Telegram malware crypto scams rampant over traditional phishing: Scam Sniffer

Quick Take
- Blockchain security firm Scam Sniffer reported that malware crypto scams on Telegram increased by 2,000% between November and January.
- The attackers now opt for more “sophisticated” malware to target crypto investors via trading or airdrop groups on the messaging platform, the firm said.


The number of reported malware scams targeting crypto investors on Telegram has grown to surpass that of traditional phishing attacks, Scam Sniffer said on X on Thursday.
According to the blockchain security firm, scams luring crypto investors into malicious Telegram groups jumped 2,000% between November 2024 to January this year, while traditional phishing methods using fake websites persisted at usual levels.
Scam Sniffer said the new Telegram scams employ more sophisticated tactics beyond disguising as crypto influencers, now targeting legitimate crypto project communities on the messaging platform with safe-looking invites.
“These aren’t your typical ‘connect wallet’ scams,” Scam Sniffer wrote. “Attackers are distributing sophisticated malware through fake verification bots, fake trading groups, fake airdrop groups [and] ‘exclusive’ alpha groups.”
When users fall for the fake verification process, malicious code is injected into their clipboard, downloading malware upon execution, Scam Sniffer said. Attackers then gain access to the victims’ passwords, crypto wallet and browser data.
The security firm explained that exploiters have adopted this tactic because users have become more cautious of known crypto scams, and the new malware expands their reach through Telegram.
“Remember: No legitimate crypto service will ever ask you to execute commands, install verification software, run scripts from your clipboard,” the security firm said.
The latest data from Chainalysis indicates that losses from cryptocurrency scams and hacks totaled $2.2 billion in 2024, representing a 24% increase from the previous year. Decentralized finance platforms were the primary source of these illicit funds.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.