The FBI has issued a public warning about fraudulent crypto investment apps after hackers pretending as legitimate services robbed tens of millions of dollars from U.S. investors. In an advisory published on Monday, the FBI stated that hackers have been posing as legitimate crypto investment apps in an effort to convince investors to download fraudulent apps.
Investors Were Unable to Withdraw Their Funds from the Fraudulent Crypto Investment Apps
After downloading the apps, which employ the names, logos, and other identifying information of legitimate services — victims found themselves unable to withdraw funds supposedly deposited into their accounts. When they tried to do so, they received messages stating that they needed to pay taxes on their investments first. Even when they paid, the FBI said the funds remained locked on the crypto investment apps.
The FBI says cybercriminals have been using these crypto investment apps with “increasing success” to defraud investors and estimates that roughly $42.7 million has been stolen from 244 victims in an eight-month window between October 2021 and May 2022. Moreover, in a case, observed between December 2021 and May 2022, unidentified hackers took some $3.7 million from 28 individuals over the course of six months by pretending to be representatives from a legitimate, unnamed financial entity.
The FBI is advising investors to be wary of prompts to install crypto investment apps from unknown individuals, to verify that the company behind such apps is legitimate, and to treat apps with broken or limited functionality with skepticism.
Hackers Exploited a Vulnerability to Steal $100M from Harmony’s Blockchain Bridge
While cybercriminals have long relied on cryptocurrency as a means of financial extraction, they are increasingly turning their attention to targeting crypto wallets and Blockchain bridges, tools that enable users to transfer their crypto assets from one blockchain to another. Last month, hackers exploited a vulnerability to steal $100 million from Harmony’s Blockchain Bridge, an attack that has since been linked to the North Korean-backed Lazarus group.