Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label cryptocurrency scam. Show all posts

Crypto Wallet App on Google Play Steals $70,000 from Mobile Users

 

A fake crypto wallet draining app on Google Play has stolen USD 70,000 from users, making it the first case where mobile users were specifically targeted by such a scam. The app stayed active for several months before being discovered, according to a report from Check Point Research. 

The app pretended to be a real crypto wallet service, tricking more than 10,000 users into downloading it. What made the scam effective was its professional appearance, which included consistent branding and fake positive reviews. These tactics helped the app rank high in Google Play’s search results, making it seem trustworthy to people looking for a secure place to store their cryptocurrency. 

Once users installed the app, it was able to quietly drain funds from their wallets without being noticed right away. This case stands out because, up until now, most crypto wallet attacks have focused on desktop or browser-based platforms. This marks a shift, as cybercriminals are now targeting the growing number of people who use mobile platforms for crypto transactions. 

The app’s ability to avoid detection for such a long time shows how advanced cybercriminal tactics have become. It also highlights the need for greater caution among users when downloading apps, even from trusted platforms like Google Play. This scam underscores the importance of stronger security measures for mobile transactions, such as using verified wallets and enabling two-factor authentication. 

It also calls attention to the need for better app screening by platforms like Google Play to prevent such scams from reaching users in the first place. Though the amount stolen may seem small compared to other crypto thefts, this case is significant because it shows how cybercriminals are adapting to target mobile users as cryptocurrency becomes more popular.

FBI Reports Surge in Cryptocurrency Scams, Highlighting Growing Threat of Confidence Scams

 

The FBI has recently brought attention to a concerning trend in cybercrime: the rise of cryptocurrency scams, particularly through romance and confidence schemes, which have outpaced ransomware attacks in terms of financial losses. According to the FBI's data, individuals fell victim to cryptocurrency scams amounting to a staggering $4.57 billion in 2023, marking a significant 38% increase compared to the previous year's losses of $3.31 billion. 

These scams typically unfold over a period of several weeks, with fraudsters assuming false identities, often posing as attractive individuals, to establish relationships with their targets. As the relationship progresses, the scammers introduce the idea of joint cryptocurrency investments, recommending fake platforms or apps under their control. Victims are manipulated into making substantial investments, with the scammers fabricating gains to maintain the illusion of profitability. 

When victims attempt to withdraw their funds, the fraudsters employ various tactics, including impersonating customer support representatives and demanding additional fees, resulting in further financial losses for the victims. In contrast, ransomware attacks, a prevalent form of cyber extortion, generated comparatively minor losses of $59.6 million. 

However, the FBI acknowledges that this figure may not fully reflect the true extent of ransomware-related losses, as it fails to account for indirect costs such as business downtime. Moreover, the reported losses only encompass ransomware incidents reported to the Internet Crime Complaint Center (IC3), suggesting that the actual financial impact of ransomware attacks could be significantly higher. The discrepancy in reported losses between cryptocurrency scams and ransomware attacks underscores the evolving landscape of cyber threats and the shifting tactics employed by cybercriminals. 

While ransomware attacks continue to pose a significant threat to businesses and organizations, the surge in cryptocurrency scams highlights the effectiveness of social engineering techniques in deceiving individuals and extracting substantial sums of money. To combat these threats effectively, individuals and businesses must remain vigilant and exercise caution when engaging in online interactions. It is essential to verify the authenticity of investment opportunities and platforms, especially those related to cryptocurrencies, and to refrain from disclosing sensitive information or transferring funds without proper verification. 

Additionally, organizations should implement robust cybersecurity measures, including regular employee training and the deployment of advanced threat detection technologies, to mitigate the risk of falling victim to cyber scams and attacks. As cybercriminals continue to exploit vulnerabilities and devise increasingly sophisticated schemes, collaboration between law enforcement agencies, cybersecurity professionals, and the public is crucial in combating cybercrime and safeguarding against financial losses and data breaches. By raising awareness of emerging threats and adopting proactive security measures, individuals and organizations can better protect themselves against the pervasive threat of cybercrime in today's digital landscape.

Hackers Steal $17,000 in 'Double Your Cash' Fraud on Bitcoin.org

 

Bitcoin.org, the authentic website of the Bitcoin project was hacked by criminals who advertised a double your money scam and unfortunately, many people fell into the trap.  

On September 23, visitors to bitcoin.org were welcomed with a popup instructing them to send cryptocurrency to a Bitcoin wallet using a QR code and earn twice the amount in exchange. 

The message stated, "The Bitcoin Foundation is giving back to the community! We want to support our users who have helped us along the years," encouraging users to send Bitcoins to the attacker's displayed wallet address. 

"Send Bitcoin to this address, and we will send double the amount in return!" 

To add credibility to the claim, the false notice informed visitors that the deal was confined to the first 10,000 users. Users were unable to go beyond the bogus popup message, leaving the rest of the website unreachable for the timeframe of the fraud. 

Soon after the hack, Bitcoin.org's site operator(s), known as Cøbra, issued a public notice about the incident. The Bitcoin address used in the fraud received 0.40BTC, which was worth $17,000. The hacker transferred nearly all of the money from the primary wallet to two additional holding wallets. 

Although Bitcoin is assumed to have been established by an anonymous persona, “Satoshi Nakamoto,” the author of the research paper that gave birth to the cryptocurrency, a newer identity “Cøbra” has recently been observed running the Bitcoin.org website, social media, and community channels. 

Following Cøbra's notification, Bitcoin.org's name registrar Namecheap immediately blocked the domain until the problem was resolved. 

Unfortunately, as evidenced by the attacker's wallet balance, some cryptocurrency fanatics may have fallen for the fraud. The transaction history reveals several payments to the attacker's wallet from various Bitcoin addresses. 

According to Bitcoin.org's anonymous operator CobraBitcoin, the fraudsters may have obtained unauthorised access by exploiting a vulnerability in the website's domain name system (DNS). Hackers typically browse websites in search of underlying flaws that may be exploited to launch attacks. 

The website has been restored to its pre-hack state after being taken down to investigate the underlying cause of the security incident.

Swedish Crypto Scammer Jailed for 15 Years in Gold-Backed Fraud

 

A citizen of Sweden was sentenced to 15 years in prison for manipulating a cryptocurrency scam claiming to pay investors based on the value of gold reserves.

Roger Nils-Jonas Karlsson, 47, and his firm, Eastern Metal Securities (EMS), were charged with a securities fraud, wire fraud, and money laundering in March this year after being prosecuted in the United States following his arrest in Thailand in 2019. Later, he was extradited. 

Karlsson claimed to operate an investment service based on cryptocurrency and investors who participated in EMS from 2012 to 2019 were offered a plan to buy stocks for less than $100 and ultimately realize a return equivalent to 1.15 kilograms of gold. In 2019, 1.15 kg of gold was worth more than $45,000. Today, its worth could be over $58,000.

To participate in the scheme, investors were asked to buy shares through cryptocurrencies: Bitcoin (BTC) and Ethereum (ETH). Moreover, merchants had been instructed that in case of the ‘unlikely’ occasion wherein the shares fail to attain their promised worth, participants would have 97% of their initial investment returned.

Karlsson ensured that EMS remained functional for the longest possible duration, he did so via frequent rebranding and issuing updates offering asset statements. Additionally, he misleadingly argued that paying out an unlimited sum all of sudden, would have a damaging impact on international monetary methods, and the company worked with the US Securities and Exchange Commission (SEC) to explain payment delays.

However, as is commonly the case with extreme return on investment, the promise was too good to be true. Investors found no profit, and instead, Carlson, who also used online aliases such as Steve Hayden, Euclid Deodoris, and Joshua Millard, sucked up cryptocurrencies and used the money to buy properties and a resort in Thailand. US prosecutors estimate that investors have been fooled for more than $16 million.

"Karlsson admitted he had no way to pay off the investors. Karlsson's fraud targeted financially insecure investors, causing severe financial hardship for many of them,” the US Department of Justice (DoJ) said.

In addition to the 15-year sentence, Karlsson has been ordered to forfeit the resort in Thailand, different properties, accounts, and has obtained a financial judgment of $16,263,820. Prosecutors also hope to secure restitution for past EMS investors and an order is expected in court within 90 days. 

Canadian Teenager Charged and Arrested for $50 Million Cryptocurrency Theft


Samy Bensaci, an 18-year-old teenager from Montreal, Canada has been indicted for 4 criminal charges in relation to a theft of cryptocurrency worth $50 million in a SIM-swapping scam that targeted cryptocurrency holders, as per the reportings by Infosecurity Magazine, dated 17th of January.

The Canadian authorities have accused the teen hacker of being a part of a hacking group that was involved in the theft of millions of dollars from Canadians and Americans. The scam, of which Bensaci was allegedly a part of, stole, "$50 million from our neighbors to the south and $300,000 in Canada" told Lieutenant Hugo Fournier, a spokesperson for the Sûreté du Québec.

Bensaci was charged and consequently arrested in November and was later released on CA $200,000 bail, on orders of living with his parents in Northeast Montreal, as per the local media reports. As a result of the incident, prosecutors prohibited Bensaci's access to any device that can be connected to the internet including computers, mobile phones, tablets, games, and consoles. Specifically from accessing, “any computer, tablet, mobile phone, game console, including PS3, PS4, Xbox, Nintendo Switch, or any other device capable of accessing the Internet”. He has also been ordered to hand over his passport to local police to assure he does not flee away from the country.

One of the purported victims Don Tapscott confirmed, “We can confirm that last year a hacker attempted to steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

SIM swapping attack, also known as SIM jacking or SIM splitting is a form of identity theft where an attacker targets a weakness in two-factor authentication to take over an account. The attacker exploits a cell phone carrier's ability to port a phone number to a new device with a new SIM to acquire access to the victim's credit card numbers, bank accounts, and other financial information. The feature is normally used when someone loses access to his phone (or gets it stolen) or is switching service to a new device. As the reliability of customers on mobile-based authentication is growing, SIM swap attacks have also been on a rise in recent times.

Twitter to remove accounts of cryptocurrency scammers

Twitter is cracking down on cryptocurrency scammers and is taking steps to reduce the number of such scams. This comes after a number of accounts impersonated Elon Musk, Vitalik Buterin, and John McAfee to dupe users into sending them small amounts of cryptocurrency.

The impersonators would deceive other Twitter users by using tactics such as misspellings in the username or using the same or similar avatar to fool users.

They would tell followers to send them small amounts of cryptocurrency and would promise in return to send a bigger amount back.

In February, Buterin tweeted to his followers that if they sent him 0.1ETH, “I will send you nothing because I am too lazy.” Scammers, in reply, took the opportunity to ask users to send them small amounts of ethereum.


In response to the scammers impersonating Buterin, he took to Twitter to negate the rumours:


A Twitter spokesperson said, "We're aware of this form of manipulation and are proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner."