Warning: How 'One Time Password' bots can steal all your crypto
Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts.
According to a report from cybersecurity firm Intel471, One Time Password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack.
A Telegram bot known as ‘BloodOTPbot’ charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20 to $100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services like Paypal and Venmo and crypto platforms such as Coinbase.
OTP bots are especially nefarious as they are generally the final step in the hacking process, after all necessary personal information has been gathered on the victim, known in hacker parlance as “the fullz”. Hackers use the OTP bot to stage a seemingly-official phone call, while simultaneously prompting the 2FA code from the user's crypto platform. Once the typically flustered user divulges the code, hackers gain immediate and total access to the victims account.
According to a report from CNBC, Maryland-based obstetrician Dr Anders Agpar, was the victim of such an attack, in which an “official sounding phone call” alongside a series of banner notifications on his phone, informed him that his Coinbase account “was in jeopardy”
Dr Agpar ended up in a situation where his two-factor-authentication (2FA) code was divulged over the phone and immediately afterwards he found himself locked out of his own Coinbase account which held approximately $106,000 in Bitcoin (BTC).
These types of attacks from OTP bots are increasing in frequency and are causing
Read more on cointelegraph.com
