Asset Security Experts Encounter Sophisticated Phishing Attacks, Warning Crypto Assets Investors to Stay Vigilant

Recently, a massive dataset containing 16 billion pieces of user identity information has been circulating online, drawing significant attention from the security community. This dataset not only includes previously leaked information but also contains newly acquired login data. Although it is currently unclear who updated and released this data, its sheer size is astonishing and is considered one of the largest single account leak collections in history.

Hackers are using this data to launch various attacks, and one seasoned cybersecurity professional has become a target. On June 19, this expert fell victim to an extremely sophisticated phishing attack, which is considered the most complex in his ten-year career. The attackers first created the illusion that the victim's account was under attack across multiple platforms, and then impersonated an employee of a trading platform to offer "help". They cleverly combined social engineering techniques with coordinated tactics across SMS, phone calls, and forged emails, all designed to create a sense of urgency, enhance credibility, and expand the scale of the attack. This deceptive attack has a wide reach and is highly misleading, which is the key to its confusion.

The attack began with an anonymous text message claiming that someone was attempting to lure the mobile operator into disclosing the victim's phone number. Subsequently, the victim received verification codes allegedly from multiple financial platforms, further creating the illusion that the account was under attack. Soon after, a person named "Mason", claiming to be from a trading platform's investigation team, called, stating that there had been multiple attempts to hack the victim's account in the last 30 minutes. "Mason" indicated that the attacker possessed a large amount of personal information, but failed to pass the final verification, triggering a security alert.

To enhance credibility, "Mason" proposed protecting accounts by blocking additional attack vectors and listed several related API connections and wallets. He also claimed that the victim's account protection service had been terminated, and failure to act could lead to a loss of funds. Subsequently, the victim received two emails, one confirming the subscription to platform news, and the other stating that account protection had been canceled. These emails further reinforced the authenticity of the scam.

"Mason" suggested transferring assets to a multi-signature wallet to ensure security and provided a seemingly official link. However, the victim checked and found that the domain name was unrelated to the platform, so they refused to proceed. Even though the attacker continued to pressure, claiming that delaying the operation could lead to account locking, the victim insisted on only operating through official channels.

Ultimately, the victim contacted the platform's genuine customer service to confirm that there were no abnormalities with the account. The customer service suggested immediately locking the account and collecting details of the attack for investigation. This experience highlights that even experienced professionals can fall victim to well-crafted phishing attacks.

To prevent similar attacks, investors should pay attention to the following points:

1. Beware of the chaos and urgency created by collaborative false alarms.
2. Pay attention to the situation of mixing short codes with regular phone numbers.
3. Refuse to operate through unofficial or unfamiliar domains.
4. Be vigilant against unsolicited calls and communications.
5. Be wary of unsolicited emergency situations and consequence warnings
6. Refuse to bypass requests through official channels
7. Verify the authenticity of the case number or support ticket.
8. Be aware of the situation where true and false information is mixed.
9. Be cautious about the suggestion to use real company names in alternative solutions.
10. Beware of excessive enthusiasm without verification.

In addition, it is recommended to take the following proactive protective measures:

1. Enable trading-level verification on the platform
2. Always contact service providers through legal and verified channels.
3. Understand the responsibilities of the platform customer service.
4. Consider using multi-signature wallets or cold wallet storage solutions.
5. Save the official website URL and avoid clicking on links in unsolicited information.
6. Use a password manager to identify suspicious websites and maintain strong passwords.
7. Regularly review associated applications, API keys, and third-party integrations
8. Enable real-time account alerts in available options
9. Report all suspicious activities to the official support team of the service provider.

This incident underscores the importance of individual security awareness once again. Both institutions and individual users need to remain vigilant, adopt multi-layered defense measures, and cultivate cybersecurity literacy to cope with increasingly complex online threats.