Yet another phishing attack involving cryptocurrencies that would have left a loss of $4.3 million in crypto assets has been revealed. This time, the target was the users of the Terra network (LUNA). According to blockchain security firm SlowMist, the amount in question was stolen in a span of less than ten days from dozens of cryptocurrency addresses. On its Twitter account, SlowMist explained that the equivalent of BRL 20.35 million in assets was transferred from 52 addresses of victims of a phishing scam on the Terra network between April 12 and 21. According to the team, most of this attack was Google phishing ads related to the Anchor protocol, the largest on the Terra network with $16.04 billion in total blocked value (TVL), and the Astroport protocol, with a TVL of US$1.89 billion.
A phishing scam is designed to lure a victim into providing sensitive information such as crypto wallet passwords and bank details. Usually, cybercriminals use fraudulent messages, posing as companies, banks and exchanges. In this case, when searching for “Anchor Protocol” or “Astroport”, the first Google result presents realistic looking ads that are actually scams. The malicious website’s description says that Anchor is a lending protocol that provides cryptocurrency users, fintech companies, and investors with a “stable high interest rate, offering up to 19.5%.”
“These may look like normal ads and some even show the same domain names. But once you click on the link, the domain name really changes. When clicked, it will ask you to connect your wallet. However, instead of connecting, users are prompted to enter their seed phrase [chaves privadas],” explained SlowMist.
How to protect yourself from phishing attacks?
To protect digital wallets and cryptocurrencies, SlowMist recommends that Terra blockchain users be cautious. According to the team, one should avoid clicking on links from Google ads or links with questionable sources.
“This will help reduce the likelihood of falling victim to phishing scams.”
Also, users need to be alert with unexpected messages about lost money and/or accounts. Last week, for example, Kaspersky reported that it identified more than 100,000 phishing attacks on cryptocurrency wallets in the first two months of the year alone. According to Kaspersky experts, many scams target MetaMask digital wallet customers. So far in 2022, more than 4,000 phishing attacks targeting this platform have been detected. To prevent such attacks, Kaspersky experts recommend that cryptocurrency users be aware of alleged gifts or transfers of funds. These “gifts” are almost always a trap. Also, you need to investigate incoming email links carefully. A safer alternative is to type the link into your browser instead of clicking on the emailed link. Finally, it is advisable to install a reliable phishing protection solution. Also read: APE dominates the market: check out the cryptocurrencies that appreciated the most in the week Read also: Survey: 63% of Brazilians want to make payments with cryptocurrencies in their stores