Social Engineering Schemes Come to the Crypto Industry: New Exploit Unveiled

Tay, a well-known blockchain security investigator, has reported on a new social engineering scheme targeting the cryptocurrency industry. She explained that industry workers are at risk, as attackers pose as field executives offering high-paying job opportunities.

Social engineering-based schemes are on the rise and now target members of the crypto industry. Tay has recently unveiled one of the latest strategies of threat actors to steal cryptocurrency and gain access to crypto organizations to escalate their attacks.

Tay explained that this new attack involves threat actors posing as job recruiters of known companies in the crypto industry including Kraken, Mexc, Gemini, and Meta. Contacts are initiated mostly through LinkedIn, but other applications like Telegram are also used.

The recruiters send job offers with attractive remuneration to the targets, enticing them to engage even if they are not actively job hunting. Eventually, after chatting for a while, potential victims are directed to a video interviewing site to answer questions and complete a pre-contract test.

After answering several questions, potential victims must record themselves answering the last question on the site. Nonetheless, the camera does not record anything, and the victim is prompted with a message to fix an error allegedly involving the camera. Installing the required updates opens the victim’s PC to attackers, who can use this access to drain wallets and for other nefarious purposes.

Tay recommended potential targets to be cautious when involved in job-hunting tasks. She stated:
> “There are so many malicious actors who spend all day trying to trick you into copy/pasting/run code like this. It will always destroy you. STAY SAFE OUT THERE.”

The described modus operandi and linked exploit are similar to what the Federal Bureau of Investigation (FBI) recently linked to Korean threat actors, who used analogous methods in the hack that led to a loss of $308 million by DMM, a Japan-based crypto exchange.

Read more: FBI Links North Korean Hackers to $308 Million DMM Exchange Breach