- The Cybersecurity and Infrastructure Security Agency (CISA) warns of a surge in impersonation scams targeting crypto investors.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 12 about a rise in impersonation scams, often using “the names and titles of government employees.”
The CISA alert explained that its staff will never request money wiring, “cash, cryptocurrency, or use gift cards.”
“If you suspect you are a target of an impersonation scammer claiming to be a CISA employee, do not pay the caller; take note of the phone number calling you; hang up immediately, [and] validate the contact by calling CISA.”
Crypto Scams On The Rise
Responding to written questions, Chainalysis director of investigations Phil Larratt, explained that scams “continue to be a major threat to the [crypto] ecosystem at large.”
Larratt said that scams are once again “one of the biggest drivers of cryptocurrency-based crime, bringing in at least $4.6 billion in revenue in 2023.”
“Impersonation scams, in particular, had the fourth-worst impact on victims in 2023 based on an average payment size of $948, as we found in our Chainalysis 2024 Crypto Crime Report.”
Prevention vs. Mitigation
In adherence with the actions suggested by the CISA, and on the topic of prevention, Larratt said a first line of defence against large-scale scamming comes from preventative efforts starting with public education:
“This is critical because once crypto assets are transferred to a third party, there is no longer control of that asset without the private keys of the third party’s funds.”
Phishing Frenzy And Crypto Drainers
Among fake Federal employee impersonation scams, Larratt provided additional information about the two most prominent scam tactics, namely approval phishing and crypto drainers:
“Approval phishing scammers have historically targeted wide swaths of crypto users through the proliferation of fake crypto apps.”
He said this method has been adopted by romance scammers, also known as pig butchering scammers, leading to substantial losses.
“[Crypto drainer operators] often promote their fake Web3 sites in Discord communities and on compromised social media accounts […] enticing victims into connecting their crypto wallets to the drainer and then using the approval phishing technique to trick the victims into approving transaction proposals that grant the operator control of the funds inside the wallet.”
Chainalysis’ director of investigations concluded by explaining that it is “increasingly important for Web3 projects and users” to implement protective security measures like “Web3 security extensions” to help combat these scam tactics.
