Networks of Scammy Cryptocurrency Sites Promise False Paydays

For the criminally inclined, the internet is a vast and ever-expanding goldmine of opportunities, and the rise of cryptocurrencies has made the digital world that much more lucrative.

Scammers, fraudsters, and other criminals often rely on fictional narratives of allowing victims to get rich quick. With new legitimate and illegitimate crypto coins, altcoins, tokens, exchanges, and other cryptocurrency products appearing in app stores daily, cybercriminals have an extensive arsenal of methods for targeting unsuspecting individuals and companies. Because there is still a relatively low general understanding of how cryptocurrencies and blockchain work, users are susceptible to scams and “opportunities” that sound too good to be true. People hear that millions are being made, but they don’t know how. They just know that they want in on this phenomenon.

Malware in the Age of Crypto

The sophistication of crypto-scammers combined with misinformation about cryptocurrencies and blockchain provides fertile ground for exploitation. Take the example of coin miners, malware programs that mine cryptocurrencies while a user is on a specific website, often without the user’s consent.

There’s also been a rise in the use of another type of malware, often referred to as clipboard hijackers, that tracks when users copy and paste their wallet addresses to their Windows clipboards. The malware replaces the legitimate address with the threat actors’ information and enables the latter to siphon off the victim’s funds.

Fake Apps, Fraudulent Coins and Confusing Exchanges

Crypto-specific malware is not the only danger facing users. Fake cryptocurrency apps muddied the mobile app ecosystem by exploiting the names of well-known exchanges.

The fact that legitimate exchanges are being ripped off by scammers should concern business owners, because crypto scams don’t just threaten individuals. If a legitimate exchange can be counterfeited, your brand can be faked, too.

In addition to malware and fake exchange sites, you need to look out for fraudulent coins and intentionally misleading exchange systems. Sites such as Payeer deploy deliberately confusing exchange structures to scam users. In order to receive a payout via Payeer, users must first exchange their coins for “silver,” which they then exchange for rubles. The current exchange rate is 100 “coins” to 1 “silver,” and 100 “silver” to 1 ruble. With such a confusing exchange system, the only ones who benefit are those running the site, leaving the user with the feeling that they have just been fleeced.

Another example is the website cryptcoins.biz, which was designed to resemble an advance-fee scheme. Users are required to purchase fake “coins” that are marketed as various “cryptocurrencies.” The purchase is made with real money (rubles) via Payeer. The user is then conned into the purchase with the promise that they can exchange the “coins” for a return on investment at a later date. The user is then further conned into other methods of earning extra cash, such as clicking on ads, visiting web pages, and recruiting new users.

To further complicate matters, a single IP address can host multiple domains. For example, cryptcoins.biz is just one of many websites operated by a single group. A single IP address (31.31.196.94) hosts multiple domains with a cryptocurrency theme falsely promising quick profits for individuals. Another site originating from the same IP address masquerades as a digital currency exchange, while another site asks users to send anywhere from 0.5 to 5 Ethereum for a promised return of 5 to 50 Ethereum.

Stay Safe By Understanding Your Digital Footprint

Users face a potential minefield when looking to invest in cryptocurrencies. While individuals are certainly targets, brands are also susceptible to damage. Many hackers and scammers use a combination of typosquatting domains, which is the deliberate misspelling of a domain in order to divert traffic to a fake website, and fraudulent branding of well-known and legitimate brands in order to scam someone.

For a brand, falling victim to these scams may result in a PR nightmare and years of trying to regenerate user trust. SOC Directors, CIOs, and COOs who are aware of these potential pitfalls can greatly increase their organizations’ readiness to combat this unique threat and ensure the authenticity of all digital assets associated with their brands.

Dan Schoenbaum
Dan Schoenbaum has 23 years of leadership with high-growth software companies. As the President and COO, Dan leads Sales, Marketing and Customer Success functions for RiskIQ. Formerly, he was the CEO of Cooladata, a leader in Cloud data warehousing and machine learning. Dan was also the CEO of Redbooth, where he grew the company from startup to Gartner “cool vendor” with over a million paying users worldwide. Redbooth was acquired by AeroFS. Dan was the COO and Chief Business Development Officer for Tripwire, a leader in data center security, where he helped triple revenues, file an S1 on the NASDAQ and sell the company. Dan was also the Chairman of Mergers & Acquisitions and Strategy at Compuware – a billion-dollar enterprise software company – and is credited with the creation of an $800M line of products at Mercury Interactive (acquired by HP for 4.6B). Dan was also a First Sergeant and a sniper in the paratroopers.