BTC

$63389.259

-4.25%

ETH

$3095.259

-4.76%

BNB

$549.394

-4.71%

XRP

$0.498

-2.90%

Market

This is how OTP bots steal users’ cryptocurrency

February 18, 2022 - Around 3 mins mins to read

This is how OTP bots steal users’ cryptocurrency.

Cyber ​​criminals use bots purchased from Telegram to trick users into granting access to their crypto accounts.

crypto

According to a report by cybersecurity firm Intel471, one-time password (OTP) bots are “very easy to use” and relatively cheap to run compared to what one could earn from a successful attack.

For example, it only costs a hacker $300/month to access the BloodOTPbot bot on Telegram. Scammers also have the option to spend an additional $20-$100 on other phishing tools that target individual social media accounts on Instagram, Facebook, Twitter, financial services like PayPal, Venmo, or cryptocurrency platforms like Coinbase.

Teccrypto

OTP bots are particularly dangerous as they are often the final step in the hacking process, after gathering all the necessary personal information about the victim, which is “the fullz” in hacker jargon. The hacker uses an OTP bot to make a call that sounds like it’s coming from an official platform and suggests asking for a two-factor authentication (2FA) code from the user’s platform . After a confused user divulges the code, the hacker gains instant and full access to the victim’s account.

According to a report of CNBC, Maryland-based obstetrician Dr. Unlike Apgar the victim of such an attack. Notably, he received an “official audio call” along with a series of notifications that his Coinbase account was “at risk.”

As a result, Apgar revealed the 2FA code over the phone. Shortly after, he found his Coinbase account frozen with about $106,000 worth of Bitcoins.

Attacks of this type by OTP bots are becoming more common and are causing significant damage to both retail and institutional investors. The bots have a very high success rate of getting money.

Coinbase’s customer service has previously been the subject of criticism after angry users slammed the platform for not responding to hackers. To improve response times and customer relationships, Coinbase acquired an Indian startup and set up a phone line dedicated to handling account takeovers and related attacks.

A Coinbase spokesperson told CNBC:

“Coinbase will never call unsolicited customers and we encourage people to exercise caution when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not give out your account information or security code. Instead, hang up and call them back on the official phone number listed on the organization’s website.”

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

bots

cryptocurrency

OTP

Steal

users

Avatar of Annie

Author

Annie

Championing positive change through finance, I've dedicated over eight years to sustainability and environmental journalism. My passion lies in uncovering companies that make a real difference in the world and guiding investors towards them. Before joining Coincu as the Sustainability & ESG Editor, I honed my skills in reporting on environmental issues and their financial implications. An academic background rooted in a Master's degree in Environmental Studies from Yale University and a BA in Journalism from London University gives me a strong foundation for understanding both the environmental and financial landscapes. My expertise lies in navigating the world of sustainable investing, analyzing ESG (Environmental, Social, and Governance) criteria, and exploring the exciting field of impact investing. "Invest in a better future," I often say. That's the driving force behind my work at Coincu – to empower readers with knowledge and insights to make investment decisions that create a positive impact.
Market

This is how OTP bots steal users’ cryptocurrency

This is how OTP bots steal users’ cryptocurrency.

Cyber ​​criminals use bots purchased from Telegram to trick users into granting access to their crypto accounts.

crypto

According to a report by cybersecurity firm Intel471, one-time password (OTP) bots are “very easy to use” and relatively cheap to run compared to what one could earn from a successful attack.

For example, it only costs a hacker $300/month to access the BloodOTPbot bot on Telegram. Scammers also have the option to spend an additional $20-$100 on other phishing tools that target individual social media accounts on Instagram, Facebook, Twitter, financial services like PayPal, Venmo, or cryptocurrency platforms like Coinbase.

Teccrypto

OTP bots are particularly dangerous as they are often the final step in the hacking process, after gathering all the necessary personal information about the victim, which is “the fullz” in hacker jargon. The hacker uses an OTP bot to make a call that sounds like it’s coming from an official platform and suggests asking for a two-factor authentication (2FA) code from the user’s platform . After a confused user divulges the code, the hacker gains instant and full access to the victim’s account.

According to a report of CNBC, Maryland-based obstetrician Dr. Unlike Apgar the victim of such an attack. Notably, he received an “official audio call” along with a series of notifications that his Coinbase account was “at risk.”

As a result, Apgar revealed the 2FA code over the phone. Shortly after, he found his Coinbase account frozen with about $106,000 worth of Bitcoins.

Attacks of this type by OTP bots are becoming more common and are causing significant damage to both retail and institutional investors. The bots have a very high success rate of getting money.

Coinbase’s customer service has previously been the subject of criticism after angry users slammed the platform for not responding to hackers. To improve response times and customer relationships, Coinbase acquired an Indian startup and set up a phone line dedicated to handling account takeovers and related attacks.

A Coinbase spokesperson told CNBC:

“Coinbase will never call unsolicited customers and we encourage people to exercise caution when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not give out your account information or security code. Instead, hang up and call them back on the official phone number listed on the organization’s website.”

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Visited 67 times, 1 visit(s) today