Bagikan artikel ini
Bitcoin's Popularity Boosts Phishing Scam Success
Phishing scams using bitcoin as cover are the latest indicator of the digital currency's popularity.
Oleh Joon Ian Wong
Bitcoin has fired the public imagination so intensely that even non-bitcoin users are falling for phishing scams that dangle the prospect of cryptocurrency riches in front of them, according to new research from digital security firm Proofpoint.
STORY CONTINUES BELOW
Jangan lewatkan cerita lainnya.Berlangganan Newsletter Crypto Daybook Americas hari ini. Lihat semua newsletter
found that thousands of phishing messages disguised to look like emails from a Blockchain wallet were sent to addresses with no direct link to bitcoin. This is a departure from typical bitcoin phishing attacks that target known and active cryptocurrency users, according to the security firm.
The new attacks yielded a "staggeringly high" response rate of 2.7% from victims, suggesting that members of the general public were sufficiently attracted by a bitcoin lure to click on the malicious links.
Kevin Epstein, vice president for advanced security and governance at Proofpoint, said:
"Imagine a phish touting automobile insurance that was sent to non-car owners – the fact that anyone clicked, much less 2.7%, is startling testament to human weakness and the intrigue around bitcoin."
Companies and organisations hit
The Proofpoint research found that 12,000 messages were sent to more than 400 large companies and organisations across a range of industries, including finance, media and manufacturing, in two "waves" of attacks on 13th and 14th August.
The firm declined to name any of the targeted organisations, citing confidentiality agreements, but said they included one of the world's largest financial institutions, a Japanese automotive manufacturer, two major American universities and three of the biggest international healthcare organisations.
The malicious messages were made to look like an automated email from wallet provider Blockchain, alerting the recipient that there had been an unauthorised attempt to open the wallet.
The recipient is asked to reset their wallet password by clicking a link which brings the victim to a log-in screen that seems identical to the Blockchain wallet page. Any wallet details submitted through this fake log-in page are transmitted to the scammers, who can use them to access the victim's wallet.
While the attack would only be profitable if it tricked an actual Blockchain wallet user, Epstein said that the high click-through rates, which have been better than for benchmark rates for marketing communications like email newsletters, suggest that even non-bitcoin users knew enough about cryptocurrency to be lured by the prospect of gaining access to some potentially lucrative bitcoins.
"It's a staggeringly high click-through rate given the relative percentage of recipients who would have been bitcoin holders," Epstein said.
'Topical news' approach
Proofpoint noted that the phishing attack's employed a straightforward 'account warning' template that is simple yet highly effective.
The phishers also played on current fears over hackers from China by framing their initial message as a security alert over an unauthorised log-in attempt originating from Sichuan province in western China. That province's technical university has made headlines as a possible proving ground for state-sponsored elite hackers.
Epstein said this was the "topical news" approach to phishing, which had been recently deployed in other attacks that used this summer's World Cup as cover.
"Topical news is always effective. We have seen and will likely continue to see 'Chinese hackers' as an element," Epstein said.
The research did not uncover the attacker's identity, although Epstein said that the attacks appeared to be purely profit driven, which ruled out organised crime or industrial espionage.
He warned that the method of attack held rich potential to inflict greater damage in future, particularly if they were used to deploy trojan horses, which is software that performs unauthorised actions on your computer, or ransomware, which blocks a victim's access to a computer until a ransom is paid.
Phishing Image via Shutterstock
Lebih untuk Anda
Yang perlu diketahui:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Lebih untuk Anda
Fed’s Hammack tilts hawkish on rates, questions CPI drop as distorted
"My base case is that we can stay here for some period of time," Cleveland Fed President Beth Hammack told the WSJ.
Yang perlu diketahui:
- Cleveland Fed President Beth Hammack, who will be a voter on the central bank's policy-making FOMC in 2026, says interest rates need to remain on hold for several months.
- She threw shade on last week's surprisingly soft CPI report, noting data-collection distortions created by the government shutdown.
- Other things being equal, bitcoin would typically benefit from easier Fed monetary policy, but that hasn't at all been the case in 2025.
Top Stories
