Thanks to Operation Spincaster, an operation aimed at combating scammers using phishing to steal cryptocurrencies, new schemes to defraud crypto users were uncovered. These include schemes using fake professors and so-called “overlay attacks.”
Chainalysis, a leading provider of blockchain analytics, presented the results of Operation Spincaster, aimed at countering fraudsters using phishing to steal cryptocurrencies. As part of the operation, analysts identified multiple schemes to defraud users and steal their funds.
Operation Spincaster was launched in April 2024 and was a global continuation of a project the company first conducted with the Calgary Police Service in Canada in March 2024. The operation involved six countries worldwide, 12 government agencies, and 17 cryptocurrency exchanges.
Through the global collaboration, Chainalysis analysts identified more than 7,000 online traces associated with criminals, tracked the movement of funds, closed accounts linked to scammers, seized funds, and gathered information to prevent future frauds.
Through Chainalysis’ efforts, several new fraud schemes were identified. Specifically, the Washington State Department of Financial Institutions (DFI) warned of scams involving fake professors who pose as crypto and blockchain experts. Scammers create fake profiles of such professors on social media and professional platforms like LinkedIn. These schemes typically utilize an “academy” or “business school” platform that offers investors large loans or lines of credit to meet the capital requirements for a new exclusive offering. Victims are asked to provide personal details to process fake loans. They’re assured that this loan can be repaid from the profits on the platform, but after a while, the account is blocked, and victims start receiving legal threats and demands to repay the debt from their funds.
A new threat to crypto users called “overlay attack” was reported by Asaf Ashkenazi, CEO of Verimatrix. The attack is carried out by creating a fake interface on the user’s mobile device. This interface is used for phishing data such as logins, passwords, and even two-factor authentication (2FA) codes. Once obtained, the attacker uses this data to access the victim’s various apps.
To conduct an “overlay attack,” fraudsters first convince users to download an app on their mobile device. These apps are usually disguised as mobile games. When the user opens this app, it begins to follow the launch of an online banking or crypto exchange app. It creates a fake interface identical to the app’s interface. Then, when the real app is launched, the user ends up on the doppelganger, handing over their passwords and IDs to scammers without even realizing it. After obtaining the necessary information, scammers make the victim’s mobile device screen go out, giving the impression that the phone ran out of battery or was frozen. While the victim tries to reboot or charge the device, their accounts are reset to zero.
Analysts warn that phishing and manipulation techniques are becoming increasingly dangerous for Web3 users, so cryptocurrency companies and tech giants are building coalitions in the fight against online fraud
