The cryptocurrency exchange platform, Uniswap, this week revealed a catastrophic phishing attack on its users, with the scammers walking away with over $8 million worth of Ether and Bitcoin. The attack followed a classic phishing route, with a promised free airdrop of Uniswap tokens valued at around $2000 each. Users were then directed to a website where they could exchange the new tokens for other cryptocurrencies. Opening the malicious link on this phishing site is what led to the infection of wallets.

Users that fell victim had linked their wallets to the malicious phishing webpage, giving the scammers a way in. Over $6.5 million worth of cryptocurrency (2,444 Ether, 201 Bitcoin) was stolen from just one wallet. The second victim wallet lost $1.67 million, or 834 Ether tokens ($903,000) and 39 Bitcoin ($774,000). The lost crypto was first reported as a hack before it was discovered to be socially engineered — with that in mind, here’s what else we’ve found this week.  

Trust Wallet

Users have reported receiving fake breach alerts from scammers posing as Trust Wallet. The SMS content is as follows:

“your multi-coin wallet has been breached. visit: [URL] warning: do not share your secret phase with anyone.”.

Following the phishing link will take would-be victims to a fake page, as seen below, designed to record and steal your log-in credentials. Don’t let it happen! Malicious URLs to take an eye out for include:

• incident-trustwallet[.]com
• support-trustwallet[.]com

Terra (Luna)

In the case of the Terra cryptocurrency, users have reported receiving another fake airdrop offer (like the Uniswap case). SMS content as follows:

“limited airdrop – our records indicate that you are eligible to claim terra 2.0 tokens at: v2-terra[.]com claimant#3805 t&c apply. reply stop to opt out.”

Following the link will take you to another phishing page designed to steal your credentials. This particular webpage was only created last week! Furthermore, it appears to have come out of Russia.

Protect Yourself with ScamCheck

• Double-check people’s contact details — and URLs.
• Reach out to official websites and support pages directly for help if in doubt.
• NEVER use links or buttons from unknown sources! Use Trend Micro ScamCheck to detect scams with ease: ScamCheck is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

Trend Micro ScamCheck is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!

Check out this page for more information on ScamCheck.

Given you’ll be required to enter personal information on these kinds of platforms, ID Security will also ensure you’re never the victim of a data breach.

And as ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.