Several Indian investors are falling for high-profile scams related to cryptocurrencies and crypto-trading, a recently published study has found.
An investigation by India cybersecurity firm CloudSEK researchers revealed that threat actors were behind the “CoinEgg Scam” in which the team of researchers found a persistent harmful scheme that involved several payment gateway sites, Android-based applications, used to entice unwary people into a widespread gambling scam.
According to their findings, “The loss of users to the CoinEgg VIP scam is estimated at Rs 10 billion [Rs 1,000 crore]. A user has also claimed to have lost Rs 50 lakhs to this cryptocurrency scam, including additional costs such as the deposit amount, tax, etc.”
CloudSEK’s Threat Analyst team said the threat actors established several fictitious domains with the keyword “CloudEgg” in them that looked like cryptocurrency trading sites.
It is noteworthy that the original web address of CoinEgg is www[.]coinegg[.]com. This company is a UK-based cryptocurrency exchange that provides trading services for virtual currency assets.
It was noticed that the dashboard and user interface of the sites are created to be exact replicas of the original website and the scam was conducted by threat actors in multiple phases.
“In the first phase of the scam, CoinEgg users are deceived into depositing an amount to the fake wallet, to invest it in a listed cryptocurrency. After which, threat actors freeze the amount in the CoinEgg VIP wallet and prohibit users from retrieving it,” the report stated.
Additionally, a number of phoney phishing programmes masquerading as CoinEgg are spreading online. These applications typically need unnecessary rights during installation and are flagged as malicious on different systems.
According to CloudSEK’s BeVigil security search engine, these harmful rights include write settings, system alert window, request install packages, location access, and process outgoing calls.
While explaining the modus operandi, the team noted that to avoid users noticing the massive scam, if a victim complains about their experiences on other platforms, in the seventh phase of the plan, the attacker contacts them using additional bogus identities and claims to be an investigator.
Furthermore, the scammers email their victims to request private information like ID cards and bank account numbers in order to release the frozen assets. These details are then used to carry out additional activities.
As per their findings, the scammers mention “CoinEgg” on the index page, use a fake logo of CoinEgg to gain the trust of victims and use a customer service chatbot that redirects users to the domain v[.]chatabc[.]xyz.
They found two domains used by the scammers and it was said that both of them were registered on GoDaddy on March 3, 2022, as part of the strategy to set up several backup domains in the case of a takedown.
However, CloudSEK is not the first or only company to point out a recent increase in cryptocurrency scams worldwide.
Sean Ragan, a special agent with the Federal Bureau of Investigation (FBI), claimed last week in an interview with CNBC that LinkedIn users are being targeted by cryptocurrency scammers who constitute a serious threat to them.