Fake AI Startups Drain Crypto Wallets in Sophisticated Social Engineering Scam

Author Image
Posted by Alan Rada
4 min read Update:
a computer screen with text and a skull, crypto scam

Share this crypto insight on your favorite social media platform

Key Takeaways:

  1. Fake Startups Trick Users: Scammers impersonate Artificial Intelligence (AI), gaming, and Web3 firms with fake social media profiles, websites, and whitepapers to push malware.
  2. $1M+ Stolen via Malware: Victims downloading “beta software” get infected with stealers like Atomic Stealer (Mac) and Realst (Windows), draining crypto wallets.
  3. Gaming & Crypto Communities Targeted: Play-to-earn hype and Discord/Telegram groups make gamers and traders prime victims.
  4. Verify Before You Trust: Always check company legitimacy, avoid unsolicited downloads, and use hardware wallets for protection.

The Scam Unmasked

Picture this: you’re getting messages from what looks to be the next big AI startup, a verified Twitter account, a polished website, and even a whitepaper on GitHub. They offer you crypto rewards in exchange for helping them test the software. Too good to pass up, right? Wrong.

Darktrace’s new report exposes a sophisticated scam where hackers create fake companies, posing as AI innovators, blockchain gaming studios, and Web3 platforms, to spread malware that drains crypto wallets. These operations are so convincing that they have tricked even experienced crypto users, netting over $1 million in stolen funds.

The playbook is chillingly simple:

1. Build a Fake Brand

Scammers clone legitimate startups, complete with Medium blogs, Notion roadmaps, and GitHub repos filled with stolen open-source code.

2. Lure Victims

They message targets on X (Twitter), Telegram, or Discord, offering crypto payments or rewards for “beta testing.”

3. Deliver Malware

Victims download what seems like legitimate software, only to have their operating systems and wallet credentials siphoned silently.

Going further, one fake gaming project, Eternal Decay, even photoshopped team members into real conference photos to appear legitimate.

Cybercriminals impersonate Web3 and gaming firms to trick users into downloading malware, stealing over $1M in digital assets
Eternal Decay X manipulated an image from an Italian exhibition to falsely show their feature. Original photo on the right for comparison. Source

Why Crypto and Gaming Are Prime Targets

Scamming is made easier due to the pseudonymous nature of the crypto space and high-value transactions. However, from a gaming perspective, it is just as dignified: 

  • Play-to-Earn Hype: The victims are frequently gamers excited about earnable prizes like NFTs or crypto tokens 
  • Cross-Platform Trust: Hackers use Discord or Telegram communities, as users are usually comfortable sharing download links to new mods or beta tests.

For Web3, it’s damaging in two ways: distrust in upcoming projects and more phishing attacks posing as “opportunities for partnership.”

How the Malware Works

Once downloaded, the malware (like Atomic Stealer for macOS or Realst for Windows) springs into action:

  • Windows: Disguised as an Electron app, it runs a fake Cloudflare verification while harvesting system data (CPU specs, MAC addresses, even GPU details) before downloading a crypto-stealing payload.
  • Mac: Obfuscated scripts install persistent malware that logs keystrokes, browser data, and wallet files, exfiltrating everything to remote servers.
Cybercriminals impersonate Web3 and gaming firms to trick users into downloading malware, stealing over $1M in digital assets
Threat Actor Messaging Victim on X with Registration Code. (Image source: darktrace.com)
Cybercriminals impersonate Web3 and gaming firms to trick users into downloading malware, stealing over $1M in digital assets
Malware workflow: How the attack is made.

Worst of all? Some versions use stolen code-signing certificates from real companies to bypass antivirus checks.

The AI Community’s Warning

Cybersecurity experts, AI and Web3 builders are raising red flags since this is not only malware, but it’s a psychological operation, according to some. They are using the same hype cycles that have helped create legitimate AI and crypto. 

GitHub is playing along too, with thoughtful design fakes that have advertised these scams as real repos. 

How to Protect Yourself

  1. Verify, Then Trust: Check if a company’s X account is newly verified (red flag). Wherever possible, compare claims to the official registries.
  2. Never Download Blindly: Don’t download any executable (.exe, .dmg) that comes via unsolicited messages, even if it promises “free crypto.”
  3. Use Hardware Wallets: Malware can’t steal what is not connected. Cold wallets (like Ledger) present a real second layer of protection.

Of course, like anything else, this does not afford you a guarantee, but it is always better to be protective than caught in a scam. 

Bottom Line

These scams are not just about stolen funds, but a wake-up call for Web3. As crypto and AI converge, bad agents are weaponizing the very tools meant to democratize finance against us. The solution? To be skeptical, but smarter.

Final Thought: In a world where anyone can fake a startup, how do we recognize the next Uniswap from the next Eternal Decay? The answer might lie in old-school vigilance, before we click “download.”

For more crypto scams-related stories, read: EUROPOL Busts $540M Crypto Scam: 5 Arrested in Global Sting

Disclaimer

All content provided on Times Crypto is for informational purposes only and does not constitute financial or trading advice. Trading and investing involve risk and may result in financial loss. We strongly recommend consulting a licensed financial advisor before making any investment decisions.

Author Image
Posted by Alan Rada Editor at Times Crypto

A Content and Community Management specialist with a knack for turning complex ideas into engaging stories. With a solid IT background, Alan has led teams to create and refine impactful projects across industries. He’s passionate about Web3, Health, Science, Finance, and Sports/Fitness, bringing a unique blend of technical expertise and creative flair to every piece he writes. When he’s not crafting content, you’ll find him diving deep into research or just having some fun!

Read Next

Stay Ahead In The Crypto Verse

Get Weekly Insights, Market Trends & Exclusive Analysis Delivered to You