We broke down the most confusing crypto scam scheme that brings scammers hundreds of thousands of dollars. How does it work, and is it possible to protect yourself?

September 18, 2024 by cryptobreak

357

During the recent iPhone 16 presentation, scammers launched a dipfake YouTube video broadcast in which Apple CEO Tim Cook allegedly advertised “an opportunity to make money from crypto.” Viewers were then asked to send coins to specified addresses to receive double the amount. This is one of the easiest strategies to scam coin owners, with fewer and fewer victims buying into it. However, over time, scam schemes become more complex, and it is difficult to understand their essence. Today we will examine in detail just such a case.

The details of this scam were shared by our subscriber on condition of anonymity. For security reasons, he refused to share his correspondence for publication.

The victim lost about a thousand dollars on the scheme and considers such detailed articles the best way to combat fraud. Still, thanks to them crypto users will be better informed about what's going on and will be able to recognise scam before the transaction.

However, before moving on to the scheme, it is necessary to note the reasons for the popularity of digital assets among fraudsters.

Content

1 Why scams are relevant in crypto
2 How cryptocurrency scammers are defrauding right now
3 What is the essence of scamming on the “testing scheme”
4 How much scammers earn in crypto
5 How else scammers steal money
6 Conclusions. How not to lose money

Why scams are relevant in crypto

Cryptocurrencies are known for their volatility and ability to rise in value. In the current market growth cycle, this has been especially true for meme tokens.

For example, crypto asset Popcat, which became the first cat meme with a billion-dollar market capitalisation, has jumped more than 18,000 percent since January.

Changes in the current exchange rate of the POPCAT meme token compared to the low and highs

Although it is almost impossible to recognise such a project at the beginning of its existence, meme-tokens do allow you to earn money. Well, this attracts new investors.

The constant inflow of newcomers is one of the main reasons for the activity of scammers. Still, they are not aware of popular schemes of deception, can easily make mistakes, and also fall for “quick money opportunities”, with which they just associate the sphere of crypto. That’s why scammers still run streams offering to send crypto to specified addresses, using celebrities or holidays as a cover.

The second reason is the wide opportunities for theft. Nowadays it is possible to lose crypto even by simply clicking on a malicious link. And this is not to mention the various smart contract permissions that allow scammers to remotely withdraw someone else’s coins. The victim in such a situation may think that he or she has just performed a transaction with a new token and has done nothing wrong.

Apprehended cryptocurrency fraudster

The third reason for the presence of fraudsters is the irreversibility of transactions on the blockchain. This means that once the victim makes a mistake, it is impossible to correct it. Well, the scammer will get the crypto and get his way.

Finally, another reason is the ability to “clean” the stolen coins quite easily, i.e. to confuse the traces in their tracking within the blockchain. In this case, criminals are primarily assisted by so-called mixers, which mix users’ coins among themselves and then send them to new addresses of the same people. Scammers also use decentralised exchanges.

How effective are the actions of scammers? According to Cyvers analysts, criminals stole $1.4 billion worth of crypto in the first half of 2024.

Statistics on losses due to fraudster activity in cryptocurrencies for the first half of 2024

The most popular attack vectors were centralised and decentralised exchanges. Although successful wallet hacking and custodian thefts were also recorded.

Today we’ll talk about a more pinpointed scheme. Here scammers communicate with each victim directly, imitate the support of blockchain projects in Telegram and “earn” a lot of money. Especially important is the fact that it is quite difficult to understand the details of the scam from the first time.

How cryptocurrency scammers deceive nowadays

As we have already noted, the details of the situation were shared by a subscriber who lost about a thousand dollars in cryptocurrency due to the actions of scammers. First, let's describe the situation from the victim's point of view, and then we'll deal with its details.

A few weeks ago, the user received a message from a stranger in Telegram. He introduced himself as a team member of the blockchain project IOST and offered to join a team of network testers.

The task was to conduct transactions from one exchange to another, and for this he offered a reward of 2-3 per cent of the volume of transfers. According to the author of the messages, the amount was paid from the developers’ fund, which benefited from blockchain testing and activity in it.

The victim of the scam had already used the MEXC exchange and had also registered an account on the OKX exchange to participate in the work.

An important point: the scammers asked for a pseudonym for the account on the second exchange, which was to receive transfers. It consists of 5-11 uppercase English letters of the user's choice, and after entering the signature, the scammers specify this combination and recognise it. They explained it by the need to mark the address for developers to send bonuses there.

Ability to change nickname on MEXC crypto exchange

Next, the fraud victim was asked to conduct several transactions from the MEXC platform to an address on the IOST network that matched the OKX account signature she had invented.

The user was assured that the transaction would take place directly between his wallets on the exchanges, i.e. in essence he was asked to send some coins from one of his wallets to another, receiving a bonus for this.

The largest holders of the IOST cryptocurrency and their address signatures

On top of that, the user had to provide a meme. This is a unique combination that helps exchanges to allocate the received crypto to the right account by BNB, XRP, XLM, ATOM and other coins. Specifying a meme or a destination tag is a prerequisite for receiving certain coins on exchanges. Thus, the system of trading platforms knows to which account to add the received cryptocurrency. .

The user conducted transactions and received a positive result. In other words, the transfers went to the right account on the OKX platform, in addition to which the mentioned 2-3 per cent of the total amount was added.

At this stage, the victim is convinced that the scheme works and makes additional transfers. And since it seems that such earnings work forever, the user moved on to sending larger amounts – in this case, the equivalent of a thousand dollars.

Here’s his cue.

Successful transactions made me believe in the workability of this offer, and I decided to test a transaction for a larger amount, as I was sure that I was conducting the transaction to my own wallet.

However, just on this transfer the trap slammed and the money got stuck.

What is the essence of the deception on the “testing scheme”?

The last transaction took place, but the money on the second exchange never appeared. The user then decided to check the hash of the transfer in the blockchain browser and discovered that all previous transactions did not go directly from the MEXC exchange to the OKX platform.

They went through a wallet whose address matched the signature of the user's account on the exchange. Accordingly, the coins were not sent from MEXC to OKX, but from MEXC to an address with a similar signature - and then to OKX, with a few per cent of the transfer volume added to the amount. Who do you think was behind it? .

After checking the data in the blockchain browser, the victim of the scam contacted the scammers, asking about possible reasons for what had happened. At the time, the user had no idea what the scam was about, so his questions were genuine.

It turns out that the scam scheme didn’t end there: the scammers sent the victim to the IOST network’s tech support chat in Telegram.

Alas, it too turned out to be a fake run by the scammers. Still, the owner of the messenger account confirmed the alleged error and said that there was a “fork” in the network that affected the transfer. With this in mind, the representatives of “support” offered to make a second transfer to the same address for a certain amount, which was supposed to push the previous transaction.

Now the scam is over. Let’s explain its components.

As you might have guessed, the essence of the deception scheme lies in the name of the account on the exchange to receive transfers. As our subscriber noted, fraudsters specifically use blockchain projects where addresses can be called an arbitrary name like vasya666 or petyavoronezh. According to him, such projects include IOST, XPR, Hive, Steemit and others.
After the victim chooses a name for the wallet on the exchange, fraudsters create a real address in the blockchain, which is assigned the appropriate name. That is, we are talking about an analogue of the Ethereum Name Service (ENS) tool, thanks to which to send crypto to the notional creator of Etherium, Vitalik Buterin, it is necessary to use not the combination 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045, but the convenient format “vitalik.eth”. In case of IOST, similar accounts can be created on the basis of a “root wallet” in unlimited quantities.

List of sub-addresses created based on the root wallet of scammers called “promoiost” in the IOST network

The scammers then get the victim to conduct transactions to convince them that the scheme is supposedly working. How does it actually work? Let’s imagine that you have created an account on a receipt exchange and named it “vasya666”. Scammers ask about the chosen combination and quietly register an account in the blockchain with a similar name based on their wallet. When the victim makes a transfer allegedly to another exchange, they ask for the memo for the transfer. Thus, the fraudsters receive the transaction on their wallet, add a small amount of funds to it and transfer it to the desired address of the user on the exchange with the memo. That is, the user really gets an increased amount of coins – albeit through extra hands.
Next, it’s a matter of greed. When the victim is convinced of the relevance of the scheme, sooner or later it conducts a transfer for a relatively large amount. And already here the fraudsters will not send an increased amount of cryptocurrency, but will keep the entire amount for themselves.
The final stage is an attempt to further deceive the victim with the help of fake support in Telegram. Still, the version of the alleged fork of the network is able to convince the novice in the innocence of the fraudsters. And in this case, he can make an additional transfer in an attempt to help the “stuck” transaction. And then the fraudsters don’t need anything from their victim.

Let us repeat: the idea of the scheme is to try to convince the victim that the analogue of the ENS address name in the blockchain is the same as the signature of an account on an exchange for cryptocurrencies – for example, vasya666. If the person believes this, he or she will think that coins are actually being transferred between his or her addresses without any risks, while magically increasing in volume.

Choosing a nickname on the MEXC crypto exchange

It's not hard to believe this. Here's what the address for sending IOST on the MEXC exchange looks like. It belongs to the exchange, which is clear from the name. And just specifying the memo will allow the platform to credit the coins to the right account of the recipient.

Address for IOST cryptocurrency deposits on the MEXC exchange

Unsurprisingly, victims end up going as far as sending crypto for large sums.

Here’s a victim’s comment on the final stage of the scam.

You’re happy as hell, like easy money, made a few rounds. And then you send them 1000 quid worth of coins, for example, and they suddenly get stuck.

As you can see from the data in the blockchain, scammers have created a huge number of sub-wallets based on the root wallet. We can assume that each address means one victim – and there are 982 of them.

The total number of sub-addresses created based on the root address promoiost

How much do scammers earn in crypto

Our reader created a script to analyse the information on this wallet – here is part of it.

Part of the script of our reader who shared the details of the IOST cryptocurrency scam

It turned out that at the time the script was created in the spring of 2024, the amount of stolen coins was the equivalent of $250,000. Then scammers continued to use the “promoiost” address, however, since July it stopped.

The last transaction conducted by scammers who own promoiost addresses

As you can see, some victims tried to warn others that the address owner is a scammer.

Transactions of scammed users who tried to warn other users about being scammed on the IOST network

How else scammers steal money

Convenient wallet names on the IOST network open up opportunities for other scam schemes. For example, scammers can also reach out in Telegram and offer to test a supposed blockchain bridge between IOST and Tron.

In this case, they offer to make a transfer to an address on the IOST network called TRC20.

As a reminder, TRC20 is a technical standard for creating tokens and implementing smart contracts on the Tron network.

Here, the user may think that they are actually interacting with another network. However, this scheme is less convoluted, which means it is more for beginners.

As you can see, transactions with the specified address were conducted even today. This means that scammers are still using this deception today.

Scheme of deception on allegedly testing the Tron blockchain bridge in the IOST network.

Conclusions. How not to lose money

The conclusions from the situation are quite unpleasant. Still, it confirms that fraudsters follow what is happening with new blockchains and their features, as well as constantly evolving. Accordingly, not only new holders of crypto, but also experienced blockchain users can become victims of scam.

In this case, the task of scammers is to put the user’s vigilance to sleep and make him believe in the efficiency of the proposed scheme. And then the victim’s desire to earn money will lead to the desired result of scammers.

We should also note that in this case, the scammers are even willing to use their own funds. And although we are talking about small amounts of 2-3 per cent of the total amount, this point makes the scheme much more effective. .

Be that as it may, the principle of protecting one’s coins remains the same. Most of the cryptocurrency should ideally be stored on a hardware wallet, which should preferably be used only for receiving and sending crypto, i.e. not for interacting with smart contracts.

Ledger Flex hardware cryptocurrency wallet

Users should also ignore any earnings offers from strangers online. With a probability of 99 per cent it is a scam, well, and scammers just stall for time for the sake of trying to enter the trust and further theft.

The main conclusion here is that there is no free money. This is especially true for simple actions such as transactions, exchanges of crypto and other things. And investors should take this into account.

Look for more interesting things in our crypto chat of millionaires. Be sure to subscribe to stay up to date on the coin market and blockchain platforms.