Scammers made $1.6 million in yet another fake crypto giveaway

Group-IB, one of the global cybersecurity leaders, identified a massive scam campaign exploiting the names of Vitalik Buterin, Elon Musk, Michael Saylor, and other crypto enthusiasts. Between February 16 and 18, 2022, the scammers ran 36 fabricated cryptocurrency giveaway YouTube streams that attracted more than 165,000 viewers. According to Group-IB’s estimates, the wallets controlled by the scammers received more than $1.6 million in 281 transactions.

Between February 16 and 18, 2022, Group-IB Digital Risk Protection Team first detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments. The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and many others) from legitimate events to create their own fraudulent streams. On average, such streams attracted between 3,000 and 18,000 viewers. One fake stream featuring footage of Vitalik Buterin drew more than 165,000 viewers who were promised that their crypto savings would be doubled in real time.

The names of the YouTube channels that ran these fake streams usually had names associated with the speaker from the rogue video. All these channels have supposedly been either hacked or purchased on the underground market.

In the stream description, the scammers spread the links to the websites designed to show visitors the mechanism behind a fake giveaway. Group-IB Computer Emergency Response Team (CERT-GIB) experts initially retrieved the links to 29 interconnected websites featuring the guidelines on how to double the cryptocurrency investments. Most of the websites used a similar eye-catching design and high-quality images related to cryptocurrency.

Several domain names often displayed one and the same crypto wallet address. In total, Group-IB experts detected more than 30 crypto wallets used for the scheme, with a total remaining balance of $933,963. The most popular cryptocurrency used by fraudsters as part of the scheme was Ethereum. Within three days of monitoring, (from February 16 to 18, 2022) all detected crypto wallets, controlled by the scammers, received 281 transactions in total, amounting to more than $1,680,000.

The fake crypto giveaway scheme is not new, but apparently is still having a moment. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.

Source: Group-IB’s Graph Network Analysis Tool

When analyzing scam websites promoted during the fake streams, CERT-GIB experts detected an unusual technique. Depending on the cryptocurrency and type of crypto wallets, scammers asked visitors to their fake giveaway website to enter seed phrases to connect their wallets. Once a victim shares their seed phrase, fraudsters gain control over their wallet and can withdraw all funds from it. The exact number of victims and total amount of stolen funds remains unknown, but clearly some victims could not resist taking the bait.

Users are advised to be especially vigilant about free giveaways and not to share confidential data on rogue websites. Double check the legitimacy of the streams and the websites you are visiting using the official sources only. If you cannot find any information about the promotion taking place, you are likely being deceived. Seed phrases must be kept secret and stored securely. To do so, use password management tools. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.