Cryptocurrency crypto phishing
Posted by: Orhan Sari Category: phishing Tags: , , Post Date: March 4, 2018

Crypto phishing ways – how to lose your cryptocurrencies to phishing attacks

The price of a single bitcoin became more valuable as opposed to past years. However, unlike the other assets, cryptocurrencies are surprisingly easy to steal. They’re also not always easy to protect. There is not an institution that will provide a layer of protection for cryptocurrencies against crypto phishing as well as law enforcement agency to catch cryptocurrency thieves.

In order to protect your cryptocurrencies against crypto phishing, you need to know how cyber criminals steal them. In this article, I have summed up the ways cyber criminals use to attack to get cryptocurrencies and how to avoid them.

How bitcoin gets stolen

The simplest method of Cryipto phishing is sending old-fashioned spam mailings. In this spam emails, cyber criminals imitates the providers of cryptocurrency-related services — Web wallets, exchanges, and so on. The messages are more detailed and sophisticated than the average phishing email such as they can include a security alert message saying that someone just tried to sign into your account from such and such address using such and such browser — all you have to do is click the link to check that everything’s fine. [1]

This is one of the oldest phishing methods that cyber criminals obtain your email by either extracting it from a Slack channel or by obtaining crypto-related site databases. The first advice would be therefore to have a separate email address and password for non-essential services such as chat services, forums and news portals.[2]

Crypto phishing email  (Source: Medium)

Once the victim clicks the links in fake email, he/she is directed to a fake version of the expected cryptocurrency site and demanded to submit their e-wallet credentials. Since, the most popular Bitcoin Web wallet sites look quite simple, yet recognizable, they help criminals to create real-like imitations.[1]

Cyber criminal mostly cannot spoof the actual domain name of the service they’re using to phish with. Therefore always look at the sender email when receiving a suspicious email. Moreover, double-check the domain and its extension.[2]

Bitcoin Phishing

Bitcoin Phishing (Source: Kaspersky)

Bitcoin transactions are instant, and not reversible, makes the currency a prime target for malicious actors. Despite there have been many advancements in Bitcoin wallet security, they are not perfect, and many of the more secure features take time and effort to use properly.[3]

Different phishing sites that look like (Source: kaspersky)

Bitcoins can be hacked in a variety of ways. Since the basic motive is to seize e-wallet account, cyber criminals use many ways to get  e-wallet credentials.  

5 Ways cyber criminals steals cryptocurrencies

They use email to manipulate cryptocurrency users

As I displayed above,  cyber criminal, obtain your email, and send spear phishing attacks designed to manipulating you into entering your credentials to a fake cryptocurrency web page prepared by cyber criminal.  

They use Google Adwords Phishing

A more recent method of phishing is done by abusing search engine ad networks such as Google Ads to display phishing sites and fool users into clicking the phishing site. For instance, a cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets. Cyber criminals purchased Google Adwords posing as online ads for the legitimate and popular Bitcoin wallet website.[4]

Google Adwords Phishing

Google adwords phishing (Source: Tripwire)

When searching in google on crypto-related keywords such as “blockchain” or “bitcoin wallet,” the spoofed links would appear at the top of search results. When clicked, the link would redirect to a “lander” page and serve phishing content in the native language of the geographic region of the victim. Despite, it’s a very simple trick, it can be also also incredibly effective, with researchers estimating that the gang has made approximately $50 million worth of Bitcoin in the past three years.[4]


Redirected lander page (Source: Tripwire)

Chat phishing

More recent technique of crypto money phishing done platforms such as WhatsApp, Skype and Telegram, as well as   SMS.

Criptomoney phishingCrypto money phishing done platforms such as WhatsApp, Skype and Telegram (Source: Medium)

As displayed in the above image a phishing message with a seemingly legitimate URL ( which in fact refers to a phishing URL ( is send to the victim. Once user clicks on the link, he/she will be redirected to fake page. [3]

SMS Phishing (Smishing)

There can be also a spoofed SMS case that is sent to a personal phone number. Seemingly legitimate, the SMS is actually from a cyber criminal looking to steal cryptocurrencies.[3]


SMS Phishing cryptocurrency

SMS Phishing (Source: Medium)

If we look at the above image, it may look as if it’s a real message sent by Coinbase. The name of the sender is Coinbase, and you’re greeted with your real name. Who else aside from Coinbase would know your real name, number and the fact that you have a Coinbase account? [3]

Social Media Phishing

An interesting crypto phishing scheme has been discovered recently that uses features of Facebook. Scammers find a cryptocurrency community and create a Facebook page with the same title and design as the community’s official page. They make the address of the fake page very similar to that of the real one.[1]

Fake Social Media Accounts (Source: Kaspersky)

In this crypto phishing case, cyber criminals send phishing messages to members of the real community from the fake page. They target someone, they share the victim’s profile photo on their page and tag them there.[1]

Fake facebook message (Source:Kaspersky)

The most interesting bit is in the text of the message cyber criminals use to mark their prey. For example, as in the picture above, the message might say that the user is one of 100 lucky recipients of 20.72327239 (yes, the figure is that precise) cryptocurrency units for their loyalty to the platform, of course, there is a link for getting hold of the coins. [1]

How to prevent crypto phishing

  • Do not click on the link before checking them very carefully.  Instead of clicking the on links, type in the address on your browser.
  • Do not download attachment in your inbox.
  • If you take an email from the service you use, do not reply till you have verified the sender is legitimate.
  • Do not use open Wi-Fi networks while using e-wallet or other important banking transactions.
  • Use an updated antivirus application to avoid all kind of malware.
  • Update your entire system and software.


[1] Drozhzhin, A. (2018). Phishing for cryptocurrencies: How bitcoins are stolen.

[2] Medium. (2017).  Crypto Phishing Explained — 4 Ways You Could Lose Your Cryptocurrencies to Phishing.

[3] Coinbrief. (2018). How Bitcoins Can Be Stolen: Botnets, Viruses, Phishing, and More.

[4] Cluley, G. (2018). How a Bitcoin phishing gang made $50 million with the help of Google AdWords.

Want to try Keepnet's Awareness Educator for free?

Click the button and start your free trial today






Share this post