As the frost of the Crypto Winter creeps onward and holders saddened by their diminishing funds spend less time opening their digital wallets, a new type of scam has emerged: crypto cashouts.
Cybercriminals are able to take hold of underutilized exchange or wallet accounts and use them to funnel stolen funds into private wallets. According to Sift, a cybersecurity firm, the technique has grown in prevalence since June, with account information sold on Telegram and dark web discussion boards like Dread.
“If you bought in at Bitcoin at $60,000 and don’t want to look at your account right now, I don’t blame you,” said Brittany Allen, a trust and safety architect at Sift. “But with people ignoring their accounts…they’re giving fraudsters even more opportunity to be able to test and access these accounts.”
Screenshot from Dread
Cashout scams are nothing new, with old-school swindlers using options like debit cards and ATMs to withdraw money from stolen accounts. As fraud-prevention technology has advanced, cybercriminals have had to turn to other means—in this case, crypto.
Due to the irreversibility of many crypto platforms—meaning transactions can’t be undone—fraudsters use exchanges and wallets to pay each other or to launder funds. “That way, no one can file a chargeback or dispute,” Allen told Fortune.
Allen regularly monitors forums on Telegram and Dread, where cybercriminals hawk access to stolen funds, hoping to find people with different skillsets who can help them safely move money into their own private wallets.
In these scenarios, a fraudster with access to illicitly obtained funds will market their bounty on Telegram or Dread, eventually linking up with a partner who has access to stolen wallets or crypto exchange accounts. Fraudster A sends the money to fraudster B, who then transfers the funds through the stolen account into a private wallet, and they’ll split the earnings—assuming one of them doesn’t swindle the other, of course.
Allen refers to the interconnected network as the fraud economy. She said she sees hundreds of posts every month, but cautioned that many could be duplicates or scams themselves.
Screenshot from Telegram
Back in 2020, when travel screeched to a halt, one of the most popular means of illicitly transferring money was via travel and loyalty platforms. The logic, Allen explained, is that users would be less likely to be checking those accounts, so cybercriminals could use them to move money around.
Starting in June, she noticed the same dynamic spreading to crypto—with prices in free fall, fewer investors were monitoring their accounts as closely. Fraudsters were accessing the stolen accounts for prolonged periods—not necessarily stealing funds, but using the accounts to receive and send other ill-gotten gains. This would be particularly useful for cybercriminals sitting on large sums of digital cash, as many digital payments platforms have daily limits for withdrawals.
The easiest solution, Allen continued, is checking accounts more regularly to look for irregularities, even if seeing the balance makes you squeamish. And the best safeguard is turning on multi-factor authentication.
“Even if maybe it was a fun-money investment, it’s still a financial account,” she told Fortune. “Treat it like all other finances and protect it.”