{"id":29049,"date":"2021-03-26T04:27:05","date_gmt":"2021-03-25T17:27:05","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/cryptoscam-in-discord-fake-dex-airdrop\/29049\/"},"modified":"2021-03-26T04:27:25","modified_gmt":"2021-03-25T17:27:25","slug":"cryptoscam-in-discord-fake-dex-airdrop","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/cryptoscam-in-discord-fake-dex-airdrop\/29049\/","title":{"rendered":"Discord cryptoscam: Revenge of the fraudsters"},"content":{"rendered":"

Following recent scams involving fake cryptocurrency exchanges<\/a> and fake news sites<\/a>, we recently uncovered a third campaign, one using fake DEX exchanges and aimed at cryptocurrency enthusiasts on the Discord messaging app. Here\u2019s how the new scheme works.<\/p>\n

A word about cryptocurrency exchanges<\/h2>\n

First, what\u2019s a DEX? Two types of cryptocurrency exchanges exist: centralized (CEX) and decentralized (DEX).<\/p>\n

With a CEX exchange, clients transfer money to the exchange and the funds are moved to a wallet, the private key for which is stored on the platform. Accordingly, exchange operators are also responsible for security. CEX exchanges belong to specific legal entities, and their clients undergo know-your-customer<\/a> checks to fight money laundering. In general, such sites are convenient and reliable, but some users are put off by the need to transfer funds to the exchange and the possibility of having their account frozen during verification.<\/p>\n

Unlike CEX platforms, DEX exchanges are essentially just intermediaries between buyers and sellers. Traders can use any wallet<\/a> and don\u2019t need to transfer private keys. DEX exchanges tend not to be owned by any particular organization, they don\u2019t necessarily verify their clients, and they\u2019re not typically very invested in stopping illegal transactions.<\/p>\n

The decentralized approach provides greater anonymity. In addition, DEX exchanges often have lower fees, which is perhaps why they have been attracting ever more cryptocurrency traders of late.<\/p>\n

Decentralization also means more security concerns for users \u2014 and on top of the ordinary added risk DEX users accept, cybercriminals recently created a phishing site disguised as a DEX exchange called Uniswap.<\/p>\n\n

How DEX clients get duped<\/h2>\n

Potential victims \u2014 users of popular Discord cryptocurrency servers \u2014 receive phishing messages that appear to come from Uniswap and offer free tokens. The authors pass their scheme off as an airdrop<\/a> \u2014 a giveaway of coins, usually to promote a new cryptocurrency but sometimes for user loyalty or for simple tasks such as reposting on social networks. (Such \u201cgifts\u201d are sometimes called helicopter money<\/a>.)<\/p>\n

In their message, the scammers claim that several cryptocurrency services have just launched such a campaign, and the addressee is among the lucky recipients of the drop. The prize is juicy, too: 2.5 Ethereum and 25,000 ZKSwap coins \u2014 more than $75,000 at the time of posting.<\/p>\n

\"A<\/a>

A scam message from a fake exchange about winning helicopter ETH and ZKS<\/p><\/div>\n

If one ignores the unusually generous airdrop, the message looks credible: The language is awkward but not riddled with major errors, the level of emoji use is reasonable, and the list of exchanges includes reputable names. It even includes believable T&Cs for receiving the prize.<\/p>\n

The brevity of the link to the giveaway might arouse suspicion, but that\u2019s unlikely; many are already accustomed to shortened addresses such as t.co or bit.ly links.<\/p>\n

The link leads to a page very similar to the Uniswap website \u2014 and the fairly well-known exchange actually held a helicopter money promotion for clients not so long ago. The scam website, however, prominently features a button labeled Claim accumulated rewards<\/em>.<\/p>\n

\"A<\/a>

A page disguised as Uniswap offers 2.5 ETH<\/p><\/div>\n

Clicking the button takes the victim to a screen requesting the private key or mnemonic phrase for their cryptowallet (in our story, the scammers requested a Metamask wallet). In this case, a mnemonic phrase<\/a>, or seed phrase, is a sequence of normal human words that restores access to a wallet in the event of a technical failure or a change of device.<\/p>\n

How not to fall for DEX scams<\/h2>\n

To avoid swallowing the cybercriminal bait, follow these simple rules:<\/p>\n