Thieves Gain Access to Digital Currencies via "Microphone Spying"
In a recent revelation, MetaMask developer Taylor Monahan has exposed a new and sophisticated cybercrime scheme that is preying upon job seekers in the cryptocurrency industry. This scheme, active on platforms like LinkedIn, Discord, Telegram, and freelance websites, is designed to steal assets from unsuspecting victims.
The scheme begins with scammers posing as recruiters from reputable companies such as Kraken, MEXC, Gemini, and Meta. They offer roles for technical specialists, traders, and analysts, promising lucrative salaries ranging from $200,000 to $350,000. The recruitment process often involves a text-based interview via the Willo platform, where candidates are asked questions about the cryptocurrency market and tasked with developing a business expansion strategy.
The attack, similar to the one on Japanese cryptocurrency exchange DMM Bitcoin, was orchestrated by North Korean state-backed hackers, known as TraderTraitor. The attack on DMM Bitcoin resulted in significant financial losses, totalling $308 million. The new scheme, however, does not disclose the number of victims or the total financial damage.
The final stage of the scheme involves a fake hardware error on the victim's computer, which prompts them to update drivers or restart their browser. Upon following these instructions, a backdoor is installed on the victim's device, granting hackers access to steal cryptocurrency assets. During the recording process, a pop-up window requests access to the user's microphone and camera, further compromising the victim's privacy.
In a case analyzed by Monahan, scammers converted the stolen Bitcoin into Ethereum via an instant-exchange service and moved the ETH among wallets they controlled, bypassing well-known mixers like Tornado Cash. This method complicates tracing efforts and was mistakenly flagged by some crypto tracing firms, leading to false claims about Tornado Cash’s involvement.
Moreover, the scheme also exploits "crypto recovery" firms that charge upfront fees and commissions to scam victims purportedly trying to trace and recover lost funds, further defrauding them. Monahan’s findings emphasize the evolving sophistication of scams targeting cryptocurrency job seekers, who may be vulnerable to fake trading sites and fraudulent recovery services.
In summary, the scheme combines fake trading platforms to steal crypto from job seekers, complex laundering techniques avoiding well-known mixers, and predatory recovery firms that prey on these victims. Job seekers in the cryptocurrency industry are advised to exercise caution and verify the authenticity of job offers before sharing personal or financial information.
[1] Source 1 [2] Source 2 [3] Source 3 [4] Source 4
- cybersecurity threats in the cryptocurrency industry are escalating, with the recent scam targeting job seekers using platforms like LinkedIn, Discord, Telegram, and freelance websites, mimicking reputable companies such as Kraken, MEXC, Gemini, and Meta, offering high-paying roles, and employing complex methods such as installing backdoors and exploiting crypto recovery firms for further fraud.
- The Bitcoin-to-Ethereum exchange and laundering technique used by the scammers exposed by Taylor Monahan, combined with the use of predatory recovery firms, underscores the evolving sophistication of cybercrime in the technology-driven general-news domain of crime-and-justice.
