Crypto investors in India have lost over $128 million (nearly Rs 1,000 crores) due to a sophisticated phishing scam involving fake cryptocurrency exchanges. This scheme has been revealed cybersecurity company CloudSEK, which said the operation involved malicious domains and Android apps.
CloudSEK CEO Rahul Sasi said, “We estimate that victims have been defrauded of up to $128 million (around Rs 1,000 crore) by the attackers through such crypto scams.”
According to the report, many fake websites impersonated CoinEgg, a British cryptocurrency exchange:
“This large-scale campaign involves the unwary in a major gambling scam. Many of these fake websites impersonate “CoinEgg”, a legitimate UK-based cryptocurrency trading platform.”
The scam is when scammers buy domain names that are very similar to the websites they want to impersonate. They then move on to creating websites that are visually similar to the target website, from the front end to the user panel.
Potential victims are found through social networks, where scammers create fake accounts with female names and avatars. They use these accounts to convince unsuspecting users to trade and invest in crypto through fake exchanges. $100 credits are being offered in an attempt to encourage users to join fake trading platforms:
“The profile also has a $100 credit as a gift to a certain crypto exchange, which in this case is a duplicate of a legitimate crypto exchange,” the report says.
The report claims that victims typically profit from free credit, which then convinces them to trade large amounts of their own money using the platform. This is done with the expectation of obtaining even higher profits.
As soon as the victim deposits his own funds on the fake exchange, his account is frozen, and the scammer withdraws money from the platform. Fraudsters even go as far as posing as investigators when victims complain about losing access to their accounts. Posing as investigators, scammers make even more profit by asking the victim for their personal and bank details:
“In order to recover the frozen assets, they are asking victims to provide sensitive information such as IDs and bank details via email. This data is then used to carry out other heinous acts,” the report says.
Cryptocurrency scams have been plaguing the industry for years now, and scammers have been very active this year. Ended in April $114 million stolen. from the Ronin Axie Infinity bridge by hackers, and last month over $1.5 million NFT Moonbirds were stolen through phishing attacks.
Credit : cryptoslate.com