Users Lost Over $15M to Crypto Phishing Attack

A hacker has stolen over $15 million from crypto wallets by imitating the website of the HitBTC exchange.

The hackers cloned the exchange’s user interface to lure victims into connecting their wallets by clicking “Approve.”

HitBTC Lookalike Website Stole Funds

According to the crypto tracking platform MistTrack, hackers created a fake website, “hitb2c[.]lol,” to impersonate the original website, “hitbtc[.]com.”

After a user connects their wallet, the website will access their USDT token holdings. Or, the website asks users to deposit crypto at hackers’ addresses, and then the hacker will steal their funds.

Also, if the user clicks the confirm button on the pop-ups, they also lose their crypto. The hacker has so far stolen 52.2 Bitcoin (BTC), 242.0 USDT, 22.3 million Shiba Inu (SHIB), and 2,966.2 Ethereum (ETH).

Crypto Phishing on the Rise

The cybersecurity firm Kaspersky reported that crypto phishing incident grew by 40%, from 3,596,437 cases in 2021 to 5,040,520 in 2022. 

Bad actors use various techniques, like impersonating famous projects or personalities. They create scam Twitter handles by using a username that is similar to genuine projects to trick users.

Additionally, they use bots for mass tagging campaigns, eventually drawing people’s attention toward the phishing account.

Lastly, they redirect victims to a phishing website by giving airdrops, giveaways as bait. The screenshot below shows a scammer impersonating zkSync, to direct users to a fake website and eventually steal their crypto.

Notice the username is “zkskync,” which is similar to zksync.

A recent survey reported that one in three Americans have fallen victim to crypto theft.

Got something to say about crypto phishing or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.