phishingscam

El mercado cripto ha madurado: atrajo instituciones, ganó regulación en distintas regiones del mundo y se profesionalizó. Pero en 2025, los estafadores también evolucionaron. Y ya no son solo los principiantes los que caen: incluso usuarios con experiencia están siendo engañados por fraudes cada vez más sofisticados.
En este artículo, te mostramos las trampas más comunes del momento, cómo funcionan y qué puedes hacer para mantenerte seguro —especialmente si operas desde el celular o eres activo en redes sociales.
1. Phishing con deepfakes: la nueva cara del engaño
Antes, el phishing se limitaba a sitios web clonados y correos falsos. En 2025, el fraude se volvió mucho más realista. Están circulando videos y audios generados con inteligencia artificial (deepfakes), en los que supuestas celebridades, CEOs o influencers recomiendan oportunidades de inversión.
Estos contenidos se difunden principalmente en redes como X (antes Twitter), Instagram o TikTok, acompañados de links maliciosos. Al conectar tu wallet o ingresar datos, el resultado es la pérdida total de los fondos.
Consejo clave: no confíes solo en una cara o una voz. Verifica siempre los canales oficiales y evita hacer clic en enlaces compartidos por terceros, aunque parezcan legítimos.
2. Apps falsas de staking y wallets clonadas
Uno de los fraudes más frecuentes en 2025 involucra apps falsas que prometen “altos rendimientos” con staking o wallets que ofrecen “soporte a nuevas redes”.
Estas apps suelen instalarse fuera de las tiendas oficiales, y al hacerlo, el usuario otorga permisos que permiten a los atacantes acceder a su frase semilla, monitorear su actividad o vaciar la wallet sin que se dé cuenta.
Consejo clave: instala solo aplicaciones verificadas desde Google Play o App Store. Activa la autenticación en dos pasos (2FA) y nunca guardes claves privadas en dispositivos conectados.
3. Rug pulls “verdes”: el fraude con cara de ecología
Los proyectos DeFi que se presentan como sostenibles o con impacto social han ganado fuerza en 2025. Muchos prometen retornos ligados a la tokenización de créditos de carbono o donaciones a causas ambientales.
Pero en muchos casos, estos proyectos no tienen respaldo real, ni equipo detrás, ni actividad concreta. Recaudan fondos y luego desaparecen —el famoso rug pull.
Consejo clave: desconfía de cualquier promesa que combine rendimientos atractivos con “impacto positivo garantizado”. Investiga el whitepaper, verifica si la empresa fue auditada y revisa quién está detrás del proyecto.
4. Influencers y “bots expertos” en redes sociales
Plataformas como Telegram y X están plagadas de perfiles que se hacen pasar por expertos en cripto. Publican gráficos, predicciones y “consejos calientes”, muchos generados por IA, cuyo objetivo es re-dirigirte a sitios fraudulentos o grupos pagos.
Además, hay bots que se hacen pasar por atención al cliente. Aparecen justo cuando publicas una queja o comentario sobre problemas con una wallet. Estos bots intentan que compartas tu seed phrase o accedas a enlaces sospechosos.
Consejo clave: nunca compartas tu seed phrase, claves privadas ni capturas de pantalla con saldos. No permitas que nadie acceda remotamente a tu dispositivo. El soporte oficial jamás te contactará por fuera de los canales verificados.
Consejos extra para cuidar tus activos en 2025
Revisa los permisos con herramientas como Wallet Guard y revoke.cash
Cuando interactúas con dApps en Web3, tu wallet puede quedar con permisos activos incluso después de terminar el uso. Herramientas como Wallet Guard detectan comportamientos sospechosos y revoke.cash permite cancelar accesos innecesarios. Usarlas reduce el riesgo de ataques o drenaje de fondos.
Nunca guardes tu frase semilla en la nube o archivos digitales
Tu seed phrase es la llave maestra de tu cartera. Guardarla en Google Drive, emails, notas o fotos del celular es altamente riesgoso. Hackers y malwares acceden fácilmente a esos espacios. Lo ideal: anótala en papel y guárdala en un lugar físico y seguro.
Aléjate de promesas de lucro rápido o mensajes con urgencia
Frases como “última oportunidad”, “retorno garantizado” o “envía ahora y recibe el doble” son típicas de estafas. Si un mensaje te apura o parece demasiado bueno para ser verdad, probablemente no lo sea. Verifica la fuente con calma. Si dudas, no hagas clic ni interactúes.
Mantén tus dispositivos protegidos y actualizados
Tener el celular o computadora desactualizados facilita la entrada de malware. Instala siempre las versiones más recientes del sistema operativo, navegador y apps. Usa antivirus confiable y evita instalar aplicaciones de origen desconocido. Siempre que sea posible, activa 2FA.
La nueva generación de estafas exige atención constante
El ecosistema cripto se hace más sofisticado cada año —y los criminales también. En 2025, los fraudes son más creíbles, más personalizados y más difíciles de detectar. Pero con buena información, hábitos seguros y algo de desconfianza, es totalmente posible mantenerse protegido.
Adopta una postura crítica, desconfía de atajos y, sobre todo, mantén el control de tus fondos. En un mercado donde la libertad es total, la responsabilidad también lo es.
Invierte con conciencia y no caigas en las trampas digitales de 2025.
#SeguridadDigital #Seguridad #phishingscam #estafas

---
Imagen disponible en Freepik

Losing money in trading is common, but imagine watching $1.5 million vanish in seconds — not because of a bad trade, but due to one critical mistake.

That’s exactly what happened to a crypto investor who fell victim to a sophisticated phishing scam. Instead of the market turning against him, it was a fake link that cost him everything.

What Went Wrong?

The investor connected his wallet to what appeared to be a legitimate decentralized app (dApp). But hidden beneath the surface was malicious code designed to drain the wallet instantly once permissions were granted.

Once connected, the scam smart contract took full control — transferring the entire $1.5 million balance to the attacker’s wallet within seconds.

The Real Lesson

This wasn’t a trading loss — it was a security lapse. The market remained stable, but a lack of caution with wallet permissions and unknown links led to disaster.

How to Protect Yourself

Always double-check URLs before connecting your wallet.

Use hardware wallets for large holdings.

Revoke unnecessary token approvals regularly.

Stay updated on the latest phishing tactics in crypto.

Final Thoughts

In crypto, it’s not just the markets you need to watch — it’s your own security habits. One careless click can cost more than any market crash.

#PhishingScam #DeFiRisks

In April 2025, ScamSniffer reported that phishing scams led to losses totaling $5.29 million, impacting 7,565 victims. While this represents a 17% decrease in total losses compared to March, the number of victims increased by 26%, indicating a rise in the frequency of attacks.
🔍 Key Attack Vectors:
Address Poisoning: The most significant single attack involved address poisoning, resulting in a loss of $1.43 million. This technique involves scammers sending small transactions from addresses that closely resemble those of legitimate contacts, hoping users will inadvertently send funds to the fraudulent address. Permit Exploits: Scammers exploited unrevoked permissions, leading to substantial unauthorized withdrawals.
🛡️ Preventive Measures:
1. Double-Check Addresses: Always verify the recipient's address before initiating a transaction. Be cautious of addresses that appear familiar but may have subtle differences.
2. Revoke Unused Permissions: Regularly review and revoke unnecessary permissions granted to decentralized applications (dApps) to minimize potential vulnerabilities.
3. Use Reputable Security Tools: Employ browser extensions and security tools that can detect and warn against known phishing sites and malicious contracts.
4. Stay Informed: Keep abreast of the latest phishing tactics and scams by following trusted sources and communities within the crypto space.
By staying vigilant and adopting these practices, crypto users can better protect their assets against evolving phishing threats.
🔒 Recommended Security Tools:
Hardware Wallets: Utilizing hardware wallets can provide an added layer of security by keeping your private keys offline. Security Software: Consider using comprehensive security software solutions that offer real-time protection against malware and phishing attempts.
Staying informed and implementing robust security measures are crucial steps in safeguarding your cryptocurrency assets against phishing scams.
#phishingscam #CryptoScamAlert #scam
$STO

A cryptocurrency investor fell prey to a sophisticated phishing scheme, losing $2 million worth of Ethereum (501 ETH). The attacker exploited the "IncreaseAllowance" function, gaining unauthorized access to the victim's funds.
The Incident:
The investor received a seemingly legitimate email or message that tricked them into authorizing the malicious transaction. The attacker swiftly drained the funds, leaving the victim with significant financial losses.
Key Takeaways:
- Phishing schemes can be highly sophisticated
- Verify authenticity before taking action
- Robust security measures are crucial to protect digital assets
Stay Safe:
- Be cautious of suspicious emails or messages
- Verify legitimacy before interacting with transactions
- Implement strong security protocols
#phishingscam #Ethereum #Cryptocurrency #Security #Cybercrime $ETH

In June 2025, the cybersecurity community was shaken. A member of the notorious North Korean hacking group Kimsuky APT became the victim of a massive data breach, revealing hundreds of gigabytes of sensitive internal files, tools, and operational details.
According to security experts from Slow Mist, the leaked data included browser histories, detailed phishing campaign logs, manuals for custom backdoors and attack systems such as the TomCat kernel backdoor, modified Cobalt Strike beacons, the Ivanti RootRot exploit, and Android malware like Toybox.

Two Compromised Systems and Hacker “KIM”
The breach was linked to two compromised systems operated by an individual known as “KIM” – one was a Linux developer workstation (Deepin 20.9), the other a publicly accessible VPS server.

The Linux system was likely used for malware development, while the VPS hosted phishing materials, fake login portals, and command-and-control (C2) infrastructure.
The leak was carried out by hackers identifying themselves as “Saber” and “cyb0rg”, who claimed to have stolen and published the contents of both systems. While some evidence ties “KIM” to known Kimsuky infrastructure, linguistic and technical indicators also suggest a possible Chinese connection, leaving the true origin uncertain.

A Long History of Cyber Espionage
Kimsuky has been active since at least 2012 and is linked to the Reconnaissance General Bureau, North Korea’s primary intelligence agency. It has long specialized in cyber espionage targeting governments, think tanks, defense contractors, and academia.
In 2025, its campaigns – such as DEEP#DRIVE – relied on multi-stage attack chains. They typically began with ZIP archives containing LNK shortcut files disguised as documents, which, when opened, executed PowerShell commands to download malicious payloads from cloud services like Dropbox, using decoy documents to appear legitimate.

Advanced Techniques and Tools
In spring 2025, Kimsuky deployed a mix of VBScript and PowerShell hidden inside ZIP archives to:
Log keystrokesSteal clipboard dataHarvest cryptocurrency wallet keys from browsers (Chrome, Edge, Firefox, Naver Whale)
Attackers also paired malicious LNK files with VBScripts that executed mshta.exe to load DLL-based malware directly into memory. They used custom RDP Wrapper modules and proxy malware to enable covert remote access.
Programs like forceCopy extracted credentials from browser configuration files without triggering standard password access alerts.

Exploiting Trusted Platforms
Kimsuky abused popular cloud and code-hosting platforms. In a June 2025 spear phishing campaign targeting South Korea, private GitHub repositories were used to store malware and stolen data.

By delivering malware and exfiltrating files via Dropbox and GitHub, the group was able to hide its activity within legitimate network traffic.

#NorthKoreaHackers , #cyberattacks , #CyberSecurity , #phishingscam , #worldnews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“