Google Ads Used in $4M Crypto Phishing Scam

A recent study by ScamSniffer, a Web3 anti-scam service provider, has revealed that scammers have stolen over $4 million in cryptocurrency from unsuspecting users through phishing websites promoted on Google Ads. The fraudulent websites prompt wallet login signature requests that compromise users’ addresses, and have specifically targeted decentralized finance protocols, websites, and brands, including Zapper.fi, Lido, Stargate, DefiLlama, Orbiter Finance, and Radiant.

The phishing websites use slight variations to official URLs, making it challenging for users to identify that they’ve clicked on malicious links. Analysis of metadata from some of the phishing websites shows that they are linked to advertisers in Ukraine and Canada, who employ several methods to bypass Google’s ad review process. This includes manipulating the Google Click ID parameter, allowing the attackers to show a normal webpage during Google’s ad review. Other malicious adverts use anti-debugging methods to redirect users with developer tools enabled to a normal website, while a direct click takes users to the malicious website. These tactics allow scammers to bypass some of Google Ads’ machine reviews.

On-chain data analysis from addresses linked to malicious websites advertised on Google from ScamSniffer’s database suggests that $4.16 million has been stolen from over 3,000 users in the past month. The anti-scam service provider followed on-chain flows of funds to various exchange and mixing services, including SimpleSwap, Tornado Cash, KuCoin, and Binance.

ScamSniffer also suggests that promoting crypto-related phishing websites is a lucrative business. The average cost per click for associated keywords is between $1 to $2, estimating a conversion rate of 40% from 7,500 users clicking on malicious adverts, scammers have spent around $15,000 on advertising which provided a return on their malevolent investments of 276%, given the $4 million stolen to date.

This news comes as Russian cybersecurity and anti-virus provider Kaspersky highlights a significant increase in crypto-related phishing attacks through 2022, with over 5 million phishing attacks identified last year, up 40% year on year.

It is essential for users to be vigilant and take precautions to protect their cryptocurrency. Users should avoid clicking on suspicious links, ensure their devices have up-to-date anti-virus software, use two-factor authentication (2FA) wherever possible, and use a reputable wallet with secure features.

Source

Tagged : / / / / /

Fake Arbitrum Airdrop Scam Circulated on Discord

The blockchain security company CetriK issued a warning on March 25 about a phishing link that was being spread via the official Discord server of Arbitrum, which is a prominent cryptocurrency platform. According to the sources, it was believed that the link was disseminated via the stolen Discord account of one of the developers working on the Arbitrum project.

In the phishing communication, an option to re-claim an extra share in Arbitrum DAO Governance was presented, with the justification that there had been problems with the first token claim campaign. On the other hand, the accompanying URL had a misspelling of Arbitrum as “Arbtirum,” which is a frequent kind of deceit employed in phishing assaults.

If an unwary victim were to click on the phishing link, they would be sent to a false website where they would be prompted to input sensitive information such as the private key to their digital wallet. Investors run the danger of having their bitcoin assets stolen by con artists as a result of this.

Investors have been cautioned to refrain from engaging with the bogus statement until Arbitrum gives more information on the matter. Since cybercriminals are continuing to capitalize on the excitement around cryptocurrencies, it is vital for investors to maintain a heightened vigilance and be wary of deceptive promises and claims that are unrealistic.

In a separate but related piece of news, it was revealed that two airdrop hunters had successfully obtained nearly $3.3 million worth of Goods, demonstrating the tremendous benefits that may come from successfully participating in airdrops. While taking part in airdrops or any other activity linked to cryptocurrencies, however, it is essential for investors to do enough research and be vigilant against the possibility of falling victim to a hoax.

In general, the event serves as a useful reminder of how important it is to exercise extreme caution and vigilance whenever one engages in activities that are associated to cryptocurrencies. Since con artists are likely to use more sophisticated strategies as the business continues to get more attention, it is crucial for investors to stay knowledgeable and attentive at all times.

Source

Tagged : / / / / /

Scammers Put Gate.io users at Risk as Exchange’s Twitter Account Gets Hacked

Gate.io hacked Twitter account appears to be promoting a fake giveaway of 500,000 USDT, putting users at risk of losing funds.

Gate2.jpg

A hacker from unknown origin has taken over crypto exchange Gate.io’s Twitter account, putting the exchange users of over 1 million at risk of wallet drainage to the ongoing fraudulent 500,000 USDT giveaway. 

The hacker replaced the website URL in the exchange’s Twitter account from the initial Gate.io to a fake one, gate.com (https://xn--gte-ipa.com/), impersonating the exchange.

The fake website was seen promoting a phony giveaway of 500,000 USDT, asking users to connect their wallets (such as MetaMask) to claim the rewards. Once a user bulges and connects their wallet to the scammer’s fake website, the hacker gains access to the existing funds in their wallet and eventually drains their assets. 

PeckShield, a notable Blockchain investigator, also confirmed this hack and warned users about the fake website. 

Notably, Gate.io has now recovered its Twitter account, as it appears the original website is now back on the company’s page. 

Hacking major Twitter accounts in the industry to scam fans or users is not a new thing. Last year, Blockchain.News reported that Graham Ivan Clark, the teenage hacker who took over popular Twitter accounts in 2020 and used them to scam users out of Bitcoin, was found guilty in a Florida court.

Clark hacked into verified Twitter accounts belonging to prominent figures like US President Joe Biden, former President Barack Obama, Amazon founder Jeff Bezos, Tesla CEO Elon Musk, Uber, socialite Kim Kardashian, and other personalities. He was then able to tweet out messages asking for followers to send Bitcoin.

While hacks like this could continue to surface, the United States Federal Bureau of Investigation (FBI) has recently warned that individuals should verify the validity of any investment opportunity and be on the lookout for misspelled URLs as well as domain names impersonating financial institutions, especially cryptocurrency exchanges.

Image source: Shutterstock

Source

Tagged : / / / /

Fiji Officials Warns Residents of Cryptocurrency Scams

The Fiji Financial Intelligence Unit (FIU) has issued a warning to the members of the public concerning a scam that is being publicized in the country.

Fiji2.jpg

According to Razim Buksh, the FIU Director, the cryptocurrency scam running in the country is asking prospective investors to inject funds into Bitcoin. These schemes are advertised on Viber alongside a government agency’s logo and official.

“These advertisements are fake,” FIU director Razim Buksh said. “The fake advertisements state that individuals in Fiji can purchase bitcoin, foreign exchange, and binary trading using their mobile money wallets or bank transfers. The advertisement provides two phone numbers for further enquiries. A local number and a foreign number.”

Razim said there is no Virtual Asset Service Provider (VASP) that is legally approved to operate in the country, and that the only legal tender in the nation is the fiat note issued by the Fiji Reserve Bank. That attempt to conduct transactions outside of the approved brokers will be considered a violation of the Exchange Control Act. 

The FIU advised all residents to be watchful of investment offers and provided a list of things that constitutes a red flag that should be watched out for before pitching tents with any acclaimed investment service provider.

As noted by the Fiji Times report, the red flags include but are not limited to “Use of the existing marketing material of government agencies or reputable entities. These are usually fake; You are asked to deposit funds into different accounts held in the names of an individual as opposed to a business or a reputable financial institution; grammatical errors often depict the works of non-professionals.”

Scams are commonplace in the crypto world, and investors have continued to lose billions of dollars on an annualized basis to these fraudulent investment offerings. Scams are not peculiar to a particular country, and authorities are known to always issue warnings such as this one sent out by the Fiji regulator.

Image source: Shutterstock

Source

Tagged : / / / /

British Army Recovers Twitter & YouTube Accounts following Crypto Scam Hack

The British Army became the latest culprit of crypto scams engulfing the market after hackers breached its YouTube and Twitter accounts on July 3. 

Despite regaining control, the army’s accounts were used to post non-fungible tokens (NFTs) and cryptocurrencies after being briefly hacked. The British Army tweeted:

“Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume.”

Following the breach, various NFT posts were made on the British Army’s Twitter feed, which had been renamed Bapesclan. 

On the other hand, the hackers changed the army’s YouTube account to Ark Invest and shared crypto videos. 

With 177,000 subscribers on YouTube and 362,000 followers on Twitter, the hackers wanted to capitalize on the army’s large following, but their plans were thwarted, and investigations are underway.

The Ministry of Defence stated:

“The breach of the Army’s Twitter and YouTube accounts that occurred earlier today has been resolved and an investigation is underway. The Army takes information security extremely seriously and until their investigation is complete it would be inappropriate to comment further.”

In 2020, Twitter went haywire after news of a Bitcoin scam hack targeting multiple high-profile figures such as Bill Gates, Elon Musk, Joe Biden, and Jeff Bezos broke out. 

It was later established that Graham Ivan Clark was the teenage hacker behind the Twitter hack after he pleaded guilty in a Florida court, Blockchain.News reported. 

Despite the percentage of crypto transaction volumes used for crime reduction, more needs to be done to stem scams in this sector, given that hacking is becoming rampant. 

Image source: Shutterstock

Source

Tagged : / / / / / / / / / /

BitConnect Founder Charged with Orchestrating Global Crypto Ponzi Scheme Worth $2.4B

A U.S. grand jury indicted Satish Kumbhani, the founder of BitConnect, orchestrating a fraud scheme that siphoned approximately $2.4 billion from investors, according to the Department of Justice.  

The 36-year-old from Hemal, India, with his co-conspirators, deceived investors’ money to gain substantial profits by taking advantage of the volatility of crypto exchange markets through BitConnect’s “Lending Program.” 

Hemal convinced investors that the program was powered by a cutting-edge technology called the “BitConnect Trading Bot” and “Volatility Software.”

In reality, according to the indictment, it was a well-orchestrated textbook Ponzi scheme where earlier BitConnect investors were paid using money from later investors.

Before going underground in 2018, the cryptocurrency scam had hit a peak market capitalization of $3.4 billion, and this was attained through the manipulation of its digital currency called BitConnect Coin (BCC).

Despite being large, Kumbhani was charged with various counts, such as operating an unlicensed money transmitting business and conspiracy to commit wire fraud and international money laundering. If convicted, he could be incarcerated for a maximum of 70 years. 

Eric Smith, a special agent in charge of the FBI’s Cleveland Field Office, noted:

“Today’s indictment reiterates the FBI’s commitment to identifying and addressing bad actors defrauding investors and sullying the ability of legitimate entrepreneurs to innovate within the emergent cryptocurrency space.” 

Ryan Korner, a special agent in charge of the IRS Criminal Investigation’s office in Los Angeles, added:

“As cryptocurrency gains popularity and attracts investors worldwide, alleged fraudsters like Kumbhani are utilizing increasingly complex schemes to defraud investors, oftentimes stealing millions of dollars.”

Kumbhani’s indictment comes months after crypto worth $57 million was seized from Glenn Arcaro, a top American-based BitConnect promoter. Victims were to benefit from the liquidation of the crypto assets after a court gave the go-ahead. 

Image source: Shutterstock

Source

Tagged : / / / / / /

Chinese Police Arrests Masterminds, Seizes $8.46M in Crypto Connected to Online Pyramid Scheme

Chinese police officers, specifically those operating from the Pingchuan Branch of the Public Security Bureau of Baiyin City, Gansu Province have cracked a case involving a pyramid scheme that was built around the XRP digital currency.

CHIN2.jpg

As reported by the Xinhua news agency, the case features as many as 7 suspects, and investigation into the fraudulent scheme began as far back as March 2021.

Unlike the famous pyramid schemes that operate through a known website, the “Ripple UnionPay Community,” as it was called, was designed and operated through a customized mobile application. As the investigations revealed, the application was created by a software company that is based out of town. 

The masterminds of the scheme were identified as Wang and Zhang, and the promise of the pyramid scheme was that the Ripple UnionPay Community app was capable of utilizing “node dividends, community promotion awards, community operation awards, performance awards, etc. to obtain high returns.” 

In order to participate in this scheme so as to benefit from the rewards promised, interested investors will have to download the mobile app and subscribe using Ripple Coins. Thanks to the targeted raid, the police have recovered some hardware items and have been able to confiscate a total of $8.46 million in Ripple Coins. The organization is poised to be dismantled after garnering as many as 47,000 members spread across about 30 provinces.

The pyramid scheme is just a variant of prominent crimes that are being perpetrated using digital currencies. The supposed invincibility of digital currencies is one of the reasons why fraudsters have chosen to always commit their crimes through these nascent asset classes. However, trends thus far have shown that this belief is erroneous, as most crimes featuring digital currencies have a track record of being busted by authorities. 

One of the successful products of targeted investigations into cybercrimes is the arrest of Ransomware masterminds in Ukraine as reported by Blockchain.News back in 2021.

Image source: Shutterstock

Source

Tagged : / / / /

VC Paul Graham Comes in Support After Gaming Marketplace Called NFTs Scam

The latest prominent name to jump in favor of the non-fungible token (NFT) sector is none other than the American computer scientist and venture capitalist Paul Graham.

VC Defends NFT Sector

In his latest tweet, Graham highlighted the viability of NFTs and noted that these tokens can be used for various purposes. He also added that dismissing the entire sector will be “inviting history to make a fool of you.” The VC asserted that even if most NFT use cases are “bogus,” he would not paint all of them with the same brush.

“Even if I were sure that most current uses of NFTs were bogus, I’d never dare to say that all possible uses were.”

This isn’t the first time Graham has come in support of the industry. In May 2021, he detailed an NFT launched by a non-profit called Noora Health. Graham mentioned earlier that even though NFTs are new territory, he was excited about its potential.

Paul_Graham
Paul Graham. Source: Flickr

“NFTs Are A Scam” – Itch.io

Not everyone is a fan of the NFT space. Interestingly, Graham’s latest comments come at a time when Itch.io, which happens to be an open indie game marketplace, declared that non-fungible tokens are a scam.

While tweeting about its stance on the sector, the platform said people should “reevaluate their life choices” if they believe that NFTs are legitimately useful for anything except for “exploitation of creators, financial scams, and the destruction of the planet.”

ADVERTISEMENT



Itch.io also lashed out on NFT companies and argued that they only care about generating profits and the opportunity for wealth above everything else.

Despite being one of the biggest stories of 2021, the emerging asset class has also witnessed scammers seeping in after detecting loopholes. According to the latest report by the crypto analytic company, Chainalysis, wash trading to artificially inflate the value of NFTs is rampant.

The NFT sellers reportedly mislead the asset’s real value and liquidity by being on both sides of the trade. Chainalysis also found that most NFT wash trades weren’t successful. However, the successful ones made away with immense profits. It also noted that money laundering through the purchase of NFTs is yet another cause of concern for the market participants.

Featured Image Courtesy of CNBC

SPECIAL OFFER (Sponsored)


Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to get 25% off trading fees.

You Might Also Like:







Source

Tagged : / / / / /

Scam alert! Binance CEO warns users of massive SMS phishing scam

Binance CEO Changpeng Zhao has alerted the crypto community against a ‘massive’ SMS phishing scam targeting Binance customers.

On Friday, CZ tweeted alerting users of a phishing scam campaign directed at Binance users through SMS.

As per the screenshot shared by CZ, the scam involves sending users a text message with a link to cancel withdrawals, leading users to a fake website designed to harvest their login credentials.

The CEO has warned its users not to click on any links from SMS messages and advised them to always type the URL for the exchange into their browsers manually.

Several cases of hacking and phishing have emerged so far in 2022, with some platforms suffering significant losses as a result of these attacks.

Related: Hodlers beware! New malware targets MetaMask and 40 other crypto wallets

As reported by Cointelegraph, the Wormhole token bridge was subject to a security vulnerability on Wednesday, resulting in the loss of 120,000 Wrapped Ether (wETH) tokens ($321 million) from the platform. On Jan. 17th, $33.8 million in crypto assets were stolen from Crypto.com following a security breach.

Users of digital currencies have also been advised against a new malware that targets browser plugin wallets such as MetaMask and Coinbase Wallet.