Scammers made $1.6 million in yet another fake crypto giveaway

Group-IB, one of the global cybersecurity leaders, identified a massive scam campaign exploiting the names of Vitalik Buterin, Elon Musk, Michael Saylor, and other crypto enthusiasts. Between February 16 and 18, 2022, the scammers ran 36 fabricated cryptocurrency giveaway YouTube streams that attracted more than 165,000 viewers. According to Group-IB’s estimates, the wallets controlled by the scammers received more than $1.6 million in 281 transactions.

Between February 16 and 18, 2022, Group-IB Digital Risk Protection Team first detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments. The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and many others) from legitimate events to create their own fraudulent streams. On average, such streams attracted between 3,000 and 18,000 viewers. One fake stream featuring footage of Vitalik Buterin drew more than 165,000 viewers who were promised that their crypto savings would be doubled in real time.

The names of the YouTube channels that ran these fake streams usually had names associated with the speaker from the rogue video. All these channels have supposedly been either hacked or purchased on the underground market.

In the stream description, the scammers spread the links to the websites designed to show visitors the mechanism behind a fake giveaway. Group-IB Computer Emergency Response Team (CERT-GIB) experts initially retrieved the links to 29 interconnected websites featuring the guidelines on how to double the cryptocurrency investments. Most of the websites used a similar eye-catching design and high-quality images related to cryptocurrency.

Several domain names often displayed one and the same crypto wallet address. In total, Group-IB experts detected more than 30 crypto wallets used for the scheme, with a total remaining balance of $933,963. The most popular cryptocurrency used by fraudsters as part of the scheme was Ethereum. Within three days of monitoring, (from February 16 to 18, 2022) all detected crypto wallets, controlled by the scammers, received 281 transactions in total, amounting to more than $1,680,000.

The fake crypto giveaway scheme is not new, but apparently is still having a moment. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.

Source: Group-IB’s Graph Network Analysis Tool

When analyzing scam websites promoted during the fake streams, CERT-GIB experts detected an unusual technique. Depending on the cryptocurrency and type of crypto wallets, scammers asked visitors to their fake giveaway website to enter seed phrases to connect their wallets. Once a victim shares their seed phrase, fraudsters gain control over their wallet and can withdraw all funds from it. The exact number of victims and total amount of stolen funds remains unknown, but clearly some victims could not resist taking the bait.

Users are advised to be especially vigilant about free giveaways and not to share confidential data on rogue websites. Double check the legitimacy of the streams and the websites you are visiting using the official sources only. If you cannot find any information about the promotion taking place, you are likely being deceived. Seed phrases must be kept secret and stored securely. To do so, use password management tools. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.