The Pi Network community was buzzing with excitement during **Pi2Day**, a day synonymous with platform updates and major milestones. Unfortunately, this year’s celebrations took a dark turn as a **wave of cyberattacks** began to infiltrate the scene.
Cybercriminals swiftly seized the opportunity, launching a **malicious advertising campaign** on Facebook aimed at unsuspecting users, employing **phishing scams** and distributing malware.
Researcher **Ionut Baltariu** from Bitdefender Labs revealed that these attacks are not isolated; rather, they form part of a **larger, coordinated effort** exploiting the trust in popular cryptocurrency brands and platforms.
Targeted Phishing Tactics at Pi2Day
The campaign, which kicked off on **June 24**, boasts over **140 variations** of deceptive ads that cleverly use Pi2Day branding and recognizable visuals from Pi Network.
These ads are being rolled out globally, reaching users in **the US, Europe, Australia, China, Vietnam, India, and the Philippines**. They redirect unwitting individuals to **fraudulent websites** and malicious applications.
The primary objective? **Stealing cryptocurrency wallet recovery phrases** and deploying malware to compromise users’ systems.
The intricate nature and sheer scale of this operation point toward a **sophisticated threat actor group** that employs consistent strategies and evasion tactics across multiple fraud schemes on Meta’s platform.
A significant tactic involves designing phishing pages that closely imitate legitimate **Pi Wallet portals**.
These counterfeit websites entice users with promises of **claiming 628 Pi tokens** or accessing exclusive airdrop events, tricking them into disclosing their **24-word recovery phrases**.
Once these phrases are submitted, attackers gain **full access** to the victims’ wallets, facilitating immediate fund transfers.
This tactic particularly preys on the **inexperience** of many Pi Network users, who may not fully grasp the critical importance of keeping recovery phrases confidential or realize that even seemingly legitimate Facebook ads can be fraudulent.
In tandem, attackers are also distributing **malware** through deceptive “mining apps” and “claim” software, promising bonuses of **31.4 PI**.
These applications often masquerade as installers for desktop systems, harboring **malicious payloads** flagged by Bitdefender as **Generic.MSIL.WMITask** and **Generic.JS.WMITask**.
These multi-stage malware strains can **steal saved credentials**, log keystrokes, download additional malicious components, and evade detection through various techniques.
The combination of **social engineering**, combined with urgent reward timers and the allure of easy mining, makes this campaign particularly treacherous for novice users unfamiliar with cryptocurrency security practices.
Broader Implications of Coordinated Crypto Scams
According to the report by Bitdefender, Baltariu also linked this Pi2Day scam to other fraudulent campaigns targeting platforms like **Binance** and **TradingView**.
These schemes share alarming commonalities: they exploit trust in reputable platforms, utilize deceptive Facebook ads, and deploy similar multi-stage malware strains.
This convergence of tactics strongly indicates a **single organized group** coordinating these efforts to maximize their reach and financial profits.
The exploitation of Meta’s **advertising ecosystem** as a primary attack vector highlights a significant vulnerability in how social media platforms can be weaponized, particularly during high-profile events like Pi2Day.
As cryptocurrency adoption surges, these scams underscore the urgent need for comprehensive **user education** on digital security and robust platform oversight to mitigate malicious advertising.
Find this News Interesting! Follow us on Google News, LinkedIn, and X for Instant Updates
