This is how OTP bots steal users’ cryptocurrency

Cyber ​​criminals use bots purchased from Telegram to trick users into granting access to their crypto accounts.

According to a report by cybersecurity firm Intel471, one-time password (OTP) bots are “very easy to use” and relatively cheap to run compared to what one could earn from a successful attack.

For example, it only costs a hacker $300/month to access the BloodOTPbot bot on Telegram. Scammers also have the option to spend an additional $20-$100 on other phishing tools that target individual social media accounts on Instagram, Facebook, Twitter, financial services like PayPal, Venmo, or cryptocurrency platforms like Coinbase.

OTP bots are particularly dangerous as they are often the final step in the hacking process, after gathering all the necessary personal information about the victim, which is “the fullz” in hacker jargon. The hacker uses an OTP bot to make a call that sounds like it’s coming from an official platform and suggests asking for a two-factor authentication (2FA) code from the user’s platform . After a confused user divulges the code, the hacker gains instant and full access to the victim’s account.

According to a report of CNBC, Maryland-based obstetrician Dr. Unlike Apgar the victim of such an attack. Notably, he received an “official audio call” along with a series of notifications that his Coinbase account was “at risk.”

As a result, Apgar revealed the 2FA code over the phone. Shortly after, he found his Coinbase account frozen with about $106,000 worth of Bitcoins.

Attacks of this type by OTP bots are becoming more common and are causing significant damage to both retail and institutional investors. The bots have a very high success rate of getting money.

Coinbase’s customer service has previously been the subject of criticism after angry users slammed the platform for not responding to hackers. To improve response times and customer relationships, Coinbase acquired an Indian startup and set up a phone line dedicated to handling account takeovers and related attacks.

A Coinbase spokesperson told CNBC:

“Coinbase will never call unsolicited customers and we encourage people to exercise caution when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not give out your account information or security code. Instead, hang up and call them back on the official phone number listed on the organization’s website.”

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page