Tag: scams

AI-driven phishing scams and hidden crypto exploits shake Web3 security
- SBI Crypto was breached, losing $21 million in assets via a suspected laundering operation.
- A phishing scam targeting GMGN tricked 107 users into approving fake transactions.
- Honeypot token scams rose 600% month-on-month, with over 2,100 tokens detected.
Web3 has entered a new phase of cyber threats, with attackers now leveraging artificial intelligence, automation tools, and complex social engineering to exploit users across decentralised networks.

According to GoPlus Security, over $45.84 million was lost in October alone from a surge of scams, phishing attacks, token exploits, and wallet hacks.

The data reveals how scammers are evolving their methods, creating high-impact exploits that have affected thousands of users and platforms across Ethereum, Binance Smart Chain, and Base.

Hackers use AI and automation to boost phishing campaigns

GoPlus observed a sharp increase in phishing attacks that led to more than $3.5 million in losses.

A growing number of these scams are powered by “Phishing-as-a-Service” platforms, where threat actors use AI tools to rapidly generate fake websites and deploy large-scale campaigns with lower operational costs.

One of the largest phishing cases involved the trading platform GMGN.

In this incident, 107 users were misled by a fake third-party website into authorising harmful transactions. Losses totalled more than $700,000.

The phishing scam replicated legitimate wallet interactions, tricking victims into signing approval requests that gave attackers control over their funds.

In another case, a trader approved a malicious “increaseAllowance” command, resulting in a $325,000 loss in Coinbase Wrapped Bitcoin.

Separately, another user was hit with a $440,000 loss after signing a fraudulent “permit” transaction.

Both exploits highlight the rise in fake contract approvals, often enabled by deceptive interfaces mimicking trusted apps.

Sophisticated exploits linked to state-style laundering tactics

The single largest exploit came from SBI Crypto, which suffered a breach that drained $21 million worth of digital assets. The losses included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash.

Although SBI Crypto did not officially confirm the source of the breach, a joint investigation by ZachXBT and Cyvers suggested patterns similar to those used by North Korean hacker groups.

The attackers allegedly funnelled funds through Tornado Cash, a known crypto mixer previously sanctioned for its role in laundering state-sponsored thefts.

This laundering method closely mirrors activity linked to the Lazarus Group, though the report stressed that the connection remains unverified.

Web3 platforms under attack from honeypot tokens

Alongside phishing and exploits, the report found a dramatic spike in honeypot tokens.

These are malicious smart contracts that allow users to buy tokens but prevent them from selling or withdrawing funds.

Honeypot tokens surged 600% last month, reaching 2,189 identified tokens—though still far fewer than the 40,000 recorded in June 2025.

Source: GoPlus Security

The Binance Smart Chain accounted for the bulk of these tokens at 1,780, followed by 216 on Ethereum and 131 on Base.

These tokens are embedded with hidden restrictions that block transactions, stranding investor funds in illiquid assets.

Their increase underscores a shift toward embedded contract-level fraud, which can bypass basic security tools.

Tokens and socials compromised in wider exploits

The wider ecosystem also saw losses from social media and platform-based breaches.

Astra Nova’s official social account was hijacked, triggering a large-scale sell-off of its native token RVV and causing losses of approximately $10.3 million.

In a separate exploit, decentralised finance platform Garden Finance was hit with a vulnerability that cost users around $10.8 million, according to ZachXBT.

These incidents reflect a widening surface of attack across both user-facing interfaces and backend contract code.

Share this article

Categories

Tags
Source link
November 12, 2025
Crypto ATM scams in Australia cause over AUD 3.1 million in losses
- Over 150 unique scam reports filed with ReportCyber during the period.
- Average loss per victim exceeded AUD 20,000.
- Crypto ATMs in Australia surged from 40 in 2022 to over 1,800 by 2025.
Australia is facing a fresh wave of crypto-related scams, this time involving the rapid expansion of cryptocurrency ATMs across the country.

New data from ReportCyber shows that Australians lost over AUD 3.1 million to scams involving crypto ATMs between January 2024 and January 2025.

The Australian Federal Police (AFP) has now issued a warning, urging greater public awareness as these frauds increasingly target vulnerable demographics, particularly those aged over 50.

With more than 1,600 crypto ATMs now operating in the country—up from just 23 in 2019—the risk of exploitation is growing in parallel with accessibility.

Over 150 reports filed, average loss tops AUD 20,000

Between January 1, 2024, and January 1, 2025, Australia’s national cybercrime reporting platform, ReportCyber, received 150 reports specifically related to crypto ATM scams. This equates to roughly one report every two and a half days.

The total estimated losses stood at AUD 3,107,600, with an average loss of more than AUD 20,000 per incident, according to the AFP.

Authorities suggest that these numbers may only represent a fraction of the real impact. Many victims do not report their cases due to embarrassment, unawareness, or difficulty navigating the reporting process.

AUSTRAC, the national financial intelligence agency, revealed that around AUD 275 million flows through cryptocurrency ATMs annually in Australia.

A significant portion of that volume is linked to fraudulent activity, although the exact figure remains unquantified.

Lack of regulation, rising usage worsen risk

Crypto ATMs, often situated in easily accessible places such as convenience stores or next to children’s vending machines, offer convenience at the cost of security.

Bitcoin’s irreversible nature and the low identification requirements of many machines make them ideal tools for scammers.

Unlike traditional bank transactions, once crypto is sent via an ATM, there is virtually no way to recover the funds.

The problem is not isolated to Australia. In the US, the Michigan Attorney General’s Consumer Protection Division has raised similar alarms about Bitcoin ATM scams targeting older adults.

In Canada, authorities have previously flagged these machines as potential conduits for money laundering. The UK prosecuted an individual last year for operating an illegal Bitcoin ATM.

Despite global efforts to crack down on misuse, regulations governing these machines remain patchy.

Without mandatory Know-Your-Customer (KYC) procedures, scammers can exploit the anonymity and speed of crypto transfers to move illicit funds quickly and invisibly.

Scammers prey on urgency, fake officials, and emotional manipulation

Crypto ATM scams often follow well-established social engineering techniques.

The AFP highlights that scammers typically contact victims posing as government officials, bank staff, or tech support agents.

Some victims are lured through romance scams, investment promises, or job offers, often involving intense emotional manipulation and pressure to act urgently.

The victim is then instructed to withdraw cash and deposit it into a crypto ATM, often while on a live call with the scammer.

Fraudsters sometimes claim the transaction is necessary to “secure accounts” or prevent legal action.

These tactics exploit both digital illiteracy and psychological vulnerability, especially among seniors.

To combat these scams, the AFP and AUSTRAC recommend heightened public awareness and better education about cryptocurrency basics.

As Bitcoin’s value continues to rise and ATM numbers grow, experts warn that the issue could worsen without coordinated regulatory intervention.

Share this article

Categories

Tags
Source link
June 3, 2025