Online scams that try to separate the unsuspecting from their cryptocurrency are a dime a dozen, but a host of seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to stay online in the face of massive fraud. and complaints of abuse from their former. customers. Here is a closer look at hundreds of fake crypto investment schemes that are connected through a hosting provider that caters to people running crypto scams.
A security researcher recently shared with KrebsOnSecurity an email he received from someone who said he foolishly invested an entire bitcoin (currently worth ~$43,000) on a website called ark-x2.[.]org, which promised to double any cryptocurrency investment made with the site.
the ark-x2[.]org purported to be a cryptocurrency giveaway website run by cathi woodthe founder and CEO of ARKinvest, a Florida-based company that manages several publicly traded mutual funds. This is not the first time that scammers have been impersonating Wood or ARKinvest; a tweet from Wood in 2020 warned that the company would never use YouTube, Twitter, Instagram or any social network to solicit money.
At the heart of these scams are well-orchestrated video productions posted on YouTube and Facebook claiming to be a “live event” featuring celebrity billionaires. In reality, these videos just repeat old footage while peppering viewers with prompts to sign up for a scam investment site, one that they claim has been endorsed by celebrities.
“I was watching a live video on YouTube where Elon Musk, Cathy Wood and Jack Dorsey were talking about Crypto,” the victim told my security researcher friend. “An overlay on the video pointed to signing up for the event on his website. I have been following Cathy Wood in her analysis of the financial markets, so she was in a comfortable and trusting environment. All three are bitcoin maximalists in a sense, so it made a lot of sense that they were hosting a giveaway.”
“Without any hesitation (other than if the transfer would go through), I sent them 1 BTC (~$42,800) and they were supposed to return 2 BTC,” the victim continued. “In hindsight, this was an obvious scam. But ARK Invest’s live video and website is what created a trustworthy environment for me. I noticed a few minutes later when the live video played. It wasn’t actually live, but a replay of a video from 6 months ago.”
Ark-x2[.]org is no longer online. But a look at the internet address historically linked to this domain (188.8.131.52) shows that the same address is used for hosting or parking hundreds of other newly minted crypto scam domainsincluded coinbase-x2[.]net (in the photo below).
Typical of crypto scam sites, Coinbase-x2 promises the opportunity to win 50,000 ETH (virtual currency Ethereum), plus a “welcome bonus” where they promise to double any crypto investment made with the platform. But everyone who falls into this trap of greed soon discovers that they will get nothing in return and that their “investment” is gone forever.
There is not much information on who bought these crypto scam domains as most of them were registered last month with registrars that automatically redact site WHOIS ownership records.
Nevertheless, several dozen domains they are in the .us domain space, which is technically supposed to be reserved for entities with physical headquarters in the United States. All those Dot-us domains contain the name of the registrant sergei orlovets from Moscow, the email address [email protected]and the phone number +7.9914500893. Unfortunately, each of these leads leads to a dead end, meaning that they were probably selected and used solely for these scam sites.
A dig at the domain name server (DNS) records for Coinbase-x2[.]net shows that it is hosted on a service called cryptohost[.]for. Cryptohost also controls several other address ranges, including 194.31.98.X, which currently hosts even more crypto scam websites, many of them targeting lesser-known cryptocurrencies such as Moles.
An ad posted on the Russian-language hacking forum BHF last month touted Cryptohost as a “bulletproof hosting provider for all your projects,” meaning it can be trusted to ignore abuse complaints about its customers. .
“Why choose us? We don’t keep your logs!” wrote someone claiming to represent Cryptohost to the people of BHF.
Cryptohost says that their service is backed by DDoS Guarda Russian company that has recently appeared here for providing services to the sanctioned terrorist group Hamas and conspiracy theory groups QAnon/8chan.
Cryptohost did not respond to requests for comment.
Registering as a client at Cryptohost presents a control panel that includes the IP address 184.108.40.206, which belongs to a hosting provider in Moscow called SmartApe. SmartApe says its main advantage is unlimited disk space, “allowing you to host an unlimited number of sites for little money.”
According endtelegrama blog that bills itself as a collaborative financial intelligence service covering investment scams, SmartApe is a “Russian-Israeli hosting company for cybercriminals.”
CEO of SmartApe Mark Tepteryev declined to comment on FinTelegram’s allegations, but said the company has thousands of clients, some of whom have clients of their own.
“We also host other accommodations that have their own thousands of clients,” Tepterev said. “Of course, there are clients who use our services in their dubious interests. We immediately block such customers upon receipt of justified complaints.”
Much of the text used on these scam sites has been invoked verbatim in similar schemes dating back at least two years, and scam website templates are likely to be reused as long as they continue to attract new investors. Searching online for the phrase “During this unique event we will give you a chance to win” reveals many current and former sites linked to this scam.
While it may seem unbelievable that people fall for things like this, these scams reliably make decent profits. When Twitter was hacked in July 2020 and some of the most followed celebrity accounts on Twitter began tweeting offers to double their crypto, with 383 people sending over $100,000 in a few hours.
In September 2021, the Bitcoin Foundation (bitcoin.org) was hacked, and hackers placed a pop-up message on the site asking visitors to send money. The message said that funds sent would be doubled and returned, claiming that the Bitcoin Foundation had established the program as a way to “give back to the community.” The brief scam generated more than $17,000.
According to the US Federal Trade Commissionnearly 7,000 people lost over $80 million in crypto scams from October 2020 to March 2021 based on consumer fraud reports. That’s a significant jump from the previous year, when the FTC tracked just 570 complaints of cryptocurrency investment scams totaling $7.5 million.
A recent report from blockchain analytics firm Chainanalysis found that scammers stole an estimated $14 billion worth of cryptocurrency in 2021, nearly double the $7.8 billion stolen by scammers in 2020, according to the report.
In March, Australia’s competition watchdog filed suit against Facebook owner Meta Platforms, claiming that the social media giant failed to prevent scammers from using its platform to promote fake ads featuring people they know. The complaint alleges that the ads, which supported investing in cryptocurrencies or money-making schemes, could have misled Facebook users into believing they were being promoted by famous Australians.
In many ways, the cryptocurrency giveaway scam is a natural extension of perhaps the oldest cyber fraud in the book: advanced fee fraud. Most commonly associated with Nigerian letter or “419” fraud and lottery/sweepstakes schemes, advanced fee scams promise a financial windfall if only the recipient steps up and claims what is rightfully theirs, and by the way, just pay this small administrative fee and we’ll send you the money.
What makes these cryptocurrency duplication sites successful is not just ignorance and greed, but the idea that many novice investors have that cryptocurrencies are somehow magical machines for minting money, or perhaps virtual slot machines that eventually they will pay off if one simply deposits enough. currency.
*** This is a syndicated Security Bloggers Network blog from Krebs on security written by Brian Krebs. Read the original post at: https://krebsonsecurity.com/2022/04/double-your-crypto-scams-share-crypto-scam-host/