Global Bitcoin scam leaked personal data of 250,000 people. This week, a global threat hunting and intelligence company, Group IB, revealed that it has “discovered thousands of personal records of users from over 20 countries of the world exposed in a targeted multi-stage bitcoin scam.”
The Singapore-based company said that it found 248,926 sets of unique personally identifiable information. The company shares that “The analysis of the exposed phone country codes showed that most of the victims were from the UK (147,610), followed by Australia (82,263), South Africa (4,149), the US (4,147), Singapore (3,499), Malaysia (2,491), Spain (2,420), and other countries”.
Group IB described that at least six active domains featuring the same bitcoin investment platform were identified. The scheme operates under different names, such as Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme, and Banking on Blockchain. The firm’s analysts added that this new scheme resembles the Bitcoin Evolution scam.
The company explained how this bitcoin scam works. Firstly, a potential investor receives an SMS text message. Scammers sometimes send out phishing messages using the name of a recognized media outlet as the sender.
Every message contains a unique short link that takes the investor to a website “which already demonstrates their personal data, such as the phone number, first or/and last name, and sometimes an email address, and used for redirects to fake websites masquerading as a local media outlet”.
“The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party.”
The content often depends on the targeted crypto investor’s location, such as major news outlets in the investor’s country. The scam websites feature fake interviews of famous people, articles, news, and comments attributed to local celebrities. They allege that famous people made a fortune using the new cryptocurrency investment platform. One example is Prince Harry and Meghan Markle, the Duke and Duchess of Sussex.
The researchers from Group IB elaborates that “All the fake pages discovered are almost identical in terms of design, but the URL and the page code are unique every time and contain users’ personal records. If a victim decides to click any link in the article, they are taken to a bitcoin investment platform website, where their data, contained in the URL, would already be pre-filled in the registration form without a user’s consent. Later a victim would be asked to add to their account balance in BTC”.
[image: Clint Patterson]