A massive leak involving the personal data of thousands of cryptocurrency investors was recently uncovered by a Singapore-based intelligence firm. It was also revealed that data was obtained via a global Bitcoin scam that operated under different names.
The discovery was made by Group-IB, a global threat hunting and intelligence firm based in Singapore, according to Bitcoin.com. The company said that personal data of 248,926 crypto investors from 20 countries have been compromised in a “targeted multi-stage bitcoin scam.”
Around 59 percent of the affected investor accounts come from the U.K. where 147,610 people have been affected by the leak. Meanwhile, 33 percent are Australian residents (82,263) and the rest came from the U.S., Singapore, Malaysia, Spain, and other countries.
Group-IB identified at least six active domains involved in the scam that used the same Bitcoin investment platform. The worldwide scheme used different names including Banking on Blockchain, Bitcoin Rejoin, Bitcoin Supreme, and Crypto Cash. Analysts noted that the scheme is similar to that of the Bitcoin Evolution scam.
Group-IB explained how Bitcoin scam works. First, a potential victim will receive a text message from the scammers claiming that a local celebrity has endorsed a token while using the name of a local media outlet as the sender. The message contains a link that takes the victim to what appears to be the website of the media outlet.
The fake website will also contain a fake story about how a known celebrity made a fortune by investing in a new crypto investment platform. Group-IB’s investigations reveal that the names of “Bryan Wong, Chris Brown, Andrew Forrest, Travers ’Candyman’ Beynon, Gina Rinehart and others” were used by the scammers in their fake story.
Users will also encounter a pre-filled registration form that “which already demonstrates their personal data, such as the phone number, first or/and last name, and sometimes an email address, and used for redirects to fake websites masquerading as a local media outlet.” Group-IB is still unsure how the scammers manage to get the data but the firm suspects it might have been obtained “through a separate fraudulent scheme or simply bought from a third party.”
The site asks the victim to send 0.03 BTC to the investment platform as account activation. However, the victim will later find out that the platform cannot be used as it is fake.
Comment 134