Lookout Exposes Crypto Phishing Kit Targeting Exchanges

Lookout uncovers a new advanced phishing kit targeting crypto exchanges.

Man pointing at a giant hacker with robotic spider fingers sitting on a beach.
Created by Gabor Kovacs from DailyCoin
  • There is a new crypto phishing kit on the internet.
  • The phishing kit mimics tactics employed by a famous cybercriminal group.
  • It has so far impacted hundreds of victims.

Data-centric cloud security company Lookout announced on Thursday the discovery of an “advanced phishing kit” exhibiting tactics that target cryptocurrency exchanges.

Dubbed CryptoChameleon, the phishing kit can also be used against the Federal Communications Commission (FCC) via mobile devices. The intended targets include mostly crypto traders, single sign-on (SSO) services in the U.S., Binance staff, and Coinbase employees.

The Mechanics of CryptoChameleon Phishing Kit

According to a February 29 press release by Lookout, the CryptoChameleon phishing kit mimics techniques employed before by the Scattered Spider cybercriminal group, which includes taking a unique approach to collect login credentials.


By leveraging the phishing kit, cybercriminals can approach victims via text messages and voice calls to build trust while luring them into the attack. If successful, the attack can result in the theft of sensitive data, including usernames, passwords, password reset URLs, and photo IDs.

“Unlike typical phishing kits, which attempt to harvest credentials as quickly as possible, CryptoChameleon is aware of modern security controls organizations have put in place such as multi-factor authentication and allows bad actors to respond accordingly,” the statement read.

According to anecdotal accounts of the people who have fallen victim to the phishing kit, CryptoChameleon can replicate a real company’s support team by leveraging phone numbers and websites that “appear to be legitimate.”

Following this discovery, the Vice President of Endpoint and Threat Intelligence at Lookout, David Richardson, urged crypto exchanges to be on the lookout.


“We’re seeing a trend of financially motivated threat actors – who typically target cryptocurrency and direct financial fraud – move into breaching enterprise and government organizations for ransom. We urge cryptocurrency and single-sign-on users and organizations to take steps to protect their devices, work, and personal data.” Richardson stated.

Per the statement, Lookout researchers have identified over 250 phishing sites using CryptoChameleon, with “more being found every day.” As for the number of victims the phishing kit has already impacted, Lookout said it runs into “hundreds.”

Stay updated on why BitForex is stirring exit scam fears:

Here’s Why BitForex Is Stirring Exit Scam Fears Among Users

Stay updated on the recent exploit on Seneca Protocol:

Seneca Hacker Returns $5.3M to Protocol After Negotiations

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.