Recently, Jameson Lopp, co-founder of CasaHODL, raised the alarm about a new phishing scam specifically targeting Gemini users. This scam involves a fake data breach notice that tricks users into transferring their funds to malicious actors. The scammers claim that Gemini is partnering with Trust Wallet to protect users’ funds after a supposed security breach compromised several multi-signature wallets on their backend storage servers.
The scammers behind this phishing attempt urge users to transfer their funds to a wallet controlled by a seed phrase provided by them, which they misleadingly refer to as a “Unique Recovery Phrase.” Additionally, they falsely state that users have only one week to secure their funds, creating a sense of urgency and panic among victims. Yu Xian, the founder of SlowMist, pointed out that phishing scams involving mnemonic phrases are not new in the crypto space and are often carried out due to the low cost of sending scam emails based on leaked data from the dark web.
Experts warn that users who rely on third-party custody platforms are particularly vulnerable to such scams. Psifour, a developer for Taproot Wizard, emphasized the importance of raising awareness about these scams to protect newcomers in the crypto community from falling victim to such fraudulent activities. Despite Gemini acknowledging the phishing attempt and advising users to stay vigilant, the prevalence of phishing scams in the industry continues to grow, resulting in significant losses for crypto users.
According to blockchain security firm Scam Sniffer, crypto phishing scams led to $63 million in losses for 9,145 victims in August alone. This marks a 215% increase in stolen funds, despite a 34% decrease in the number of victims. The escalating sophistication of phishing attacks underscores the urgent need for stronger security measures and heightened user awareness to combat these threats effectively.