Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts.
According to a report from cybersecurity firm Intel471, one-time password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack.
A Telegram bot known as BloodOTPbot charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20–$100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services such as PayPal and Venmo, and crypto platforms such as Coinbase.
OTP bots are especially nefarious, as they are generally the final step in the hacking process after all necessary personal information has been gathered on the victim, known in hacker parlance as “the fullz.” Hackers use the OTP bot to stage a seemingly official phone call, while simultaneously prompting the two-factor authorization (2FA) code from the user’s crypto platform. Once the typically flustered user divulges the code, hackers gain immediate and total access to the victim’s account.
According to a report from CNBC, Maryland-based obstetrician Dr. Anders Apgar was the victim of such an attack in which an “official-sounding phone call” alongside a series of banner notifications on his phone informed him that his Coinbase account “was in jeopardy.”
Apgar ended up in a situation where his 2FA code was divulged over the phone, and immediately afterward, he found himself locked out of his own Coinbase account, which held approximately $106,000 in Bitcoin (BTC).
These types of attacks from OTP bots are increasing in frequency and are causing substantial losses to both institutions and individual retail investors. The bots have an extremely high success rate in extracting funds.
Related: 4 tips to avoid phishing attacks
Customer service at Coinbase has been the subject of criticism in the past after angry users slammed the platform for a lack of responsiveness in dealing with hackers. In an attempt to improve response times and client relations, Coinbase acquired an Indian startup and created a phone line specifically for dealing with account takeovers and related attacks.
A Coinbase spokesperson told CNBC, “Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization’s website.”