What is CoinEgg Scam, and How it works? Crypto scammers have reportedly stolen INR 1000 crore (USD128 M) from Indian users by posing as fake exchanges.
Despite the immense popularity of cryptocurrencies and crypto-trading in India, users in the country are still falling for high-profile scams.
Researchers at security firm CloudSEK have unearthed a new scam called CoinEgg, which defrauded as much as ₹10 billion [₹1,000 crores], which is almost USD 128 Million from users in the country.
“We discovered an ongoing malicious scheme involving multiple payment gateway domains and Android-based applications, used to lure unsuspecting individuals into a mass gambling scam,” the company said in a blog post.
CoinEgg Scam: How this works
According to the researchers, the threat actors created multiple fake domains impersonating crypto trading platforms, with the word ‘CloudEgg’ in them.
“The sites are designed to replicate the official website’s dashboard and user experience,” the company said, adding that the scam is divided into seven phases.
After creating the fake domains, in the second phase, the attackers create a female profile on social media “to approach the potential victim and establish a friendship”.
This profile influences the victim to invest in crypto and start trading.
“The profile also shares USD 100-dollar credit as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange,” the firm said.
The victims are enticed to sign up for the fake exchanges using this free credit and start trading using the same, based on instructions from the attacker.
They eventually invest their own money and “seemingly” make profits, which convinces them to invest even higher amounts.
Once the victim adds their money, the attacker freezes their account to keep them from withdrawing the funds and disappears.
You would think that the scam ends here, would you? It doesn’t.
In the seventh phase of the scheme, when the victims take to other platforms to complain about their experience, the attacker uses other fake accounts to reach out to them and pose as if they are investigators.
“To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details via email.
These details are then used to perpetrate other nefarious activities,” the researchers said.
Crypto scams on the rise
CloudSEK, of course, isn’t the first or only firm to flag a recent rise in crypto scams around the world. In an interview with CNBC last week, Sean Ragan, a special agent with the Federal Bureau of Investigation (FBI), said that crypto scammers are targeting users through LinkedIn and pose a “significant threat” to the platform’s users.
Yesterday, research by fact-checking platform Logically noted that influencers affiliated with American political conspiracy Qanon have been persuading their followers to invest in fraudulent crypto tokens.
Rahul Sasi, the chief executive of CloudSEK, said that in the short-term crypto-related phishing domains have to be taken down earlier; but crypto exchanges, internet service providers, and cyber crime cells have to work together in the long run to avoid such scams.
Follow us or bookmark us for more Bollywood news box office collection report celebrities trailers and promos
Join us on Facebook
Join us on Twitter