Blockchain security firm Scam Sniffer warned that crypto investors are facing a surge in malware scams on social media platform Telegram compared to the traditional phishing methods.
While phishing still causes substantial losses—estimated at nearly half a billion dollars in 2024—its growth has plateaued.
In contrast, Scam Sniffers reported that Telegram malware scams represent a rising and more severe threat that allows attackers to breach multiple wallets and extract sensitive information directly from devices.
These types of attacks have increased by 2,000% between November 2024 and January 2025.
How the scam works
According to the firm, malicious actors have shifted their modus operandi from impersonating well-known figures in the crypto space to infiltrating legitimate communities on Telegram, a messaging platform that is very popular among crypto users.
Scam Sniffer noted that these attackers lure their victims into fraudulent Telegram groups under the guise of trusted invites. Through this invite, the hackers employ deceptive strategies involving fake bots, counterfeit trading platforms, and bogus airdrops or insider groups.
Victims who engage with these deceptive channels unknowingly activate malicious code that compromises their devices. This breach enables attackers to access sensitive information, including passwords, crypto wallets, and browsing data.
Scam Sniffer highlighted that this strategy shift reflects crypto users’ growing awareness of conventional phishing scams and attackers’ evolution beyond basic wallet connection scams.
Improving security
Scam Sniffer advised crypto users to exercise caution and adopt strict security measures to mitigate these risks.
According to the firm, crypto users should avoid risky actions like running unknown commands or installing unverified software on their devices. Additionally, it recommended that crypto users rely on secure wallet solutions and remain cautious about their interactions on social media.
The blockchain security company also emphasized that legitimate crypto services will never ask their users to execute commands or install verification tools.
