Phishing Campaigns Target Bybit Customers Following Heist
In the wake of the Bybit heist, a significant number of phishing campaigns have emerged with the aim of stealing cryptocurrency from customers, as reported by BforeAI.
Spike in Suspicious Domains
BforeAI identified 596 suspicious domains originating from at least 13 different countries in the three weeks following news of the massive crypto theft. Many of these domains impersonated the cryptocurrency exchange itself, utilizing tactics like typosquatting and incorporating keywords such as “refund,” “wallet,” “information,” “check,” and “recovery.”
Additionally, popular crypto keywords like “metaconnect,” “mining,” and “airdrop” were also used, along with the use of free hosting and subdomain registration services such as Netlify, Vercel, and Pages.dev.
Widespread Use of Free Hosting Services
The use of free hosting services and dynamic subdomains was a prevalent tactic among the detected phishing pages. Many of these pages were hosted on platforms that offered quick deployment without the need for purchasing a domain.
UK Leads in Malicious Domain Registrations
Surprisingly, the UK had the highest number of confirmed malicious domain registrations among the countries identified by BforeAI.
Phishing Tactics
Several phishing websites were designed to appear as recovery services for customers who may have lost funds in the heist, with some posing as a “Bybit Help Center.” The ultimate goal was to deceive victims into providing their Bybit or cryptocurrency passwords.
Following the initial wave of withdrawal scams, phishing campaigns shifted focus to offering “crypto and training guides” and exclusive rewards to attract potential investors. Despite this shift, the connection to earlier withdrawal scams remained, with the inclusion of guides on how to withdraw from Bybit.
North Korean Hackers Implicated
The attack on Bybit, which is estimated to have resulted in nearly $1.5 billion in stolen crypto, was attributed to North Korean hackers. This incident contributed to Q1 2025 setting a new record for the highest amount of stolen funds in a single quarter, with hackers making off with almost $1.7 billion.