September update, 11:30 pm UTC: This article has been updated to include information from the large information security personnel at Halborn.
Last month, she told Crypto users and NFT Princess Hypio, her followers that she lost $ 170,000 of distinctive symbols and impossible symbols after persuading her deception to play a game with them on Steam.
While “non -violators” was playing with the deceased, they secretly stole her money and penetrated her dispute. The same tactic was used on three of her other friends, she is books In August 21 on X.
It turned out that the tactic was present for a while and some knew it as “Ty My Game”, which was what the users were Reporting About years in different forms.
Speaking to CointeleGRAPH, Kraken’s chief security officer, Nick Percoco, said, said, It has become an increasingly common attack road
“Try my game” penetration: how it works
The CRYPTO version of the fraud includes one of the infiltrators to a Discord server or collection, waiting to wait, learn how users interact with each other and use this information later to get confidence.
Then the infiltrators ask users if they have encryption or NFTS, and often raises interest in asking questions and measuring the digital assets they may own. In the case of Princess Vio, they had a AD pluckingWhich led to its targeting.
After setting a goal with Crypto, the infiltrator invites the victims to play a game, and send a link to a server with the Trojan Malware program that provides access to user devices, allowing them to steal personal information and deplete any Related wallets.
In the PRINCESS HYPIO case, the trick included convincing it to download a game on Steam by offering it to it. The game itself was safe, but the server on which the game was hosted was harmful.
She said she lost $ 170,000 from the attack.
It comes only days after the dispute Absolute It exercises the policy of its deceptive practices, in order to warn that strengthening or implementing financial fraud on the social platform violates the conditions of use.
“These fraud does not take advantage of a symbol,” Berkoko said.
“The greatest weakness in encryption is not a symbol, it is confidence. The fraudsters take advantage of the spirit of society and the curiosity to take advantage of the good intentions.”
He said that the attackers included themselves in societies, learned culture, mimics trusted friends, then the strike.
Gabi Urotia, the chief information security official at Halborn, told Cointelegraph that the fraud combines social engineering with harmful programs, and although it is not “very sophisticated”, it is treacherous because of “the abuse of confidence among members of society”.
He said: “This is not as important as traditional hunting in size, but it is more frequent in Web3 and game societies, as there is a mix between trust between spouses and high -valuable assets.”
“The key here is psychological manipulation: the attacker begins to be part of society, learn colloquial and present himself as a friend of a friend.”
Microbiological tactic moves through encryption
In February, User under the RAETHERAVEN handle to publish To the Malwarebytes forum that fell prey to the “nefarious fraud” after they thought he was a friend sent a link. Reddit forum that started in July as well to caution One of the fraud that targets the players.
Percoco CointeleGRAPH told that while the encryption industry tends to see these frauds first, the tactic is spread across sectors.
He said that the best way to avoid exposure to pressure is that you have “healthy doubts”, confirming identities through another channel, avoiding running an unknown program, and remembering that “there is nothing safer than taking a risky step.”
“If something feels rushing, generous, or very good so that it is not true, it is always. Don’t trust, check.”
Urotia said that defense against this fraud involves very specific habits, such as stopping thinking before signing anything, while maintaining minimal privileges, and avoiding using the same device for games and portfolio management.
“On the part of society, there is a lot to do: reducing direct messages from strangers, verifying new members, and promoting security culture. Ultimately, the great challenge is not technological, but cultural,” he added.
Fake recruitment campaigns are worse
However, PERCOCO also said that although fraud in the dispute is high, a more widespread trend in Crypto currently includes fake recruits.
Related to: North Korean infiltrators target the blades with fake employment tests
In the recent June case, the representative of North Korea’s alignment threats Those who seek employees in the encryption industry With malicious programs designed to steal passwords for the encryption governor and password managers.
“The impersonation of Discord is rising quickly, but the most popular trend we follow today is fake employment campaigns where the victims are lured with work offers and deceived them to click on hunting links.”
Meanwhile, Urotia said that the largest size of fraud that Halborn sees a blind signature, approval of hunting, and similar, but they are all “developments for the same idea: not to steal the key by force, but to make the user voluntarily put it.”
“The modern and installed issue was a bybit attack, as the attackers benefited from blind signatures and mismanagement management to drain the money.”
magazine: XRP ‘Cycle Target’ is $ 20, Bitcoin: Hodler’s Digest, 24-30 August has been rejected
