Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Scammers have been using advanced hacking bots on Telegram designed to trick investors into divulging their two-factor authentication, leading to accounts being locked and wiped out.
Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts.Â
According to a report from cybersecurity firm Intel471, one-time password (OTP) bots are âremarkably easy to useâ and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack.
A Telegram bot known as BloodOTPbot charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20â$100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services such as PayPal and Venmo, and crypto platforms such as Coinbase.
OTP bots are especially nefarious, as they are generally the final step in the hacking process after all necessary personal information has been gathered on the victim, known in hacker parlance as âthe fullz.â Hackers use the OTP bot to stage a seemingly official phone call, while simultaneously prompting the two-factor authorization (2FA) code from the userâs crypto platform. Once the typically flustered user divulges the code, hackers gain immediate and total access to the victimâs account.
According to a report from CNBC, Maryland-based obstetrician Dr. Anders Apgar was the victim of such an attack in which an âofficial-sounding phone callâ alongside a series of banner notifications on his phone informed him that his Coinbase account âwas in jeopardy.â
Apgar ended up in a situation where his 2FA code was divulged over the phone, and immediately afterward, he found himself locked out of his own Coinbase account, which held approximately $106,000 in Bitcoin (BTC).
These types of attacks from OTP bots are increasing in frequency and are causing substantial losses to both institutions and individual retail investors. The bots have an extremely high success rate in extracting funds.
Related: 4 tips to avoid phishing attacks
Customer service at Coinbase has been the subject of criticism in the past after angry users slammed the platform for a lack of responsiveness in dealing with hackers. In an attempt to improve response times and client relations, Coinbase acquired an Indian startup and created a phone line specifically for dealing with account takeovers and related attacks.
A Coinbase spokesperson told CNBC, âCoinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organizationâs website.â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.