The rise of the cryptocurrency deals with Bitcoin and its many alternatives has led to the creation of coordinated phishing attacks of the so-called “Bitcoin Airdrops”. The criminals behind the campaigns note that computer users seek various ways in order to gain cryptocurrency assets. This has proven to be one of the most successful strategies as the Bitcoin Airdrop Scam appears to be a preferred method of stealing the digital currency in the past few months. Our article describes some common scenarios that are used by the criminals.
Origins of the Bitcoin Airdrop Scams
To understand why Bitcoin Airdrop scams has become one of the most popular ways to deceive computer users first we need to consider what it is. By definition this is a way to gain cryptocurrency assets by participating in a giveaway. Airdrops are a form of donation from the relevant blockchain developers to the cryptocurrency community. They are planned in advance as a form of promotion that aims to generate interest and attempt to drive the relevant project’s value in a positive way.
The most common method to advertise them is the use of social media profiles, user groups and Telegram chats. The prospective users in some cases are requested to perform various actions such as sharing of posts or entering into discussions in order to be eligible for the airdrops. In some cases the airdrops are performed by services, sites and groups that are affiliated with the blockchain operators or the service owners. In these cases it is very likely that the users may discover a Bitcoin Airdrop scam.
We have identified several different types of Airdrops that are being served to the cryptocurrency community. Airdrops are popular with all forms of digital tokens and cryptocurrency and they can take various forms. This list shows the differences that are mainly found in the user interaction requirements:
- Simple Registration — The Aidrops only present basic requirements to the users: their name, email address and possibly the wallet address so that the funds can be transferred automatically.
- Share Requirements — The users fill out a registration form that also includes a script that monitors their actions. To successfully finish the registration they are prompted to share the airdrop release message on their social media accounts.
- Minimum Balance Hold — This particular airdrop requires the users to hold a minimum balance of the required cryptocurrency in their wallets for a certain period.
- Community Interaction — This airdrop prescribes that the prospective cryptocurrency holders should interact with the community for a set period of time. The moderators will then manually inspect their efforts and award the promised sum upon reaching a certain threshold..
Most major Bitcoin and alternative currency airdrops are made with the specific intention of being a secondary marketing mechanism. They all have the single characteristics of keeping track of the users activities and awarding them with the relevant cryptocurrency assets upon reaching the preset goals.
Warning Signs of Bitcoin Airdrop Scams
Like the many types of airdrop types, malicious users have come up with several different types of scams. The first and probably most common scheme is the blockchain hijack airdrop scam. It is made to mimic the developers of the chosen target blockchain project by setting up a fake page that uses hijacked contents: text, images and designs. Upon the fake page’s visit of the page they are offered to participate in an Airdrop. Upon visiting the drop’s registration (submit) page the site will prompt them enter their wallet credentials.
As ICO and cryptocurrency discussions are mainly available on the Telegram channels, we have been alerted of another threatening danger called the fraud Telegram Airdrop scam. It takes advantage of the application’s popularity among the community by creating fake chats, groups and profiles that hijack the genuine cryptocurrency communities. The airdrops are offered by automated “bots” that hijack sensitive data and wallet credentials during the “airdrop registration” that is being offered to the victims.
The age-old Bitcoin Airdrop Donation Scam is also being used. It is an evolution of the Nigerian relative email messages and takes the form of a private message to the targets that promise to them large sums of money in the form of cryptocurrency that are a gift from a late relative, often originating from a remote country. The users are prompted to give elaborate details about themselves and their wallets, including the private keys. The given explanation is that all of this is requested by the lawyer or notary in order to “release” the funds to their accounts.
A popular alternative approach is the Mandatory Deposit scam where the prospective users are promised large sums of money. They are guided through a step-by-step registration process and informed that they need to make a mandatory deposit (or “donation”) in order to “prove” that their accounts are legitimate. The users are never given anything in return and the transferred funds are immediately withdrawn by the criminals.
Several hacking groups have been spotted of setting up fake exchange portals. This is an advanced phishing practice that requires much more effort on the developer’s side. Consequently a much larger number of potential victims can be impacted. The creation of fake portals means that the hackers must simulate the transactions and feed live data (counterfeit or legitimate) of the popular cryptocurrencies and their respective values.
Phishing campaigns can be distributed over different channels. One of the most common tactics is the coordination of bulk email campaigns in which the criminals impersonate the relevant blockchains or the community forums where user may be active in. They may include the same contents as the legitimate site by using their text, graphics and design templates. The end goal is to persuade the receiving users to navigate to a phishing site that hijacks their credentials.
Users can also receive direct messages or be invited to group chats that may present links to the scam phishing sites. In most cases the chat messages will impersonate the official community forums and chats. This is made possible by analysing the group dynamics of the legitimate community and attempting to mimic them.
All Bitcoin Airdrop Scams can be easily spotting by looking out for the presence of phishing warning signs. A concise list of the most notable ones is the following:
- Never Trust an Airdrop — The users will need to individually judge whether or not a particular airdrop is legitimate. This can be done easily by looking for notifications of it on the relevant cryptocurrency’s official site or their social media accounts. If in doubt do not hesitate to contact them directly.
- Never Reveal Access Information — Never send out information that can be used to access your wallet: email credentials, date of birth, public or private keys.
- Don’t Interact with Unknown Sources — Many of the phishing scams utilize fake sites that copy the design and contents of legitimate cryptocurrencies or airdrops. Before opening up hyperlinks from emails, websites, forums or other sources make sure that they point to the official sites.