An investigation by Scam Sniffer has recently uncovered a cryptocurrency user scam that is way too sophisticated for its own good. It targets the basic details of well-known tokens and uses them to lure in victims with the promise of fake trading opportunities manipulated by the scammers. One of the well-known tokens affected in this way is the $CAR token. The Cloudflare fake pages asking users to validate themselves via captcha before they can access the site are a nice touch for making the whole ruse seem more legit. The newest find has triggered warning signals in the crypto society and is underscoring how scammers are now using a more subtle and effective approach to defraud their victims. The links are set up to steal personal information; or, if a user’s computer is not already compromised, install software that will defeat whatever defenses the user has. The scammers are not only using this new method as a direct attack on individual users; they are also directly harming the platforms and services we all use. Scam Mechanics: Deceptive Links and Fake Verification Pages As reported by Scam Sniffer, the misleading links usually appear believable to users, which makes them prime targets for unwitting victims. Scammers are hard at work embedding links to fake sites that resemble well-known platforms, such as the Kick platform. They often push these links through supposedly safe channels, like Linktree, which let the bad guys mask the true destination of the link. When a user clicks on one of these fraudulent links, they are directed to a page that looks exactly like Cloudflare’s captcha verification system. These pages are intended to mislead users into thinking that they are completing a normal security procedure. In reality, the system is executing malicious code on the user’s device. Unlike most ciphers, which work by obfuscating the contents of a message so that only the intended recipient can read it, the “cipher” used here is perfectly legible. The only secret it conceals is the fact that it was written with malicious intent. These tactics are being used in conjunction with social engineering techniques to target crypto enthusiasts. By using the verifiably familiar, these scammers are gaining access to user systems without raising any suspicion. Telegram Groups Used to Distribute Malicious Links The probe uncovered that the harmful links were being disseminated by the well-known Telegram chat group caronsolanas, which revolves around conversations related to Solana projects. Within this popular group, scammers were using sophisticated, fake Safeguard phishing bots that looked and acted like the real deal and were doing the same job as real phishing bots do: instructing users to click on malicious links that lead to real scams. The Scammer Safeguard bot actually gave out pretty good advice, as far as that went. But then it would add this little doozy at the end: “as a final precaution, be sure NOT to click on any unsolicited links, especially if they appear to be coming from your friends!” For years, Telegram has been a popular meeting place for not just friends and families to come together but for cryptocurrency scammers, too. While the platform has long been a home for crypto-related scams, what makes this scam particularly insidious is the way the attackers disguised their links, making them appear as though they were sent by BotFather—a Telegram service that helps users create bots—and are legitimate resources within trusted crypto communities. On Telegram, the vetting of content almost totally relies on community members. That makes the presence of phishing bots and bad guys using security tools to find and send borderline fraudulent, but seemingly legitimate, links an appalling development for Telegram and its (not-so-)cryptic communities. In an unexpected turn of events, the official Telegram link for Coingecko was found to redirect users to the fraudulent caronsolanas group. This new development raised worries for many, as it was the first time a major, well-established platform was found working in cahoots with the fraudulent group. Fortunately, the fraudulent link was quickly detected and removed, and a fresh link for Coingecko’s Telegram channel was posted. Despite this, the major platforms the group has now infiltrated adds a significant new layer of danger to the caronsolanas group’s scheme. How Users Can Protect Themselves The con reveals how essential it is to be vigilant and cautious when dealing with links or websites one is not familiar with, even when they seem to be connected to reputable brands. Individuals must authenticate every link due to the kinds of scenarios that are part of everyday life, like filling out a form or granting access to one’s device. If any link leads to a website that is not the real deal, users might as well be filling out a form directly for the scammers who set up the site to access all their relevant personal information. To ensure maximum safety, users need to steer clear of using third-party platforms that make questionable promises about verifying transactions or securing assets. If a platform makes an offer that seems far too good to be true, it almost certainly is. Always perform due diligence on any platform you’re considering, which should include reading a lot of reviews (both positive and negative), as well as checking the platforms business with several official sources. ALERT: Scammer modifying popular token information like $CAR and embedding fake Kick platform site through Linktree links. They're using fake Cloudflare captcha verification pages to trick users into executing malicious code. https://t.co/kLSonrA8fF pic.twitter.com/VC0NKQgLiL — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 10, 2025 In addition, users ought to exercise caution with Telegram bots—especially those that ask or entice users to click on links that lead off the platform. A legitimate bot will not ask for personal or sensitive info and will have a clear and reasonable motive for directing you to an external site. It is also essential to keep security software current and employ hardware wallets when storing significant amounts of cryptocurrency. Trusting only software wallets or exchanges makes one susceptible to the kinds of hacks suffered in this case. A Growing Trend of Sophisticated Scams This scam is part of a larger trend involving more and more sophisticated phishing attacks in the crypto space. Attackers are using this and other similar phishing scams to mimic legitimate platforms and draw unsuspecting users into their trap. And given the crypto world’s low regulatory environment, it’s pretty easy for a scammer to set up shop. The cryptocurrency market is bringing in a slew of new investors, many of whom are too inexperienced to recognize a phishing scam when they see one. And this is making crypto phishing attacks by far the most profitable for the attackers. The crypto community is rapidly expanding, and that makes the watch against threats of this kind all the more essential for platforms, developers, and users. While Coingecko’s official channel on Telegram has had the fake link removed, the fact that the link got onto Coingecko’s channel at all is a pretty potent reminder that even platforms with widespread trust in the community can be hoodwinked by bad actors. It brings to the fore what’s all too often an afterthought: the need for every crypto user to remain aware of the kinds of threats that are out there and to be ready to counter them. To sum up, the scam that involves counterfeit Kick platform websites, harmful captcha pages, and bogus Telegram groups serves as a timely warning for people who use cryptocurrency. With these scammers busy refining their cons, it is all the more important for crypto users to be on alert and to work with a virtual currency world that pays them the respect of cons-free sophistication. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news ! Image Source: peshkov/ 123RF // Image Effects by Colorcinch
