 |
| Source: Group-IB. A screen capture from a fake YouTube video purporting to feature Elon Musk. |
Group-IB, a Singapore-headquartered cybersecurity provider, has found a fivefold increase in the number of domains used for crypto giveaway scams that involve fake YouTube streams in 1H22. Since Group-IB’s first report on the scheme, crypto giveaway scams evolved into a market segment with multiple services for fraudulent operations.
According to Group-IB, 63% of the new fraudulent domain names were registered with Russian registrars, but the fake websites are primarily designed to target English and Spanish-speaking crypto investors.
For the first time, the Group-IB Computer Emergency Response Team (CERT-GIB) observed a sharp increase in the number of fraudulent YouTube streams “featuring” big names. Videos purporting to be from Elon Musk, the founder and CEO of SpaceX and Tesla; Brad Garlinghouse, CEO of Ripple Labs; MicroStrategy's co-founder and Executive Chairman Michael J. Saylor, as well as Cathie Wood, the founder and CEO of Ark Invest were found in February this year.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts to encourage users to visit a promotional website to double their crypto investment. Victims would be invited to transfer crypto to a specified address or disclose the seed phrase of their crypto wallet to receive even better terms.
Group-IB experts have discovered that the scheme has scaled significantly in six months. In 1H22, CERT-GIB identified more than 2,000 domains registered explicitly to be used as fake promotion websites. This figure increased almost five-fold compared to 2H21 and 53-fold in comparison with 1H21. In Q122 Group-IB researchers discovered 583 fake websites involved in the scheme. The next quarter the Group-IB team found an additional 1,500-plus domains newly set up by scammers to promote fake giveaways.
Scammers also advertised promo sites featuring Nayib Bukele, the President of Salvador, as well as the soccer player Cristiano Ronaldo. Both names were chosen for a reason, Group-IB said. In 2021, mainly on the initiative of its president, El Salvador became the first country to adopt Bitcoin as its national currency. Ronaldo, on the other had, became the first football star paid with cryptocurrency: the player was awarded a bonus of 770 crypto tokens from his club Juventus, one for each goal scored in his career. In June 2022, Binance, a crypto trading platform, announced an exclusive partnership with Ronaldo.
Group-IB advises crypto owners to be vigilant about free giveaways and not to share confidential data on rogue websites. Other advice included:
- Double-check the legitimacy of the streams and the websites you visit using official sources only. If you cannot find any information about the promotion taking place, you are likely being deceived.
- Seed phrases must be kept secret and stored securely. To do so, use password management tools.
- To minimise the risk of leakage, prioritise desktop solutions over cloud-based ones.
- You risk being deceived twice if you have already transferred your crypto to fraudsters and want your money back. People who message victims on forums offering help often turn out to be scammers themselves.