Telegram Becomes a Hotbed for Crypto Scammers

Crypto scammers are abandoning traditional phishing attacks for more insidious malware tactics on Telegram, with a staggering 2,000% increase in such scams since last November.

Scam Sniffer, a security firm, recently highlighted this shift on their X account, noting that the new wave of scams involves sophisticated malware distributed through fake verification bots in various Telegram groups.

1/6 📊 ALERT: Our data shows a concerning trend—Telegram malware scams have surpassed traditional phishing!

From Nov 2024 to Jan 2025:
– Malicious Telegram group scams increased by 2000%+
– Regular phishing remained stable

Here's why this matters… 🧵 https://t.co/6MQkDWCLrr pic.twitter.com/U6YBtbaPHK

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 16, 2025

Unlike older scams that tricked users into linking their digital wallets to bogus platforms, these new strategies are sneakier and more damaging.

Scammers create fake trading, airdrop, and alpha groups on Telegram where they lure users to verify themselves using bots like OfficiaISafeguardRobot and SafeguardsAuthenticationBot.

3/5 🎭 Identified fake bot accounts to watch out for:
• OfficiaISafeguardRobot
• SafeguardsAuthenticationBot

Note the subtle misspellings and suspicious naming patterns. pic.twitter.com/AETgiCL1wq

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 5, 2025

These bots then inject malware that can steal passwords, scan wallet files, and even swipe browser data.

The worrying part is the broad access these malware attacks grant cyber-thieves, making the stolen amounts hard to trace.

Scam Sniffer first noticed an uptick in this trend in December when they observed a surge in fake X accounts mimicking popular crypto influencers.

These accounts would then funnel followers into Telegram groups where the malware-laden verification process begins.

A variation of this scam uses fake Cloudflare verification pages that secretly install malware when users copy and paste the verification text.

1/5 🚨 ALERT: Another variant – attackers using fake Cloudflare verification pages to deploy malware through clipboard injection and command execution.

Here's how this attack works… 🧵 https://t.co/6MQkDWCLrr pic.twitter.com/sOjluzT5Xa

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 15, 2025

According to a January 5 update from Scam Sniffer, scammers have evolved their methods from just impersonating influencers to targeting legitimate project communities with seemingly benign invitations.

Cado Security Labs and the Cyvers 2024 Web3 Security Report also echo these findings, reporting a significant uptick in crypto thefts.

Cyvers noted a 40% increase in stolen crypto in 2024 compared to 2023, totaling $2.3 billion in losses across 165 incidents.

Despite this, December recorded the lowest monthly loss, rounding out to about $29 million.

This strategic pivot by scammers reflects an adaptation to increased user awareness and a successful, albeit alarming, exploitation of social engineering through Telegram’s platform features.

The sheer scale and effectiveness of these scams confirm that Telegram is now a major battleground in the fight against crypto theft.