Discord cryptoscam: Attack of the clones

Scammers are using fake news sites to lend legitimacy to their Bitcoin and Ethereum offers on Discord.

Scammers are using fake news sites to lend legitimacy to their Bitcoin and Ethereum offers on Discord

Since we described how scammers are tricking Discord users into registering on fake cryptocurrency exchanges, they have harnessed new and even more effective techniques. What’s the catch, and can you protect yourself?

Origins

In the earlier grift, members of Discord cryptocurrency communities received private messages from trading platforms supposedly giving away cryptocurrency. Potential victims received a link to register on the website of a cryptocurrency exchange, which was fake but looked real. Then, to get the free coins, they just had to verify their account, and to do that, they had to make a deposit.

New tricks

We recently discovered four new pseudo exchanges: Bitcmoney, Itmaxbit, Crypto24cap, and Bit24cap. The campaign built around them operates according to a similar but more sophisticated scenario.

Most of the innovations seek to lower the victim’s guard. Even the layout of the Discord messages became more discreet, with emojis and caps used a bit more judiciously.

Message from a fake cryptoexchange about free Bitcoin

Message from a fake cryptoexchange about free Bitcoin

Another technique designed to enhance the sense of legitimacy is including a code for users to confirm their registration. Bona fide sites often use such methods to protect against bots.

E-mail with registration confirmation code

E-mail with registration confirmation code

Those help, but the main innovation is the use of fake cryptocurrency news portals. Their function is twofold. First, links to the fake exchanges from other sites help boost the fakes’ search results. Second, their very existence adds plausibility; trust in the media remains quite high, and the articles and posts underscore the portals’ perceived reliability.

For example, one fake report describes Crypto24cap as “one of the largest cryptocurrency exchanges” and “a reputable platform suitable for both newbies and more advanced users.” Another proclaims that 10 exchange members won cryptocurrency in a giveaway organized by the site.

One sham article, seemingly published four months ago, talks about a Crypto24cap hack from May 2019, but the fake exchange’s domain wasn’t registered until January 26, 2021.

What the fake cryptocurrency exchange Crypto24cap looks like

What the fake cryptocurrency exchange Crypto24cap looks like

Checking the domains through WHOIS services reveals that the news services were created quite recently. Although not a smoking gun, the backdated publication of articles is very suspicious. What’s more, the sites duplicate each other’s content in many cases.

Hence, simply by using publicly available tools and consulting different sources of information, cryptocurrency investors can save themselves a lot of money and hassle. That said, finding what you want to find online is easy. Skimming search result excerpts, you can easily come away with the impression that fake news sites like those we describe above are real — in other words, that the free money you’ve been offered is real. Look instead for circumstantial evidence of a scam and you’ll find it in the negative reviews and duplicated and backdated content.

Aside from those described above, other changes, from the updated website design to the money-stealing mechanism, distinguish the new from the original campaign. For example, whereas previously, the pretext for siphoning cryptocurrency was account verification, now the withdrawal transaction appears to freeze for some time, after which the service asks for a deposit from the target wallet, supposedly to link the wallet to the account.

The fake exchange asks for a deposit of 0.02 BTC or 0.66 ETH to link the target wallet to the

The fake exchange asks for a deposit of 0.02 BTC or 0.66 ETH to link the target wallet to the “winner’s” account

How to stay safe

  • Be wary of promises of anything free or heavily discounted, and be especially suspicious of schemes requiring a payment to receive payment.
  • Thoroughly research cryptocurrency exchanges before doing business with them. Size and popularity are useful measures. Look them on sites such as CoinGecko, CryptoCompare, or CoinMarketCap, bearing in mind that even such sites, though reputable, are not the source of absolute truth: they may have bias, some show ads, and all are susceptible to hacking.
  • Check the URL in the address bar, and use different passwords for each service to protect yourself from phishers and data leaks. And, to simplify managing your unique and complex passwords, use a password manager.
  • Configure your privacy settings to help you resist the onslaught of spammers and scammers in Discord.
  • Protect your devices with a reliable security solution. For example, Kaspersky Plus gives you all the warnings you need about phishing and malware.
Tips