FBI Warns of Crypto-Stealing Play-to-Earn Games

Consumers have been warned not to fall for a new type of fake gaming application which has already stolen millions in cryptocurrency from victims.

Victims are typically contacted by scammers online, before being introduced in time to the online or mobile game, according to a new Public Service Announcement from the FBI’s Internet Crime Complaint Center (IC3).

The game purports to reward the user with cryptocurrency simply for playing. Although there are multiple variations of this scam, the example the FBI used was a player growing virtual crops on an animated farm.

Before playing, users are told they must create a cryptocurrency wallet and purchase some digital money. The scammer reportedly explains that the more crypto they store in their wallet, the more rewards they can earn in the game.

The apps have been designed to display fake rewards that accumulate as the victim plays. However, when they stop depositing virtual money into the wallet, the cyber-criminals steal all the funds via malware which was covertly activated when the victim joined the game, the FBI warned.

In a secondary scam, the fraudsters will tell their victims they can reclaim funds by paying extra taxes or fees – although this money will also end up in the pockets of the scammers.

The FBI urged consumers wishing to participate in cryptocurrency-based gaming to:

  • Create a unique digital wallet to use, rather than one suggested by the scammer. This means that even if the threat actors get access to the gaming wallet, they will not be able to steal the user’s crypto
  • Use a third-party blockchain explorer to independently check the balance of the addresses in a gaming wallet
  • Use a third-party token allowance checker to gain insight into any sites or apps the user may have unwittingly permitted to access funds in their wallet, and revoke those permissions

This is just the latest in a long line of crypto scams identified by security researchers. Many start with victims being groomed on romance sites before being persuaded to download fake apps designed to steal their money.

Articles You May Like

three-factor authentication (3FA)
Twitter will kill ‘legacy’ blue checks on April 1
Seed Club Ventures emerges from stealth with $25M fund focused on DAOs
When the tech IPO market reopens, keep an eye on HR unicorns
U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

Leave a Reply

Your email address will not be published. Required fields are marked *