{"id":28898,"date":"2021-02-13T04:11:47","date_gmt":"2021-02-12T17:11:47","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/cryptoscam-in-discord-fake-news-services\/28898\/"},"modified":"2021-02-13T04:12:27","modified_gmt":"2021-02-12T17:12:27","slug":"cryptoscam-in-discord-fake-news-services","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/cryptoscam-in-discord-fake-news-services\/28898\/","title":{"rendered":"Discord cryptoscam: Attack of the clones"},"content":{"rendered":"

Since we described how scammers are tricking Discord users<\/a> into registering on fake cryptocurrency exchanges, they have harnessed new and even more effective techniques. What\u2019s the catch, and can you protect yourself?<\/p>\n

Origins<\/h2>\n

In the earlier grift, members of Discord cryptocurrency communities received private messages from trading platforms supposedly giving away cryptocurrency. Potential victims received a link to register on the website of a cryptocurrency exchange, which was fake but looked real. Then, to get the free coins, they just had to verify their account, and to do that, they had to make a deposit.<\/p>\n

New tricks<\/h2>\n

We recently discovered four new pseudo exchanges: Bitcmoney, Itmaxbit, Crypto24cap, and Bit24cap. The campaign built around them operates according to a similar but more sophisticated scenario.<\/p>\n

Most of the innovations seek to lower the victim\u2019s guard. Even the layout of the Discord messages became more discreet, with emojis and caps used a bit more judiciously.<\/p>\n

\"Message<\/a>

Message from a fake cryptoexchange about free Bitcoin<\/p><\/div>\n

Another technique designed to enhance the sense of legitimacy is including a code for users to confirm their registration. Bona fide sites often use such methods to protect against bots.<\/p>\n

\"E-mail<\/a>

E-mail with registration confirmation code<\/p><\/div>\n

Those help, but the main innovation is the use of fake cryptocurrency news portals. Their function is twofold. First, links to the fake exchanges from other sites help boost the fakes\u2019 search results<\/a>. Second, their very existence adds plausibility; trust in the media remains quite high, and the articles and posts underscore the portals\u2019 perceived reliability.<\/p>\n

For example, one fake report describes Crypto24cap as \u201cone of the largest cryptocurrency exchanges\u201d and \u201ca reputable platform suitable for both newbies and more advanced users.\u201d Another proclaims that 10 exchange members won cryptocurrency in a giveaway organized by the site.<\/p>\n

One sham article, seemingly published four months ago, talks about a Crypto24cap hack from May 2019, but the fake exchange\u2019s domain wasn\u2019t registered until January 26, 2021<\/a>.<\/p>\n

\"What<\/a>

What the fake cryptocurrency exchange Crypto24cap looks like<\/p><\/div>\n

Checking the domains through WHOIS services reveals that the news services were created quite recently. Although not a smoking gun, the backdated publication of articles is very suspicious. What\u2019s more, the sites duplicate each other\u2019s content in many cases.<\/p>\n

Hence, simply by using publicly available tools and consulting different sources of information, cryptocurrency investors can save themselves a lot of money and hassle. That said, finding what you want to find online is easy. Skimming search result excerpts, you can easily come away with the impression that fake news sites like those we describe above are real \u2014 in other words, that the free money you\u2019ve been offered is real. Look instead for circumstantial evidence of a scam and you\u2019ll find it in the negative reviews and duplicated and backdated content.<\/p>\n

Aside from those described above, other changes, from the updated website design to the money-stealing mechanism, distinguish the new from the original campaign<\/a>. For example, whereas previously, the pretext for siphoning cryptocurrency was account verification, now the withdrawal transaction appears to freeze for some time, after which the service asks for a deposit from the target wallet, supposedly to link the wallet to the account.<\/p>\n

\"The<\/a>

The fake exchange asks for a deposit of 0.02 BTC or 0.66 ETH to link the target wallet to the \u201cwinner\u2019s\u201d account<\/p><\/div>\n

How to stay safe<\/h2>\n