Fraudsters Use Robocall Bots to Steal Crypto Investors’ 2FA Codes

Crypto investors in the US are being targeted with bot-driven robocalls designed to steal two-factor authentication codes, netting the attackers hundreds of thousands of dollars in digital currency.

Fraudsters are selling bots designed to trick crypto investors into divulging their two-factor authentication (2FA) codes, leading to accounts being taken over and drained, according to a CNBC report.

The report tells the story of Dr. Anders Apgar, a Coinbase customer whose digital wallet held more than $100,000 in crypto before he was duped into divulging his 2FA code during a robocall.

The attackers used text-based scareware tactics to persuade Apgar to pick up the phone. When he did, a female voice said, “Hello, welcome to Coinbase security prevention line. We have detected unauthorized activity due to failed log-in attempt on your account. This was requested from a Canada IP address. If this (is) not you, please press 1, to complete precautions recovering your account.”

The trick worked. When prompted, Apgar punched in his unique 2FA code only to realize minutes later that he had been locked out of his Coinbase account. His $106,000, mainly in bitcoin, was no longer accessible to him.

“It was just dread and an emptiness of just, ‘Oh my gosh, I can’t get this back,’” he told reporters.

According to the report, Apgar’s story is just one of many. Attackers are targeting unsuspecting crypto investors with robocall bots designed to create a sense of urgency to they can steal their Coinbase login credentials.

The OTP (one-time-password) bots, as they are called, are being circulated on various Telegram channels at prices ranging from $100 a month to $4,000 for a lifetime subscription.

“Before these OTP bots, a cybercriminal would have to make that call himself,” security analyst Jessica Kelley told CNBC. “They would have to call the victim and try to get them to divulge their personal identifiable information or bank account PIN or their 2FA passcode. And now, with these bots, that whole system is just automated and the scalability is that much larger.”

Upon inquiry, a Coinbase spokesperson told reporters, “Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution (whether Coinbase or your bank), do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization’s website.”

Bitdefender recently published a blog post that describes the methods cybercriminals use to break through the multi-factor-authentication layer to rob users. Whether it’s a phishing scam designed to steal one-time codes, a SIM swap attack, or actual malware, cybercriminals have various tools and techniques to steal one-time authentication codes and drain the victim’s bank account in minutes. The article includes handy mitigation steps for each scenario.

The FBI recently warned that cyber crooks have stolen millions from unsuspecting US citizens using SIM swap – aka SIM hijacking – schemes.

Bitdefender Digital Identity Protection (DIP) scans the web for unauthorized leaks of your personal data, including your phone number, and can see if your accounts are exposed. DIP can make a world of difference when fraudsters target you, making it easy to take action before disaster strikes.