The cryptocurrency exchange platform, Uniswap, this week revealed a catastrophic phishing attack on its users, with the scammers walking away with over $8 million worth of Ether and Bitcoin. The attack followed a classic phishing route, with a promised free airdrop of Uniswap tokens valued at around $2000 each. Users were then directed to a website where they could exchange the new tokens for other cryptocurrencies. Opening the malicious link on this phishing site is what led to the infection of wallets.
Users that fell victim had linked their wallets to the malicious phishing webpage, giving the scammers a way in. Over $6.5 million worth of cryptocurrency (2,444 Ether, 201 Bitcoin) was stolen from just one wallet. The second victim wallet lost $1.67 million, or 834 Ether tokens ($903,000) and 39 Bitcoin ($774,000). The lost crypto was first reported as a hack before it was discovered to be socially engineered — with that in mind, here’s what else we’ve found this week.
Trust Wallet
Users have reported receiving fake breach alerts from scammers posing as Trust Wallet. The SMS content is as follows:
“your multi-coin wallet has been breached. visit: [URL] warning: do not share your secret phase with anyone.”.
Following the phishing link will take would-be victims to a fake page, as seen below, designed to record and steal your log-in credentials. Don’t let it happen! Malicious URLs to take an eye out for include:
- incident-trustwallet[.]com
- support-trustwallet[.]com
Terra (Luna)
In the case of the Terra cryptocurrency, users have reported receiving another fake airdrop offer (like the Uniswap case). SMS content as follows:
“limited airdrop – our records indicate that you are eligible to claim terra 2.0 tokens at: v2-terra[.]com claimant#3805 t&c apply. reply stop to opt out.”
Following the link will take you to another phishing page designed to steal your credentials. This particular webpage was only created last week! Furthermore, it appears to have come out of Russia.
Protect Yourself with Trend Micro Check
- Double-check people’s contact details — and URLs.
- Reach out to official websites and support pages directly for help if in doubt.
- NEVER use links or buttons from unknown sources! Use Trend Micro Check to detect scams with ease: Trend Micro Check is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!
Trend Micro Check is a browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!
After you’ve pinned the Trend Micro Check extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge).
You can also download the Trend Micro Check mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).
Check out this page for more information on Trend Micro Check.
Given you’ll be required to enter personal information on these kinds of platforms, ID Security will also ensure you’re never the victim of a data breach.
And as ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.