Scam Alert: Beware of Telegram Bots Stealing Your Crypto with One-Time Passwords

Hackers are using Telegram bots to trick users into handing them access to their cryptocurrency accounts. One US citizen lost US$106,000 after a fake phone call from a bot pretending to be from crypto exchange Coinbase.

One-time password (OTP) bots are specifically made for hackers. The customer only needs to enter the victim’s phone number and name, and the bot uses these credentials to stage a phone call posing as a crypto exchange or bank.

Customers pay a monthly fee to use the authentication code to operate the bot. Some services cost US$300 per month and provide additional tools at fees ranging from $20 to $100 for more live phishing panels.

Screenshot of bot. Source: Intel471

The image above is an example of an OTP bot in action, named SMS Buster. According to intelligence firm Intel471, these bots are “remarkably easy to use” and relatively cheap considering the amount of money hackers can pull out:


SMS Buster requires a bit more effort from an actor in order to obtain account information. The bot provides options to disguise a call to make it appear as a legitimate contact from a specific bank while letting the attackers choose to dial from any phone number. From there, an attacker could follow a script to track a victim into providing sensitive details such as an ATM personal identification number (PIN), card verification value (CVV) and OTP, which could then be sent to an individual’s Telegram account. The bot, used by attackers targeting Canadian victims, gives users the chance to launch attacks in French and English.

Intel471 blog post

Obstetrician Loses $100k

As per a CNBC report, American obstetrician Dr Anders Apgar fell victim to one of these bots after receiving a phone call that seemed legitimate to him, along with a series of banner notifications on his phone informing him his Coinbase account was in jeopardy.

The bot tricked Apgar into thinking his account was in potential danger, prompting him to enter an OTP code generated by his phone’s mobile app. The code was then forwarded back to the bot’s customer, giving him access to Apgar’s funds, which contained US$106,000 in bitcoin.

A Coinbase representative told CNBC it would never make unsolicited calls to customers:

Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organisation’s website.

Coinbase representative

Beware of OTP Bots

OTP bots have become popular among hackers as they’re easy to use and profitable. Profitable because most sites and online services use the 2FA (two-factor authentication) model, which requires the user to supply both a password and a verification code (the OTP).

The 2FA model was widely embraced by most websites to protect their users’ accounts. Even if hackers have a user’s password, they still need to enter the verification code sent to the mobile device in order to access the account.

We saw a similar threat two weeks ago, when Crypto News Australia reported about an information-stealing malware called “Mars Stealer”, targeting more than 40 crypto hot wallets, browsers and 2FA plug-ins. .

José Oramas

José Oramas

José is a journalist and translator with a keen interest in blockchain and cryptocurrencies.

You may also like