The U.S. Federal Bureau of Investigation (FBI) has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space.
"The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the agency said [PDF].
The illicit scheme, which aims to take advantage of increased interest in the crypto sector, is believed to have netted 244 victims, with losses estimated at $42.7 million between October 4, 2021, and May 13, 2022.
According to the law enforcement authority, threat actors are misusing the names, logos, and other identifying information of legitimate businesses to create fake websites in an attempt to lure potential investors.
In three instances highlighted by the FBI, the scammers masqueraded as a U.S. financial firm and companies named YiBit and Supayos (aka Supay) to dupe 34 victims of about $10 million by tricking the individuals into downloading bogus crypto wallet apps designed to plunder the digital funds deposited into the accounts.
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Financial institutions should warn their customers about this activity and inform customers as to whether they offer cryptocurrency services," the FBI cautioned, while urging investors to be on the lookout for unsolicited requests to download investment apps from untrusted sources.