The Crypto Sector Faces a Voice-Phishing Arms Race Powered by AI and Underground Talent

Generated by AI AgentCoin World
Wednesday, Sep 3, 2025 7:40 am ET2min read
Aime RobotAime Summary

- Cybercriminals use AI voice deepfakes and social engineering to target crypto executives via "vishing" attacks, impersonating banks and agencies to steal sensitive data.

- Attackers recruit professional voice actors through underground forums, earning up to $20,000/month, using VoIP and SMS to mimic trusted organizations with stolen datasets.

- AI advancements enable hyper-realistic voice cloning, making vishing harder to detect, with experts warning of worsening detection challenges in 12-18 months.

- Crypto firms face risks from organized cybercrime groups targeting custody systems, prompting recommendations for multi-factor authentication and employee training to combat evolving threats.

Cybercriminals are increasingly leveraging AI-driven voice deepfakes and sophisticated social engineering tactics to target high-level executives in the cryptocurrency sector, according to a report from GK8 by Galaxy. This new form of attack, known as “vishing” (voice phishing), involves impersonating banks, government agencies, or cryptocurrency firms to trick individuals into divulging sensitive information or performing actions that compromise security. The report highlights a growing trend where attackers have moved beyond traditional phishing emails to deploy highly personalized and organized campaigns targeting U.S. crypto professionals, including legal officers, engineers, CTOs, and financial controllers.

Threat actors are now recruiting professional voice impersonators through restricted underground forums, offering monthly earnings of up to $20,000 for experienced operatives. These campaigns are described as “highly targeted and personalized,” using detailed datasets on victims to craft believable scenarios and pretexts. The attackers utilize Voice over Internet Protocol (VoIP) systems, direct inward dialing numbers, and SMS capabilities to mimic trusted organizations, making it increasingly difficult to distinguish between real and fake calls. The datasets used in these attacks reportedly come from recent compromises, suggesting that the information is fresh and highly valuable to cybercriminals.

The report emphasizes that vishing is not a new tactic but has evolved significantly due to advancements in AI and deepfake technologies. These tools allow attackers to convincingly replicate voices and create realistic interactions that exploit human trust and urgency. Tanya Bekker, Head of Research at GK8, noted that distinguishing between real and fake calls will become even more challenging over the next 12 to 18 months. The use of deepfakes and AI voice cloning has elevated the sophistication of these attacks, making them harder to detect and defend against.

The rise of vishing in the crypto space underscores the broader trend of cybercriminals targeting high-net-worth individuals and organizations with privileged access to critical infrastructure. Executives who manage custody systems and private keys are particularly at risk, as a successful breach could lead to large-scale crypto theft. The report also highlights the professional nature of these operations, with some attackers working in organized groups that function like a legitimate fraud industry. This suggests a well-structured and sustainable business model within the underground cybercrime ecosystem, with clear roles for recruitment, execution, and monetization.

In response to these threats, GK8 recommends that crypto organizations implement robust training programs for employees to recognize and respond to voice-based social engineering attempts. Enhanced authentication measures, such as phishing-resistant multi-factor authentication and number matching, are also suggested to mitigate the risks associated with vishing. As the threat landscape continues to evolve, the report stresses the importance of proactive security measures tailored to the unique risks faced by the cryptocurrency industry.

Source: [1] Underground Market Pays $20K a Month for Crypto 'Vishing' (https://finance.yahoo.com/news/underground-market-pays-20k-month-110103524.html) [2] Cybercriminals use AI voice phishing attacks to target (https://www.chaincatcher.com/en/article/2202933) [3] ShinyHunters Uses Vishing To Breach

Salesforce
Data (https://dataconomy.com/2025/09/03/shinyhunters-uses-vishing-to-breach-salesforce-data/)

Comments



Add a public comment...
No comments

No comments yet