The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark admonition regarding a burgeoning wave of impersonation frauds preying on cryptocurrency investors.

On June 12, CISA disseminated a cautionary notice about an escalation in fraudulent schemes, frequently employing “the identities and titles of governmental officials.” The missive clarified that legitimate CISA personnel will never solicit funds via wire transfers, “cash, cryptocurrency, or gift cards.”

“If you suspect you are being targeted by an impersonation scammer purporting to be a CISA official, refrain from remitting payment; document the caller’s number; terminate the call immediately, and authenticate the contact by directly calling CISA.”

Escalation in Crypto Deception

Phil Larratt, Director of Investigations at Chainalysis, responded, elucidating that fraudulent schemes “continue to pose a significant peril to the crypto ecosystem writ large.”

Larratt elucidated that scams persist as “one of the predominant catalysts of cryptocurrency-related malfeasance, amassing at least $4.6 billion in 2023 revenue. Impersonation frauds, notably, ranked fourth in terms of detrimental impact on victims in 2023, with an average loss per incident of $948, as delineated in our Chainalysis 2024 Crypto Crime Report.”

Prevention versus Mitigation

In alignment with CISA’s advisories, Larratt emphasized that the primary defense against pervasive scamming is rooted in preemptive measures, beginning with public enlightenment:

This is imperative because once crypto assets are transferred to a third party, reclaiming control of those assets is impossible without the private keys of the recipient’s funds.

Phishing Fervor and Crypto Drainers

Amidst fraudulent impersonation schemes of faux Federal employees, Larratt detailed the two most prevalent tactics: approval phishing and crypto drainers.

Approval phishing perpetrators have traditionally targeted broad segments of crypto users through the dissemination of counterfeit crypto applications.

He further noted that this technique has been co-opted by romance scammers, colloquially known as pig butchering scammers, resulting in considerable financial detriment.

Crypto drainer operatives frequently advertise their bogus Web3 platforms within Discord communities and via compromised social media profiles luring victims into linking their crypto wallets to the drainer, subsequently employing the approval phishing tactic to deceive victims into sanctioning transaction proposals that cede control of the wallet’s funds to the scammer.

Larratt concluded by asserting the growing necessity for Web3 initiatives and users to adopt robust security measures such as “Web3 security extensions” to counteract these deceitful practices.