Users Beware of Fake Airdrop Email Scams
Warning about Fake Airdrop Emails
On the morning of January 23, 2024, the news outlet Cointelegraph reported that they had received numerous user inquiries regarding emails claiming to announce an airdrop from their platform.
Cointelegraph asserted that they do not conduct airdrops and identified these emails as phishing attempts. The news outlet urged users not to click on any unfamiliar links sent via email or from individuals falsely claiming to be part of the Cointelegraph team, as doing so could lead to asset loss through associated links.
🚨 SCAM ALERT 🚨
We’ve been made aware of scammers impersonating Cointelegraph.
👉 Cointelegraph does not issue airdrops.
👉 Please don’t respond or click on any links sent in your DM/E-MAIL by anyone claiming to be part of the Cointelegraph team.
Be safe! 🔐 pic.twitter.com/yi2VmW12xC
— Cointelegraph (@Cointelegraph) January 23, 2024
According to on-chain detective ZachXBT, the issue is not exclusive to Cointelegraph. Other cryptocurrency projects, including Wallet Connect, Token Terminal, and De.Fi, have also reported instances of email impersonation, with fraudulent links bearing similar content.
However, despite the warnings, many users, trusting the emails from reputed sources, followed the instructions and faced “bitter consequences.” As a result, attackers managed to amass around 228 ETH, equivalent to over $580,000, through this common fraudulent method.
Community Alert: Phishing emails are currently being sent out that appear to be from CoinTelegraph, Wallet Connect, Token Terminal and DeFi team emails.
~$580K has been stolen so far
0xe7D13137923142A0424771E1778865b88752B3c7 pic.twitter.com/XoN65HxOYh— ZachXBT (@zachxbt) January 23, 2024
Phishing Attack
Phishing attacks are among the prevalent forms of user theft in the cryptocurrency domain. When users access and connect their Web3 wallets, malicious actors can drain their entire wallet contents. A commonly favored malware for this model is known as the ‘Wallet Drainer,’ which is designed to automatically siphon assets from crypto wallets when users click on phishing links on websites or social media platforms like Discord, Twitter, or Google search results.
This method is consistently employed by attackers in various ways to ‘clean out’ investors’ funds. Most recently, on January 22, 2024, a user lost $4.2 million in a phishing attack. Just a week earlier, the crypto hardware wallet company Trezor confirmed a phishing attack affecting the personal information of 66,000 users.
Not only DeFi users but also leading security service providers like CertiK have been targeted by attackers seeking control and dissemination of fraudulent links.
Related: A User Lost $4.2 million in a Phishing Attack
According to the annual report from the security firm Scam Sniffer, approximately 324,000 crypto users lost nearly $295 million to phishing attacks in 2023. In November 2023 alone, crypto attacks ‘cleaned out’ $340 million in user assets across DeFi platforms. The entire crypto industry in 2023 suffered losses of up to $1.95 billion due to hacks and security breaches.
