Cybercriminals Capitalize Silicon Valley Bank (SVB) Collapse to Launch Cryptocurrency Scams

The Silicon Valley Bank (SVB) collapse on March 10, 2023, has triggered heightened cybersecurity concerns due to the emergence of suspicious domains and phishing schemes.  

SVB has traditionally been a preferred banking partner for many startups worldwide, and its failure is expected to significantly impact this community, leading to financial instability and even potential layoffs.  

Threat Actors (TAs) are taking advantage of this situation and conducting various malicious activities, including cryptocurrency scams target unsuspecting victims. 

SVB collapse and security concerns  

Cyble Research & Intelligence Labs (CRIL) identified and reported several suspicious websites developed by TAs looking to exploit the current situation.  

These sites include svbcollapse[.]com, svbclaim[.]com, svbdebt[.]com, svbclaims[.]net, login-svb[.]com, svbbailout[.]com, svb-usdc[.]com, svb-usdc[.]net, svbi[.]io, banksvb[.]com, and svblogin[.]com. 

In addition to these suspicious domains, CRIL detected several crypto phishing schemes that are taking advantage of the current situation surrounding the collapse of SVB.  

Fraudulent websites such as svb-usdc[.]com and svb-usdc[.]net pose as a legitimate USDC reward program purportedly offered by Silicon Valley Bank. These phishing sites claim to be distributing USDC from the SVB USDC payback program to eligible USDC holders.  

The ultimate goal of these phishing sites is to lure unsuspecting victims into giving away their cryptocurrency by offering them the chance to receive free USDC. However, these sites are designed to steal cryptocurrency from the victim’s account.  

Anyone who receives such messages should exercise caution and verify the legitimacy of the claims before clicking on any links or providing any information. 

Amidst the chaos caused by the SVB collapse, several unscrupulous funding firms have been preying on affected organizations. One of these dubious websites is cash4svb[.]com, which claims to be operated by an anonymous investment group offering cash to those affected by the SVB collapse.

However, this website has raised suspicion among experts, who believe it is a front for scammers seeking personal information from unsuspecting victims. 

The website requests the users to provide personal details such as their name, email, mobile number, and balance amount to process a claim. 

SVB collapse and the aftermath 

During the SVB collapse, certain websites became hotspots for collecting contact information of affected organizations.  

Anonymous investment groups were suspected of gathering this data and potentially selling it to third-party funding companies. These groups may also offer loans to struggling companies at high-interest rates, causing even more financial strain on distressed businesses. 

Proofpoint threat researchers also uncovered a recent surge in malicious activity targeting US banks, with threat actors leveraging the current situation surrounding the collapse of SVB.

The attackers have been using a range of tactics to lure unsuspecting victims. One campaign focuses on the USD Coin (USDC), a digital stablecoin tied to the US dollar affected by the SVB collapse. 

Proofpoint threat researchers have tracked threat actor activity attempting to capitalize on the current situation surrounding US banks, including a campaign leveraging lures related to USD Coin (USDC), a digital stablecoin tied to USD that was impacted by the SVB collapse.

— Threat Insight (@threatinsight) March 14, 2023

The campaign, which used messages impersonating several cryptocurrency brands, was sent via malicious SendGrid accounts and contained SendGrid URLs. These URLs redirect victims to multiple domains, asking them to claim or redeem their crypto in USD.  

However, clicking the button would open a DeFi URL, requiring the victim to install a DeFi handler, such as the MetaMask wallet. The victim would then be lured into installing a Smart Contract that would transfer the contents of their wallet to the attacker. 

SVB collapse will likely clash with human emotions 

When Circle announced they had cash reserves in SVB, the threat actor pivoted and spoofed the fintech company.

Using a lure that promised the victim they could redeem USDC to USD at a 1:1 rate, the attackers continued their efforts to exploit the current situation surrounding US banks. 

According to Proofpoint, the threat actors behind this campaign are preying on human emotions and fears and are likely to continue exploiting the SVB collapse.

As a result, anyone handling financial information or transactions should exercise additional caution and diligence when receiving messages, as these could emanate from fraudsters. 

Cybercriminals are known for exploiting current situations and events to launch large-scale attack campaigns, with users being easily tricked due to fear, panic, and a lack of attention.

With the recent news of Silicon Valley Bank’s collapse, which has caused a great impact on various organizations, these entities are more vulnerable to attacks by threat actors in the coming days.  

To avoid falling for these phishing scams and suspicious domains, it is important to remain cautious and vigilant when approached by anonymous investment groups offering funds during these crises.

Being aware of the tactics used by these cyber criminals and taking appropriate measures to protect oneself can save individuals and organizations from significant losses.