Scammers are using a whole load of tricks to launch cryptomining scams

Bitcoin mining
Image credit: Pixabay (Image credit: Pixabay)

Cybercriminals and fraudsters are tapping into the DeFi craze to scam people out of their hard-earned cryptocurrency tokens, experts have warned.

Cybersecurity researchers from Sophos have uncovered an ongoing campaign that preys on those with little knowledge of the nascent crypto space that is Decentralized Finance (DeFi), and slowly drains their funds until there’s nothing left.

Sophos calls the new campaigns “Liquidity Mining Scams”, and has urged anyone involved in crypto trading to beware offer that sound too good to be true.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Earning millions, or losing thousands?

The rise of blockchain has given birth to something known as “smart contracts” - essentially pieces of code that act like the middleman and allow two parties to engage in a transaction of value, when certain conditions are met, without the need for an intermediary. 

With the help of smart contracts, rose Decentralized Finance - an umbrella term that covers a number of services usually offered by centralized entities (trading, lending, etc.). When it comes to trading cryptocurrencies in a decentralized environment, there needs to be a pool of liquidity for both currencies being exchanged. 

Users are being incentivized to provide this liquidity (lend out their coins, essentially) by receiving a percentage of the trading fee associated with a specific DeFi protocol, among other things. To do that, they often need to connect their crypto wallets (for example, MetaMask), with the DeFi protocol. 

And here’s where the scammers jump in. Sophos says they’ll create fake apps, fake protocols, or fake tokens, and reach out to potential targets via social media using fake identities. After a little bit of innocent chat, they’ll try and persuade the victim into providing liquidity for a certain pair of cryptocurrencies that seem to promise great returns.

They’ll even generate fake reports to further convince the victim of great earnings, and in some cases, they’ll even allow for withdrawals early on. However, they’ll urge the victim to keep investing big, in order to earn even more. In reality, though, the target’s victims were being drained until there was nothing left.

Once the targets were taken for everything they had, the attackers would simply vanish into thin air. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.