Cryptocurrency accounts are being drained by fraudsters using bots.

• Investors are being tricked into revealing their two-factor authentication by fraudsters who are selling bots on Telegram.
• Crypto investors are being targeted around the country.
• During a robocall, Dr. Anders Apgar, a Coinbase customer, stated that his account had a balance of over $100,000 in crypto.

Last month, while Dr. Anders Apgar was out for dinner with his family, his phone kept buzzing incessantly. Believing it to be a spam call, he attempted to disregard it.

His wife's phone began to ring as the calls did not stop.

He stated, "A notification appeared on the banner when she picked it up, stating, 'Your account is at risk'."

The text message he received as a warning caused him to retrieve his phone, marking the beginning of the couple's nightmare.

Crypto account holders across the country are facing a nightmare as hackers exploit the industry's growth, according to cybersecurity experts.

The Apgars, two obstetricians from Maryland, have been investing in cryptocurrency for several years. By December, their account, which is with the largest cryptocurrency platform in the country, had grown to approximately $106,000, primarily in bitcoin.

A female voice greeted Apgar when he picked up the phone, stating that Coinbase security had detected unauthorized activity on his account due to a failed log-in attempt from a Canada IP address. If this was not Apgar, he was instructed to press 1 to complete the necessary precautions to recover his account. The call lasted only 19 seconds.

Alarmed, Apgar pressed 1.

Although he is unsure if he entered his two-factor authentication code manually or if it appeared on his screen automatically, what transpired caused his account to be locked in under two minutes. Since Apgar has not been able to regain access, he believes that the thieves likely stole the majority, if not all, of his cryptocurrency, but he cannot confirm this for certain.

"He exclaimed, 'Oh my gosh, I can't get this back, and all I felt was dread and an emptiness,'" he said.

The Apgars were targeted by a fraudulent scheme that exploited the use of two-factor authentication (2FA) to gain access to their accounts. 2FA, which typically involves a passcode, is commonly used to secure digital transactions at crypto exchanges, banks, and other financial institutions.

This new fraud type targets the 2FA code and exploits people's fear of account hacking, leading them to expose themselves to thieves while trying to protect themselves.

The fraud tool is called a one-time password, or OTP, bot.

Financial and other institutions are experiencing significant losses due to OTP bots, according to a report by a Florida-based cybersecurity firm and CNBC contributor Q6 Cyber. However, the extent of the damage is difficult to determine because the bot attacks are a recent phenomenon.

The bot calls are expertly crafted, instilling a sense of urgency and trust over the phone. The calls exploit fear, persuading victims to act quickly to "avoid" fraud in their accounts.

The scam is successful because victims are accustomed to giving a code to confirm account details. Initially, the robocalls may seem legitimate, especially if the victim is preoccupied at the time of the call.

According to Jessica Kelley, a Q6 Cyber analyst and author of the report, it is human nature to react immediately when receiving a call about someone attempting to sign into your account, without considering if you had previously intended to do so.

Last summer, bots started being sold on messaging platform Telegram, with at least six channels having over 10,000 subscribers each.

Kelley stated that while there is no official estimate on the amount of crypto stolen, fraudsters often boast on Telegram about the success of their bots, which can earn users thousands or hundreds of thousands of dollars in crypto. The cost of the bots ranges from $100 per month to $4,000 for a lifetime subscription.

With the advent of OTP bots, cybercriminals no longer need to make the call themselves. Instead, they can automate the process and scale it up.

When the victim inputs the 2FA code or any other information requested on their phone, that information is automatically sent to the bot, which then sends it to the cybercriminal, granting them access to the victim's account.

With these transactions, criminals could potentially steal everything because they can do them one after the other until the amount is drained.

Coinbase will never make unsolicited calls to its customers, and it encourages everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organization's website.

David Silver, a Coinbase customer, knew he wouldn't receive a call from the company. He received a robocall stating his account had issues.

As soon as I heard the electronic voice, I knew it was Coinbase Fraud Department. I immediately turned to the lawyer next to me and said, 'Start videoing.' I knew instantly what this was and what it was going to be.

Silver, being an attorney who specializes in cryptocurrency and financial fraud cases, knew what the call was about.

A Coinbase employee pretended to be on a live call with Silver, who pressed 1.

He stated that the individuals immediately began disclosing information that violated Coinbase's policies, such as requesting passwords and attempting to control computers.

No, Silver was informed that he couldn't receive an email confirming the call's origin from Coinbase.

He stated that their response was "no" because it is challenging to spoof emails originating from specific domains, such as those managed by GoDaddy or Google. Additionally, they were unwilling to send him the email, which marked the end of his hope that they were legitimate when he requested the email and they declined.

Nearly seven minutes elapsed before Silver was requested to display his computer screen. He terminated the call.

"I expected to receive the call, but I'm unsure how they obtained my personal cell phone number and how they linked me to Coinbase," he stated.

Apgar regrets answering the phone and has been unable to restore access to his account, he said. Coinbase's security team is currently handling the matter, a company spokesperson told CNBC.

On Monday, Apgar stated that he had replied to an email from Coinbase to regain access to his account.

He was able to access his account three days after being locked out for over a month. There was $31,000 in cash remaining, as the fraudsters had converted all the Bitcoin to cash except for this amount, which he believed they couldn't steal due to the account being shut down.

Last year, CNBC discovered that customer service at Coinbase has been a widespread issue. Customers across the country reported that hackers were draining their accounts, but when they turned to Coinbase for assistance, they were unable to receive a response. After the story, Coinbase established a phone support line to help customers, but even that has been plagued with problems.

Apgar stated that it was straightforward: he should not have answered the phone.

Email tips to [email protected]