As prices cratered, many crypto holders stopped looking at their accounts. Scammers didn’t

by Arthur · September 30, 2022

As the frost of crypto winter creeps in and holders saddened by their dwindling funds spend less time opening their digital wallets, a new type of scam has emerged: crypto payouts.

Cybercriminals are able to take hold of underutilized exchange or wallet accounts and use them to transfer stolen funds to private wallets. According to Sift, a cybersecurity firm, the technique has grown in prevalence since June, with account information sold on Telegram and dark web discussion forums such as Dread.

“If you bought $60,000 worth of Bitcoin and don’t want to look at your account right now, I don’t blame you,” said Brittany Allen, a trust and security architect at Sift. “But with people ignoring their accounts… they give fraudsters even more opportunities to be able to test and gain access to those accounts.”

Cybercriminals are looking for Australian crypto or bank accounts for payout scams.

Cybercriminals looking for Australian crypto or bank accounts for payout scams.

Screenshot from Dread

Withdrawal fraud is nothing new, with old-fashioned fraudsters using options such as debit cards and ATMs to withdraw money from stolen accounts. As fraud prevention technology has evolved, cybercriminals have had to turn to other means – in this case, crypto.

Due to the irreversibility of many crypto platforms – meaning that transactions cannot be undone – fraudsters use exchanges and wallets to pay each other or to launder funds. “That way, no one can file a chargeback or dispute,” Allen said Fortune.

Allen regularly monitors forums on Telegram and Dread, where cybercriminals access stolen funds, hoping to find people with different skills who can help them safely move money into their own private wallets.

In these scenarios, a fraudster with access to ill-gotten funds will market their bounty on Telegram or Dread, eventually linking up with a partner who has access to stolen wallets or crypto exchange accounts. Fraudster A sends the money to Fraudster B, who then transfers the money through the stolen account to a private wallet, and they split the proceeds—provided one of them doesn’t defraud the other, of course.

Allen refers to the interconnected network as the fraud economy. She said she sees hundreds of posts each month, but warned that many could be duplicates or scams themselves.

Cyber criminals on a Telegram channel looking for an account for withdrawal.

Cybercriminals on a Telegram channel seeking an account for withdrawal.

Screenshot from Telegram

Back in 2020, when travel came to a standstill, one of the most popular ways to transfer money was through travel and loyalty platforms. The logic, Allen explained, is that users are less likely to check these accounts, so cybercriminals can use them to move money around.

From June, she noticed the same dynamic spread to crypto – with prices in freefall, fewer investors were monitoring their accounts as closely. Fraudsters accessed the stolen accounts for extended periods of time – not necessarily stealing funds, but using the accounts to receive and send other ill-gotten gains. This will be particularly useful for cybercriminals sitting on large sums of digital cash, as many digital payment platforms have daily withdrawal limits.

The easiest solution, Allen continued, is to check accounts more regularly for irregularities, even if seeing the balance makes you squeamish. And the best protection is to turn on multi-factor authentication.

“Even though it might have been a fun investment, it’s still a financial account,” she said Fortune. “Treat it like any other economy and protect it.”