DeFi rug pull surge reveals more complex crypto scam strategies

December 12, 2024 Coin Telegraph

DEA gets duped: Agency loses $55K in address poisoning scam

August 25, 2023 Coin Telegraph

DEA gets duped: Agency loses K in address poisoning scam

$50K

The DEA, the country's lead drug enforcement agency, is yet to find those responsible for the attack but has enlisted the help of the FBI.

The United States Drug Enforcement Administration (DEA) — the agency tasked with enforcing the country’s drug laws — lost $55,000 in seized Tether (USDT) earlier this year at the hands of a scammer.

Forbes reported on Aug. 24 that in May, the agency seized over $500,000 worth of USDT from two Binance accounts it suspected of laundering money from drug sales as part of a multi-year investigation.

The funds were put in DEA-controlled Trezor crypto wallets and stored securely, according to a search warrant seen by Forbes. As part of standard forfeiture processing the DEA sent a test amount of just over $45 worth of USDT to the U.S. Marshals Service.

An on-chain sleuth picked up on the transaction and then quickly set up a crypto wallet with the same first five and last four characters of the Marshals account — a scam tactic known as “address poisoning.”

The scammer airdropped a token to the DEA’s wallet so that the spoofed address will appear as a recent transaction, and thus tricking the owner into accidentally transferring funds to the wrong address.

I almost got hit by an address poisoning scam.

Sent a second tx to someone just after the first, and was lazy and just copy pasted his address from my transaction history.

Yup, copy pasted the poison tx address.

Just before confirming, @Rabby_io informed me that I had never… pic.twitter.com/XlHPTs8PZy
— N̴̡̩̠̻̩͜͝a̴͍͙̫̹̅u̶̼̠̭͐̂͘h̷͇̻̭̚c̴͉͈̎̂̅͗̉̈́̆͑̍̀ (@nauhcner) April 18, 2023

The tactic worked against the DEA agent, who sent over $55,000 to the scammer.

By the time the Marshals noticed and alerted the DEA who in turn asked Tether to freeze the funds it was too late.

The USDT had already been swapped for Ether (ETH) and Bitcoin (BTC) and then shifted to different crypto wallets.

The DEA alongside the FBI is investigating the incident and is yet to find whose behind the attack. All they’ve found so far are two Binance accounts that paid for the attacker wallet gas fees which used two Gmail email addresses to sign up.

It's hoped Google has some information that can be used to nab the owner of the Gmail accounts.

The DEA did not immediately respond to a request for comment.

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story

Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

January 30, 2023 Coin Telegraph

blockchain messaging

The scammer referred to their pseudonym during a blockchain message argument which may have revealed their actual identity, according to CertiK.

Blockchain security firm CertiK believes to have found the real identity of at least one scammer allegedly linked tothe “Monkey Drainer” phishing scam.

Monkey Drainer is the pseudonym for a phishing scammer(s) that uses smart contracts to steal NFTs through a process known as "ice phishing."

The individual or persons behind the phishing scam have stolen millions worth of Ether (ETH) via malicious copycat nonfungible token (NFT) minting websites to date.

In a Jan. 27 blog, CertiK said it found on-chain messages between two scammers involved in a recent $4.3 million Porsche NFT phishing scam and was able to link one of them to a Telegram account involved in selling the Monkey Drainer-style phishing kit.

Exposing Scammers

CertiK investigators uncovered two scammers, Zentoh and Kai, behind the Monkey Drainer kit

This kit is sold to prospective scammers who are looking to steal user funds using Ice Phishing

Who was involved and how? Let's see
— CertiK (@CertiK) January 28, 2023

One message revealed a person referring to themself as “Zentoh” and referred to the person who stole the funds as “Kai.”

Zentoh was seemingly upset at Kai for not sending over a slice of the stolen funds. The message from Zentoh directs Kai to deposit the ill-gotten gains “at our address.”

*An on-chain message from a person referring to themselves as “Zentoh,” upset they didn’t receive a portion of phished funds from a person they address as “Kai.” Image:* *CertiK*

CertiK deduced the joint wallet was the address that received the $4.3 million in stolen crypto. The firm added there is a “direct link” between the joint wallet and “some of the most prominent Monkey Drainer scammer wallets.”

*The wallet address tied to Zentoh is in turn tied to numerous addresses linked to the Monkey Drainer scam. Image:* *CertiK*

Zentoh revealed in another message the pair used Telegram to communicate. CertiK found an exact match for the pseudonym on the messaging app and identified it “to be running a Telegram group that sells phishing kits to scammers.”

The company found numerous other online accounts possibly linked to Zentoh, including one on GitHub that posted repositories for crypto drainer tools.

If the links between the accounts are legitimate, it reveals the identity of a French national living in Russia.

Cointelegraph reviewed accounts potentially related to the person and found public accounts that seemed to be interested in cryptocurrencies. Cointelegraph contacted the person but did not immediately receive a response.

Cointelegraph will not publish the name of the person due to privacy concerns.

Crypto wallet-draining phishing scams have unfortunately been used to great effect recently.

The co-founder of the Moonbirds NFT collection, Kevin Rose, fell victim to such a scam that lead to over $1.1 million worth of his personal NFTs being stolen.

The crypto wallet of the influencer known on Twitter as “NFT God” suffered a similar fate after they downloaded malicious software from a Google Ad search result, with ETH and high-priced NFTs pilfered from the wallet.

Robocallers have upped their scam game and they’re after your crypto

December 27, 2022 Coin Telegraph

Coin Telegraph

Sophisticated malicious outfits are keeping up with current trends, turning their sights on crypto users following the bankruptcy of FTX.

Professional scam organizations are targeting cryptocurrency users following the collapse of FTX, initiating millions of automated calls and text messages in an attempt to swindle information and funds.

Clayton LiaBraaten, senior executive adviser at Truecaller — an app that helps identify scam callers and messages — spoke to Cointelegraph, scammers often closely follow crypto news to better prey on their victims:

“Fraudsters love volatility and current events. Anytime they can try to surf the contours of something very disruptive in the marketplace they have a great deal of success.”

LiaBraaten said that Truecaller also saw an increase in scam communications relating to Bitcoin (BTC) and other cryptocurrencies when the market started to become volatile earlier in 2022.

He added “agents” ultimately looking to steal funds launch millions of automated “robocalls“ and texts trying to latch onto people's “fear, curiosity, and sometimes generosity.”

Phone numbers can be obtained in a variety of ways, including through data breaches that have leaked millions of numbers, or vitools that scrape social media platforms for information.

An imposter scam is most commonly seen by Truecaller, where a malicious actor will pretend to represent a support desk or similar entity from a major crypto exchange or business. Scammers will also publish their phone numbers on fake imitation websites, attempting to legitimize themselves.

Younger adults are more often targeted by fraudsters as “there’s so much information available about them because they put so much out there on social media,” according to LiaBraaten.

“They use the same handle for their Bitcoin forum as they do their TikTok and across all these social media platforms [...] It's very easy to build a data graph on these individuals and then begin targeting them. There's just so much material to social engineer against with the younger generations.”

The abundance of information people put online allows scammers to send messages or calls that are in context to their intended targets, maki the malicious communications more convincing.

“They're great psychologists and social engineers so they will try as hard as they can to bring something contextually relevant,” LiaBraaten said.

The initial call or text isn’t necessarily going to result in financial fraud LiaBraaten says, with agents first attempting to acquire or confirm information about their target in a bid to create trust.

“They’re building more and more details about the persona and when they gather enough information, then yes, they're going to try to access your crypto wallet.”

“There's a lot of folks who don't really understand cryptocurrency,” LiaBraaten said. “They go after vulnerable people, so it's unlikely that very savvy cryptocurrency aficionados are going to fall prey to this, because they're pretty sharp about what they're doing and very guarded.”

Regardless of a person’s ability to detect a scam, he said anyone who calls or messages asking for personal information or passwords should not be engaged with and only official channels should be used.

“One of the worst things that you can do is stay on the phone with these guys because it is their mission to relieve you of your cryptocurrency. It just takes a vulnerable moment, one minute of second-guessing yourself, and then they're off to the races.”

In February, Binance CEO Changpeng “CZ” Zhao raised the alarm over a “massive” SMS phishing scam targeting Binance customers.

The scam involved sending users a text message with a link to cancel withdrawals, leading users to a fake website designed to harvest their login credentials.

‘Do not delay’ — ASIC warns Aussies to look for 10 signs of a crypto scam

November 8, 2022 Coin Telegraph

Australia Competition and Consumer Commission

The list comes out as part of Australia’s 2022 Scams Awareness Week.

Australia’s market regulator has released a list of the “top-10 ways to spot a crypto scam,” amid a detected rise in crypto-related investment scams this year.

The Australian Securities and Investment Commission’s (ASIC) public advisory statement was published as part of Scams Awareness Week 2022, an initiative that teaches Australians how to identify all forms of scams. The campaign takes place between Nov. 7 to 11.

ASIC said that Australians had already lost more through “investment scams” in 2022 than the total $701 million figure in 2021, while ASIC Deputy Chair Sarah Court attributed cryptocurrencies to the steep incline in investment scams over the last two to three years:

“The main driver of the increase was cryptocurrency investment scams, where losses increased by 270%. The ACCC have advised that losses to crypto scams have increased further in 2022.”

“Given this concerning trend, we want to arm Australians with the information they need to protect themselves from scammers,” she added.

As part of the advisory, ASIC stated that cryptocurrency scams fall into three categories. The first relates to scams where the victim believes to be investing in a legitimate asset. However, the crypto app, exchange, or website turns out to be fake.

The second scam involves fake crypto tokens used to facilitate money laundering activities, while the third type of scam involves the use of cryptocurrency to make fraudulent payments.

ASIC says top signs of a crypto scam include “receiving an offer out of the blue,” “fake celebrity advertisements” and being asked by a “romantic partner you only know on-line” to send money in crypto.

Other red flags include being asked to pay for financial services in crypto, being asked to pay more money to access funds, withholding investment earnings “for tax purposes” or being offered “free money” or “guaranteed” investment returns.

The markets regulator also said it was common for scammers to pressure victims into transferring crypto to their website. To prevent this issue, ASIC also advised crypto investors not to use web apps that aren’t listed on Apple Store or Google Play.

Other things to look out for is if “strange tokens appear in your digital wallet,” said ASIC.

If scammed, Court strongly advised victims not “to send any more money” to the scammer and to “block all contact” from them if their identity is known:

“Do not delay. Contact your bank or financial institution immediately to report the scam. Ask them to stop any transactions. Also, warn your family and friends so they can watch out for potential follow-up scams.”

A Nov. 7 report from the Australian Competition & Consumer Commission (ACCC) predicted Australian-targeted scam losses will reach $4 billion Australian dollars by the end of 2022.

The ACCC has received $10 million in seed funding as part of its budget to build a National Anti-Scam Center to support the community in its fight against cybercriminals, which was confirmed by Financial Services Minister Stephen Jones on Nov. 7.

David Koch, the host of the Australian breakfast show Sunrise, has called for the ACCC to demand more accountability on social media platforms like Facebook, Instagram and LinkedIn over the scam-like content that can be found on its platforms.

3 ways scammers will try to fool you over Ethereum’s Merge

September 14, 2022 Coin Telegraph

Coin Telegraph

Besides fake ETH 2.0 tokens and malicious token airdrops, crypto users should also be on the lookout for staking pools offering attractive staking yields.

Scammers are likely to use excitement around the Ethereum Merge to launch new scams aimed at newbie crypto users, PolySwam CEO Steve Bassi has warned.

The Ethereum Merge is expected to take place within the next 24 hours.

Speaking to Cointelegraph, Steve Bassi, founder, and CEO of PolySwarm said these scams could come in the form of fake ETH 2.0 tokens, fraudulent mining pools, and fake airdrops.

PolySwam is a decentralized cybersecurity marketplace that connects cybersecurity experts to projects and companies through the use of bounties.

Fraudulent staking pools

The Ethereum upgrade marks the transition from the current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS).

Bassi said that for many Ether (ETH) holders, joining a staking pool will be their only way of reaping yield from staking rewards if they don’t have the 32 ETH required to become an independent validator.

“Staking is a pretty new concept for most of the crypto community and unless you’ve got 32 ETH lying around you’re going to have to join one of the staking pools to make a yield off your ETH.”

Bassi however warned that pooled staking providers “carry their own risk” as it often requires users to deposit and give up control of their ETH.

Bassi said that upstart staking providers, which “may offer very attractive terms” could perform “sudden rug pulls” that would affect those participating in the pool.

“This risk exists today with DeFi platforms/pools and tokens, but the Merge will give scammers a new character universe to work with.”

Upgrade scam

One of the more imminent threats involves scammers attempting to trick users into signing fraudulent transactions or parting with their private keys under the guise of migrating to the new Ethereum chain.

Bassi reiterated that the upgrade to proof-of-stake should be transparent, and a user should not need to do anything to migrate or preserve their ETH-based tokens, noting:

“We’ll likely see scammers try to get users to sign fraudulent transactions and/or leak private keys based on some false pretense that the user needs to do something to migrate chains.”

Fake airdrops

Another likely attack vector will come in the form of “fake airdrops,” added Bassi — convincing users to sign transaction messages or visit phishing sites in order to receive a bogus airdrop.

“The ETH Merge will be a good excuse for these scammers to masquerade as well-known, economically valuable, projects promising airdrops.”

“Those airdrops will likely redirect users to a phishing site where they may be fleeced out of their ETH, private keys, and/or crafted transaction signing attempts.”

The Ethereum Foundation has called the upcoming Merge the “most significant upgrade in the history of Ethereum” and has urged users to be on “high alert” for scams trying to take advantage of users during the transition. It has repeatedly warned there is no such thing as an ETH2 or ETH 2.0 coin.

The upgrade is expected by most onlookers to be a success, given the experience in the previous testnets, however, Bassi said there could still be a chance that scammers or hackers have found a way to game the system.

“We don’t really know if a group of scammers/hackers out there has already developed an attack or DDoS technique against the chain which can be used post-Merge when ETH 2.0 has the full economic value of ETH 1.0 moved over.”

“If there were such an attack it's likely to only temporarily affect the chain and, possibly, the market as there a lot of smart eyes watching behavior post-Merge. However, an attacker will likely be looking for the opportunity to monetize any discoveries.”

Top Finiko Crypto Pyramid Executive Arrested in Russia’s Tatarstan

September 9, 2021 Bitcoin.com

scammer

Fraudulent staking pools

Upgrade scam

Fake airdrops

Share this video