Cybercriminals are recruiting a team of professional voice surfactants to target high-level US crypto executives through sophisticated phone-based social engineering attacks.
New report from GK8 by Galaxy Decryption It uncovers how threat actors can go beyond traditional phishing emails to build organized criminal enterprises targeting crypto leaders with personalized audio and video campaigns.
Attacks use curated executive datasets, voice and outcomes, and specialized infrastructure to exploit individuals who protect their custody infrastructure and private keys, increasing the risk of “large-scale crypto theft.”
In June, GK8 researchers discovered recruitment posts at an underground forum where established threat actors were recruited to carry out target attacks on senior managers at major US crypto companies in search of experienced “callers.”
The post included a sample target list containing five crypto executives, including senior law officers, engineers, finance managers and CTOs, all with a minimum net worth of around $500,000.
“We examined the reputation of threat actors in these forums by examining guarantees, claims, ratings, vendor account creation dates, and forum reputation,” said Tanya Bekker, GK8’s research director. Decryption When asked how her team confirmed the legitimacy of these duties.
“This data comes from a fresh compromise, according to threat officials,” Bekker said of the executive datasets driving these campaigns.
The increasing number of “Vishing” campaigns
Unlike traditional phishing emails, Bekker said the modern “Vishing” campaign is “highly targeted and personalized” and focuses on “high-value crypto executives and experts with privileged access.”
“They employ voice and video spoofing, deep furkates and meticulously coordinated excuses based on a detailed data set about victims,” she said.
Threat actors are reportedly deploying Internet protocol systems, direct inward dial numbers and SMS features to impersonate banks, crypto services and government agencies and deploy voice.
The report reveals more than $20,000 a month in compensation for experienced operatives, starting with $15 per call, which is $15 per minute.
“We’re observing that some operators are working long and working in an organized group that works like a professional fraud industry,” Bekker said. Decryption. “It’s business and threatening actors take their work very seriously.”
Bekker said attackers increasingly use “Deepfake Voices and Video” and “real-time AI-driven attacks” for their operations.
Although the specific cases reviewed focused on US executives, she said similar campaigns were run in Germany, the UK and Australia.
Social Engineering Attacks and Cryptography
Recent incidents demonstrate the broader scope of social engineering threats facing the crypto industry.
North Korean operatives created fake companies during job interviews and used deepfakes to break into crypto companies, and attackers stole $1.34 billion in 47 incidents in 2024 alone.
Jimmy Su, Binance’s Chief Security Officer, said earlier Decryption His exchange “was a deepfake that he received fake resumes daily from suspected attackers who are currently using voice changers during interviews, the video was deepfake.”
Su said the main detection method is that attackers “almost always have a slow internet connection” due to technology that changes the translation and voice that operates during translation.
The GK8 Report documents how threat actors shift their focus from mass phishing campaigns to “quality rather than quantity” targeting.
Bekker warned that attacks will become more refined as “it will become increasingly difficult to distinguish between fakes and reality” for the next 12-18 months, saying crypto organizations must defend “customized social engineering attacks that harness human vulnerabilities.”
She recommended that executives “assuming that their personal information is already public” and “confirm that high value transactions should not be confirmed by a single individual.”
Bekker emphasized that “social engineering thrives on human error” and that companies need “training in concrete protocols and voice and video social engineering tactics.”
“With the rise in highly personalized scams, businesses need to accept that even the most trusted insiders can be fooled,” she said. “With separate roles and private keys, no one person has full signature power.”
The GK8 report reveals that threat actors specify detailed recruiting criteria for callers, including maximizing peak victim involvement to specific target profiles, such as accent preferences, gender choice, language ability, and overall time zone availability.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
