IOTW: Metallica encourages fans to seek and destroy crypto scams

Metal band Metallica has warned fans of scammers posing as them and offering fake cryptocurrency giveaways ahead of the launch of their album, 72 Seasons.

In a tweet, the band warned fans that any websites, YouTube channels and livestreams claiming to offer Metallica cryptocurrency were fake. To avoid getting scammed, the band urged fans to “always look for official verification before believing something wild and crazy to be true”, and reminded them that all official Metallica social media profiles were verified.

The band also thanked fans for being diligent in reporting the fraudulent sites both to the social media sites hosting them and the band itself and asked that fans “don’t let up” in exposing these fake giveaways and “report anything that is a scam”.

Fans praised the band for being proactive in posting about the scams, with one fan saying they were glad the band had addressed the fraudulent sites as they were “worried some older/younger fans who may not be familiar with how the internet works might fall for this stuff”.

There is currently no information on how many people have been affected, however, fans have taken to social media to discuss the scam. One fan called it the “weirdest crypto scam yet” and explained that the scammers are replaying an interview with the band from 2020 as if it is happening in real time, with a QR code that links to a site selling fake Metallica cryptocurrency. 

What are crypto scams?

There are a range of cryptocurrency-based scams, from fake currency to phishing links disguised as legitimate sites. Scammers rely on the hype built around a currency to draw in unsuspecting victims and often pose as legitimate sites and crypto producers to make their claims seem more valid.  

Malicious actors frequently use social engineering techniques to drum up excitement and urgency around investing in their fake cryptocurrency, encouraging victims to be the first to invest in their scams or risk losing out.  
One such scam is the Monkey Drainer crypto scam, which saw a notorious hacker that uses the alias Monkey Drainer steal US$1m in Ethereum and NFTs in just 24 hours.

This scam took place on October 25 of this year, and saw the hacker pose use phishing-based techniques to access multiple victim’s wallets and drain them of the cryptocurrency and NFTs held within them. During the October 25 phishing attack, two victims referred to as 0x02a and 0x626 lost a collective $370,000 via malicious sites operated by Monkey Drainer. 0x02a lost 12 NFTs worth around $150,000 in the hack and 0x626 lost $270,000 worth of cryptocurrency.

When enacting their cyber attacks, Monkey Drainer sets up fake cryptocurrency and NFT sites, most notably posing as legitimate blockchain sites RTFKT and Aptos. Victims then enter sensitive details about their cryptocurrency wallets and sign off on transactions, allowing Monkey Drainer to access their wallets.

The impact of fake cryptocurrency on investors

In July of this year, the US Federal Bureau of Investigation (FBI) warned cryptocurrency investors that fake cryptocurrency applications had led to losses of $42.7m between November 1, 2021 and May 13, 2022.

The Bureau identified 244 victims over this period, who lost between $900,000 to $5.5m to fake cryptocurrency apps.

In a report published in July of this year, the FBI detailed the scams, which involved fraudsters contacting those who had an interest in cryptocurrency and mobile banking posing as legitimate US investment services, including using their logos and names. By convincing the investors to download mobile apps, the hackers were able to defraud the investors.

The criminals created fake websites and used the name of former legitimate cryptocurrency service YitBit in addition to Supayos (aka Supay), an Australian currency exchange business. The FBI suggested this was an attempt to make the scam apps seem more legitimate.

In posing as YitBit, scammers were able to defraud at least four victims of $5.5m. After downloading the fake app and depositing funds to the account set up by the hackers, victims were then told they had to pay taxes in order to withdraw funds. This resulted in victims being unable to withdraw any investments deposited into the fraudulent app.

Research by cyber security resource site Privacy Affairs has found that malicious actors launched up 15 cryptocurrency-based scams every hour in 2022, leading to hackers stealing $4.3bn worth of cryptocurrency from January to November. 

You May Also Like

  • Blizzard Entertainment hit by DDoS attack

  • IOTW: A full timeline of the MOVEit cyber attack

  • PwC and EY impacted by MOVEit cyber attack

  • BlackCat threatens to leak 80GB of Reddit data