On May 29, a resident of Mumbai’s Malabar Hill was duped of Rs 1.53 crore by cyber fraudsters promising good returns on investment in cryptocurrency via a fake website.
Two days prior, on May 27, Charkop police arrested a 23-year-old management graduate for duping investors of Rs 1.5 crore after offering to invest money in cryptocurrency.
Another person in June allegedly lost Rs 50 lakh to a cryptocurrency scam, in addition to other costs such as deposit amount, tax, etc.
Crypto scams are becoming increasingly popular, with all the elements that give an upper hand to scammers — no bank to flag questionable transactions, irreversible transfers, and rookie investors who are typically unaware of how crypto transactions work.
To deceive the unwary, scammers develop fake cryptocurrency trading sites or counterfeits of legitimate crypto wallets. These phoney websites frequently have domain names that are similar to, yet different from, the sites they are attempting to imitate. They are similar appearance to authentic websites, making it difficult to distinguish between them, said Rahul Sasi, Founder and CEO, CloudSEK.
CloudSEK also uncovered an ongoing operation involving several phishing domains and Android-based applications. This large-scale campaign lures unwary individuals into a huge gambling scam. Many of these bogus websites impersonate CoinEgg — a legitimate UK-based cryptocurrency trading platform.
“We estimate that threat actors have defrauded victims of up to Rs 1,000 crore via this crypto scams,” said Sasi.
Cryptocurrency investment scams
Fake cryptocurrency websites usually work in one of these ways:
As phishing pages
Phishing attempts using cryptocurrency target crypto wallet private keys — necessary to access funds within the wallet. Scammers send an email to entice victims to visit a specially designed website where they are asked to provide private key information. The bitcoin in those wallets is stolen once the hackers get this information.
As a simple case of theft
What scammers do primarily is let you enjoy a little profit first. Victims are driven to invest additional money since their earlier investments bear good fruit. However, when you subsequently want to withdraw your money, the site either shuts down or declines the request.
One of the most popular ways to trick investors is through fake apps available for download, mostly on Google Play Store. Although these fake apps are quickly found and removed, it doesn’t mean the apps aren’t impacting many bottom lines. People download fake cryptocurrency apps on a daily basis.
Professor Triveni Singh, Superintedent, Cyber Crime, Uttar Pradesh, said unsuspecting investors are always looking for newer options to park their money and scammers are looking for newer investors to defraud. “Fake crypto mining, creating fake wallets, fake exchanges — scammers are inventing newer ways to looting people. Not just this, they also hack an entire valid crypto exchange and poof! your money is gone within seconds,” Singh added.
According to statistics by blockchain surveillance start-up Chainalysis, Indian users have visited various websites operating crypto frauds over millions of times in the past two years.
In 2020, Indians visited crypto scam websites over 17.8 million times. In 2021, the number dropped dramatically, although it was still a significant 9.6 million times.
Coinpayu.com, adbtc.top, hackertyper.net, dualmine.com, and coingain.app are the five most frequented scamming websites frequented by Indians in the last year, according to Chainalysis statistics.
Despite their high volatility and ambiguous legal status, Indians continue to be fascinated by cryptocurrency, with a substantial proportion appearing unconcerned about the hazards it carries.
As a method of mitigation, Sasi suggests that in the short term, crypto-related phishing domains should be identified and taken down at the earliest. However, in the long term, it is imperative for the collaboration between crypto exchanges, ISPs, and cybercrime cells to raise awareness and take action against threat groups.