Increase in Phishing Attacks Targeting Cryptocurrency Owners

As the price of Bitcoin and other cryptocurrencies have drastically increased in recent weeks so, too, have the number of phishing campaigns targeting cryptocurrency owners. These campaigns are designed to steal login credentials for cryptocurrency apps and exchanges and trick victims into revealing their secret keys for cryptocurrency hot wallets so that the perpetrators can access the victims’ digital funds. Some reported phishing campaigns contain malicious URLs masquerading as the online wallet service Blockchain and the trading site LocalBitcoins. Otherswere fraudulently promoting a cryptocurrency trading bot called GunBot. These types of social engineering attacks are likely to continue as the price and popularity of cryptocurrency surges.The NJCCIC recommends cryptocurrency owners maintain awareness of this and similar threats and avoid using links provided in emails or through social media platforms to visit websites that require the input of account credentials. Users are encouraged to visit cryptocurrency wallet and exchange sites by typing the legitimate address directly into the URL field of their web browsers and to exercise caution before downloading any cryptocurrency-related application or allowing full read/write API access to accounts from external sources. Lastly, we strongly recommend enabling multi-factor authentication on all accounts that offer it to prevent unauthorized access as a result of credential compromise.