Scammers continue to find novel ways to steal cryptocurrency and this time they’re riding on OpenAI’s GPT-4 launch. Tenable Research has found that a day after the eagerly anticipated launch of OpenAI’s Generative Pre-trained Transformer Version 4 (GPT-4), on 15 March, scammers began sending phishing emails and tweeting phishing links to crypto enthusiasts about an OpenAI crypto token. The only problem is – an OpenAI crypto token does not exist.
How scammers are turning GPT-4 a lucrative opportunity
OpenAI only provides GPT-4 access to ChatGPT Plus subscribers and developers via its API. The unintended effect of this limited access provides scammers with an ideal hook to lure unsuspecting users to their phishing sites. The scammers mimic the OpenAI site to try to get crypto users to link their digital wallets, and once that happens, they drain their accounts.
The phishing email contains a single block of text: “Don’t miss out on the limited-time OpenAI DEFI token airdrop.” It includes an image of an OpenAI email based on a template of what a legitimate OpenAI email might look like. But the purported email contains a number of grammatical and spelling errors. Similar versions were also being circulated on Twitter.
Image courtesy of Tenable
How crypto enthusiasts can stay clear of threat
Having researched cryptocurrency scams over the last four years, I’ve learned that scammers are opportunistic, impersonating noteworthy individuals or brands to promote fake tokens like Tesla tokens and SpaceX tokens as well as a plethora of fake giveaways. The impersonation of OpenAI and the promotion of a fake OpenAI token continues this trend.
For users interested in GPT-4 and ChatGPT or crypto and the blockchain, it’s paramount that they operate with a high degree of skepticism regarding crypto giveaways and token airdrops. Users must conduct deep research before connecting their wallets to such websites.
Satnam Narang is the Senior Staff Research Engineer at Tenable.
