Cryptocurrency scam sites are being targeted by other scammers to hijack their traffic and their possible earnings. A recently detected threat actor, named Water Labbu, is manipulating the users that are drawn to these sites as a source of revenue, injecting a malicious script as a tool for interacting with the wallet that, depending on its funds, will be attacked.

Crypto Scammers Are Attacking Crypto Scammers


The rise of the cryptocurrency ecosystem has brought interest in targeting investors through scam sites using different resources that include Youtube streams to do so, as a recent report showed. Now, scammers are taking advantage of other scammers through sophisticated script tools. A new kind of threat actor, called Water Labbu, is targeting third-party crypto scam sites to use their attracted users also as targets for its attack.

The attack inserts a script in the cryptocurrency scam web page, which is commonly a kind of lending-liquidity providing page, that sends an approve prompt to the cryptocurrency wallet of the user if he has over a certain amount of cryptocurrency in his wallet. If the user approves the request, which is designed to look like a valid token allowance request from a Web3 site, the wallet affected will be drained of all the USDT present.

This constitutes a double scam attack: Water Labbu steals the cryptocurrency from the targeted users and also uses the resources of the scam site, which previously has invested in several channels to attract the attention of these users.

Earnings and Warnings to Avoid This Scam


Water Labbu has managed to infect 45 cryptocurrency scam websites according to a recent article from Trend Micro, a cybersecurity and antivirus firm. The company also determined that at least 9 addresses were victims of this fraud, allowing the attack to siphon more than $300,000 in funds.

To avoid being victims of this kind of attack, users should follow the same best practice rules to avoid other similar cryptocurrency scams. Trend Micro explains that “users should be careful of any invitations for investment that originate from untrusted parties. Furthermore, they should not trade cryptocurrency funds on any unknown platform without thoroughly vetting its legitimacy, understanding what it does, and how it operates.”

Another way of avoiding this kind of scam is to be very aware of the token approval limits and review every transaction to be signed by the cryptocurrency wallet used.

What do you think about the cryptocurrency scam attack that uses other scam sites? Tell us in the comments section below.

Leave a Reply

Your email address will not be published. Required fields are marked *