New cryptocurrency theft scheme
December 30, 2024
Fraud in the cryptocurrency space continues to evolve, with hackers using new methods of asset theft through fake job offers and social engineering. MetaMask developer Taylor Monahan warned about a new type of cyberattack.
How the fraud scheme works
It all starts with a job offer, supposedly from major and well-known cryptocurrency exchanges like Kraken, MEXC, Gemini, as well as corporations like Meta. The scammers actively post fake job openings on popular platforms like LinkedIn, freelance websites, Discord, and Telegram. They offer potential candidates attractive positions with high salaries — ranging from $200,000 to $350,000.
Step 1: Text interview and strategy proposal
The applicant undergoes a text-based interview on the Willo platform, answering questions about the crypto market and proposing a strategy for expanding a business with a limited budget. These questions seem standard, but they are only a preparation for the next step.
Step 2: Video response and hidden threat
In the next step, the applicant is asked to record a video response to a task. A window pops up requesting access to the camera and microphone, after which an equipment error occurs.
Instead of fixing the problem, the site prompts the user to update drivers and restart the browser. If the victim follows these instructions, a backdoor is installed on the device, giving hackers access to the system and the ability to steal cryptocurrency assets.
Precedents and consequences
This attack affects all major operating systems — macOS, Windows, and Linux — making the victim vulnerable regardless of the platform. Similar incidents are becoming more frequent. For example, an attack on the Japanese exchange DMM Bitcoin, which resulted in the theft of over $308 million, started with a recruiter on LinkedIn who hacked an employee of a third-party company with access to the exchange’s assets. The FBI links the incident to North Korean hackers known as TraderTraitor.
How to protect yourself?
It is important to carefully check the information about companies offering job opportunities and avoid responding to suspicious or too attractive offers. Do not provide access to your camera and microphone on suspicious platforms. Regularly update antivirus software to protect devices from malware. To secure cryptocurrency assets, use two-factor authentication on all accounts.