Crypto Users Face 150% Rise in Sophisticated Scams in Q2

Crypto users faced a rise in “psychologically manipulative” attacks in the second quarter as hackers employed advanced and creative methods to steal crypto. According to blockchain security firm, the scams have become more sophisticated, with a rise in fake browser extensions, tampered hardware wallets and social engineering attacks.

One emerging attack vector involved browser extensions masquerading as security plugins, such as the “Osiris” Chrome extension, which claimed to detect phishing links and suspicious websites. Instead, the extension intercepted all downloads of .exe, .dmg, and .zip files, replacing those files with malicious programs. These programs would then collect sensitive information from the user’s computer, including Chrome browser data and macOS Keychain credentials, giving an attacker access to seed phrases, private keys or login credentials.

Another attack method focused on tricking crypto investors into adopting tampered hardware wallets. In some cases, hackers would send users a compromised cold wallet, telling their victims they had won a free device under a “lottery draw” or telling them their existing device was compromised and they needed to transfer their assets. In Q2, one victim reportedly lost $6.5 million by purchasing a tampered cold wallet that they saw on TikTok. Another attacker sold a victim a hardware wallet they had already pre-activated, allowing them to immediately drain the funds once the new users transferred in their crypto for storage.

Social engineering attacks also targeted users who could not revoke a “risky authorization” in their wallet. Upon investigation, the website that the user was using to try to revoke the smart contract’s permission was “a near-perfect clone of the popular Revoke Cash interface,” which asked users to input their private key to “check for risky signatures.” Upon analyzing the front end code, it was confirmed that this phishing website used EmailJS to send users’ input — including private keys and addresses — to an attacker’s email inbox.

These social engineering attacks are not technically sophisticated, but they excel at exploiting urgency and trust. Attackers know that phrases like ‘risky signature detected’ can trigger panic, prompting users to take hasty actions. Once that emotional state is triggered, it’s much easier to manipulate them into doing things they normally wouldn’t — like clicking links or sharing sensitive information.

Other attacks included phishing techniques that exploited EIP-7702, introduced in Ethereum’s latest Pectra upgrade, while another targeted several users by gaining control of their accounts. The attackers utilized the account recovery system to gain control of an account, impersonating the real owner to scam their contacts with discounted Tether (USDT).

According to the firm, it froze and recovered around $12 million from 11 victims who reported having crypto stolen in Q2.