A new scam is tricking cryptocurrency users into giving away their funds by promising instant, massive profits. The scheme targets users of swapzone.io, a popular site for finding the best crypto exchange rates, using a simple but effective piece of code that manipulates what victims see on their screen.
The research team at Bolster AI’s Threat Intelligence Lab recently investigated this powerful JavaScript-based attack, noting it exploits two common human traits: greed and curiosity.
The Simple, Deceptive Hook
Bolster’s research, shared with Hackread.com, reveals the attackers used a dual email strategy: sending messages from free, anonymous platforms or mimicking official accounts like “Claytho Developer [email protected].”
Experts confirmed these fake emails were relayed through a free spoofing service called Emkei’s Mailer instead of Swapzone’s own system. The emails entice users with a “0-day glitch” or “100% working profit trick.”
To create extreme urgency, they falsely claim the “0-day exploit” will be patched within one or two days, forcing users to act fast. Researchers noted over 100 messages following this pattern in just 48 hours.
Further probing showed the scam was even on private cybercrime forums, such as a user named Nexarmudor on darkforums.st, a clear and dark web platform, was found tricking forum members.
Victims are directed to a malicious Google Docs link with a short guide instructing them to paste a single line of code, starting with javascript:, into their browser address bar. This is all it takes for the trouble to begin, as pasting code like this is the same as running a program on your device, a risk most users aren’t usually aware of.
Hijacking Your Screen and Your Money
Once the small code snippet is run, it fetches a much larger, hidden program that takes control of the victim’s browser session by tricking the user visually. It immediately starts changing the website’s display, for example, inflating the returns shown to the user. One guide, titled “Swapzone.io – ChangeNOW Profit Method,” promised roughly 37% higher payouts than normal.
The program also adds fake elements, like screens that are ‘gated’ by fake countdown timers to create a sense of urgency. The most damaging part is that when the victim tries to complete the transaction, the hidden code directs the payment toward an attacker-controlled wallet address by silently copying the criminal’s crypto wallet address to the user’s clipboard. Bolster’s researchers found a pool of addresses ready for different cryptocurrencies, showing that the criminal operation is well-organised.
Researchers stress that whether you are a regular crypto user or just looking to invest, the urge for quick profit can make anyone vulnerable. That’s why they advise you to never paste JavaScript snippets from untrusted sources into the address bar.
“This discovery revealed how social engineering tactics are now being repurposed inside threat actor spaces themselves, showing that even experienced individuals in underground ecosystems are vulnerable to manipulation when greed and urgency are involved,” the report concludes.