Warning: How 'One Time Password' bots can steal all your crypto

Published at: Feb. 17, 2022

Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts. 

According to a report from cybersecurity firm Intel471, One Time Password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack.

A Telegram bot known as ‘BloodOTPbot’ charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20 to $100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services like Paypal and Venmo and crypto platforms such as Coinbase.

OTP bots are especially nefarious as they are generally the final step in the hacking process, after all necessary personal information has been gathered on the victim, known in hacker parlance as “the fullz”. Hackers use the OTP bot to stage a seemingly-official phone call, while simultaneously prompting the 2FA code from the user's crypto platform. Once the typically flustered user divulges the code, hackers gain immediate and total access to the victims account.

According to a report from CNBC, Maryland-based obstetrician Dr Anders Agpar, was the victim of such an attack, in which an “official sounding phone call” alongside a series of banner notifications on his phone, informed him that his Coinbase account “was in jeopardy”

Dr Agpar ended up in a situation where his two-factor-authentication (2FA) code was divulged over the phone and immediately afterwards he found himself locked out of his own Coinbase account which held approximately $106,000 in Bitcoin (BTC).

These types of attacks from OTP bots are increasing in frequency and are causing substantial losses to both institutions and individual retail investors. The bots have an extremely high success rate in extracting funds.

Related: 4 tips to avoid phishing attacks

Customer service at Coinbase has been the subject of criticism in the past after angry users slammed the platform for a lack of responsiveness in dealing with hackers. In an attempt to improve response times and client relations, Coinbase acquired an Indian AI startup and created a phone line specifically for dealing with account takeovers and related attacks.

A Coinbase spokesperson told CNBC, “Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization’s website.”

Tags
Related Posts
Four Out of Five Top Bitcoin QR Code Generators are Scams: Report
Four out of the first five results presented when querying Google for a “bitcoin qr generator” lead to scam websites. The findings Cryptocurrency wallet ZenGo wrote the findings in a blog post published on Aug. 29. Reportedly, when researching prior to implementing QR Code support in their wallet, ZenGo learned of the prevalence of scam QR Code generators. The company explains how the alleged scam works: “These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.” QR …
Hacks / Sept. 6, 2019
Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys." So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious …
Technology / Jan. 24, 2022
British Army’s social media accounts hacked by crypto scammers
The British Army’s official Twitter, Facebook and YouTube accounts were breached on Sunday for almost four hours, with scammers promoting rip-off nonfungible token (NFT) collections and cryptocurrency scams. Just after 2:00 pm EST on Sunday, the United Kingdom Ministry of Defence (MOD) Press Office tweeted it was aware the Army’s social media accounts were compromised and had begun an investigation. Nearly four hours later, close to 5:45 pm EST, the Office provided an update that the account breaches were resolved. The British Army's official Twitter account also apologized for the posts, saying it would conduct an investigation and “learn from …
Defi / July 4, 2022
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022
MetaMask issues scam alert as NameCheap hacker sends unauthorized emails
Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails. On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue." ⚠️MetaMask does not collect KYC info and will never email you about your account! Do not enter your Secret Recovery Phrase on a website EVER. If you got an email today from MetaMask or Namecheap or anyone …
Blockchain / Feb. 13, 2023