Scammers are employing advanced tactics, blending social engineering with malicious Telegram bots to steal cryptocurrency, according to blockchain security firm Scam Sniffer. The firm has uncovered a rising trend of cybercriminals impersonating crypto influencers on X (formerly Twitter) to lure victims into fake Telegram groups promising investment opportunities.

Once inside these groups, users are asked to verify their accounts using a fraudulent bot named “OfficiaISafeguardBot.” This bot manipulates victims with urgency, enforcing short verification windows. However, instead of verifying anything, it injects malicious PowerShell code into the victim’s system, installing crypto-stealing malware capable of compromising wallets and private keys.

Scam Sniffer has reported “numerous cases” of stolen private keys linked to these attacks, marking this as a troubling evolution of scam tactics. They highlighted that while malware targeting crypto users isn’t new, these scams are becoming increasingly sophisticated, likening the trend to “scam-as-a-service.” Scammers are now replicating tools used in phishing schemes to scale their operations.

The firm has also noticed a dramatic spike in impersonations on X, with 300 fake accounts detected daily in December, compared to 160 in November. These accounts trick victims into clicking malicious links and signing fraudulent transactions, leading to massive losses. At least two victims have reported losing over $3 million.

Other security firms, including Cado Security Labs and Cyvers, have warned about a growing wave of phishing attacks this holiday season, targeting Web3 users with fake meeting apps and deceptive links to exploit the rise in online transactions.

As crypto scams grow more sophisticated, users are urged to exercise caution, verify the authenticity of accounts, and avoid clicking on unsolicited links.