- Cryptocurrency scammers are using bots on
Telegram to con investors into giving up their one-time-passwords (OTPs). - The hackers use the OTPs to lock the original users out of their account and then steal their holdings.
- The bots are available for sale on Telegram too for around $300 per month.
Rather than having to socially engineer elaborate conversations over phone or messages, the OTP bots automate the entire process so that it can be done at scale. This means more attacks — and more victims.
These bots normally parade around pretending to be a help channel, according to a report by digital threat detection firm Q6 Cyber. It highlights that, not only are bots a growing threat, but that the damage they inflict is difficult to quantify.
And, they’re for sale even if you’re not a coder. An investigation by Intel471 revealed that a user only needs to pay a monthly fee of $300 in order to obtain the authentication code required to operate one of these bots. For another $20 to $100, they could have access to live phishing panels, which come ready with a list of possible targets — like users that confirmed members of Coinbase.
In July, last year, Indian crypto exchange ZebPay sent an alert out to its users warning them of a fake support group on Telegram trying to steal OTPs from users.
The automated process of stealing information for users has given birth to a new underground industry — crime as a service. For an engineer, he doesn’t need to get his hands dirty — just provide the bot. And, for a thief, they longer necessarily need to have the technical know-how to steal things online.
The creative ways in which hackers are trying to steal digital currencies is on the rise, even with the prices of tokens being in the doldrums since the start of the year.
SEE ALSO: