“One Time Password” bots, available on sale for a few hundred dollars on Telegram, are being used by criminals to steal cryptocurrency like Bitcoin (CRYPTO: BTC), Ethereum (CRYPTO: ETH), and Dogecoin (CRYPTO: DOGE).
What Happened: A bot known as “BloodOTPbot,” for example, is on sale for just $300 and cybercriminals can use it to target people’s PayPal, Venmo and Coinbase accounts, according to a report from Intel471, a cybersecurity company.
Intel471 said it had noticed an uptick in underground cybercrime activities that allow hackers to intercept OTPs.
The modus operandi, as noted by Intel471, involves calling the victims in a manner that the call appears to originate from a specific bank and then deceiving them into parting with an OTP or a verification code.
The security firm highlighted “SMSRanger” in its report, which it said was “extremely easy to use.” The bot does most of the work after a target’s phone number has been entered. Users of the bot claim efficacy of nearly 80%.
BloodOTPbot on the other hand requires the attacker to spoof the victim’s phone number in order to impersonate a bank or a company.
See Also: How To Buy Bitcoin (BTC)
Why It Matters: A Coinbase platform user Anders Apgar answered a phone call last month and promptly lost access to an account with $106,000 in BTC, reported CNBC.
Apgar, a Maryland-based obstetrician, fell victim to an OTP or two-factor authentication fraud. He said he felt “dread and emptiness” post the incident, as per CNBC.
Cryptocurrency owners are not only falling victims to robocalls from OTP bots. Last year, an iPhone user downloaded an app from the App Store, which led to him losing over $1 million in BTC.
In 2021 alone, Cryptocurrency scammers made nearly $8 billion from “rug pulls” and other scams.