Skip to main content
Protect YourselfSE

Protect Yourself Against Social Engineering in the Age of Cryptocurrency

By December 21, 2017August 23rd, 2025No Comments
Protect Yourself Against Social Engineering in the Age of Cryptocurrency

ā€œBitcoin,ā€ ā€œLitecoin,ā€ ā€œEthereum,ā€ and ā€œcryptocurrencyā€ have rapidly become household names, though many households donā€™t have a firm understanding of the technology behind cryptocurrencies and the blockchain. To be fair, this lack of understanding extends to many professionals in the information technology and information security space, as well as professionals in the financial sector. Bitcoin carries the glamour and hope of the California Gold Rush or the possibility of winning it big in Vegas and, to some extent, those possibilities exist. Between teenage bitcoin millionaires driving the hype that now is the time to invest, a man who has outperformed his IRA by trading ā€œcrypto kitties,ā€ essentially online beanie babies fueled by the cryptocurrency Ethereum, and other mysterious cryptocurrency millionaires founding philanthropic foundations under aliases such as ā€œPine,ā€ it is no wonder many people are optimistic about striking it rich as cryptocurrency prices soar. However, combine the hype of these new prospects with people’s hopes about riding this wave, along with a general lack of understanding, and malicious actors utilizing social engineering techniques may be the most likely to consistently strike it rich during this cryptocurrency boom. 

An understanding of the blockchain and cryptocurrencies is helpful for wise investors, but all a malicious actor needs to be successful is the curiosity and hope of others; scams are popping up at every level of cryptocurrency transactions, and many ill-intended individuals will begin these scams with an unsolicited phishy email, an enticing SMiSh (aka an SMS phish), or a cold-call vish.  

Moving through the flow of cryptocurrency transactions, letā€™s first look at the mining level, where investors will provide capital to people who want to buy equipment to ā€œmineā€ bitcoin. Mining cryptocurrency requires hardware and energy, and its purpose is to confirm cryptocurrency transactions are valid. In exchange, the miners doing the work take a portion of the transaction, and this can be very profitable. Many investors will look to give money to mining rigs in exchange for a cut of the proceeds. However, there are many scammers out there soliciting investments for non-existent mining equipment. Additionally, there have been documented SMiShing attacks in Australia looking to convince individuals to use their CPU power to help mine Bitcoin, but ultimately will not share their profits with individuals, and will use their personal information in future fraudulent scams. There are also organizations selling completely fraudulent hardware at absurdly good prices, trying to draw in the would-be cryptocurrency miner.  

Next, scammers are creating completely fraudulent cryptocurrencies themselves. One organization in London was found to be vishing, or cold-calling individuals fraudulently, and attempting to sell them a completely fictional cryptocurrency. Scammers are also targeting the wallets, or places one can store cryptocurrencies once they obtain them. In November 2017, over $3.3million was stolen from individuals attempting to generate bitcoin wallets through mybtgwallet.com, and, in response to such scams, this ā€œhelpfulā€ Reddit user offered instructions on how to set up Litecoin wallets in Coinbase, including sending a portion of a userā€™s Litecoin to a mysterious address that would verify the wallet was active. It may be no surprise to the reader, but that mysterious address was not, in fact, an authenticating body, but the ā€œhelpfulā€ Redditor’s own Litecoin wallet.  

Even banks and enterprise environments are not safe from the exploitation surrounding the current cryptocurrency hype. In October of 2017, a software engineer in Florida was arrested for architecting a bitcoin exchange that tricked banks into processing Bitcoin transactions masked as a small restaurant and retail charges.  

Cryptocurrencies are providing malicious actors a new way in, through an individualā€™s curiosity and desire to join the trend, and share in the profits of this new sector. If you have valuable cryptocurrency, people want it, if you can help with transactions, people want your help, if you want in, people are looking for ways to let you inā€¦. to help them make more money. So, how can you join the trend and invest wisely? 

Always validate. For mining, if youā€™re looking at purchasing a mining rig, ensure you are buying from a reputable source, with a known transaction history. Do not believe offers that seem too good to be true. If you are looking to invest In someone elseā€™s mining endeavors, be sure you can see and verify their public mining address. Have them send proof they possess the proper equipment, and research said equipment.  

Verify wallets, exchanges, and cryptocurrencies are known entities. The amount of energy and price needed to mine, run, and make transactions with cryptocurrencies is not small. While some of the major exchanges may have pricey transaction fees, and, yes, they are making a profit, it does require resources to exchange Bitcoin. Even if the major exchanges or wallets are pricier than an alternative, in this hot, new space it is wise to stick with known entities. For exchanges, Coinbase is the trusted leader at the moment. For wallets, ensure you control the private key, and an offline, or hardware-based wallet will be the most secure when backed up properly 

Navigate to known, good links, and avoid clicking on links that are sent to you.  

Question any offer that sounds too good to be true, and any individual who contacts you unsolicited. Even if the individual has information about you, know what is publicly available about you, and if a situation feels odd, trust your instincts.  

Sources: 

https://economictimes.indiatimes.com/markets/stocks/news/in-line-with-rally-in-litecoin-bitcoin-this-cryptocurrency-soars-140-in-3-days/articleshow/62065889.cms

https://www.theverge.com/2017/12/13/16754266/cryptokitties-ethereum-ether-game-cats

https://www.cnbc.com/2017/12/06/meet-cryptokitties-the-new-digital-beanie-babies-selling-for-100k.html

https://www.cnbc.com/2017/12/15/teenage-bitcoin-millionaire-its-a-wonderful-time-to-buy-bitcoin.html

https://www.businessinsider.com/north-korean-hackers-targeting-people-in-cryptocurrency-2017-12

https://news.bitcoin.com/cryptocurrency-mining-malware-targets-australians-via-sms

https://news.bitcoin.com/mining-hardware-scams-rise

https://www.coindesk.com/bitcoin-gold-wallet-scam-nets-3-million-illicit-earnings

This guy just tried to trick me.
by inlitecoin
https://www.bloomberg.com/news/articles/2017-10-20/florida-man-gets-16-months-over-bitcoin-bank-hacker-scheme
https://securityintelligence.com/news/threat-of-phishing-attacks-increases-with-bitcoin-price-hike

Tags:

Leave a Reply

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they donā€™t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they donā€™t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organizationā€™s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organizationā€™s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now