As the global cryptocurrency market collapses, a new report on Tuesday claims that fake cryptocurrency exchanges have defrauded Indian investors out of more than $128 million (almost Rs 1,000 crore). An ongoing operation involving many phishing sites and Android-based bogus crypto applications has been discovered, according to cyber-security firm CloudSEK.
This widespread operation lures unsuspecting people into a massive gambling swindle. According to the research, several of these phony websites pretend to be “CoinEgg,” a reliable cryptocurrency trading platform with a UK location. A victim who reportedly lost Rs 50 lakh ($64,000) to such a cryptocurrency fraud sought CloudSEK, on top of other expenses like the deposit amount, tax, etc.
Rahul Sasi, the founder, and CEO of CloudSEK stated we estimate that threat actors have duped victims of up to $128 million (approximately Rs 1,000 crore) via similar crypto schemes. As investors switch their spotlight to the cryptocurrency markets, scammers and cheats follow suit, Sasi continued.
How do exchanges deceive investors?
- Threat actors begin by creating bogus domains that impersonate legitimate cryptocurrency trading platforms.
- The sites are intended to mimic the dashboard and user experience of the official website.
- The attackers then create a female social media profile in order to approach the potential victim and form a friendship.
- The victim is influenced by the profile to invest in cryptocurrency and begin trading.
- The victim makes a significant profit at first, which increases their trust in the platform and the threat actor.
- After the victim appears to make a profit, the scammer persuades them to invest more money, promising higher returns.
- When the victim deposits their own funds into the bogus exchange, the threat actor freezes their account, preventing them from withdrawing their funds, and then vanishes with the victim’s funds.
- When victims complain about losing access to their accounts on various platforms, the same or new threat actors contact them under the guise of investigators.
The profile also shares a $100-dollar credit as a gift to a specific crypto exchange, which in this case is a copy of a legitimate crypto exchange, according to the report.
In order to retrieve the frozen assets, they email victims and request confidential information such as ID cards and bank account information. The report warned that “these details are then used to perpetrate other heinous activities.