored locally in the victim's device memory.
Of particular concern is the fact that scammers actively redirect potential victims to mobile devices. Statistics show that the ratio of detections of malicious activity by CryptoCore on desktop computers and smartphones is 2:5. This trend is explained by the fact that mobile devices are often less protected from cyber threats, which increases the chances of fraudsters to succeed.
A geographical analysis of CryptoCore attacks showed that the most vulnerable countries were the United States, Great Britain, Brazil and Germany. The high penetration rate of cryptocurrencies and the developed digital infrastructure in these countries make them attractive targets for cybercriminals.
In light of the growing threat from cryptocurrency scammers, users need to exercise increased vigilance. It is important to remember that in the world of finance, there are no free lunches, and offers that seem too attractive are often deceptive. Special care should be taken when interacting with social media accounts that have a large number of followers, but show suspiciously low activity or inconsistent content.
Experts strongly recommend installing reliable antivirus software not only on computers, but also on mobile devices. Regular updates to operating systems and applications, the use of complex and unique passwords, and two-factor authentication can significantly reduce the risk of becoming a victim of fraud.
The fight against cryptocurrency scams requires a comprehensive approach that includes both technical protection measures and increasing user awareness. Only through joint efforts of IT companies, law enforcement agencies and users themselves can we create a safe environment for the development of cryptocurrency technologies and protect investors from financial losses.
Be vigilant, check information from several reliable sources, and never make hasty decisions under pressure. Your financial security in the digital world is in your hands.
Source
In the world of cryptocurrencies, where innovation and technology go hand in hand, a new threat has emerged for investors and users. Scammers armed with advanced artificial intelligence and deepfakes are creating increasingly sophisticated deception schemes, putting the security of digital assets of millions of people around the world at risk.
The group of attackers, codenamed CryptoCore, stands out among others for its clever tactics and, unfortunately, successful deception of numerous victims. Their arsenal of tools is impressive: deepfake technology for creating fake videos, hacked YouTube accounts with millions of subscribers, and professionally designed websites. All together, it creates a convincing illusion of legitimacy, forcing users to voluntarily send their cryptocurrencies to scammers wallets.
The main principle of operation of CryptoCore is based on the exploitation of human trust in well-known brands, celebrities and significant events. Attackers masterfully disguise their messages as official communications from trusted sources, whether they are social media accounts or pages of popular events. This tactic allows them to parasitize the reputation of respected individuals and organizations, misleading even the most cautious users.
The mechanism of deception is honed to the smallest detail. The victim is usually redirected to an elaborate fake site that promises quick and easy profit. To enhance the effect and create a sense of urgency, scammers often use limited-time "exclusive" offers. The potential victim is inspired with the idea that if she does not take the chance immediately, she will miss out on a unique opportunity to earn money.
The success of CryptoCore's operations is based on three key factors: careful preparation before each "event", a sophisticated technical infrastructure, and the ability to quickly distribute fraudulent content to the widest possible audience through popular social platforms.
The process of preparing for an attack includes several stages. First of all, hackers break into accounts with a large number of subscribers, most often on YouTube. Hacking techniques range from sophisticated phishing campaigns to the use of malware distributed through email. After gaining access to the account, scammers carefully prepare deepfake content, waiting for the right moment to distribute it.
On the day of the planned "event", the captured account is completely transformed. The background image, channel description changes, and fake content is added – all to increase the credibility. When users start searching for information about an official event, they are more likely to come across fake content, given the large number of subscribers to the hacked account.
The scale of CryptoCore's activities is astounding. During the six-month study period, more than 1,200 cryptocurrency wallets used in fraudulent schemes were identified. Most often, attackers operated with cryptocurrencies such as Ethereum, Bitcoin, Tether and Dogecoin. The total turnover of funds on these wallets was about 5.4 million US dollars, which indicates the colossal scale of the problem.
YouTube, as the world's largest video sharing platform with an audience of billions of users, has become a major target for CryptoCore attacks. Analysis of the hacked accounts showed that more than 20% of them had more than a million subscribers. The largest share, approximately 36%, fell on accounts with an audience of 100 to 500 thousand people. This choice is not accidental – a large number of subscribers not only provides a wide reach, but also adds a semblance of legitimacy to fake messages.
Deepfake technology has become a key tool in the arsenal of scammers. Fragments of real speeches and interviews of famous personalities are used to create convincing fakes. For example, to simulate content related to SpaceX and Elon Musk, attackers used footage from events such as SpaceX All Hands 2024, Starship Flight Test and Starship Update 2022. In the case of Michael Saylor, founder of MicroStrategy, scammers created fake videos with headlines like "Bitcoin - digital energy of the future with Michael Saylor" or "10 rules for success in the crypto world from Michael Saylor."
Statistics collected for the period from January to June 2024 revealed 340 different domains used to distribute CryptoCore fraudulent schemes. The analysis showed that the most frequently exploited topics were MicroStrategy, SpaceX and Tesla-companies and brands that are closely associated with the world of cryptocurrencies and innovation.
The technical side of CryptoCore operations is impressive for its complexity. Scam websites are built on the basis of obfuscated JavaScript scripts, which significantly complicates their analysis and detection. This approach allows you to effectively hide cryptocurrency wallet addresses, constants, and other critical elements that form dynamically generated content. QR codes of wallets that are often used to simplify the process of transferring funds are generated by a separate obfuscated script and stored locally in the victim's device memory.
Of particular concern is the fact that scammers actively redirect potential victims to mobile devices. Statistics show that the ratio of detections of malicious activity by CryptoCore on desktop computers and smartphones is 2:5. This trend is explained by the fact that mobile devices are often less protected from cyber threats, which increases the chances of fraudsters to succeed.
A geographical analysis of CryptoCore attacks showed that the most vulnerable countries were the United States, Great Britain, Brazil and Germany. The high penetration rate of cryptocurrencies and the developed digital infrastructure in these countries make them attractive targets for cybercriminals.
In light of the growing threat from cryptocurrency scammers, users need to exercise increased vigilance. It is important to remember that in the world of finance, there are no free lunches, and offers that seem too attractive are often deceptive. Special care should be taken when interacting with social media accounts that have a large number of followers, but show suspiciously low activity or inconsistent content.
Experts strongly recommend installing reliable antivirus software not only on computers, but also on mobile devices. Regular updates to operating systems and applications, the use of complex and unique passwords, and two-factor authentication can significantly reduce the risk of becoming a victim of fraud.
The fight against cryptocurrency scams requires a comprehensive approach that includes both technical protection measures and increasing user awareness. Only through joint efforts of IT companies, law enforcement agencies and users themselves can we create a safe environment for the development of cryptocurrency technologies and protect investors from financial losses.
Be vigilant, check information from several reliable sources, and never make hasty decisions under pressure. Your financial security in the digital world is in your hands.
Source
