01 Dec 2022
Phishing attempt disguised as an "airdrop" is uncovered by GoPlus security
GoPlus Security had tweeted from their official account they had discovered a new phishing scam. Security firm Web3 also disclosed that the phishing scam made over four thousand transactions.
Phishing attack posed as an airdrop discovered by GoPlus Security
Scams have persisted in the cryptocurrency industry practically since its inception. Despite the crypto space's growth and development, its archenemy, cybercriminals, have kept up their fraudulent activities.
Earlier, GoPlus Security uncovered a phishing scam website masquerading as an airdrop. The Web3 security firm reports that the site has processed over 4,000 transactions despite warnings.
According to reports, the phishing site stole millions of dollars from various crypto users and organizations. The hacker allegedly set up a phony Twitter account using the name "Flow Blockchain.”
The real Flow blockchain ecosystem (Flow blockchain) inspired the creation of the fictitious Twitter account (flow blockchaln). The blockchain transaction that differentiated the two Twitter handles saw an “I” changed to a “l”
Using detailed flow blockchain data and more than 137,000 bot followers, this Twitter account was professionally crafted—because of this, identifying the fake account was difficult for Twitter users.
Hackers' method of operation
The FAKE Twitter handle “Flow” was used to lure cryptocurrency users to a phishing website. The hacker made a pinned post that promised a free $3,000 airdrop to get people to click on the phishing link.
The Twitter account will repeatedly tag the user after viewing the page or responding to its content. The handler employs bogus tweets to trick site visitors into visiting malicious links.
When a user falls for a phishing link and clicks on it, a series of manageable tasks are presented to make it seem like the airdrop is real.
Users can click a “get #Airdrop” button once they have finished all required tasks. When using “get #Airdrop,” users are prompted to link their cryptocurrency wallets and holdings.
Wallets are reviewed; those containing valuable assets are granted access; otherwise, the site will ask permission to access the wallet.
After the foolhardy user's consent, the funds are sent to a wallet with the following address: (0x0000098a312e1244f313f83cac319603a97f4582). GoPlus security investigated the wallet address and found that many tokens, NFTs, and coins had been transferred into the wallet from scam proceeds.
If users don't give their consent, the site will try to stealth transfer again by posing as a contract security update. Users of cryptocurrencies should exercise caution online and refrain from adding their wallet addresses to websites they cannot verify.
Disclaimer: Nothing on this site should be construed as a financial investment recommendation. It’s important to understand that investing is a high-risk activity. Investments expose money to potential loss.
