Crypto scammers have reportedly stolen ₹1000 crore off Indian users by posing as fake exchanges
- The CoinEgg scam uses fake domains and social media accounts to coax users into investing in fake exchanges.
- After making victims invest, scammers approached them as investigative agents who could help with the scam.
- How long the fraud has been going on is unclear at the moment.
AdvertisementDespite the immense popularity of cryptocurrencies and crypto-trading in India, users in the country are still falling for high profile scams. Researchers at security firm CloudSEK have unearthed a new scam called CoinEgg, which defrauded as much as ₹10 billion [₹1,000 crore] from users in the country.
“We discovered an on-going malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the company said in a blog post.
CoinEgg Scam: How this works
According to the researchers, the threat actors created multiple fake domains impersonating crypto trading platforms, with the word ‘CloudEgg’ in them. “The sites are designed to replicate the official website’s dashboard and user experience,” the company said, adding that the scam is divided in seven phases.
After creating the fake domains, in the second phase, the attackers create a female profile on social media “to approach the potential victim and establish a friendship”. This profile is used to influence the victim to invest in crypto and start trading. “The profile also shares USD 100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange,” the firm said.
The victims are enticed to sign up for the fake exchanges using this free credit, and start trading using the same, based on instructions from the attacker. They eventually invest their own money and “seemingly” make profits, which in turn convinces them to invest even higher amounts.
Once the victim adds their own money, the attacker freezes their account to keep them from withdrawing the funds and disappears.
You would think that the scam ends here, would you? It doesn’t.
In the seventh phase of the scheme, when the victims take to other platforms to complain about their experience, the attacker uses other fake accounts to reach out to them and pose as if they are investigators. “To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details via email. These details are then used to perpetrate other nefarious activities,” the researchers said.
Crypto scams on the rise
CloudSEK, of course, isn’t the first or only firm to flag a rise in crypto scams around the world recently. In an interview with CNBC last week, Sean Ragan, a special agent with the Federal Bureau of Investigation (FBI), said that crypto scammers are targeting users through LinkedIn and pose a “significant threat” to the platform’s users.
Yesterday, research by fact-checking platform Logically, noted that influencers affiliated with American political conspiracy Qanon have been persuading their followers to invest in fraudulent crypto tokens.
AdvertisementRahul Sasi, the chief executive of CloudSEK, said that in the short-term crypto-related phishing domains have to be taken down earlier; but crypto exchanges, internet service providers, and cyber crime cells have to work together in the long run to avoid such scams.
Bitcoin and Ethereum reverse crypto crash effects; make a quick and fast rebound
Dogecoin spikes after Elon Musk says he'll keep buying the cryptocurrency
Popular on BI
- After iPhones, Apple reportedly starts manufacturing components for AirPods in India
- Budget 2023-24 highlights: FM raises government’s capital outlay by 33% to ₹10 lakh crore in FY24
- Rupee gains 12 paise to 81.76 against US dollar ahead of Union Budget
- Budget for world's fastest growing economy: Key numbers to be watched
- FM Sitharaman to present Budget on digital device instead of 'bahi-khata'