Indian investors likely lost Rs 1,000 cr to fake crypto exchanges: Report
Cyber-security company CloudSEK, also uncovered an operation that involved many phishing domains and fake crypto applications.
Fake cryptocurrency exchanges have duped Indian investors of more than $128 million (nearly Rs 1,000 crore) as the global crypto market tanks, a new report claimed on Tuesday. Cyber-security company CloudSEK has uncovered an ongoing operation involving several phishing domains and Android-based fake crypto applications.
"This large-scale campaign entices unwary individuals into a huge gambling scam. Many of these bogus websites impersonate CoinEgg, a legitimate UK-based cryptocurrency trading platform (sic).” according to the report.
A victim had approached CloudSEK. The victim had allegedly lost Rs. 50 lakh ($64,000) to such a cryptocurrency scam over other costs such as deposit amount, tax, etc.
Also read: Here are some tips on how to diversify your cryptocurrency deck
"We estimate that threat actors have defrauded victims of up to $128 million (about Rs 1,000 crore) via such crypto scams (sic)." said Rahul Sasi, Founder and CEO of CloudSEK.
“As investors shift their focus on the cryptocurrency markets, scammers and cheats turn their attention to them as well (sic).” Sasi added.
Threat actors first create fake domains that impersonate legitimate crypto trading platforms. The sites are designed to replicate the official website's dashboard and user experience. The attackers then create a female profile on social media to approach the potential victim and establish a friendship. The profile influences the victim to invest in cryptocurrency and start trading.
Also read: Bitcoin goes beyond $20K per digital coin, Ethereum crosses $1,100 per coin
"The profile also shares $100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange (sic)." the report mentioned.
The victim initially makes a significant profit, bolstering their trust in the platform and the threat actor. After the victim seemingly makes a profit, the scammer convinces them to invest a higher amount, promising better returns. Once the victim adds their own money to the fake exchange, the threat actor freezes their account, ensuring the victim cannot withdraw their investment and disappears with the victim's money. When victims take to various platforms to complain about losing access to their accounts, the same or new threat actors reach out to them in the guise of investigators.
Also read: NFTs, crypto are '100 per cent based on greater fool theory': Bill Gates
"To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details, via email. These details are then used to perpetrate other nefarious activities (sic)." the report warned.
"In the long-term, it is imperative for the collaboration between crypto exchanges, Internet service providers (ISPs), and cybercrime cells to raise awareness and take action against threat groups (sic)." said Sasi.