Skip to main content

Woburn, MA – July 5, 2023 – Kaspersky has unearthed a set of recent phishing campaigns targeting cryptocurrency users across the globe. During the spring of 2023 alone, Kaspersky's solutions detected and thwarted over 85,000 scam emails targeting both hot and cold wallets. A new report provides an in-depth look at the intricacies of these two distinct email attack techniques. The scheme showcases the ever-evolving tactics used by cybercriminals and reflects cryptocurrency's increasing appeal.

With over 400,000,000 cryptocurrency wallet owners globally, the spike in popularity of hot wallets comes from their accessible nature. Online storage services such as crypto exchanges and dedicated apps have become prime targets for cybercriminals due to their constant internet connectivity.

Phishing attacks aimed at hot wallet users typically employ relatively simple tactics, often exploiting non-technical individuals. Malicious actors impersonate well-known crypto exchanges through fraudulent emails, urging users to validate transactions or reconfirm the security of their wallets. Unsuspecting victims who click on the links are redirected to fake web pages that prompt them to enter their seed phrase — an essential element for wallet recovery. By gaining access to the seed phrase, scammers can seize control of the victim's wallet and transfer funds to their own accounts.

In contrast, cold wallets are entirely offline storage systems. Hardware wallets are a prevalent type of cold wallet. They have garnered favor among users storing substantial cryptocurrency holdings due to their enhanced security measures. However, Kaspersky researchers recently discovered a targeted phishing campaign specifically tailored to exploit cold wallet owners. This campaign is initiated with an email masquerading as a prominent cryptocurrency exchange, Ripple, enticing recipients with the promise of participating in an XRP token giveaway.

Instead of directing victims to a phishing page, scammers employ a more sophisticated technique by creating a deceptive blog post that mimics the Ripple website's design.
This blog offers users the chance to enter a giveaway of XRP tokens, the platform's internal cryptocurrency, by following specified link. After following the link to a fake Ripple page using a domain name that closely resembles the official Ripple domain (a Punycode phishing attack), victims are prompted to connect their hardware wallets, such as Trezor or Ledger, to the scam website. If the victim provides confirmation on their physical wallet, the interaction allows scammers to gain access to victims' accounts and initiate fraudulent transactions.

As of spring 2023, Kaspersky's antispam solutions successfully detected and blocked over 85,000 scam emails aimed at cryptocurrency users. This nefarious campaign reached its peak in March, with more than 34,000 intercepted malicious messages. Kaspersky continued safeguarding cryptocurrency users in April and May, thwarting roughly 19,902 and 30,816 scam emails in these months, respectively.

“We are witnessing an ongoing surge in the popularity of cryptocurrencies, and with it, the need for users to stay alert and implement strong security measures to protect their digital assets,” said Roman Dedenok, a security expert at Kaspersky. “It is crucial to verify the authenticity of the sender and exercise caution before clicking on any links or providing sensitive information.”

Read the full report on the cryptophishing campaign at

To keep crypto assets safe, Kaspersky experts also recommend the following:

·       Purchase from official sources: Only buy hardware wallets from official and trusted sources, such as the manufacturer's website or authorized resellers.

·       Inspect your wallet: Scan your new hardware wallet for any signs of tampering before using it.

·       Verify the firmware: Always verify that the firmware on the hardware wallet is legitimate and up to date. This can be done by checking the manufacturer's website for the latest version.

·       Secure your seed phrase: When setting up your hardware wallet, make sure to write down and securely store your seed phrase. A reliable security solution, such as Kaspersky Premium, will protect your crypto details stored on your mobile device or PC.

·       Use a strong password: If your hardware wallet allows for a password, opt for a strong and unique one. Avoid using easily guessable passwords or reusing passwords from other accounts. To manage passwords effectively and securely, consider utilizing Kaspersky Password Manager.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and specialized security solutions and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at

Media Contact

Sawyer Van Horn

(781) 503-1866


Kaspersky uncovers phishing activity targeting cryptocurrency users worldwide

Kaspersky Logo