Scammers, aiming to exploit the buzz around the Trump family-backed World Liberty Financialβs WLFI token sale, lured investors with fake airdrops that concealed a phishing campaign.
Elaborate Phishing Campaign Targets Eager Investors
On Oct. 16, crypto scammers launched an elaborate campaign targeting investors eager to acquire the governance token for the World Liberty Financial project, which aims to provide a unified platform for lending, borrowing, and transacting with stablecoins.
Scammers Rebrand Verified Account
An X account controlled by scammers promoted a fake WLFI airdrop to mislead users and redirect them to a phishing site resembling a poorly made replica of the official WLF website. The fraudulent account was rebranded to closely mimic the real project, with subtle changes to the username that were easy to miss at first glance.
Ironically, the fraudulent account had the golden checkmark, signifying organizational verification, while the actual World Liberty Financial project has yet to receive this verification.
Timing of the Scam
The timing was strategic, as the official public token sale for WLFI had just gone live the previous day with 749.51M tokens sold as of press time. The ongoing sale is strictly limited to non-U.S. persons and accredited U.S. investors, with over 100,000 accredited U.S. investors whitelisted ahead of the launch.
The scam post claimed to offer a limited-time 1.5x multiplier on WLFI purchases during the pre-sale, urging potential investors to act quickly before the βofferβ expired. Under the pretense of a limited-time deal, scammers directed users to airdrop-worldliberty[.]com, where the actual attack unfolded.
Phishing Tactics and User Deception
On the fake website, users were prompted to connect their crypto wallets and then asked to confirm a malicious transaction granting attackers full control of their wallets. This tactic, known as approval phishing, has become quite common among scammers and has led to billions of dollars in losses.
To convince users to approve the transactions, the website claimed the signature was required to prove wallet ownership. Interestingly, if a user tried to connect an empty wallet, they were prompted to βtop upβ the wallet or connect one with funds, ensuring the attackers focused only on wallets loaded with assets.
Promotion of the Fraudulent Website
At the time of writing, scammers were actively promoting the fraudulent website under posts from Republican presidential candidate Donald Trump, who had taken to X to promote World Liberty Financial. The fake website was also pushed under several posts from the projectβs official X account, amplifying the reach of the scam.
Surge in Phishing Scams
According to blockchain security firm CertiK, phishing attacks were the most damaging attack vector for Q3 2024, leading to losses upwards of $343 million.
Fake X accounts impersonating legitimate crypto projects are one of the most common ways crypto investors end up on phishing platforms. Earlier this year, cybersecurity firm SlowMist warned that more than 80% of the comments under posts from major crypto projects were scams, highlighting the prevalence of these tactics.
Recently, a wallet reportedly linked to crypto venture capital fund Continue Capital lost over $35 million after falling victim to one of these phishing schemes. In late August, a DAI holder lost $55 million worth of the stablecoin after signing a malicious transaction.
#Cybersecurity #BlockchainTechnology