Other crypto schemes are also causing chaos for investors. The TRUMP token honeypot scam left investors facing massive losses after a huge price surge. Meanwhile, the Scattered Spider hacking group has been charged with stealing millions in crypto and sensitive data by using SMS phishing and SIM-swapping tactics. Apple decided to step up its security measures by patching two zero-day vulnerabilities affecting Intel-based Macs.
Fraudsters Target High Rollers in Crypto
Phishing scams targeting crypto users have reached new alarming levels as fraudsters reportedly earn massive weekly incomes by impersonating Coinbase support. These scams exploit leaked data to target high-ranking crypto executives and software engineers.
Nick Neuman, CEO and co-founder of Casa, a Bitcoin self-custody solutions provider, recently brought these scams to the attention of the crypto community. During an encounter with a scammer pretending to be from Coinbase, Neuman turned the tables by questioning them about their illicit activities.
The scammer revealed some very shocking details about their operations, and claimed they make at least five figures weekly. In fact, the scammer recently netted $35,000 in just two days. Their targets are far from random because they specifically focus on people with larger financial assets. They even use databases with a minimum threshold of $50,000 to identify potential victims. The scammer even admitted to using data from Bitcoin financial services company Unchained Capital to identify high-value individuals likely to have Coinbase accounts.
The scammer shared some details about their tactics during the conversation, and explained how they craft their phishing schemes by sending fake notifications containing malicious links. These links are designed to lure victims into compromising their security. The ultimate goal is to trick them into transferring funds to wallets controlled by the fraudsters. To increase the credibility of their scams, they employ very sophisticated techniques like email spoofing and "auto-doxxing" tools to gather detailed personal information about their targets.
The financial rewards of these scams are huge, and the stolen funds are usually laundered through platforms like Tornado Cash or converted into privacy coins like Monero. According to the scammer, after holding funds in Monero for a short period, the stolen assets become untraceable. They also mentioned using non-KYC exchanges and hardware wallets, like Ledger, to complicate tracing efforts even more before cashing out through middlemen.
The scale of crypto phishing attacks is staggering. More than 12,000 victims lost about $20 million to phishing scams in October of 2024 alone, according to Web3 security firm Scam Sniffer.
TRUMP Token Turns Honeypot
Despite companies and countries working hard to fight against crypto crime, it is showing no signs of stopping. The crypto market recently experienced yet another rug pull, this time involving the Crypto Emperor Trump (TRUMP) token.
Over the span of five days, the token skyrocketed in price by jumping from $0.001693 on Nov. 15 to a peak of $0.9284 on Nov. 20, which was a massive increase of 54,737%. However, the token’s meteoric rise was quickly followed by a crash to near-zero levels, which left investors facing devastating losses.
TRUMP price action over the past 24 hours (Source: CoinMarketCap)
The rapid price surge was fueled by an aggressive social media campaign that created a frenzy among investors, many of whom gave in to the fear of missing out (FOMO). Promoters also made sure to push for quick investments, which meant that many people decided to bypass the due diligence that is typically necessary for high-risk assets.
Unfortunately, the token turned out to be a classic honeypot scam that was to trap investors. Honeypot tokens lure buyers with promises of profit but include mechanisms to prevent selling. Investors quickly realized they couldn’t sell their TRUMP holdings, and many took to platforms like Reddit and X to voice their frustration. Some people even speculated the token was deliberately crafted to exploit Coinbase Wallet users, especially as reports surfaced of buyers being unable to sell through that platform.
An analysis that was done by ChainDefenders revealed that the TRUMP token had all of the hallmarks of a pump-and-dump scheme. A big portion of the token supply was concentrated among a small group of addresses linked to a common contract. This usually indicates a coordinated effort to manipulate the token’s price. Inactive addresses suddenly became active to buy large quantities of TRUMP, which drove up the trading volume and price. These tactics are characteristic of pump-and-dump schemes.
Five Charged in Scattered Spider Scheme
United States prosecutors charged five people accused of being part of a sophisticated hacking group that allegedly stole $11 million in crypto and sensitive information from businesses and individuals. The California US Attorney’s Office announced on Nov. 20 that the defendants used SMS phishing links and SIM-swapping tactics to steal login credentials from victims’ work or crypto exchange accounts.
Among the victims, one person reportedly lost more than $6.3 million worth of cryptocurrency after their email and wallets were breached.
The hacking group is called Scattered Spider, and it is accused of targeting 45 companies across the U.S., Canada, India, and the United Kingdom. One of their schemes involved impersonating employees of a U.S.-based crypto exchange by sending fake text messages about account deactivation, which led victims to phishing links that were designed to capture sensitive information. Martin Estrada, the U.S. Attorney in Los Angeles, stated that the group orchestrated a complex operation to steal intellectual property, proprietary information, and personal data from hundreds of thousands of individuals.
The accused include Ahmed Elbadawy, 23, from Texas; Noah Urban, 20, from Florida; Evans Osiebo, 20, from Dallas; Joel Evans, 25, from North Carolina; and Tyler Buchanan, 22, from Scotland. All five now face charges of conspiracy, wire fraud, and aggravated identity theft. Wire fraud alone carries a maximum sentence of 20 years. Buchanan also faces an additional wire fraud charge. Court documents hint at other co-conspirators who may also be involved but have not yet been charged.
Scattered Spider has been linked to other high-profile cyber crimes as well, including the September 2023 hacks of Caesars Entertainment and MGM casinos. However, it is still unknown if the five defendants were directly involved.
Investigators, including the FBI and Police Scotland, tracked Buchanan by using registration information tied to phishing sites. A search of his devices uncovered data from a U.S. crypto exchange and a U.S. telecom company. The FBI did face some challenges in dismantling Scattered Spider, even with knowledge of the group’s members and locations.
The investigation is ongoing, and authorities are still pursuing leads on additional suspects that could be linked to the group’s operations.
Apple Patches Zero-Day Flaws
Apple recently made some progress when it comes to preventing future crimes from happening. The company issued a critical patch for two zero-day vulnerabilities affecting Intel-based Mac computers, and urged users to update their systems immediately.
The flaws were disclosed in a Nov. 19 advisory, and have been actively exploited by hackers to process malicious web content. Changpeng "CZ" Zhao, co-founder and former CEO of Binance, also sounded the alarm and urged Mac users with Intel chips to update their devices ASAP.
The first vulnerability was identified as CVE-2024-44308, and exploited weaknesses in the JavaScriptCore software, which allows malicious code execution without user consent. Apple resolved the issue by implementing improved checks. The second flaw, CVE-2024-44309, involved Apple’s WebKit browser engine, which enabled cross-site scripting attacks that could inject harmful code into websites or applications. This issue was mitigated through enhanced cookie state management.
Following its standard policy, Apple did not share any details about the vulnerabilities until the patches were developed. Zero-day vulnerabilities like these are particularly dangerous because they exploit weaknesses that are unknown to the software developer. This leaves them with essentially no time to mitigate before attacks occur.
The discovery of the flaws is credited to Clément Lecigne and Benoît Sevens, researchers from Google’s Threat Analysis Group, which is a team dedicated to countering state-backed cyber threats.
North Korean hackers have also been targeting Apple users. This was the case with a Nov. 12 campaign exploiting macOS vulnerabilities with phishing emails and fake PDF applications. While these attempts were stopped by Apple’s updated systems, they revealed a concerning trend. North Korean hackers were also found exploiting Google Chrome vulnerabilities to steal crypto wallet credentials.
