Threat actors using 'elaborate social engineering scheme' to target crypto users — Report

Threat actors are using an elaborate social engineering scheme to target crypto users and drain their wallets, according to a Thursday report from cybersecurity company Darktrace. The company wrote that the techniques are similar to those used by “Traffer Groups,” which use malware to steal credentials and data.

The social engineering scheme involves gaining the trust of users by posing as representatives from fake startup companies in the industries of AI, gaming, Web3 and social media. Compromised X accounts are often involved, and the threat actors supplement the fraud with Medium articles and GitHub entries.

“Each campaign typically starts with a victim being contacted through X messages, Telegram or Discord,” the report reads. “A fake employee of the company will contact a victim asking to test out their software in exchange for a cryptocurrency payment.”

After the user downloads the software, a Cloudflare verification bubble pops up that begins to extract information about the computer. At a certain point, credentials from cryptocurrency wallets are stolen. Windows and Mac users are known to have been targeted, according to the report.

The scheme may be similar to the December 2024 attacks involved in the Meeten campaign. There have been other social engineering attacks targeting cryptocurrency users, including those allegedly orchestrated by certain groups associated with North Korea.

Related: 10 red flags a crypto platform is a scam—and how to protect your money

Crypto scams abound in 2025

Crypto scams, frauds, and thefts are rife in the industry, with names like the “pig butchering” scams and “four-dollar wrench attacks.” In some cases, they’ve become more sophisticated, relying on social engineering, hacked X accounts, and insider fraud.

On July 7, Chinese authorities warned citizens about illegal fundraising schemes that, in part, were built around crypto’s “killer” use case: stablecoins. Allegedly, the organizations are often fronts for money laundering and online gambling, and the groups take advantage of the public’s limited knowledge of certain aspects of crypto.

Cointelegraph has written about the crypto scams to watch out for in 2025. They include malicious browser plugins that purport to be for security, tampered hardware wallets, and social engineering through a fake revoker website.

On July 8, the US Department of Justice unsealed an indictment against two men for allegedly running a scheme that defrauded investors of over $650 million. Another scheme has been the fake crypto support scam, which uses psychological tactics to complete the fraud.

Magazine: Influencers shilling memecoin scams face severe legal consequences