It’s not easy being a blockchain startup these days. The regulatory landscape is murky at best and making matters worse, you get a target on your back from scammers. This is what cryptocurrency exchange Kraken is warning the community about now.

Kraken Chief Security Officer Nicholas Percoco in a tweet announced that there is a “very active” scam that is currently targeting the cryptocurrency community. The bad actors have created a number of fake identities and are disguising themselves as “part of the Kraken Listing Team,” he explained, adding that they are using Telegram and LinkedIn for their scam.

The fake Kraken accounts in question include:

  • Liz Cohen
  • Darin Zumberi
  • Jing Kang
Source: Twitter

Percoco stated,

Advertisement
Continue reading below

“These are NOT Kraken employees, but rather puppet accounts used by the scammers.”

Punycode Phishing

The phishing scam targeting Kraken is part of what’s known as “Punycode phishing,” which is when the attackers use Unicode characters that mimic the well-known brand. In this case, Percoco says to watch out for the letter “k” used in the email scheme. The Kraken security chief points out that Kraken would never contact a project about a listing first, pointing out the process begins with an email to the exchange by the developers of the project — not by the exchange on social media.

Source: Twitter

Phishing Attacks Run Rampant in Crypto

Kraken isn’t the only exchange being targeted by phishing attacks, not by a long shot. Just last month, the U.S. Department of Justice announced that a pair of Russian nationals, Danil Potekhin and Dmitrii Karasavidi, were charged with crimes relating to defrauding a trio of crypto exchanges and their customers out of nearly $17 million. In addition, the U.S. Department of the Treasury said it issued sanctions against the Russian nationals for pursuing American victims in “malicious cyber-enabled activity.”

The scheme involved a number of web domains that disguised themselves as “legitimate cryptocurrency exchanges” — which according to reports included Poloniex, Binance and Gemini. The bad actors used both phishing and spoofing techniques to establish trust between themselves and the unsuspecting victims. After gaining access to user accounts, the scammers allegedly proceeded to steal funds and manipulated the cryptocurrency markets to profit.