The Wagmi Manual: Copy, Paste, and Profit
Essential information
- Published
- 08/04/2025 10:29
- Modified
- 08/04/2025 11:50
- Tags
- 2025-04-08 cryptocurrency theft hijackloader lummac2 nft scams rhadamanthys social engineering
- Related entities
- 96 observables, 1 intrusion sets (apt), 12 techniques (mitre), 4 malware
Description
The Wagmi traffer group, operating since early 2023, specializes in NFT scams and cryptocurrency theft. They utilize sophisticated social engineering tactics, fake web3-themed games, and impersonation of legitimate projects to lure victims. Their operations have allegedly earned over $2.4 million between June 2023 and March 2025. The group employs various techniques, including seed phrase phishing and automated wallet address scraping from social media. They target users of NFT marketplaces and the Web3 community, using fake job offers and enticing game promotions. The group also engages in code signing certificate abuse to bypass security measures and increase infection rates. Their malware payloads include HijackLoader, Lumma C2 infostealer, Rhadamanthys stealer, and AMOS stealer for MacOS.