In a disturbing revelation, a recent assessment by Angara Security indicates that in 2023, more than 40% of content in Telegram channels dedicated to cryptocurrency discussions turned out to be fraudulent. Analysts attribute the surge in such deceptive posts at the end of the previous year to the departure of the cryptocurrency exchange Binance from Russia and the subsequent sale of its business to a Russian company. Cybercriminals swiftly adapted by mimicking Binance’s successor, CommEX, creating similar projects to exploit users. Telegram, in turn, has become a preferred channel for disseminating phishing attacks, actively exploited by malicious actors.
Dubious Cryptocurrency Activity on Telegram
Using open-source intelligence tools, Angara Security analysts examined publications related to cryptocurrencies in public Telegram channels. Their findings, disclosed to Forbes, reveal that of approximately 22,000 cryptocurrency-related materials identified in 2023, nearly 9,000 were flagged as suspicious and subsequently removed. The removal process involves user complaints, Telegram’s support intervention, and statements from Threat Intelligence experts. Importantly, even after deletion, these materials remain in Telegram’s archive, accessible for further study.
Scam Techniques
Many deleted messages encouraged users to invest in the crypto market, promising extravagant returns such as turning 1,000 rubles into 70,000 rubles. The suggested mode of transaction often involved transferring funds to a bank card. Fraudsters employed aggressive channel names like “Instant Earnings,” “Path to Success,” “Financial Independence,” “Smart Investments,” “Crypto Farm,” “Crypto Cash,” and “Official Channel” to lure users to their platforms. The predominant content on such channels included cryptocurrency earning courses, investment proposals, advertisements for investor groups, concealed promotions for various platforms, and ads for crypto wallets, discounts, and registration bonuses.
Evolving Scam Tactics
Some scammers developed mobile applications and websites for specific schemes, acting as platforms for phishing attacks and scam pages. In the Russian segment, nearly 1,500 domains related to investments were registered in 2023, with 50% emerging in the fourth quarter. Notably, some of these domains referenced Binance and CommEX platforms. Of the domains registered in 2023, 47%, or 697 domains, are inactive, either blocked by domain registrars, up for sale, or devoid of content.
In light of these findings, the cryptocurrency community faces a growing challenge to discern legitimate discussions from malicious activities, necessitating heightened awareness and vigilance among users.