On May 29, a resident of Malabar Hill in Mumbai was tricked out of Rs 1.53 crore by cyber crooks promising good returns on cryptocurrency investment through a fake website.
Two days earlier, on May 27, Charkop police arrested a 23-year-old management graduate for cheating investors out of Rs 1.5 crore after offering to invest money in cryptocurrency.
Another person in June allegedly lost Rs 50 lakh due to a cryptocurrency scam, in addition to other costs such as deposit amount, taxes, etc.
Crypto scams are becoming increasingly popular, with all the elements that give scammers the upper hand – no banks to report dodgy transactions, irreversible transfers, and newbie investors who generally don’t know how crypto transactions work.
To fool the unwary, scammers develop fake cryptocurrency trading sites or fake crypto wallets. These fake websites often have similar, but different, domain names to the sites they are trying to imitate. They look similar to genuine websites, which makes it hard to tell them apart, said Rahul Sasi, founder and CEO of CloudSEK.
CloudSEK also discovered an ongoing operation involving multiple phishing domains and Android-based apps. This large-scale campaign lures unwary individuals into a massive gambling scam. Many of these fake websites pose as CoinEgg – a legit UK-based cryptocurrency trading platform.
“We estimate that threat actors have defrauded victims of up to Rs 1,000 crore via these crypto scams,” Sasi said.
Cryptocurrency investment scams
Fake cryptocurrency websites usually work in one of the following ways:
As phishing pages
Phishing attempts using cryptocurrency target crypto wallet private keys – needed to access funds in the wallet. Scammers send an email to trick victims into visiting a specially crafted website where they are asked to provide private key information. The bitcoin from these wallets is stolen once the hackers get this information.
Like a simple flight case
What scammers mainly do is make you enjoy a small profit first. Victims are pushed to invest additional money since their previous investments bear good fruits. However, when you later want to withdraw your money, the site closes or denies the request.
One of the most popular ways to deceive investors is through the use of fake apps available for download, mainly from Google Play Store. Although these bogus apps are quickly found and removed, that doesn’t mean the apps don’t impact many results. People are downloading fake cryptocurrency apps daily.
Professor Triveni Singh, Superintendent, Cyber Crime, Uttar Pradesh, said unsuspecting investors are always looking for new options to park their money and scammers are looking for new investors to defraud. “Fake crypto mining, creating fake wallets, fake exchanges – scammers are inventing new ways to loot people. Not only that, they also hack into an entire valid crypto exchange and poof! your money is gone in seconds,” added Singh.
According to statistics from blockchain monitoring startup Chainalysis, Indian users have visited various crypto fraud websites millions of times over the past two years.
In 2020, Indians visited crypto scam websites over 17.8 million times. In 2021, the number dropped dramatically, although it was still significant at 9.6 million times.
Coinpayu.com, adbtc.top, hackertyper.net, dualmine.com and coingain.app are the top five scam websites visited by Indians in the last year, according to statistics from Chainalysis.
Despite its high volatility and ambiguous legal status, Indians continue to be fascinated by cryptocurrency, with a significant proportion appearing indifferent to the dangers it entails.
As a method of mitigation, Sasi suggests that in the short term, crypto-related phishing domains should be identified and removed at the earliest. However, in the long term, it is imperative that collaboration between crypto exchanges, ISPs and cybercrime cells raise awareness and take action against threat groups.