CISA Warns Crypto Community About Rising Impersonation Scams

There has been a big increase in impersonation scams targeting the cryptocurrency community, especially on Elon Musk’s X.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about a rise in impersonation scams using the names of government employees. These scams are a big threat in the crypto ecosystem as they generated close to $4.6 billion in revenue in 2023. Additionally, on social media platform X, impersonation scams have also surged. Binance co-founder Yi He pointed out that fake accounts are mimicking her name. Meanwhile, Malaysia's Inland Revenue Board launched "Ops Token" to crack down on crypto tax evasion.

Impersonators Target Crypto Users

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert about a surge in impersonation scams involving the names and titles of government employees. The alert brought to people’s attention that CISA staff will never request money wiring, cash, cryptocurrency, or gift cards.

If someone suspects they are targeted by an impersonation scammer claiming to be a CISA employee, they should not pay the caller. Instead, they should take note of the calling phone number, hang up immediately, and validate the contact by calling CISA.

According to Phil Larratt, director of investigations at Chainalysis, scams are still a massive threat to the cryptocurrency ecosystem. He stated that scams were a major driver of cryptocurrency-based crime in 2023. In fact, scams generated at least $4.6 billion in revenue. Impersonation scams had the fourth-worst impact on victims in 2023, with an average payment size of $948, according to the Chainalysis 2024 Crypto Crime Report.

Larratt believes it is extremely important to take preventative action, like public education, as a first line of defense against large-scale scamming. Once crypto assets are transferred to a third party, control of those assets is lost without the private keys.

Among the most popular scam tactics involving fake Federal employee impersonations are approval phishing and crypto drainers. Approval phishing scammers target crypto users through fake crypto apps, a method also adopted by romance scammers.

The crypto drainer operators promote their fake Web3 sites in Discord communities and on compromised social media accounts, enticing victims to connect their crypto wallets to the drainer.

What are Crypto Drainers?

Crypto drainers exploit vulnerabilities in crypto wallets to steal funds by tricking users into signing malicious transactions with their private keys. Usually, the attackers use phishing techniques, like sending emails that seem to be from legitimate crypto exchanges.

These emails then sometimes prompt victims to click on a link that leads to a fake website that looks like the real exchange. On this fake site, the victim is asked to enter their private key, which the drainer then uses to authorize unauthorized transactions and steal the victim’s cryptocurrency.

To protect yourself from crypto drainers, it is extremely important to be careful when dealing with emails and links from unknown sources. To be safe, it is better to just avoid clicking on links or opening attachments from unfamiliar senders, and verify the legitimacy of any unexpected communications from cryptocurrency services. Additionally, using a strong password for your crypto wallets can also boost your security.

Enabling two-factor authentication (2FA) adds an extra layer of protection by requiring a code from your phone in addition to your password. Hardware wallets are also great when it comes to protecting your wallet against drainers as these physical devices keep your private keys offline, making them much more secure than software wallets.

Crypto Scam Spike on X

Impersonation scammers are also making a nuisance of themselves on X. This has gotten so bad that Elon Musk’s X.com is facing a lot of criticism for not doing enough to prevent crypto scams on its platform.

Binance co-founder Yi He seems to agree with these criticisms. Yi He recently pointed out accounts on X mimicking her handle and name. These accounts are directing users to fraudulent links promising Binance-backed meme coins. She clarified that no such coins exist and warned that clicking the link could result in stolen funds.

Yi He’s call for action comes amid reports from Scam Sniffer, indicating that crypto scams on X.com have surged. It is estimated that almost $50 million is lost monthly due to account impersonation.

This is not a new issue for Twitter as these scams have been around even before Musk took over leadership of the social media platform. However, the introduction of Musk’s paid verification service, which allows anyone with a smartphone to receive verification, may contribute to the public's susceptibility to these scams.

Despite Musk’s previous promises about actually addressing the “bot” and “spam” problems, it is still unclear if he has specifically targeted crypto scams.

Malaysia Cracks Down on Crypto Tax Evasion

It is not just scammers wreaking havoc in the crypto space, but tax evaders as well. On the bright side, Malaysia has come up with a plan to battle these sneaky crypto traders.

The Malaysian federal agency Inland Revenue Board (IRB) recently conducted a special operation called "Ops Token,” that is aimed at reducing tax revenue leakage from crypto trading. Local media outlet The Malaysian Reserve reported that 38 personnel from the Royal Malaysia Police and CyberSecurity Malaysia (CSM) raided 10 locations in Klang Valley, targeting companies that failed to properly report their crypto trading activities.

Authorities revealed that several limited liability partnerships and corporate entities were formed specifically for crypto trading and to avoid tax declarations. The IRB uncovered crypto trading data stored on mobile devices and computers during the raids, and also successfully identified the value of digital assets traded. This evidence is crucial when it comes to determining the exact extent of tax revenue loss.

IRB CEO Datuk Abu Tariq Jamaluddin warned that people involved in crypto trading have to adhere to Malaysia’s income tax rules, and urged them to declare their crypto taxes to avoid compliance actions.

The IRB firmly believes that "Ops Token" will greatly improve tax efficiency and reduce revenue leakages, which will contribute to the sustainability of the country’s revenue collection.

In Malaysia, cryptocurrency is legal and regulated by the Securities Commission (SC), which oversees capital markets. While tokens are considered securities and subject to securities laws, the central bank does not recognize them as payment instruments or legal tender. Crypto-focused businesses in Malaysia have to comply with the country’s income tax laws.

Remilia Hacker Funnels $4.3M ETH Through Tornado Cash

In other crypto crime news, the hacker that was responsible for the $4.3 million Remilia exploit in March has funneled the stolen crypto assets through the mixing service Tornado Cash.

On Jun. 17, blockchain analysis firm CertiK reported that 1,209.5 Ether (ETH), valued at close to $4.3 million, was deposited into Tornado Cash. These assets were traced back to multiple addresses connected to the Remilia hack, which happened on Mar. 16.

Remilia is a decentralized autonomous organization (DAO) behind the Milady Maker non-fungible token (NFT) collection, and reported the hack through its founder, Krishna Okhandiar, also known as Charlotte Fang. The hack led to the transfer of large amounts of ETH and NFTs to a wallet that later liquidated the assets.

The incident was brought to light by an account called Dumpster DAO on X, which shared a screenshot of the Remilia founder reporting the hack and the address that received the assets. Blockchain data revealed that this address sold NFTs linked to Milady, including staked NFTx assets, and transferred $1 million in ETH to another address.

Two days after the hack, a meme coin paying homage to Milady NFTs conducted a presale on the Solana network. The meme token, Milady Wif Hat (LADYF), successfully raised 91,486 Solana (SOL), worth $18.7 million at the time, within just two hours of the announcement.

Because of oversubscription, the team promised to return the excess SOL to senders. However, since the presale, the token’s price has plummeted, reaching a new all-time low of $0.00001703 on Jun. 14.

The creators of the meme coin clarified on their website that they are not affiliated with Charlotte Fang or the Milady Maker NFTs as the token is only a tribute to a beloved NFT collection.