After holding them for a few years, you have decided it is time to cash in your cryptocurrency holdings. The problem is, it is so long since you set up the digital wallet which manages them on your laptop, you have forgotten the lengthy access code.
Stressed at the thought of losing thousands of pounds, you search and download a program which promises to recover the 24-word “seed phrase” which gives you access to your cypto assets.
Unfortunately, the program was created by criminals and, once installed, harvests your personal details and passwords, as well as taking images of the documents on your system.
It may sound a niche type of fraud, but it is clearly lucrative enough for criminals to bother setting up fake websites directing people to their dodgy software.
“Scammers are preying on people’s desperation to recover their cryptocurrency wallets,” says Alex Holland, of the HP Security Lab, which found evidence of the fraud. “Perhaps the victim has forgotten the seed phrase used to access their wallet. If you wanted a way of recovering that, you could search ‘free cryptocurrency recovery tool’, which I did, and lo and behold one of these fake malware-laden tools came up in my search results.”
A cryptocurrency wallet is a tool on your computer which allows you to store the keys needed to access the currencies. The wallets generate seed phrases – which can be between 12 and 24 words – which allow you access.
The scam software is hosted on a website that offers to help you get hold of your seed phrase.
One piece of software found by HP Security Lab is called the “Lost crypto wallets finder – cryptocurrency recovery toolkit”. It promises that “this toolkit is invaluable for both new and seasoned users who want to reclaim their assets and don’t lose access to their digital wealth”.
The site which hosts the software is now down.
You will be told you need to download the software to recover your wallet. Once downloaded, the malware will collect information, including passwords from web browsers, documents, photos and other sensitive files.
This information is then packaged on to a Zip file and sent to criminals who may use the details for future frauds.
What to do
If you have trouble remembering your passwords, or where you wrote them down, don’t panic as that is exactly what the fraudsters want. “They’re preying on emotions. They want to take advantage of that moment of vulnerability,” says Holland.
There are legitimate sites which can be used to help recover a seed phrase but you should read online reviews to see whether they are safe.
If you find that you have downloaded malware, remove it using reputable security software. Then quickly reset your passwords, starting with your banking ones.
Leave a comment