Cryptocurrency Thieves Employ "Microphone Spying" Techniques for Theft
A new cybercrime scheme has been unveiled, targeting job seekers in the cryptocurrency industry. Taylor Monahan, a developer at MetaMask, has revealed this scheme, which involves scammers impersonating recruiters on various platforms like LinkedIn, Discord, Telegram, and freelance websites.
The scammers lure victims with supposed job offers but then trick them into installing remote-access or backdoor software on their devices. This malware is designed to steal assets from job seekers in the cryptocurrency industry. The use of the Willo platform in the scheme suggests a sophisticated level of deception and potential data theft.
The scams often involve social engineering, where attackers pose as trusted project founders or support agents to gain victims’ trust. Victims may be asked to record a video response, during which a pop-up window requests access to the user's microphone and camera. If followed, these instructions install a backdoor on the victim's device, giving hackers access to the device and enabling them to steal cryptocurrency assets.
The attack on Japanese cryptocurrency exchange DMM Bitcoin resulted in $308 million in losses, demonstrating the potential severity of such schemes. The offered roles in this scheme are for technical specialists, traders, and analysts, with salaries ranging from $200,000 to $350,000, at companies such as Kraken, MEXC, Gemini, and Meta.
It is recommended to share this information with friends, developers, and multisig signers to ensure caution and skepticism. Prevention advice includes never installing remote-access software unless initiated by you, verifying contacts independently, and avoiding funds or information sharing with strangers.
This scheme fits within a larger trend of crypto scams employing fake job offers and remote-access exploits to drain victims' digital assets. Stay vigilant and protect your assets by remaining cautious and sceptical of unsolicited job offers.
[1] Cointelegraph. (2025). Crypto job scams on the rise: How to avoid becoming a victim. [online] Available at: https://cointelegraph.com/news/crypto-job-scams-on-the-rise-how-to-avoid-becoming-a-victim
[2] Decrypt Media. (2025). How to avoid crypto scams in 2025. [online] Available at: https://decrypt.co/resources/how-to-avoid-crypto-scams-in-2025
[3] The Block. (2025). Crypto scams: How to avoid becoming a victim. [online] Available at: https://www.theblockcrypto.com/post/88744/crypto-scams-how-to-avoid-becoming-a-victim
[4] Security Affairs. (2025). Social Engineering, the new trend in Crypto Scams. [online] Available at: https://securityaffairs.co/wordpress/108121/hacking/social-engineering-crypto-scams.html
- Despite the alluring job offers in the cryptocurrency industry, it's crucial to be aware of the rising trend of crypto job scams that employ remote-access exploits to steal digital assets, as reported by Cointelegraph, Decrypt Media, The Block, and Security Affairs.
- In light of the general-news about cybercrime schemes targeting job seekers in the digital currency sector, one should exercise cybersecurity measures such as not installing remote-access software unless initiated by oneself, verifying contacts, and avoiding funds or information sharing with strangers, as advised by various technology and crime-and-justice resources.
