Well the gaming community is being targeted, who may wonder why? Well Web3 gaming has received more VC funding in the last 2-years than any other sector in the Cryptoverse. Plus, with influencers pushing the sector, a lot of gamers have entered the space. With this they have brought some poor security practices with them. Combine these factors, and you have a clear picture of that Web3 gaming space is ripe for being aggressively targeted.
Scammers are mimicking legit web3 games, changing their names and pushing them out to unsuspecting players thinking they are getting early alpha access. Instead, they are getting a malicious surprise.
Intro to what scammers are doing targeting Web3 gamers!
Let’s break it down, so we can understand what they are doing, how they are doing it and what to look for. We knew pretty quickly, by looking at their Twitter timeline and who they were following that something was up. When you look further into things, something feels off about the game. However, I will admit it still took me time to find the real game they were mimicking. So let’s look at their process, the tools they used and how to better spot something like this in the future.
- How they put it all together?
- The scammers process
- What Malicious program did they use?
- 3rd Party Confirmation
- How to Defend Yourself tips & tools
What made this scammer project so captivating was the fact that they contacted me right after I had dealt with the initial Guardian of Throne Scammers. So fresh off that experience, I quickly got to work verifying key factors from 3rd parties to check a few items.
Remember the Scammers playbook.
How they put it all together?
They need a few things:
- Website (when was it registered?)
Then they need social accounts on Twitter, Discord and Telegram.
Then they will start sending out DMs via Twitter, hoping folks will go off the initial look of the account, the follower # (botted or they took over another account), blue checkmark, game play video’s in tweets, linktree to all their fake sites and socials, basically everything you would look into), copy the mimicked game’s Gitbook…
Once they have the basic infrastructure in place, they will start sending DMs using other accounts to add social relevance to the other fake accounts.
The scammers process
If you respond to their DMs, they will walk you through a series of other platforms and other fake accounts to add legitimacy to the process. Basically simulating 3rd parties promoting the game.
In order to win you over, they will deploy a range of strategies. These tactics may involve portraying you as a skilled authority who can provide valuable assistance for the game, as well as alluring you with the enticing opportunity of obtaining alpha access.
In both cases, their objective is to provide you with a secret code that will grant you the opportunity to download the game.
There are several reasons behind this approach. One reason is that the malicious actors require your presence online when their code is activated. They themselves must be online during this process to divert your attention and carry out their plan of emptying your wallets.
What malicious software are they using?
They are using a basic malware that has been seen before in use by other scammers, it's called RedLine Stealer.
This is what happens upon launching the malicious code; it won't actually run the game. This is one of the reasons they want to be online with you, as they will have limited time to steal your assets.
Using their own website timeline and the DNS establishment of their domain you can quickly tell their timeline is off. You can see here they claim to have been up and running since 2021, but their DNS above shows their domain has only been operational since 11 May 2023.
Then, once I found the project's real name, I was able to find their real social channels and confirm that I was not the only person who had engaged with these scammers. I went to Blast Royale’s Discord page and did a simple search:
Then I did a Twitter / X search and found all of these folks talking about it as well.
Thanks to all of these brave folks for sharing openly what they were seeing.
Here are a few others, just in case you wanted to see more:
Blast Royale — The Real Game
These are the important links to the official website, the mobile game, the Gitbook, the Twitter/X page, and the company behind Blast Royale. I would check them out.
How to Defend Yourself tips & tools?
Up Your Knowledge, Skills & Abilities:
It is good to understand what scammers are up to, their strategies and latest tactics. While this scam took place a few months ago, however, there are consistent themes they continue to use.
- They use DMs, Twitter with an offer of money or alpha access.
- They will shuffle you through multiple platforms (e.g. Twitter/X, Discord and Telegram).
- They will gate keep the actual game until the last minute, so they are online with you when the malware activates.
- Your antivirus software should pick it up, but they will try to get you to turn off all your defenses during the installation phase.
When it comes to protecting your life's savings and important digital files, you should not leave your defense to chance. Thus, I have you covered here. I have spent over a year getting my annual report finished on Blockchain Security Landscape of 2023, covering all the in’s and out’s of 2022. It has an entire section dedicated to just this very topic, designed to help you.
If you want an even better understanding of Cybersecurity you can head over and grab my annual report there as well.
The next step is to have the right tools and abilities. In my report I cover a lot of them. Including some of the tools and capabilities I have assembled for folks operating in the Crypto World.
I have launched a new capability Warden designed to protect you without the normal worry Cybersecurity software brings (reliance on detection or knowing something beforehand).
No more malware, viruses or ransomware impacting your systems; they will never be able to execute their destructive code again!
Warden will be that service. I am thrilled to share that I have formed a partnership with Xcitium, a renowned provider of top-notch AV tools. Their exceptional technology will serve as the foundation for my cutting-edge Managed Security Service Provider (MSSP) offering, Warden.
This service once again stopped another scammer from infecting the test system I was engaging these scammers with. That is because it automatically blocks all “unknown or known malicious files” from ever impacting your system. I couldn’t ask for a better tool or better partnership than with them. I have been doing Cybersecurity for over 2-decades and detection doesn’t work 100% of the time. I don’t want anyone to be patient zero ever again. This eliminates any of my normal worries, I sleep well at night because of this capability.
Secure My Digital Life Today with Warden!
See all our options using the below link. However, you are not going to see this great offer there. Together, we can stop scammers and criminals from ever impacting your life forever. Upgrade your abilities today with Warden!
So it is important to realize the scammers are only going to get better, their tricks designed to hack our emotions are only going to get better. Then at some point they will all start to use AI to help them do these fast, more often with variations and with deadlier malicious code. Current Cybersecurity model is broken by design, meaning they need to know about something to protect you. That is silly if you actually think about it, only being protected against known things.
That is why Warden has been released, to protect you regardless if we know or don’t know the software or files your interacting with. You will be safe 100% of the time from any impact to your system. No longer do you have to worry about losing your digital assets, like your Crypto, NFTs, pictures or sensitive documents.
Again, DO NOT download their software and stay away from this scammer project, period!
Part 2: Scammers mimic “Blast Royale” — Target Web3 Gamers!
Part 3: OK, Web3 Gaming is clearly being targeted!
Further Resources about Cyber Strategy Institute:
If interested in other analysis, checkout my other Medium articles and for more of a daily understanding of the Cryptoverse follow my Twitter account. Relying on a dying Cybersecurity model is not a foundation for success; that is what Warden changes for the good!
Cyber Strategy Institute
Protect Yourself, Family or Business Today with Warden!