Cryptocurrency Traders In India, There’s A New Scam Targeting Your Money

If you are trading in cryptocurrency, then there’s a new botnet variant you need to be careful; about. Cybersecurity firm Check Point Research has reported a new botnet variant called Twizt that is said to have stolen nearly half a million dollars’ worth of cryptocurrency through a technique called “crypto clipping”. This scam is primarily targeting traders from India, Ethiopia and Nigeria.

Twizt is another variant from the Phorpiex botnet family that steals cryptocurrency during transactions by automatically substituting the intended wallet address with the attacker’s wallet address.

The cybersecurity firm warned cryptocurrency traders to beware of who they send funds to, as 969 transactions have been intercepted already. The new Twizt botnet can operate without active command and control servers and can evade security mechanisms.

As per the report by Check Point Research, in 12 months, 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens were taken. In a single instance, 26 ETH got hijacked.

What is Crypto Clipping And How Twizt Works

Twizt uses a technique called “crypto clipping”, which is the theft of cryptocurrency during transactions through the use of malware that automatically substitutes the intended wallet address with the threat actor’s wallet address. The result is that funds go into the wrong hands.

“There are three main risks involved with the new variant of Phorpiex. First, Twizt uses peer-to-peer model and is able to receive commands and updates from thousands of other infected machines. A peer-to-peer botnet is harder to take down and disrupt its operation. This makes Twizt more stable than previous versions of Phorpiex bots. Second, as well as old versions of Phorpiex, Twizt is able to steal crypto without any communication with C&C, therefore, it is easier to evade security mechanisms, such as firewalls in order to do damage. Third, Twizt supports more than 30 different cryptocurrency wallets from different blockchains, including major ones such as Bitcoin, Ethereum, Dash, Monero,” explained Alexander Chailytko, Cyber Security Research & Innovation Manager at Check Point Software.

This makes for a huge attack surface, and basically anyone who is utilizing crypto could be affected. I strongly urge all crypto currency users to double check the wallet addresses they copy and paste, as you could very well be inadvertently sending your crypto into the wrong hands,” he added.

Between November 2020 to November 2021, Phorpiex bots hijacked 969 transactions, stealing 3.64 Bitcoin, 55.87 Ether, and $55,000 in ERC20 tokens. The value of the stolen assets in current prices is almost half a million US dollars. Several times, Phorpiex was able to hijack large amounts of transactions. The largest amount for an intercepted Ethereum transaction was 26 ETH.

Leave a Comment