FBI Issues Warning to Crypto Stakeholders About Potential Cyber Attacks

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are increasingly targeting crypto exchanges, third-party payment platforms as well as private owners of digital assets.

In a warning first reported by Bleeping Computer, the FBI says cybercriminals are employing various techniques such as identity theft in order to gain access to their victim’s crypto.

“According to the FBI, attackers are using several tactics to steal and launder cryptocurrency, including technical support fraud, SIM swapping (aka SIM hijacking), and taking control of their targets’ cryptocurrency exchange accounts via identity theft or account takeovers.”

Per the report, the FBI recorded many cases of crypto theft in the span of a year which involved different degrees of identity theft and impersonation.

“Between May 2020 and May 2021, the US security service [FBI] observed and received reports from victims regarding cybercriminals stealing cryptocurrency after:

– gaining access to victims’ crypto exchange accounts after bypassing two-factor authentication

– impersonating payment platforms or cryptocurrency exchange support staff in phone calls initiated by victims of online tech support scams

– SIM swap attacks targeting the customers of multiple phone carriers”

After SIM swapping, “criminals can log into their victims’ bank or cryptocurrency exchange accounts to steal money and virtual assets, and lock the victims out of their accounts after changing the passwords,” according to the report.

The FBI is advising vulnerable entities to take various cautionary measures including enabling multi-factor authentication (MFA).

“The FBI advises financial organizations that could be targeted in similar attacks to check for mails coming from spoofed email addresses and keep track and monitor recently created accounts.

Cryptocurrency owners are also encouraged to enable multi-factor authentication (MFA) on all their cryptocurrency accounts, deny requests to download and use remote access applications, and always contact exchanges and payment companies via official phone numbers and email addresses.”

News Source