Indian investors have lost over $128 million (about Rs 1,000 crore) to fake cryptocurrency exchanges as the global crypto market tanked. This has been claimed in a new report on Tuesday.
Cyber-security company Cloud SEK said it has uncovered an ongoing operation involving multiple phishing domains and Android-based fake crypto applications.
CloudSEK was contacted by a victim who allegedly lost 50 lakhs ($64,000) in one such cryptocurrency scam as well as other costs like deposits, taxes, etc.
“We estimate that the threat actors have duped victims up to $128 million (approximately Rs 1,000 crore) through such crypto scams,” said Rahul Sasi, founder and CEO of CloudSEK.
“As investors turn their attention to the cryptocurrency markets, scammers and fraudsters also turn their attention to them,” said Sasi.
Threat actors first create fake domains that impersonate legitimate crypto trading platforms.
The sites have been designed to replicate the dashboard and user experience of the official website.
The attackers then create a female profile on social media to contact the potential victim and establish a friendship.
The profile influences the victim to invest in cryptocurrencies and start trading.
The report noted, “The profile also shares a $100 credit as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange.”
The victim initially makes a significant profit, which increases their confidence in the stage and the threatening actor.
After making a profit for the victim, the scammer convinces them to invest a higher amount promising better returns.
Once the victim adds their money to the fake exchange, the threatening actor freezes their account, ensuring that the victim cannot withdraw their investment and the victim’s money disappears.
When victims take to various platforms to complain of losing access to their accounts, the same, or new, threatening actors reach out to them under the guise of investigators.
The report warns, “In order to retrieve the frozen assets, they request the victims to provide confidential information such as ID cards and bank details through email. These details can be used to carry out other nefarious activities.” To give is done.”
“In the long term, collaboration between crypto exchanges, Internet service providers (ISPs), and cybercrime cells is essential to raise awareness and take action against threat groups,” said Sasi.