Two of the most shocking crypto scams Bankless Times has come across involve address poisoning and DeFi mining. The third one was standard, but what made it shocking was that the perpetrator had a vast network of fully legitimate partners.
These scams are unique and the first, but not the last of their kind. DeFi mining scams are pig-butchering scams with a twist, and they are expected to continue increasing because they are easier to bundle for sale and distribution to other cybercriminals, and because existing romance scammers can adopt them easily.
1. So simple it’s genius: address poisoning
An Indian cryptocurrency user lost wrapped Bitcoin worth $68 million after falling victim to an address poisoning attack. A security firm, Cyvers Alerts, confirmed the incident and shared it on X.
Address poisoning is where the scammer copies the first and last six characters of a real wallet address. They hope the victim won’t check the entire number for accuracy and send an amount of crypto which goes to the wrong address. An address can be up to 42 characters long.
2. A scam shrouded in legitimacy
A Reddit user alerted the crypto community of having been duped in a very intricate scam involving a network of fully legitimate companies. The user had a friend who was a professional real estate investor and had recently invested in luxury properties in Texas, from which she and her husband made a lot of money. She had sold a billion housing units. The friend had met another investor through mutual friends, started a joint investment with her, and told the user to try it.
The other investor ran a women’s investment group on Facebook. She worked for RGB Capital and was helping women in the group. The user deposited money in ether into her website, VTProTrade.com, through Gemini. She also sent some Bitcoin on CashApp. The investor promised something like three or five times the initial deposit per month. Her platform also had rules about how often you can withdraw.
The user went through the instructions, received an activation code, and sent it to the support team to activate her account for mirror trading. Sometime later, she found the profile on Facebook was fake. It had been copied from a German woman with the same first name but a different last one. The German woman speaks and has posted videos. The fake account was created to make the investor appear American, and it was linked to the investor group.
VTProTrade.com is registered with the Australian Securities and Investment Commission (ASIC). Its license number is linked to a legitimate company called Novus Capital. The site has customer support with live chat, which the user contacted, and everything seems normal. She saw her balance and her (quite impressive) profit.
The women’s investment group on Facebook has around 900 members, many of whom claim the site is legit. They were able to exchange their crypto for cash and moving it to Gemini, Binance, or another legit exchange.
Only, the user can’t withdraw her funds from VTProTrade.
According to Scam Adviser, this website’s rating is very low. The owner’s identity is concealed on WHOIS, the traffic rank is rather low too, the website registrar is popular amongst scammers, and the site is young and didn’t let Scam Adviser analyze its content. Another Reddit user suspects that the victim’s successful real estate investor friend’s Facebook account was compromised and convinced the victim she was “investing.”
3. DeFi mining meets pig butchering
Pig butchering scams are nothing new, but we’re witnessing a new, more sophisticated version that uses the blockchain’s capacity to bypass most of the defenses mobile devices have. Scammers then gain direct control over victims’ funds.
The new scams use fraudulent DeFi apps and represent the next stage of 2022’s “liquidity mining” scams. Basically, they combine mobile crypto wallets and smart contracts with the false promise of love and friendship, the essence of pig butchering.
These scams are an “improvement” on more rudimentary pig butchering scams because the victim does not need to install a customized app onto their mobile device. This was a deterrent in the past because the scammer had to convince the victim to go through complicated steps to install an app or try to slip the app past Google and the App store’s attention.
DeFi scams use trusted apps from reputable developers
The victim must only load a web page from within the app. They don’t need to deposit crypto into the scammer’s wallet or wire a deposit. They think they have full control of their funds. They can see their crypto balances until the scammer springs the trap. The scammer might even add crypto to their accounts to make it seem like the victim is profiting.
The scammer hides the wallet network that launders stolen funds behind a so-called contract wallet, an address that controls the victims’ wallets.
Recent technological advancements include the use of third-party APIs like WalletConnect to hide the contract wallet and agent detection scripts to redirect or block mobile and desktop browsers not connected with cryptocurrency wallets to evade detection. Connections to vulnerable mobile wallet apps are restricted. Positive wallet balances are detected to prevent empty Ethereum wallets from linking and identifying the contract wallet.