Threat Trend Report on Virtual Asset Scams and Crypto Wallet Drainers
Overview
Virtual assets refer to assets in virtual form, such as assets that exist in the virtual economy, crypto (virtual) currency, or NFTs (Non-Fungible Tokens). In this report, cryptocurrency and NFTs are referred to as virtual assets.
1. Virtual Asset Wallets
Wallets to store virtual assets can be installed on a personal computer or mobile device, and the most widely used wallets are ALL WALLETS, COINBASE, Ledger Live, MetaMask, SAFE, and Trust Wallet.
Figure 1. Example wallet
The most widely used wallet, MetaMask, needs to be installed as an extension on web browsers or as an app on mobile devices.
MetaMask wallets do not contain any personal data, such as the user’s email address. When installing a wallet, a Secret Recovery Phrase (SRP) is created. The secret recovery phrase or mnemonic consists of 12 words, and knowing these words enables you to transfer the assets stored in that wallet to another wallet.
Figure 2. Secret recovery phrase
Some virtual asset wallets may not have a secret recovery phrase.
2 Airdrop
“Airdrop” here does not refer to the data transfer function provided by Apple devices. A cryptocurrency airdrop refers to the act of distributing new coins, NFTs, tokens, etc. to the wallets of existing cryptocurrency holders or qualified users for free.[1]
This is one of the marketing tactics that blockchain startup companies usually employ to increase awareness of their projects. Information related to airdrops is promulgated through various channels such as websites, newsletters, and X (formerly Twitter).
The posts usually request “follows,” “likes,” or “retweets” from users, and in some cases multiple missions may need to be performed. Promotions are posted using accounts that have a lot of users and are trustworthy.
Figure 3. Airdrop promotion post [2]
Cases of Virtual Asset Scams
As the number of individuals owning virtual assets grows, criminal attempts to steal them are also increasing. Virtual asset scams and hacking incidents that have occurred in recent years include the following:
|
Date |
Details |
|
Dec. 2022 |
Threat actors created a fake movie studio website and stole 14 Bored Ape NFTs worth over $1 million by asking collectors if they would be willing to grant them the rights to their Bored Ape NFTs for use in movies and then making them sign contracts. |
|
May. 2023 |
NFT free giveaway scam by threat actors pretending to be Starbucks Korea |
|
Jan. 2024 |
X account of Mandiant hacked and used to promote virtual assets |
|
Jan. 2024 |
X account of NETGEAR hacked and used to promote virtual assets |
|
Jan. 2024 |
X account of Hyundai MEA hacked and used to promote virtual assets |
|
Jan. 2024 |
X account of U.S. Securities and Exchange Commission (SEC) hacked and used to post fake news related to virtual assets |
|
Feb. 2024 |
X account of Nexon game named MapleStory hacked and used to promote Nibiru Chain projects |
|
Feb. 28, 2024 |
Fake Leather Wallet app uploaded to Apple App Store; removed mid-March |
|
Mar. 7, 2024 |
Fake Magic Eden wallet app uploaded to Apple App Store |
|
Mar. 26, 2024 |
Malicious npm package hijacking ERC20 contracts discovered |
|
Apr. 16, 2024 |
X account of actor Tom Holland hacked and used to promote virtual assets |
Table 1. Major cases of virtual asset scams
[1] https://supraoracles.com/academy/nft-airdrops/
[2] https://twitter.com/coinsniper_net/status/1755183481594765439
