Diving into the world of digital finance exposes users to an environment fraught with opportunities, innovation, and, unfortunately, potential threats. One such emerging threat targets cryptocurrency enthusiasts who frequent Reddit for free trading tools. These unsuspecting users are lured into downloading malicious software, camouflaged as ‘cracked’ premium trading tools, which then provide hackers a gateway to steal personal information and drain cryptocurrency wallets. This article delves further into how this scam works and what users can do to protect themselves.

How Reddit Users Become Victims of Cryptocurrency Scam

In a revealing blog post published on March 18th by Malwarebytes, a renowned cybersecurity firm, Senior Security Researcher Jerome Segura detailed how hackers are exploiting the trust of Reddit’s cryptocurrency community. Disguised as friendly and helpful subreddit participants, these hackers bait users by offering ‘cracked’ versions of premium financial software, such as TradingView, for free. Once downloaded, these software infect the user’s computer with malware capable of stealing personal information and cryptocurrency.

Cryptocurrency Scam: Two Distinct Malware Collaborate

According to Segura, the scam uses two separate malware programs, Lumma Stealer and Atomic Stealer, to hijack computer systems. Atomic Stealer, operational since April 2023, targets administrative and keychain credentials, whereas Lumma Stealer, functional from 2022, zeros in on cryptocurrency wallets and two-factor authentication browser extensions. Victims not only lose their cryptocurrency but also their identity, which the criminals use to perpetuate the scam by sending phishing links to their contacts.

The Scam Artistry: Pretending to Help

What makes this scam unique is the way the perpetrators engage with potential victims. They populate various cryptocurrency subreddits, where they post links to allegedly free ‘cracked’ versions of premium financial software for both Windows and Mac users. They then gain the trust of other Reddit users by responding helpfully to queries or troubleshooting issues reported by users. Their seemingly legitimate interaction lures more individuals into downloading the malicious software.

Red Flags: Signs of Malicious Software

Malwarebytes’ analysis identifies some key warning signs. Firstly, double-zipped files with password protection are not a usual distribution method for legitimate software. Secondly, the scammers often ask users to disable their security software to run the program. Although they disclaimer that users download at their own risk, this important caution is usually hidden in friendly comments, giving a false sense of security.

Crypto Crime: A Professional Era

The analysis also revealed that the malware was hosted on a Dubai-based cleaning company’s website and the command and control server had been registered in Russia only a week prior. This high level of orchestration and increased professionalism reflects a disturbing broader trend. According to Chainalysis’s 2025 Crypto Crime Report, cryptocrime is increasingly being dominated by AI-driven schemes, stablecoin laundering, and efficient cyber syndicates. This professionalized progress in crypto crime saw illegal cryptocurrency transactions soaring over $50 billion in the previous year.

With the rise in the market cap of cryptocurrency, now standing at $2.77 trillion, it is inevitable that it would attract the attention of both legitimate enterprises and shady operators. However, being aware of the perils and staying vigilant can go a long way in avoiding such scams.

Editorial Process: Our commitment at bitcoinist is to provide accurate, thoroughly researched, and reliable content. Upholding stringent sourcing standards, each article is reviewed by our team of technology experts and seasoned editors to ensure content integrity, relevance, and value for our readers.

How can Reddit users protect themselves from such scams?

Users can protect themselves by avoiding downloads from unknown sources, especially cracked versions of software. They should also be wary of posts asking them to disable their security software. Regularly updating their operating systems and security software can also help prevent such attacks.

What are Lumma Stealer and Atomic Stealer?

Lumma Stealer and Atomic Stealer are malware programs used by hackers to steal personal information and cryptocurrency. Lumma has been operational since 2022 and targets cryptocurrency wallets and two-factor authentication browser extensions. Atomic, which began operating in April 2023, targets administrator and keychain credentials.

What is TradingView and why do scammers target it?

TradingView is a popular financial visualization platform that provides tools for tracking and analyzing financial markets. Scammers target this platform as it is commonly used by cryptocurrency traders, making it an effective lure to distribute malware and steal cryptocurrency.