8 April 2022

Scammers made $1.6 million in yet another fake crypto giveaway

Group-IB, one of the global cybersecurity leaders, identified a massive scam campaign exploiting the names of Vitalik Buterin, Elon Musk, Michael Saylor, and other crypto enthusiasts. Between February 16 and 18, 2022, the scammers ran 36 fabricated cryptocurrency giveaway YouTube streams that attracted more than 165,000 viewers. According to Group-IB’s estimates, the wallets controlled by the scammers received more than $1.6 million in 281 transactions.

Between February 16 and 18, 2022, Group-IB Digital Risk Protection Team first detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments. The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and many others) from legitimate events to create their own fraudulent streams. On average, such streams attracted between 3,000 and 18,000 viewers. One fake stream featuring footage of Vitalik Buterin drew more than 165,000 viewers who were promised that their crypto savings would be doubled in real time.

The names of the YouTube channels that ran these fake streams usually had names associated with the speaker from the rogue video. All these channels have supposedly been either hacked or purchased on the underground market.

In the stream description, the scammers spread the links to the websites designed to show visitors the mechanism behind a fake giveaway. Group-IB Computer Emergency Response Team (CERT-GIB) experts initially retrieved the links to 29 interconnected websites featuring the guidelines on how to double the cryptocurrency investments. Most of the websites used a similar eye-catching design and high-quality images related to cryptocurrency.

Several domain names often displayed one and the same crypto wallet address. In total, Group-IB experts detected more than 30 crypto wallets used for the scheme, with a total remaining balance of $933,963. The most popular cryptocurrency used by fraudsters as part of the scheme was Ethereum. Within three days of monitoring, (from February 16 to 18, 2022) all detected crypto wallets, controlled by the scammers, received 281 transactions in total, amounting to more than $1,680,000.

The fake crypto giveaway scheme is not new, but apparently is still having a moment. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.

Source: Group-IB’s Graph Network Analysis Tool

When analyzing scam websites promoted during the fake streams, CERT-GIB experts detected an unusual technique. Depending on the cryptocurrency and type of crypto wallets, scammers asked visitors to their fake giveaway website to enter seed phrases to connect their wallets. Once a victim shares their seed phrase, fraudsters gain control over their wallet and can withdraw all funds from it. The exact number of victims and total amount of stolen funds remains unknown, but clearly some victims could not resist taking the bait.

Users are advised to be especially vigilant about free giveaways and not to share confidential data on rogue websites. Double check the legitimacy of the streams and the websites you are visiting using the official sources only. If you cannot find any information about the promotion taking place, you are likely being deceived. Seed phrases must be kept secret and stored securely. To do so, use password management tools. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident