How Scammers Tried to Attack ChangeNOW: a Real-Life Case
Despite the efforts of the crypto industry, digital assets remain the desired target for all sorts of scammers. Their methods are diverse, and that’s why users should always stay alert, reject and report suspicious offers.
While some scammers employ simple techniques, others build multi-level schemes that are designed to look legit and distract the attention of seasoned users. But they end up with the same result — millions of dollars get stolen and will never be returned.
ChangeNOW gets attacked, too. But since hackers’ attempts fail due to our platform’s strong level of protection, they employ social engineering methods to try to steal money by communicating with our team members. In this article, we will describe one real-life case of such an attack and bring simple tips for keeping yourself protected.
What is social engineering in crypto?
One of the oldest methods of hacking known to humanity is social engineering: malefactors find vulnerabilities in people’s thinking and behavior, gain their trust, and then trick the victims to steal their money.
Social engineering remains one of the most popular hacking methods to date. Among the reasons why it is so popular is that scammers don’t have to dive deeply into the tech details of the platforms their victims are using — it’s enough to have a basic grasp of the technology and understand how the victim thinks and acts in the crypto space. The outcome of social engineering depends on how well the hacker matches general patterns of interaction with a given platform and the psychology of a specific individual.
One of the “shortcomings” of social engineering is that it requires a non-stop participation of the hacker and is quite labor-intensive. This is why hackers attempt to make the most of their effort and apply social engineering only if a high outcome is expected.
How ChangeNOW was attacked
However, social engineers don’t only strike ordinary users but the entire crypto services as well — this is exactly what happened to ChangeNOW. In 2021, a scammer impersonated a famous crypto influencer with the goal to steal money. However, as the attacker has ultimately failed with their disguise and communication, the attempt was disrupted.
For security and privacy concerns, we won’t disclose the name of the man mentioned in the communication with the hacker. Suffice it to say that the attacker was trying to impersonate a crypto celebrity who is a big proponent of decentralization and a widely known investor in Bitcoin. That real person is also a leader of a large foundation involved in investment and charity. A good name to demonstrate for a hacker with seemingly good intentions!
As soon as a big name was involved, scammers that were hiding behind it were raising their stakes to cover the high risk of their enterprise. For any crypto platform, it’s a great honor to be contacted by a person of such a scale because partnering with their foundation promises huge outcomes and legitimacy. However, when you are so well-known, your life is more public, and it’s harder to impersonate such a person.
Checking the sender
A letter from the influencer was a bit unexpected, so we decided to check if the email was legitimate. Doing this was easy — we only had to check if the spelling was proper by finding the original email address in our in-house database (that’s what we ultimately did) or in the public space. Usually, scammers try to emulate emails of famous senders by replacing letters, adding new ones between the first and the last name to disguise, and so on.
The mistake and the true nature of scammers were revealed instantly — we found a discrepancy between the original email address spelling and the one that we saw in the letter. Importantly, this social engineering method is applied to regular users, too, and you may even have received such an email once where instead of, say, @binance.com it was written “binanse” or “binance.org.” This is a clear sign you were dealing with scammers. It’s worth always paying attention to the email spelling of your sender, especially if the contents of the letter are sensitive.
In our case, the attacker described the ways in which we could partner. Manipulating the potential gains for a business is a classic example of an approach that scammers frequently employ. As it usually happens, they tried to make us feel involved and impressed by naming huge sums of money. Sadly, if we received such a letter, that may indicate that with other businesses, such an approach works, and money gets stolen.
The demands that failed them
However, even if we hadn’t detected discrepancies in the sender’s email address, their intentions would have anyway become evident from the conversation that followed. Scammers requested a donation and said our partnership would only start after they receive it. This is exactly the opposite of what normal businesses usually do — bringing some benefits and then asking for a reward, or at least doing these simultaneously. Fraudsters asked for a moderate sum of 1.2 Bitcoin, but that move was a clear sign that we were dealing with a fake influencer.
Moreover, this even looked like some kind of a ransom rather than a request — scammers supplemented their letter with threats of legal prosecution and set a deadline for sending the money. However, supposedly hoping to make their malicious intent less apparent, the attackers added that they were really interested in cooperation.
It was absolutely unclear what the legal claims of the sender were, and the practice of asking for a donation to start cooperating is an outright sign of a scam. To provoke emotionally-driven action, the attackers added a Bitcoin address to the letter right off the top, which also revealed their true nature — usually, people provide such details only after the agreement has been reached.
Any legal expert that would see such a conversation would recommend initiating legal action against such a sender. The attack we’ve encountered is a classic manifestation of social engineering that plays on such vulnerabilities as greed, the desire to promote business, and avoid reputational risks.
The scammers didn’t have any leverage over the victim in our case — all they could do is to play on fear, willing to get their Bitcoin fast and vanish. Sounds not like a robust plan, but an emotional person that wouldn’t think of doing due diligence could have fallen victim to such an attack.
They may try to establish a personal connection
Sometimes, for achieving a more legitimate look, scammers employ the following trick: they refer to people with a high level of credibility but with whom you may have lost all contacts. In our case, the attackers mentioned “a former CEO of ChangeNOW”. In such situations, the best thing to do is to contact the mentioned person directly and ask them to confirm the information. If this is impossible, it’s worth clearly saying that you don’t know anything about such arrangements and can’t verify the information.
Continuing conversation with hackers when you’ve already figured things out but they still think you’re a naive victim may be a lot of fun. However, this is a dubious idea in terms of both the productivity of time spent and security. We replied to attackers that we only serve as a gateway to users’ funds and don’t send money in the suggested way. The conversation was over.
Unexpected emails from celebrities, requests for sending money to initiate partnership, dodgy emails — all these are serious signs of a scam. Another way attackers may use to draw your attention is offering something that is too good to be true. Although we all want to see crypto as a safe space, in reality, we have to always stay alert not to lose our funds.
However, the opposite cases are also possible — when we think a project is a scam while it is actually not. In this article, we explained how this is possible and brought some examples.