Why enthusiasm is a vulnerability for crypto users

Cryptocurrency enthusiasts have become the targets of a new cybercrime tactic. Criminals are creating fake blockchain games, laced with malware that steals cryptocurrency from the victims.

We first came across this threat in a newsletter from BHMEA speaker Graham Cluley. The games are being promoted on social media, with threat actors direct-messaging some targets to entice them to download the games via access codes.

And as Cluley pointed out, it’s likely that targets are being identified based on their involvement in, and enthusiasm for, cryptocurrency in general – they’re people who are eager to engage in the space, and cybercriminals are leveraging that eagerness as a human vulnerability.

What are the games called?

Researcher Iamdeadlyz has identified the names of a number of fake games:

• Brawl Earth
• Dawnland
• Evolion
• WildWorld
• Pearl
• Destruction
• Olymp of Reptiles
• SaintLegend

They’re play-to-earn games that promise crypto rewards. Iamdeadlyz has also published a detailed analysis of how the threat actors are deploying the malware and accessing the contents of victims’ crypto wallets.

What malware are they delivering?

They’re delivering Realst on Mac – which steals data from web browsers and cryptocurrency wallets. There are currently 16 variants of Realst, and a report by SentinelOne noted:

"Most variants attempt to grab the user's password via osascript and AppleScript spoofing and perform rudimentary checking that the host device is not a virtual machine via sysctl -n hw.model.”

On Windows, the games are delivering RedLine Stealer.

What does this tell us about crypto security?

In this blog post, we asked whether crypto security is different from ‘regular’ cybersecurity. One of the key issues from a security perspective is the speed at which crypto projects come to market. As Nils Anderson-Röed (Head of Intelligence & Investigations at Binance) said at Black Hat MEA 2022,
“What we’re seeing with Web3 projects is that basically anyone can create their own project. And especially the past year, when there was a huge rise in cryptocurrency-related activities, a new project over the course of a couple of days or weeks could become very popular.”

“If it’s been built very quickly,” he added, “maybe the security checks or security audit hasn’t taken place at all, and there have been plenty of examples where projects had vulnerabilities which were exploited…it’s a very fragile space.”

And these new fake blockchain games reveal another important layer in crypto security: the tendency for cryptocurrency people to be very enthusiastic, and keen to explore new ways of being involved in the space and collecting crypto rewards.

Right now, there are more than 420 million cryptocurrency users worldwide. Real-time data from CoinMarketCap shows that 33 new cryptocurrencies are created every week; and on just one cryptocurrency exchange, Binance, users trade USD $20.37 billion worth of crypto every 24 hours.

People who get involved in crypto tend to either connect with its potential for social and economic transformation, or with the opportunity for rapid gains in wealth – or both. And both of those attractive qualities can cultivate a kind of enthusiasm that drives users towards a less risk-averse relationship with crypto.

They’re excited. And that makes them vulnerable.