Fake Crypto Exchanges

Remember: Turning off direct messages from people you are not friends with is one of the most effective ways of avoiding Discord Direct Message scams.

Things have been heating up on the Discord direct message scam front, and with the addition of the #report_scammers channel on the Guild of Guardians Discord it's much easier to report these scams and the Discord moderators are doing a great job banning Discord accounts.

The scam flavour of the month is a bit more generic than the previous Guild of Guardians themed token sale sites.  In this scam the fake webpage is probably re-purposed for many crypto scams.

It starts with a direct message like the one here:



The premise is that there is a giveaway of BTC to attract new users and you have to go to the site and register, then provide the registration code. You can tell this is a generic scam re-purposed to target the Guild of Guardians family, as BTC would be a very odd prize for GoG users... wouldn't you give out ETH, GoG, or NFT's?

DO NOT go to the site, but if you did you'd find something that looks like it could be a cryptocurrency exchange:


There are several different url's that all point to the same template with a different name in the top left corner, for example:


It seems someone has registered a bunch of domains, potentially close in name to some existing exchanges, but all with hyphens in them.  Perhaps just avoid crypto exchanges with hyphens in their domains?  I looked at the following so far:
  • coin-bin[.]com
  • bin-core[.]com
  • crypto-floor[.]com
  • market-token[.]com
  • link-token[.]com
The scammer's strategy is to put up as many websites as they can before the registrars start taking them down.  However, with an almost endless number of combinations and registrars out there who will allow you to host scams until they are reported, it's not an easy task to get ahead of the scammers.

One of the sites, coin-bin[.]com is registered at www.reg[.]ru, and I've emailed their abuse email abuse@reg[.]ru to see if they'll revoke the domain from the owner.

Domaintools reports the following info for the registrant:


There might actually be a thread to pull here if the other sites are register to the same email address, but that could also be a burner address.

Thank you to everyone who is reporting scams either to the report@gogscammtracker.com or the #report_scammers channel in the official Guild of Guardians discord.

Also, if you're interested in writing about a scam experience you've had, reach out.  I'm also looking for some sleuths to help investigate some of these scams to help understand how they work.  It's a great opportunity to learn some cyber/crypto security skills while helping the Guild of Guardians and crypto gaming community.




Comments

  1. Looks like the domains are mostly registered to Avgusta Efremeova using the email address avgustaefremova1993@bk[.]ru. Organization is LLC GOOD? Who knows that that is. Sites are hosted at Digital Ocean.

    ReplyDelete
  2. Looks like our friend Avgusta has also registered more-bits[.]com.

    ReplyDelete

Post a Comment

Popular posts from this blog

Down MetaMask Impersonation Rabbit Hole

NameSilo Abuse Reporting

More Sites Taken Down