Fake Federal employees target crypto investors: CISA warns

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 12 about a rise in impersonation scams, often using “the names and titles of government employees.”

The CISA alert explained that its staff will never request money wiring, “cash, cryptocurrency, or use gift cards.”

“If you suspect you are a target of an impersonation scammer claiming to be a CISA employee, do not pay the caller; take note of the phone number calling you; hang up immediately, [and] validate the contact by calling CISA.”

Related: Crypto hack losses hit $19B, Terraform Labs shuts down: Finance Redefined

Crypto scams on the rise

Responding to written questions from Cointelegraph, Chainalysis explained that scams “continue to be a major threat to the [crypto] ecosystem at large.” 

A spokesperson from the firm told said that scams are once again “one of the biggest drivers of cryptocurrency-based crime, bringing in at least $4.6 billion in revenue in 2023.”

“Impersonation scams, in particular, had the fourth-worst impact on victims in 2023 based on an average payment size of $948, as we found in our Chainalysis 2024 Crypto Crime Report.” 

Related: Bitcoin ransomware Akira drains $42M from more than 250 companies: FBI

Prevention vs. mitigation

In adherence with the actions suggested by the CISA, and on the topic of prevention, Chainalysis said a first line of defence against large-scale scamming comes from preventative efforts starting with public education:

“This is critical because once crypto assets are transferred to a third party, there is no longer control of that asset without the private keys of the third party’s funds.”

Related: Ripple invokes SEC v. Terraform case, argues for smaller civil penalty

Phishing frenzy and crypto drainers

Among fake Federal employee impersonation scams, Chainalysis provided additional information about the two most prominent scam tactics, namely approval phishing and crypto drainers:

“Approval phishing scammers have historically targeted wide swaths of crypto users through the proliferation of fake crypto apps.”

Chainalysis said this method has been adopted by romance scammers, also known as pig butchering scammers, leading to substantial losses.

“[Crypto drainer operators] often promote their fake Web3 sites in Discord communities and on compromised social media accounts […] enticing victims into connecting their crypto wallets to the drainer and then using the approval phishing technique to trick the victims into approving transaction proposals that grant the operator control of the funds inside the wallet.”

Chainalysis concluded by explaining that it is “increasing important for Web3 projects and users” to implement protective security measures like “Web3 security extensions” to help combat these scam tactics.

Magazine: Deepfake AI ‘gang’ drains $11M OKX account, Zipmex zapped by SEC: Asia Express