Cybersecurity researchers have uncovered a new phishing toolkit called CryptoChameleon, designed to target employees of major cryptocurrency exchanges such as Coinbase, Binance, Gemini, and Kraken.
The phishing campaign, utilizing the CryptoChameleon toolkit, has been observed targeting not only employees of these exchanges but also Federal Communications Commission (FCC) employees, as well as staff from ShakePay and Trezor.
Phishing clone of Coinbase sign-in page | Source: Lookout
According to analysts at cybersecurity firm Lookout, the attackers behind the campaign create convincing single sign-on pages that mimic those of Okta, a cloud service provider for authentication. The attack involves a multi-stage social engineering approach, using emails, SMS, and voice phishing to deceive targets into divulging usernames, passwords, password reset URLs, and even photo IDs. Most victims of this phishing campaign are located in the U.S., the firm reports.
Lookout highlighted that the phishing kit includes a step where victims are asked to complete a captcha using hCaptcha, a tactic aimed at thwarting automated analysis tools from detecting the phishing site.
The phishing kit is designed for real-time interaction with victims, allowing for page customization with phone number digits to enhance credibility. Lookout’s analysis uncovered over 100 successful phishing attempts and ongoing phishing activities, predominantly hosted on servers by Hostwinds, Hostinger, and Russia-based RetnNet.
As of now, there have been no public statements from Coinbase, Binance, Kraken, or Gemini regarding the phishing campaign. It is also uncertain whether the hackers have managed to gain unauthorized access to private data.
In January, blockchain security firm SlowMist revealed that more than 80% of comments on posts related to prominent projects on X were linked to phishing activities. Scammers have been actively acquiring X accounts for fraudulent purposes on Telegram, targeting well-known crypto projects.
For more information on cybersecurity threats and developments in the cryptocurrency industry, continue to explore news on Global Crypto News.