Security
Headlines
HeadlinesLatestCVEs

Headline

Steer clear of cryptocurrency recovery phrase scams

Categories: Personal Tags: cryptocurrency

Tags: mark cuban

Tags: scam

Tags: phish

Tags: phishing

Tags: wallet

Tags: hot

Tags: cold

Tags: metamask

Tags: extension

Tags: browser

Tags: mobile

Tags: android

Tags: search engine

We take a look at a common cryptocurrency scam which focuses on your recovery phrase.

(Read more…)

The post Steer clear of cryptocurrency recovery phrase scams appeared first on Malwarebytes Labs.

Malwarebytes
#web#android#git

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. Cuban lost a combination of coin types as asset movement flagged up after months of inactivity from his wallet.

Cuban discovered some of the transactions taking place and was able to save about $2.5m of tokens by logging in and sending what remained to a safe location.

As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query. Accidentally falling victim to rogue downloads in search engine results is an ancient technique, but as we can see here, it paid off big time for the scammers.

Fake tools and websites for cryptocurrency are common. You’ll see them in search engines, download portals, even promoted on social media.

As an example of this, a simple search for “metamask download” reveals sites claiming to offer MetaMask extensions for various browsers and mobile devices.

The MetaMask site is a secret recovery phrase phish. The site claims:

MetaMask cannot recover your password. We will use your secret recovery phrase to validate your ownership, restore your wallet, and set up a new password. First, enter the secret recovery phrase that you were given when you created your wallet. You can paste your entire secret recovery phrase below.

Of all the things you never want to do where cryptocurrency management is concerned, pasting your recovery phrase into a random website has to be somewhere near the top of the list. No matter the third party website, offer, video, service, or any form of giveaway: don’t do it. You’re handing the scammer the keys to your cryptocurrency kingdom.

It’s a similar deal for random extensions asking to connect to your wallet. You could well be granting access in ways that you’ll quickly come to regret.

Anyone can fall victim to a cryptocurrency scam, whether you’re just starting out or a billionaire tech professional holding a huge amount of digital currency in reserve.

Thanks to Jerome for finding this.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Malwarebytes: Latest News

Meta takes down more than 2 million accounts in fight against pig butchering