In 2024, cybercriminals have increasingly turned to sophisticated tools such as AI-powered deepfakes and advanced phishing kits to target cryptocurrency users. Recent reports from cybersecurity firms Gen Digital and Blockaid reveal a surge in scams using deepfake videos of prominent figures like Elon Musk and Vitalik Buterin, alongside the reappearance of the notorious phishing toolkit, Angel Drainer, now revamped as AngelX.
Angel Drainer Returns with Upgraded Phishing Toolkit ‘AngelX’, Targets Emerging Blockchains
The notorious crypto phishing toolkit Angel Drainer has resurfaced in a more dangerous and sophisticated form, now branded as AngelX. According to a recent report by blockchain security firm Blockaid, AngelX has already deployed hundreds of malicious decentralized applications (DApps) designed to steal digital assets from unsuspecting crypto users.
On Sept. 4, Blockaid revealed that the new AngelX system had launched 300 fraudulent DApps aimed at draining assets from wallets. What’s even more alarming is that AngelX is specifically targeting users on emerging blockchain networks like The Open Network (TON) and Tron, which are considered to have weaker security infrastructures.
“[AngelX] perceives these chains as less equipped to defend against attacks, due to a lack of robust security tools and support,” noted Blockaid in their report, highlighting a growing vulnerability for users of these less-mature networks.
Since its official launch on Aug. 31, the AngelX system has powered over 150 new phishing scams, causing a wave of concern among blockchain security experts and crypto enthusiasts alike. The high volume of attacks demonstrates the system’s agility in deploying malicious apps quickly and stealthily across a broad range of blockchain ecosystems.
Blockaid further explained that the AngelX toolkit features a significantly higher "evasion rate" than previous iterations. In essence, many of the apps built on AngelX have been able to bypass detection by traditional security tools, making it harder for crypto users and even sophisticated security vendors to spot fraudulent applications before assets are lost.
Enhanced Tools for Scammers: UX and Control Panel Upgrades
In addition to its enhanced ability to evade detection, the AngelX phishing toolkit includes an upgraded user experience (UX) and an advanced control panel for scammers. The cleaner and more streamlined interface allows malicious actors to easily craft custom phishing apps targeting specific blockchains. This wider range of flexibility means that scammers can deploy fraudulent apps across multiple platforms with relative ease, multiplying the potential damage.
The improved toolkit allows scammers to create highly targeted campaigns, tricking crypto users into unknowingly giving token approvals, which in turn lets scammers drain their wallets. One of the most concerning aspects of AngelX is how easy it makes for even non-technical actors to orchestrate devastating attacks.
Fortunately, Blockaid's early detection of the AngelX system helped safeguard approximately $400,000 worth of assets in the first five days of AngelX’s activity. While this is a positive step, the fact that hundreds of malicious apps had already been launched before AngelX was even discovered shines the spotlight on the speed and severity of this latest wave of phishing attacks.
AngelX is a direct successor to the notorious Angel Drainer phishing toolkit, which abruptly wound down operations on July 16. The shutdown occurred after Angel Drainer’s developers became concerned that their identities were compromised. Despite its sudden halt, Angel Drainer's impact was massive, with an estimated $25 million in assets stolen through various phishing campaigns.
Angel Drainer—and now AngelX—are part of a growing trend in the crypto space where phishing scammers leverage easy-to-use toolkits to drain wallets by tricking users into approving malicious token transfers. These drainers are typically provided to scammers in exchange for a share of the stolen funds, making it a lucrative enterprise for all involved in the supply chain of crypto theft.
The re-emergence of Angel Drainer under the guise of AngelX highlights a pressing need for blockchain networks to bolster their security frameworks. As crypto adoption grows, attackers are increasingly turning to less mature blockchains with fewer security measures in place. For blockchain platforms like TON and Tron, this can spell disaster for user trust if significant asset losses continue to mount due to phishing scams.
Emerging blockchains have much to gain by partnering with third-party security firms, deploying multi-layered protection mechanisms, and educating users about safe practices when interacting with decentralized applications. The alarming success of AngelX illustrates how attackers are becoming more sophisticated, and the crypto community will need to invest more heavily in security solutions to protect users from increasingly complex threats.
The return of Angel Drainer in the form of AngelX marks a troubling escalation in the ongoing battle against crypto phishing scams. By improving its interface, expanding its range of targets, and increasing its ability to evade detection, AngelX represents a more potent threat to crypto users across multiple blockchain networks. As security firms like Blockaid continue to detect and neutralize these threats, the crypto community must remain vigilant and prepared for future waves of increasingly sophisticated phishing attacks.
AI-Powered Deepfake Scams on the Rise: CryptoCore Defrauds Millions Using Videos of Prominent Figures
In the second quarter of 2024, cybercriminals ramped up their use of artificial intelligence (AI) technology to carry out sophisticated scams targeting cryptocurrency holders. According to a recent report by software firm Gen Digital, the parent company of popular antivirus brands Norton, Avast, and Avira, a cybercriminal group dubbed CryptoCore has emerged as a major player in AI-powered crypto fraud.
The group has gained attention for its use of deepfake videos—realistic AI-generated videos that manipulate existing footage to deceive viewers. By faking the likeness of prominent figures such as Elon Musk, Michael Saylor, Vitalik Buterin, and Larry Fink, CryptoCore has managed to swindle millions from unsuspecting crypto investors.
AI-Generated Voices Fuel Fraudulent Crypto Investments
Gen Digital’s quarterly report detailed how CryptoCore has been conducting its scams. The group hijacks official videos featuring well-known personalities in the crypto and tech industries and manipulates the audio using AI-generated voices. The altered videos tout fake investment opportunities and encourage viewers to send cryptocurrency to wallets under the scammers’ control.
For example, Ethereum co-founder Vitalik Buterin was one of several high-profile figures whose footage was doctored to promote false investment schemes. Cybercriminals use these AI-enhanced videos to exploit the credibility and influence of prominent individuals, effectively luring victims into believing the investment opportunities are legitimate.
CryptoCore’s reach is bolstered by its ability to take over high-follower social media accounts. According to Gen Digital, the scammers infiltrate platforms such as YouTube, X (formerly Twitter), and TikTok, using hacked accounts to broadcast deepfake videos via livestreams. These accounts, often with large followings, lend additional credibility to the scams, allowing them to attract even more victims.
The group’s tactics highlight a growing trend of cybercriminals using social media platforms to spread misinformation. In particular, CryptoCore has used YouTube livestreams as a vehicle for promoting fraudulent crypto schemes to a wide audience.
During SpaceX’s integrated flight test in June 2024, Gen Digital reported that around 50 YouTube accounts were hijacked by CryptoCore, resulting in 500 unauthorized transactions. These attacks led to a total of $1.4 million in stolen cryptocurrency.
The rapid expansion of AI technology has provided cybercriminals with more tools to enhance the sophistication of their scams. Siggi Stefnisson, Gen Digital’s Chief Technology Officer, commented on this trend, noting that AI-powered attacks have become more convincing than ever.
Cybercriminals are expanding their toolkits with AI, said Stefnisson. “Now, with AI and other new tech, their schemes are more sophisticated and convincing than ever before. We urge consumers to stay informed and alert.”
CryptoCore’s operations have been highly lucrative, with Gen Digital estimating that the group has already accumulated millions through their AI-powered scams. In the second quarter of 2024 alone, the group reportedly stole $5 million in cryptocurrency from victims. This staggering amount emphasizes the need for heightened vigilance within the crypto community.
Gen Digital’s report revealed that CryptoCore frequently targets cryptocurrency-related firms and topics with a high level of public interest. In August 2024, Avast, one of Gen Digital’s subsidiaries, conducted an in-depth investigation into CryptoCore’s activities, identifying that the most exploited subjects included companies like SpaceX, MicroStrategy, Ripple, Tesla, BlackRock, and Cardano.
The scammers’ use of AI technology has become so advanced that they can now perform high-quality lip-syncing within their deepfake videos. This level of precision can easily mislead viewers into believing they are watching official promotions from prominent individuals or companies. As a result, many victims are convinced to invest in the fraudulent schemes without realizing they are being scammed.
The rise of AI-powered deepfake scams signals a worrying new chapter in the ongoing battle against cybercrime in the cryptocurrency space. As AI technologies become more accessible, scammers are increasingly leveraging these tools to make their schemes more convincing and difficult to detect. The use of deepfake videos, in particular, has become a favored tactic for fraudsters seeking to capitalize on the trust that people place in well-known figures.
Crypto investors are especially vulnerable to these scams because of the decentralized nature of digital assets. Once cryptocurrency has been transferred to a fraudulent wallet, it is extremely difficult—if not impossible—to recover.
Calls for Greater Awareness and Security Measures
In response to these developments, Gen Digital and other cybersecurity firms are urging consumers and crypto holders to stay vigilant and informed. As the use of AI-powered scams grows, so too must the defenses employed to counter them.
For individuals and businesses operating in the crypto space, the importance of adopting advanced security tools and educating themselves on potential threats cannot be overstated. Avoiding too-good-to-be-true investment offers, verifying the legitimacy of social media promotions, and keeping personal accounts secure are some of the best practices for staying safe.
