Cybersecurity company Kaspersky recently uncovered a new scam targeting crypto users involving seed phrases, as reported in a blog post on December 23rd. This sophisticated scheme preys on individuals’ curiosity and dishonesty, ultimately leading to financial losses for unsuspecting victims.
The scam operates by manipulating seed phrases, which are essential for recovering access to crypto wallets. Scammers pose as inexperienced users seeking help online on social media platforms like YouTube, where they post fake seed phrases to entice individuals into accessing what appears to be valuable wallets. Once accessed, users may find large amounts of stablecoins like Tether’s USDT, creating the illusion of easy profits.
However, withdrawing these funds requires gas fees, typically paid in Tron’s TRX. The scammers intentionally leave the wallet without sufficient TRX, prompting users to transfer their funds to complete the transaction. Once the funds are sent, they are immediately redirected to a wallet controlled by the scammers.
The key to this scheme lies in the wallet configuration, which is set up as a multi-signature wallet. This means that approvals from multiple parties are required for any transaction, ensuring that the USDT cannot be transferred out by the unsuspecting user even after they pay the gas fees.
This seed phrase scam is just one part of a larger wave of crypto scams that have surged in 2024. According to blockchain security firm Cyvers, crypto-related fraud has resulted in over $2.3 billion in losses this year, a significant increase compared to previous years but still 37% lower than the peak in 2022.
Cyvers identified access control breaches as the most significant threat, accounting for $1.9 billion in losses from 67 incidents. Smart contract exploits followed closely, with $456.3 million stolen across 98 attacks. Additionally, pig butchering scams have become a prevalent tactic, where fraudsters build trust with victims over time before convincing them to invest in fake crypto projects and ultimately stealing their funds.
In total, Cyvers flagged over $3.6 billion in victim funds across more than 150,000 addresses and 800,000 transactions in 2024, underscoring the scale and sophistication of these scams. It is crucial for crypto users to remain vigilant and cautious to protect themselves from falling victim to such fraudulent schemes.