Cybercriminals use Telegram Bots to fraudulently gain access to users’ crypto accounts. They then block and delete the account.
Telegram bots can deprive you of your cryptocurrencies
According to a report by Intel471 on cyber security, one-time password (OTP) bots are extremely easy to use and their operation is relatively cheap compared to the amount that can be earn on a successful attack.
The bot, known as BloodOTPbot, charges hackers a monthly fee of just $ 300. In addition, fraudsters can spend an additional $ 20 to $ 100 on additional phishing tools targeted at Instagram, Facebook and Twitter, and financial services such as Paypal. and Venmo and a cryptocurrency platform such as Coinbase.
Such bots are particularly harmful in that they are the last step in the hacking process, which is preceded by the collection of the personal data of the victim. Hackers use the bot to attack organizations by simulating an official phone call and at the same time request the 2FA code from the user’s platform. Enthusiastic people often reveal the code, giving hackers instant and full access to the victim’s account.
According to the CNBC, Anders Agpar, a obstetrician from Maryland, fell victim to such an attack: he received several announcements on his phone that his account had been blocked, then they called him from the “help line” with information about the danger of losing funds.
Upset, Agpar gave a two-factor authentication code (2FA) over the phone, only to find out almost immediately that his own Coinbase account, which contained about $ 106,000 in BTC, was whitewashed and blocked.
For this reason, Coinbase customer support has often been criticized for failing to respond to the hacker. To remedy the situation, Coinbase bought an Indian startup using artificial intelligence and set up a telephone line to combat account theft and related attacks.
At the same time, the Coinbase team encourages users to be vigilant:
Coinbase never calls his customers without asking them, and we call on everyone to be careful when providing information over the phone.
If someone who claims to be from a financial institution calls you, do not disclose your account information or security code. Instead, hang up and call the official phone number listed on the organization’s website.