scam

FTX to give a ‘one-time’ $6M compensation to phishing victims

FTX founder Sam Bankman-Fried said the exchange won’t be “making a habit of compensating” users that are “phished by fake versions of other companies.”

Cryptocurrency exchange FTX will provide around $6 million in compensation to victims of a phishing scam that allowed hackers to conduct unauthorized trades on certain FTX users’ accounts.

FTX founder and CEO Sam Bankman-Fried posted in a Twitter thread on Oct. 23 that the exchange generally doesn’t award compensation to its users “phished by fake versions of other companies in the space,” but in this case, it would compensate users.

Bankman-Fried said that this was a “one-time thing” and FTX would “not do this going forward.”

“THIS IS NOT A PRECEDENT,” he wrote, clarifying it was only the accounts of FTX users that would be reimbursed.

14) But this once, we’ll do it; roughly $6m total.

(To be clear, only for FTX accounts! Hopefully other exchanges will comp theirs.)

BUT AGAIN NOT A PRECEDENT, WE WILL NOT GOING FORWARD.

— SBF (@SBF_FTX) October 23, 2022

The recent phishing attack saw attackers gaining user account application programming interface (API) keys which allowed them to conduct unauthorized trades with their crypto exchange accounts.

The attack came to light on Oct. 21 after 3Commas said it was alerted that some of its users had unauthorized trading activity.

After an initial investigation, FTX and 3Commas then suspended the suspicious accounts to avoid further losses and disabled all compromised API keys.

On Oct.19 Bankman-Fried published a blog post detailing his thoughts on crypto regulation that included a proposal he dubbed the “5-5 standard” where hackers keep either $5 million or 5% of the amount they’ve stolen, whatever is smaller.

In his most recent tweet thread, he thought it time to try his newly thought-up standard, imploring the hacker to send back 95%, around $5.7 million, of the stolen funds within 24 hours, saying “we’ll absolve them.”

October has been dubbed “hacktober” by the crypto community as Chainalysis revealed on Oct. 13 that October 2022 has been the “biggest month” ever for hacking activity, despite the report coming out not even halfway through the month.

At the time of the report around $3 billion had been exploited through over 125 separate incidents since the start of the month.

‘Cryptoqueen’ associates face German court for role in $4B OneCoin scheme

The whereabouts of “Cryptoqueen” Ruja Ignatova are still unknown but the charges against OneCoin members are starting to pile up.

Three associates of fugitive OneCoin founder Ruja Ignatova, known colloquially as the “Cryptoqueen,” have faced a German court over allegations of fraud, money laundering and banking crimes.

Appearing in court on Oct. 18, a Munich-based lawyer connected to Ignatova is alleged to have transferred $19.7 million via the Cayman Islands on her behalf to purchase two London apartments. Additionally, a husband and wife are facing charges over allegedly handling $315.4 million worth of payments from OneCoin customers, as per a Bloomberg report.

Ignatova launched OneCoin back in 2014 under the guise of a cryptocurrency and trading project, however according to enforcement agencies such as the Federal Bureau of Investigation (FBI), it was soon found to be a pyramid scheme roping users in with fictitious business and technical claims that were untrue, such as a token mining structure that was non-existent.

According to the FBI, the project defrauded more than 3 million investors out of roughly $4 billion, with prosecutors noting in the German court that:

“In reality, the ever-growing value was a fake and the mining process was only simulated by the software.”

Ignatova’s whereabouts have been unknown since 2017, her last known location was reported to be in Athens, Greece.

In June the FBI added her to its top ten most wanted list, offering up $100,000 for information leading to her arrest. Apart from being wanted for over $4 billion worth of fraud, her company has also been accused of bribing presidents in Serbia and Bulgaria by economist and crypto proponent Angelina Lazar.

The latest three OneCoin figures to face prosecutors adds to the action taken against another alleged accomplice Christoper Hamilton, accused of laundering $105 million through the scheme in 2014.

In August 2021, a judge in the United Kingdom approved the extradition process for Hamilton to face changes in the United States and it was reported he was extradited at the start of September.

Cryptoqueen’s brother Konstantin Ignatov took over the reins of OneCoin at one point, and pleaded guilty to several money laundering and fraud related charges in 2019, while two of his associates were the subject of a class action suit that was brought to trial in March 2020.

The case of the missing Cryptoqueen has remained a subject of keen interest to date, with journalist and author Jamie Bartlett hosting a popular podcast on the topic via the BBC that has published 11 episodes so far.

Bartlett also published a book on the entire ordeal in June called The Missing Cryptoqueen: The Billion Dollar Cryptocurrency Con and the Woman Who Got Away with It, providing a public discussion on the book at the Red Line Festival in South Dublin on Oct. 16.

‘Cryptoqueen’ associates face German court for role in $4B OneCoin scheme

The whereabouts of “Cryptoqueen” Ruja Ignatova are still unknown, but the charges against OneCoin members are starting to pile up.

Three associates of fugitive OneCoin founder Ruja Ignatova, known colloquially as the “Cryptoqueen,” have faced a German court over allegations of fraud, money laundering and banking crimes.

Ignatova launched OneCoin back in 2014 under the guise of a cryptocurrency and trading project. However, according to enforcement agencies such as the United States Federal Bureau of Investigation (FBI), it was soon found to be a pyramid scheme roping users in with fictitious business and technical claims that were untrue, such as a token mining structure that was non-existent.

According to the FBI, the project defrauded more than 3 million investors out of roughly $4 billion, with prosecutors noting in the German court that:

“In reality, the ever-growing value was a fake and the mining process was only simulated by the software.”

Ignatova’s whereabouts have been unknown since 2017; her last known location was reported to be in Athens, Greece.

In June, the FBI added her to its top ten most wanted list, offering up $100,000 for information leading to her arrest. Apart from being wanted for over $4 billion worth of fraud, her company has also been accused of bribing presidents in Serbia and Bulgaria by economist and crypto proponent Angelina Lazar.

The latest three OneCoin figures to face prosecutors adds to the action taken against another alleged accomplice Christoper Hamilton, accused of laundering $105 million through the scheme in 2014.

In August 2021, a judge in the United Kingdom approved the extradition process for Hamilton to face changes in the United States and it was reported he was extradited at the start of September.

Cryptoqueen’s brother Konstantin Ignatov took over the reins of OneCoin at one point, and pleaded guilty to several money laundering and fraud-related charges in 2019, while two of his associates were the subject of a class-action suit that was brought to trial in March 2020.

3 ways scammers will try to fool you over Ethereum’s Merge

Besides fake ETH 2.0 tokens and malicious token airdrops, crypto users should also be on the lookout for staking pools offering attractive staking yields.

Scammers are likely to use excitement around the Ethereum Merge to launch new scams aimed at newbie crypto users, PolySwam CEO and co-founder Steve Bassi has warned.

The Ethereum Merge is expected to take place within the next 24 hours.

Speaking to Cointelegraph, Bassi said these scams could come in the form of fake ETH 2.0 tokens, fraudulent mining pools and fake airdrops.

PolySwam is a decentralized cybersecurity marketplace that connects cybersecurity experts to projects and companies through the use of bounties.

Fraudulent staking pools

The Ethereum upgrade marks the transition from the current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS).

Bassi said that for many Ether (ETH) holders, joining a staking pool will be their only way of reaping yield from staking rewards if they don’t have the 32 ETH required to become an independent validator.

“Staking is a pretty new concept for most of the crypto community and unless you’ve got 32 ETH lying around you’re going to have to join one of the staking pools to make a yield off your ETH.”

Bassi, however, warned that pooled staking providers “carry their own risk” as it often requires users to deposit and give up control of their ETH.

Bassi said that upstart staking providers, which “may offer very attractive terms” could perform “sudden rug pulls” that would affect those participating in the pool:

“This risk exists today with DeFi platforms/pools and tokens, but the Merge will give scammers a new character universe to work with.”

Upgrade scam

One of the more imminent threats involves scammers attempting to trick users into signing fraudulent transactions or parting with their private keys under the guise of migrating to the new Ethereum chain.

Bassi reiterated that the upgrade to proof-of-stake should be transparent, and a user should not need to do anything to migrate or preserve their ETH-based tokens, noting:

“We’ll likely see scammers try to get users to sign fraudulent transactions and/or leak private keys based on some false pretense that the user needs to do something to migrate chains.”

Fake airdrops

Another likely attack vector will come in the form of “fake airdrops,” added Bassi — convincing users to sign transaction messages or visit phishing sites in order to receive a bogus airdrop:

“The ETH Merge will be a good excuse for these scammers to masquerade as well-known, economically valuable, projects promising airdrops.”

“Those airdrops will likely redirect users to a phishing site where they may be fleeced out of their ETH, private keys, and/or crafted transaction signing attempts.”

The Ethereum Foundation has called the upcoming Merge the “most significant upgrade in the history of Ethereum” and has urged users to be on “high alert” for scams trying to take advantage of users during the transition. It has repeatedly warned there is no such thing as an ETH2 or ETH 2.0 coin.

The upgrade is expected by most onlookers to be a success, given the experience in the previous testnets. However, Bassi said there could still be a chance that scammers or hackers have found a way to game the system:

“We don’t really know if a group of scammers/hackers out there has already developed an attack or DDoS technique against the chain which can be used post-Merge when ETH 2.0 has the full economic value of ETH 1.0 moved over.”

“If there were such an attack it’s likely to only temporarily affect the chain and, possibly, the market as there a lot of smart eyes watching behavior post-Merge. However, an attacker will likely be looking for the opportunity to monetize any discoveries.”

Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

Dressed up as legitimate desktop software, this sneaky malware has infected thousands of machines across 11 countries, forcing them to unknowingly mine Monero (XMR).

Crypto mining malware has been sneakily invading hundreds of thousands of computers around the world since 2019, often masquerading as legitimate programs such as Google Translate, new research has found.

In a Monday report by Check Point Research (CPR), a research team for American-Israeli cybersecurity provider, Check Point Software Technologies revealed the malware has been flying under the radar for years, thanks partly to its insidious design which delays installing the crypto mining malware for weeks after the initial software download.

.@_CPResearch_ detected a #crypto miner #malware campaign, which potentially infected thousands of machines worldwide. Dubbed ‘Nitrokod,” the attack was initially found by Check Point XDR. Get the details, here: https://t.co/MeaLP3nh97 #cryptocurrecy #TechnologyNews #CyberSec pic.twitter.com/ANoeI7FZ1O

— Check Point Software (@CheckPointSW) August 29, 2022

Linked to a Turkish-based-speaking software developer claiming to offer “free and safe software,” the malware program invades PCs through counterfeit desktop versions of popular apps such as YouTube Music, Google Translate and Microsoft Translate.

Once a scheduled task mechanism triggers the malware installation process, it steadily goes through several steps over several days, ending with a stealth Monero (XMR) crypto mining operation being set up.

The cybersecurity firm said that the Turkish-based crypto miner dubbed ‘Nitrokod’ has infected machines across 11 countries.

According to CPR, popular software downloading sites like Softpedia and Uptodown had forgeries available under the publisher name Nitrokod INC.

Some of the programs had been downloaded hundreds of thousands of times, such as the fake desktop version of Google Translate on Softpedia, which even had nearly a thousand reviews, averaging a star score of 9.3 out of 10, despite Google not having an official desktop version for that program.

*Screenshot by Check Point Research of the alleged fake app*

According to Check Point Software Technologies, offering a desktop version of apps is a key part of the scam.

Most programs offered by Nitrokod do not have a desktop version, making the counterfeit software appealing to users who think they’ve found a program unavailable anywhere else.

According to Maya Horowitz, vice president of research at Check Point Software, the malware-riddled fakes are also available “by a simple web search.”

“What’s most interesting to me is the fact that the malicious software is so popular, yet went under the radar for so long.”

As of writing, Nitrokod’s imitation Google Translate Desktop program remains one of the main search results.

Design helps avoid detection

The malware is particularly tricky to detect, as even when a user launches the sham software, they remain none the wiser as the fake apps can also mimic the same functions that the legitimate app provides.

Most of the hacker’s programs are easily built from the official web pages using a Chromium-based framework, allowing them to spread functional programs loaded with malware without developing them from the ground up.

So far, over one hundred thousand people across Israel, Germany, the United Kingdom, the United States, Sri Lanka, Cyprus, Australia, Greece, Turkey, Mongolia and Poland have all fallen prey to the malware.

To avoid getting scammed by this malware and others like it, Horowitz, says several basic security tips can help reduce the risk.

“Beware of lookalike domains, spelling errors in websites, and unfamiliar email senders. Only download software only from authorised, known publishers or vendors and ensure your endpoint security is up to date and provides comprehensive protection.”

BitBoy Crypto sues fellow YouTuber Atozy for defamation over shilling claims

Cryptocurrency YouTuber Bitboy Crypto has filed a defamation lawsuit against another prominent content creator on the platform.

Two prominent YouTube content creators are set to lock horns in a legal battle over a cryptocurrency video allegedly promoting a project that ended up being a scam.

Bitboy Crypto, a YouTube channel founded by Ben Armstrong, produces a variety of content focused on cryptocurrency news, projects and tokens and trading advice. The channel has been active since February 2018 and has over 1.4 million subscribers.

The channel is known for its news pieces and trading-focused videos with headlines like Top 3 Coins To Outperform Ethereum! (Strong Short Term Play)typifying the type of content disseminated to viewers.

While these videos purport to offer trading advice, the channel has a disclaimer clearly stating that Armstrong is not “a professional advisor in business areas involving finance, cryptocurrency, taxation, securities and commodities trading, or the practice of law.” The channel’s content states that it is meant for general information purposes only.

Bitboy Crypto has copped criticism from the wider cryptocurrency community in the past for allegedly misleading viewers about various tokens and projects. Armstrong has attempted to rebut these claims, with a prime example being a fiery podcast conversation hosted by cryptocurrency investor Anthony Pompliano in November 2021.

An incident involving comments posted by another YouTuber on a BitBoy video from 2020 has led Armstrong to seek legal recourse. Erling Mengshoel Jr, better known by his YouTube channel name Atozy, came across a now-deleted video on the Bitboy channel promoting a project called Pamp network token in 2020.

The project ended on a sour note as investors were left empty-handed after a reported ‘rug-pull’ from the founders. As per data from CoinGecko, PAMP tokens are worth fractions of a dollar, down from all-time highs of $2.73 in July 2020.

In the wake of the PAMP failure, Atozy revisited the Bitboy video to post comments labeling Armstrong as ‘shady’ for misleading viewers. Atozy went on to create a full video on his channel in November 2021 titled This YouTuber scams his fans… Bitboy Crypto, alleging that Armstrong had been dishonest as a self-proclaimed expert on cryptocurrencies to promote a project that ended up crashing.

Armstrong officially filed a federal complaint against Mengshoel on Aug. 12 in the United States District Court for the Northern District of Georgia, Atlanta, with a raft of claims, including defamation, infliction of emotional distress and tortious interference with business relations or potential business relations.

Mengshoel was eventually served at his home a few days later and has called for the assistance of viewers and the cryptocurrency community to tackle what he described as a “frivolous” lawsuit from Armstrong.

Mengshoel has since launched a GoFundMe account to meet the lawsuit head-on, with Armstrong claiming damages and legal fees worth $75,000. The initiative has received over $20,000 in the 24 hours since its launch, with over 450 contributors to date.

Meanwhile prominen pseudonymous Twitter cryptocurrency trader Cobie (Jordan Fish) has reportedly donated 100,000 USDC to Mengshoel’s legal defence. The British trader had originally pledged to assist Atozy on Twitter and confirmed that he’d transferred the funds in USDC .

ill send 100k or somethin later when at pc

— Cobie (@cobie) August 23, 2022

In a subsequent Tweet, Cobie said that his involvement was mainly driven by his dislike for ‘frivolous lawsuits’ aimed at individuals that could not afford them

Cointelegraph has reached out to both parties for comment on proceedings and will update this article accordingly.

8 sneaky crypto scams on Twitter right now

A 19-part thread outlines the sophisticated strategies scammers are using to part crypto users from their funds.

Cybersecurity analyst Serpent has revealed his picks for the most dastardly crypto and nonfungible token (NFT) scams currently active on Twitter.

The analyst, who has 253,400 followers on Twitter, is the founder of artificial intelligence and community-powered crypto threat mitigation system, Sentinel.

In a 19-part thread posted on Aug. 21, Serpent outlined how scammers target inexperienced crypto users through the use of copycat websites, URLs, accounts, hacked verified accounts, fake projects, fake airdrops and plenty of malware.

One of the more worrisome strategies comes amid a recent spate of crypto phishing scams and protocol hacks. Serpent explains that the Crypto Recovery Scam is used by bad actors to trick those who have recently lost funds to a widespread hack, stating:

“Simply put, they attempt to target people who have already been scammed, and claim they can recover the funds.”

According to Serpent, these scammers claim to be blockchain developers and seek out users that have fallen victim to a recent large-scale hack or exploit, asking them for a fee to deploy a smart contract that can recover their stolen funds. Instead, they “take the fee and run.”

This was seen in action after the multimillion-dollar exploit affecting Solana wallets earlier this month, with Heidi Chakos, the host of the YouTube channel Crypto Tips, warning the community to watch out for scammers offering a solution to the hack.

Another strategy also leverages recent exploits. According to the analyst, the Fake Revoke.Cash Scam, tricks users into visiting a phishing website by warning them that their crypto assets may be at risk, using a “state of urgency” to get users to click the malicious link.

Another strategy uses Unicode Letters to make a phishing URL look almost exactly like a genuine one, but replacing one of the letters with a Unicode lookalike. Meanwhile, another strategy sees scammers hack a verified Twitter account, which is then renamed and used to impersonate someone of influence to shill fake mints or airdrops.

The remaining scams target users wanting to get in on a get-rich-quick scheme. This includes the Uniswap Front Running Scam, often seen as spam bot messages telling users to watch a video on how to “make $1400/DAY front-running Uniswap,” which instead tricks them into sending their funds to a scammer’s wallet.

Another strategy is known as a Honeypot Account, where users are supposedly leaked a private key to gain access to a loaded wallet. But, when they attempt to send crypto in order to fund the transfer of coins, they are immediately sent away to the scammers’ wallets via a bot.

Other tactics involve asking high-value NFT collectors to “beta test” a new play-to-earn (P2E) game or project or commissioning fake work to NFT artists. But, in both cases, the ruse is merely an excuse to send them malicious files that can scrape browser cookies, passwords and extension data.

Last week, a report from Chainalysis noted that revenue from crypto scams fell 65% in 2022 so far due to falling asset prices and the exit of inexperienced crypto users from the market. Total crypto scam revenue year-to-date is currently sitting at $1.6 billion, down from roughly $4.6 billion in the prior year.

Crypto scams fall 65% after gullible noobs exit the market: Chainalysis

Less gullible retail investors and falling asset prices have made scamming a less enticing endeavor, but the tsunami of new DeFi applications has hackers licking their lips.

Fewer people have fallen victim to cryptocurrency scams in 2022 so far due to falling asset prices and the exit of inexperienced crypto users from the market, a new crypto crime report reveals.

According to a Tuesday report by Chainalysis, total crypto scam revenue year-to-date is currently sitting at $1.6 billion, equating to a 65% decline from the prior year period, which appears linked to the declining prices of cryptocurrencies:

“Since January 2022, scam revenue has fallen more or less in line with Bitcoin pricing. […] it’s not just scam revenue falling — the cumulative number of individual transfers to scams so far in 2022 is the lowest it’s been in the past four years.”

Chainalysis’ cybercrimes research lead Eric Jardine, the author of the report, explains that crypto investors are more likely to fall for scams during bull markets when the investment opportunities and outsized returns are most enticing to victims.

Jardine also hypothesized that bull markets also typically see a higher prevalence of new, inexperienced crypto users, who are more likely to fall victim to scams.

The researcher said the results are also skewed due to the comparatively large PlusToken and Finiko scams in 2021, which netted $3.5 billion in total scam revenue.

Conversely, Jardine notes the largest scam of 2022 so far has only netted $273 million and is related to cannabis investing platform JuicyFields.io, which has reportedly locked investors out of their accounts on their cannabis-focused “e-growing” service.

Hacks and stolen funds

While scam revenue has fallen in the year, Jardine notes that crypto-based hacking has bucked the trend, increasing 58.3% through July 2022 to $1.9 billion, a figure that does not include the $190 million Nomad bridge hack that began on Aug. 1.

Jardine said that this increase is largely attributable to the rise of decentralized finance (DeFi) applications that skyrocketed in 2021:

“DeFi protocols are uniquely vulnerable to hacking, as their open source code can be studied ad nauseum by cybercriminals looking for exploits.”

But, Jardine added that it’s not all bad, as smart contract programming languages like Solidity are relatively new and these exploits can “be helpful for security as it allows for auditing of the code.”

The report also noted that a large concentration of these hackers came from North Korean elite hacking units such as Lazarus Group, with approximately half of crypto stolen in hacks coming from these groups alone.

Jardine also noted that darknet market revenue is down 43% so far in 2022, due mainly to German law enforcement shutting down Russian darknet Hydra Marketplace’s servers on April 5.

Darknet markets are dark web black markets that offer illicit goods and services for sale, often using cryptocurrencies as a method of payment.

Social media blamed for $1B in crypto scam losses in 2021

Nearly half of the consumers who reported a cryptocurrency-related scam in 2021 said it started with an ad, post or message on social media.

The United States Federal Trade Commission has labeled social media and crypto a “combustible combination for fraud,” with nearly half of all crypto-related scams originating from social media platforms in 2021.

Published on Friday, the report found that as much as $1 billion in crypto has been lost to scammers throughout the year, which was more than a five-fold increase from 2020, and nearly sixty times up from 2018.

New analysis finds consumers reported losing more than $1 billion in #cryptocurrency to scams since 2021. Most of the losses consumers reported were to bogus cryptocurrency investment scams: https://t.co/MYGTcaw1aS #DataSpotlight /1

— FTC (@FTC) June 3, 2022

As of March 31, the amount of crypto lost was already approaching half of the 2021 figure, showing that momentum doesn’t appear to be slowing.

The FTC found that Instagram (32%), Facebook (26%), WhatsApp (9%) and Telegram (7%) were the top platforms used for crypto scams.

Interestingly, Twitter, the social media platform widely adopted by the crypto-community, was not mentioned despite being littered with spam and scam bots touting fake crypto giveaways.

Based on fraud reports to FTC’s Consumer Sentinel Network, the most common type of crypto scam was Investment Related Fraud, making up $575 million of the total $1-billion figure.

“These scams often falsely promise potential investors that they can earn huge returns by investing in their cryptocurrency schemes, but people report losing all the money they ‘invest.’”

According to the FTC, common investment scams include cases in which a so-called “investment manager” contacts a consumer, promising to grow their money — but only if the consumer buys cryptocurrency and transfers it into their online account.

Other methods include impersonating a celebrity who can multiply any cryptocurrency that a consumer sends them or promises free cash or cryptocurrency.

The FTC also lists scams that involve investment in fake art, gems and rare coins, bogus investment seminars and advice, and other miscellaneous investment scams as part of this group.

The next largest crypto-scam-related losses came from Romance Scams at $185 million, in which a love interest tries to entice someone into investing in a crypto scam.

Business and Government Impersonation Scams came in third at a total of $133 million, in which scammers target consumers, claiming that their money is at risk due to fraud or a government investigation.

“These scams can start with a text about a supposedly unauthorized Amazon purchase, or an alarming online pop-up made to look like a security alert from Microsoft. From there, people are reportedly told the fraud is extensive and their money is at risk.”

The scammers will then pretend to be a representative of the bank to secure the person’s crypto.

In other cases, scammers have impersonated border patrol agents reportedly telling people their fiat accounts are frozen as part of a drug trafficking investigation. These scammers tell people the only way to protect their money is to put it in crypto. They’re directed to take out cash and feed it into a crypto ATM and are tricked into sending it to the scammers’ wallet address instead.

The report found that people aged 20–49 were most likely to lose crypto to a scammer, with those in their 30s the hardest hit, making up 35% of total reported fraud losses.

The amount of crypto lost rises up according to age group, with the median individual reported cryptocurrency losses for those in their 70s reaching up to $11,708, compared to just $1,000 for 18- and 19-year-olds.

An article on the FTC’s Consumer Advice website details a number of ways to avoid cryptocurrency scams:

Only scammers demand payment in cryptocurrency. No legitimate business is going to demand you send cryptocurrency in advance — not to buy something and not to protect your money. That’s always a scam.
Only scammers will guarantee profits or big returns. Don’t trust people who promise you can quickly and easily make money in the crypto markets.
Never mix online dating and investment advice. If you meet someone on a dating site or app, and they want to show you how to invest in crypto or ask you to send them crypto, that’s a scam.