Crypto scammers hard shift to Telegram, and ‘it’s working’ — Scam Sniffer

Crypto scammers have made a serious pivot to Telegram malware scams, which have now surpassed traditional phishing in volume — increasing 2,000% since November.

In a Jan. 15 X post, the security firm Scam Sniffer said the scams they are encountering aren’t the “typical connect wallet” variety, which involves malicious actors deceiving a user into connecting their digital wallet to a fraudulent website or platform to drain funds.

Instead, scammers are now distributing sophisticated malware through fake verification bots used in fake trading groups, fake airdrop groups and fake alpha groups.

“Once you execute their code or install their verification software, they can access your passwords, scan for wallet files, monitor your clipboard and steal browser data,” the firm said.

Source: Scam Sniffer

Scam Sniffer has identified at least two fake verification bots used by scammers, OfficiaISafeguardRobot and SafeguardsAuthenticationBot. 

Scam Sniffer said the bad actors have shifted tactics as users have become more aware of signature scams. Malware gives attackers broader access, while losses are more complicated to track.

The security firm first raised the alarm about Telegram malware scams in December, after noticing an uptick in scammers creating fake X accounts impersonating popular crypto influencers and then inviting users to Telegram groups with promises of investment insights.

Related: Misspelling Soneium on Google could drain your crypto wallet: Scam Sniffer

Once in the group, users are asked to verify through a fake verification bot that injects crypto-stealing malware into systems, stealing private keys and raiding crypto wallets.

Another variant involves using fake Cloudflare verification pages to deploy the malware, with users asked to copy and paste the verification text that secretly injects it into their clipboard.

In a Jan. 4 update, Scam Sniffer said scammers using these tactics had gone beyond just impersonating influencers and started targeting legitimate project communities with “seemingly harmless invites.”

Source: Scam Sniffer

“This shift in tactics indicates scammers are adapting to increased user awareness about phishing links. Instead, they’re leveraging more sophisticated social engineering through Telegram bots,” the security firm said.

“Malware attack losses are nearly impossible to measure. But the massive shift in scammer tactics tells us one thing - it’s working,” it added.

Cado Security Labs warned of a similar scam in December, saying bad actors were using fake meeting apps to inject malware and steal credentials to websites, apps and crypto wallets. 

In Cyvers 2024 Web3 Security Report shared with Cointelegraph on Dec. 24, the onchain security firm said $2.3 billion worth of crypto was stolen across 165 incidents in 2024.

According to Cyvers, this marked a 40% increase compared to 2023, when hackers stole $1.69 billion worth of crypto. It’s 37% less than the $3.78 billion stolen in 2022.

However, two security firms noted that December saw the lowest losses from hacks and scams for the year, only reaching around $29 million. 

Magazine: Bitcoin vs. the quantum computer threat: Timeline and solutions (2025–2035)