A new and highly sophisticated phishing scam targeting cryptocurrency users has been exposed by the Chief Information Security Officer of blockchain security firm SlowMist.
The scam, known as the “Withdrawal Verification Code” scam, involves fraudsters sending victims SMS messages that appear to originate from legitimate crypto trading platforms.
These messages contain a withdrawal verification code, such as “819121”, and a warning to contact a specified phone number if the recipient did not request the transaction.
According to SlowMist CISO @im23pds, unsuspecting users who respond to the message by calling the number are being drawn into highly convincing fraudulent schemes.
Phishing Callbacks and Fake Security Follow-Ups
Once the victim calls the number in the fraudulent message, they are engaged by a scammer posing as a representative of the trading platform’s security team.
The impersonator assures the victim that their account is at risk due to a supposed security breach and promises to notify “cryptocurrency verification companies” to prevent further compromise.
The aim is to be followed by another phone call, this time from someone claiming to be from Ledger, a well-known crypto wallet provider.
Using industry lingo and false reassurances, the fake Ledger representative directs the victim to a professional-looking phishing website, presenting it as part of the solution to secure their assets.
Also Read: Crypto Investigators Moonlock Report Surge in Crypto Hack Through Fraudulent Ledger Live Software
Financial Damage: $11.1 Million Lost in Sophisticated Scam
The most alarming aspect of this scam is the sheer scale of financial loss involved.
One victim, lured through this two-stage scam process, reportedly lost a staggering $11.1 million after entering sensitive information into the phishing site.
The scammers used advanced social engineering tactics, mimicking legitimate support interactions, and capitalizing on panic to gain trust.
The site where the victim was directed looked authentic and included fake customer support channels, making it nearly indistinguishable from the real Ledger interface.
Also Read: Crypto Investigator SlowMist Detects Possible Security Breach Targeting Nexo Crypto Platform
Urgent Advisory for Crypto Users to Stay Vigilant
Security experts are urging all cryptocurrency users to remain highly cautious and skeptical of unsolicited messages, especially those involving verification codes or withdrawal alerts.
Users are advised never to call back unknown numbers listed in such messages or click on links without verifying their authenticity through official channels.
SlowMist’s CISO emphasized the importance of relying on verified support contacts and enabling two-factor authentication through trusted apps only.
With scams growing in complexity and frequency, awareness and proactive cybersecurity hygiene are crucial in safeguarding digital assets from devastating losses.
Also Read: Crypto Investigator Uncover Phishing Attacks Cloning Zoom Software Aiming To Target Crypto Projects