Search This Blog

Showing posts with label Crypto Scam. Show all posts

Indian Crypto Users Duped Of Rs 1,000 Crore By Fake Exchange

 

CloudSEK researchers have identified a new scam called CoinEgg, which duped Indian investors of more than $128 million (nearly Rs 1,000 crore). 

“We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the researchers explained in a blog post. 

The hackers designed several bogus domains mimicking crypto trading platforms, with the word ‘CloudEgg’ in them. “The sites are designed to replicate the official website’s dashboard and user experience,” the researchers stated, adding that the crypto scam is divided into seven phases. 

After creating the fake domains, the scammers design a female profile on social media to lure the potential victim and establish a friendship. This phony profile is used to entice the victim to invest in crypto and start trading. The profile also shares a $100 gift voucher, which will be deposited when they invest in specific crypto. 

Upon registering and depositing funds on the exchange, the hacker freezes their account to keep them from withdrawing the funds and disappears. If you think the scam ends here, you are mistaken. In the last phase of the scam, when the victims switch to other platforms to share their experience, the hacker uses other fake accounts to reach out to them and pose as if they are investigators.

“To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details via email. These details are then used to perpetrate other nefarious activities,” the researchers said.

The researchers also identified two domains used by the scammers. It was said that both were registered on GoDaddy on March 3, 2022, as part of the strategy to set up several backup domains in the case of a takedown.

Earlier this year in March, the Pune City police’s cybercrime cell detained two specialists — Pankaj Ghode (38) and Ravindranath Patil (45) and an ex-IPS officer of Jammu and Kashmir cadre, following an exhaustive probe that began in April 2021.

In 2018, Ghode and Patil aided a Pune police Special Investigations squad in uncovering two multimillion-dollar Bitcoin Ponzi schemes. The duo transferred the cryptocurrencies, recovered from the Gainbitcoin scam, and then manipulated the screenshots of those transactions and gave them to the police as proof. However, the technical investigation revealed that there were some bitcoins in the said wallet and Ghode did not give information regarding them to the investigating officer.

Users' Crypto Wallets are Stolen by Fake Binance NFT Mystery Box Bots

 

Researchers have discovered a new campaign to disperse the RedLine Stealer — a low-cost password seeker sold on underground forums — by mutating oneself with the data malware from GitHub repositories using a fake Binance NFT mystery box bots, an array of YouTube videos that take advantage of global interest in NFTs. 

The enticement is the promise of a bot that will automatically purchase Binance NFT Mystery Boxes as they become available. Binance mystery boxes are collections of non-fungible token (NFT) things for users to purchase in the hopes of receiving a one-of-a-kind or uncommon item at a discounted price. Some of the NFTs obtained in such boxes can be used in online blockchain games to add unusual cosmetics or identities. However, the bot is a hoax. According to Gustavo Palazolo, a malware analyst at Netskope Threat Labs, the video descriptions on the YouTube pages encourage victims to accidentally download RedLine Stealer from a GitHub link. 

In the NFT market, mystery boxes are popular because they provide individuals with the thrill of the unknown as well as the possibility of a large payout if they win a rare NFT. However, marketplaces such as Binance sell them in limited quantities, making some crates difficult to obtain before they sell out. 

"We found in this attempt that the attacker is also exploiting GitHub in the threat flow, to host the payloads," Palazolo said. "RedLine Stealer was already known for manipulating YouTube videos to proliferate through false themes," Palazolo said. The advertising was spotted by Netskope in April. "While RedLine Stealer is a low-cost malware, it has several capabilities that might do considerable harm to its victims, including the loss of sensitive data," Palazolo said. This is why prospective buyers frequently use "bots" to obtain them, and it is exactly this big trend that threat actors are attempting to exploit. 

The Ads were uploaded during March and April 2022, and each one includes a link to a GitHub repository that purports to host the bot but instead distributes RedLine. "BinanceNFT.bot v1.3.zip" is the name of the dropped file, which contains a program of a similar name, which is the cargo, a Visual C++ installation, and a README.txt file. Because RedLine is written in.NET, it demands the VC redistributable setup file to run, whereas the prose file contains the victim's installation instructions.

If the infected machine is found in any of the following countries, the virus does not run, according to Palazolo: Armenia, Azerbaijan,  Belarus,  Kazakhstan,  Kyrgyzstan,  Moldova,  Russia,  Tajikistan Ukraine, and Uzbekistan.

The repository's GitHub account, "NFTSupp," began work in March 2022, according to Palazolo. The same source also contains 15 zipped files including five different RedLine Stealer loaders. "While each of the five loaders we looked at is slightly different, they all unzip and inject RedLine Stealer in the same fashion, as we discussed earlier in this report. The oldest sample we identified was most likely created on March 11, 2022, and the newest sample was most likely compiled on April 7, 2022," he said. These promotions, on the other hand, use rebrand.ly URLs that lead to MediaFire downloads. This operation is also spreading password-stealing trojans, according to VirusTotal. 

RedLine is now available for $100 per month on a subscription basis to independent operators, and it allows for the theft of login passwords and cookies from browsers, content from chat apps, VPN keys, and cryptocurrency wallets. Keep in mind that the validity of platforms like YouTube and GitHub doesn't really inherently imply content reliability, as these sites' upload checks and moderation systems are inadequate.

Fake Crypto Giveaways Use Elon Musk Ark Invest Video to Steal Millions of Dollars

 

Using a “double your funding” scheme, threat actors once again are luring their victims with the promise of high Bitcoin profits. Millions of dollars have been stolen with the help of fake endorsements from the prominent faces of Elon Musk, Jack Dorsey, and Cathie Wood.

The unknown fraudsters made more than $1.3 million in just a few weeks after re-streaming an edited model of an old live panel dialogue on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” convention. 

Cybersecurity analysts from cybersecurity firm McAfee have published a report on this, in which they spotted 11 fraudulent websites linked to the videos. McAfee updated the report after it was published to say that the number of these websites had elevated to 26 in just 24 hours. 

“The YouTube streams promoted several websites with a similar theme. They claim to send cryptocurrencies at twice the value received. For example, if you send 1BTC, you will receive 2BTC back,” said McAfee. 

Additionally, researchers examined the crypto wallets associated with the sites to which the victims had to send their “investment”. For example, on May 5, there were trades worth $280,000. Total damage was estimated at $1.3 million. Numbered, but there are certainly a significant number of other victims.

Bleeping Computer also uncovered about 10 YouTube channels reposting the manipulated discussion. The title of just about all of them included the strings Tesla, Elon Musk, Ark Invest, or a mixture of them. Interestingly, a few of these channels selling a cryptocurrency rip-off website have massive followership, between 71,000 and 1.08 million subscribers. 

In the majority of cases, the number of subscribers for these channels seems to have been artificially blown so as to add credibility to the videos promoting the scam, since they haven’t any different content material out there. 

Previously, fraudsters used different movies associated with Elon Musk, together with SpaceX launches or Tesla movies, to efficiently promote pretend giveaways and earn hundreds of thousands of dollars.

In 2020, Brad Garlinghouse, CEO of financial tech firm Ripple filed a lawsuit against YouTube for failing to remove fake videos featuring his name. Last March, he ended up settling with the tech giant. YouTube claimed that it wasn’t responsible for the content third parties published on its platform.

 Ferrari Subdomain was Seized over to Promote a Bogus Ferrari NFT Collection

 

Cyberattackers hacked Ferrari's subdomains website to promote a fake NFT collection that pretended to be the much-anticipated official one and duped its consumers. 

Non-fungible tokens, or NFTs, are a new sort of digital asset that has been gaining popularity as big tech constructs the Metaverse. NFT is data recorded on a cryptocurrency blockchain that has been signed by a digital certificate to verify it is unique and cannot be copied. Having an NFT is similar to having a real asset, except the real deal is digital. The NFT trend is quickly spreading and is closely tied to cryptocurrency. It's also expanding rapidly. To mention a few, One Plus, Budweiser, Nike, Visa, Adidas, and Louis Vuitton have all entered the NFT realm. NFTs usually sell for a few dollars, however, in rare situations, the price of NFTs can surge. 

Sam Curry, an ethical hacker and bug bounty hunter, reported seeing one of Ferrari's subdomain forms on Thursday. A false NFT (Non-Fungible Token) fraud is hosted on ferrari.com.

Having a brand new Ferrari is exclusive for the wealthy, with prices ranging from $250,000.00 to 1.8 million dollars. Last year Ferrari announced it might soon sell digital Ferrari NFTs to appease its fan base, which made this scam all very convincing. 

Ferrari and Velas Network AG have established a new relationship. Velas stated that they would break into Formula 1 in 2022 alongside Ferrari. Internationally, the company is noted for its transparency and leadership in blockchain, digital products, and services. 

"Mint your Ferrari," a crypto scam, encouraged users to buy NFT tokens by falsely claiming Ferrari had launched "a collection of 4,458 horsepower [sic] NFTs on the Ethereum network." 

Further analysis by Curry and a security engineer is known as d0nut found how attackers hacked the subdomain and used an Adobe Experience Manager weakness to host its bitcoin fraud.

"After more investigation, it appears that this was an Adobe Experience Manager exploit. By poking around, you can still uncover remains of the unpatched site," Curry wrote.

Many people have criticized blockchains for conducting crypto trading and NFT services because of it's large energy consumption and environmental impact. Ferrari picked Velas for more than just the speed. The company operates in a carbon-neutral manner. Ferrari while announcing the big news claimed that "they have transformed the world of blockchain by inventing a pioneering, energy-efficient platform that functions at unprecedented speed."

Cybercriminal Steals $13 Million In DEUS Finance Exploit

 

The decentralized derivatives protocol based on Fantom, DEUS Finance suffered a flash loan attack on Thursday, with the attacker making off with about $13.4 million. 

According to on-chain data, the anonymous hacker carried out the assault using a flash loan at around 2:40 AM UTC. Flash loan assaults involve attackers borrowing funds with a requirement that the borrowed sum be returned in the same transaction. These are made possible with smart contracts. While flash loans are meant for arbitrage trading and enhancing capital efficiency, attackers have abused them to manipulate DeFi price data feeds — known as oracles — and carry out attacks. 

The Deus hacker took a flash loan to manipulate the price oracle within one of its liquidity pools on Fantom, involving a token called DEI paired against the USDC stablecoin, security analysts at PeckShield explained in a post. The flash-loan assisted manipulation surged DEI's price and the inflated value was then used as collateral to borrow additional capital, within the same flash loan transaction.

This additional borrowed capital was sold for USDC stablecoin, after which the hacker repaid the flash loan — netting about $13.4 million. The perpetrator then transferred the exploited funds from Fantom to Ethereum, where they routed them via Tornado Cash, a mixing protocol used to obfuscate Ethereum transactions. This wasn't the first security incident for Deus Finance. 

Last month, the protocol lost $3 million to a flash loan exploit. The community was disappointed that the protocol had been hacked again in the same way. While the community waits for an official reaction, calls have been made to Circle to freeze the $USDC implicated in the incident. Flash loan attacks have become one of the most popular ways hackers target DeFi platforms. 

Earlier this month, hackers stole $11.2 million worth of Binance Coin from the DeFi platform Elephant Money. Cream Finance was hit with three different flash loan attacks in 2021, costing the DeFi platform $130 million in October, $37 million in February, and another $29 million in August. 

Last year, hackers stole at least $2.2 billion from DeFi protocols, Blockchain analysis firm Chainalysis said. Earlier this year in March, the Ronin Network announced that hackers stole more than $500 million worth of cryptocurrency, making it one of the largest attacks ever.

Pune Police Recover Over Rs. 84 Crore Worth of Bitcoins From Two Cyber Experts

 

The Pune city Police have traced 237 bitcoins taken by two cyber specialists who were arrested for committing a multicrore cryptocurrency seizure fraud while assisting the cops in two cases in 2018.

Last month on March 12, the Pune City police’s cybercrime cell detained two specialists — Pankaj Ghode (38) and Ravindranath Patil (45) and an ex-IPS officer of Jammu and Kashmir cadre, following an exhaustive probe that began in April 2021. 

In 2018, Ghode and Patil aided a Pune police Special Investigations squad in uncovering two multimillion-dollar bitcoin ponzi schemes. The duo transferred the cryptocurrencies, recovered from the Gainbitcoin scam, and then manipulated the screenshots of those transactions and gave them to the police as proof. However, the technical investigation revealed that there were some bitcoins in the said wallet and Ghode did not give information regarding them to the investigating officer. 

Two FIRs were lodged at Dattawadi and Nigdi police stations against the duo for probing the fraud, under sections 406, 409, 420, 120 b, 109, 201 of the IPC and sections of the Maharashtra Protection of Interest of Depositors (MPID) Act. 

From the 17 persons arrested in the 2018 case, the Pune Police, had, with the assistance of Ghode and Patil, seized 241.46 Bitcoins, 452 Bitcoin cash units, and 94 Ethereum units. As of Thursday, 14:00 IST, Bitcoin was trading at 35,76,630, according to CoinMarketCap data, which means the recovered bitcoins are worth 84,88,88,259.00 as per recent exchange rates. 

“We have been able to trace as many 237 bitcoins to the wallets linked to Patil, equivalent to worth over Rs 84 crore. Prima facie, this chunk of cryptocurrency is from what was seized from the accused in the 2018 cases. The probe suggests that Patil was also involved in crypto trading. To date, we have seized Rs 6 crore worth of cryptocurrencies, such as Ethereum, Ripple, and four others. We are also probing a discrepancy of 900 bitcoins — equivalent to over Rs 320 crore today — in the reports submitted by Ghode at the time of the 2018 investigation,” an official who is part of the present investigation team stated.

One arrested in ₹1,200-Crore Crypto Fraud Case, 900 Investors Scammed

 

The Enforcement Directorate announced on Tuesday that it had arrested a suspect in connection with a money-laundering investigation into a Kerala-based businessman who is suspected of scamming more than 900 investors out of Rs 1,200 crore in exchange for bitcoin. 

Abdul Gafoor, one of the most prominent stockists of the 'Morris Coin Cryptocurrency,' was arrested on March 24, according to the source. The next day, he was taken into prison by the Enforcement Directorate (ED) and held until March 31. Mr Gafoor was accused of not complying with the investigation and of being extremely evasive in his responses, according to the federal investigation agency. 

The agency stated, "Considering the fact that Abdul Gafoor is one of the directors of Stoxglobal Brokers Pvt. Ltd. and has played an active role in facilitating the placement and layering of proceeds of crime, he has been placed under arrest on March 24," 

The ED case arose from an FIR filed by the Kerala Police (Malappuram crime branch unit) against the case's main accused, businessman Nishad K. The agency alleged Nishad K "cheated several investors by accepting investments, under a Ponzi scheme, through his three Bengaluru based firms-- Long Reach Global, Long Reach Technologies and Morris Trading by offering high returns of dividend such as 3-5 per cent per day." 

According to the police complaint, "more than 900 investors were cheated to the tune of ₹ 1,200 crore." The investigation discovered that "Nishad, the main accused person, had appointed those persons as pin stockists who had invested a minimum of ₹ 10 lakh in Nishad's scheme and Nishad promised them that he would give five per cent as commission on the investment.” 

The ED stated, "They made aggressive enrolment of new members into an illegal money circulation scheme under the garb of multi-level marketing, resorted to the fraudulent practice of investing the money received from the investors in the Morris Coin cryptocurrency plan run by Nishad and others". 

It alleged that this resulted in the viral growth of the scheme network, resulting in significant unjust gain at the cost of investors. It had previously stated that the deposits taken from the general public were illegal and did not require any regulatory approval. It had attached Nishad K's assets worth ₹ 36.72 crore, as well as those of his colleagues, including the Indian Rupee equivalent of cryptocurrencies purchased with proceeds of crime by a close associate, in January.