Darktrace Report: Sophisticated Social Engineering Targets Crypto Wallets

Cybersecurity firm identifies elaborate tech startup impersonation scam

According to a Thursday report from cybersecurity company Darktrace, threat actors are employing a sophisticated social engineering scheme to drain cryptocurrency wallets. While the techniques share similarities with known malware groups (“Traffer Groups”), this campaign specifically targets users on social media, leveraging fake startup companies.

The attack chain begins by establishing trust through compromised X accounts, which are often supplemented with Medium articles and GitHub listings.

Target organizations falsely appear in the industries of AI, gaming, Web3, and social media.

“Each campaign typically starts with a victim being contacted through X messages, Telegram or Discord,” the Darktrace report explains. “A fake employee of the company will contact a victim asking to test out their software exchange for a cryptocurrency payment.”

Coinciding with recent campaigns like Meeten, victims download what appears to be legitimate software after the contact request. Crucially, upon initiation, a Cloudflare verification prompt activates a hidden phishing toolkit designed to extract sensitive information.

Following this stage, credentials from cryptocurrency wallets are ultimately stolen. Darktrace reports that the campaigns specifically targeted both Windows and Mac users.

Crypto Scams Abound in 2025

Cryptocurrency fraud remains pervasive this year. Frauds range from established methods like the “pig butchering” scam and “four-dollar wrench attacks” to more sophisticated exploits involving social engineering, defunct exchanges, and malicious developers.

Fraudulent schemes continually evolve, often exploiting users’ limited understanding of new technologies while leveraging compromised social media verification to add credibility.

Regulatory and Enforcement Actions

The pervasiveness of crypto fraud led to warnings and enforcement involving major stakeholders. On July 7th, Chinese authorities cautioned citizens about illicit schemes linked to stablecoins, often disguised as fronts for money laundering or online gambling.

On July 8th, the U.S. Department of Justice unsealed indictments against two individuals allegedly orchestrating a multi-million dollar crowdfunding scheme, defrauding investors of over $650 million following its initial launch.

The Financial Conduct Authority recently highlighted these scams, but the report did not quote any specific companies. Regulatory scrutiny has intensified as fraudulent Initial Exchange Offerings (IEOs) gain traction in the market space.

Recognizing Scam Indicators

Individuals advised to monitor for indicators, including unexpected fund withdrawals. They should remain cautious of unsolicited requests, overly profitable ‘opportunities’, and offers from unverified platforms.

Educational sources have compiled lists covering red flags investors should watch out for, emphasizing verification of exchange licenses and signs of phishing websites with fake SSL certificates.

Conclusion

The Darktrace report underscores the ongoing threat landscape targeting crypto assets, highlighting attackers’ resourcefulness in exploiting trust, not just technical vulnerabilities. Vigilance remains crucial in protecting these high-value assets, even as the methodologies become increasingly technical and seamless for victims.