After the Bybit heist, a surge in phishing campaigns has been detected by security vendor BforeAI, targeting cryptocurrency customers in an attempt to steal their funds. In the three weeks following the news of the massive crypto theft, BforeAI identified 596 suspicious domains originating from 13 different countries.
Many of these fraudulent domains impersonated the cryptocurrency exchange Bybit, using tactics like typosquatting and including keywords such as “refund,” “wallet,” “information,” “check” and “recovery.” Additionally, popular crypto-related terms like “metaconnect,” “mining,” and “airdrop” were used to lure unsuspecting victims. It was noted that these phishing sites often utilized free hosting services and dynamic subdomains, allowing for fast and anonymous deployment without the need for purchasing a domain.
Surprisingly, the largest number of confirmed malicious domains were registered in the UK, highlighting the global reach of these phishing campaigns. While Bybit assured customers that they would not suffer financial losses due to the heist, scammers attempted to exploit the situation by creating a sense of urgency and anxiety among users.
The phishing websites were cleverly designed to resemble Bybit’s official site, with some posing as a “Bybit Help Center” offering recovery services for those who may have lost funds. The ultimate goal of these scams was to trick victims into revealing their Bybit or cryptocurrency passwords, giving the scammers access to their accounts.
As time passed, the phishing campaigns evolved from focusing on withdrawals, refunds, and information to offering crypto and training guides, as well as exclusive rewards to potential investors. Despite this shift in tactics, the connection to the initial withdrawal scams was maintained through guides on how to withdraw from Bybit, creating a seamless flow between the fake learning resources and phishing attempts.
The infamous attack on Bybit, attributed to North Korean hackers, resulted in the theft of nearly $1.5 billion worth of crypto. This incident contributed to Q1 2025 setting a record for the highest amount of crypto stolen in a single quarter, with hackers making off with almost $1.7 billion in total.
The prevalence of phishing campaigns following the Bybit heist serves as a stark reminder of the ongoing threats faced by cryptocurrency users. It is crucial for individuals to remain vigilant and cautious when dealing with online financial transactions to avoid falling victim to such scams. As cybercriminals continue to innovate and adapt their tactics, staying informed and taking proactive measures to secure one’s digital assets is more important than ever.