A scammer stole around $15 million worth of cryptocurrencies after cloning the user interface of HitBTC, a popular Hong Kong-based crypto exchange.
Scammers make off with $15 million
According to SlowMist, a crypto compliance expert, this scam has been operational for almost a year, successfully deceiving users into activating a phishing contract.
The scammer executed a complicated scheme that earned over $15 million worth of bitcoin (BTC), ethereum (ETH), tether (USDT), and shiba inu (SHIB).
The scheme involved a smart contract that requests users to connect their wallets. The victims conduct deposit transactions as on any exchange while the malicious smart contract tracks their transactions.
Once the transaction is signed and confirmed, the scammer gains access to the user’s wallet and promptly drains the remainder of the user’s assets. The scam primarily operated on the Bitcoin, Tron, and Ethereum networks.
SlowMist’s investigation revealed that the perpetrator behind this scam has not limited their activities to HitBTC alone.
In fact, they have been impersonating other prominent platforms, including South Korean Coinone and LedgerX, a former subsidiary of FTX.
These fraudulent sites mimic notable web3 tools, decentralized applications (dapps), and exchanges, confusing the victims and extending the reach of the scammer
Spike in phishing attacks
Cybersecurity firm Kaspersky reports a staggering 40% increase in the number of phishing attacks between 2021 and 2022.
This alarming trend indicates that scammers continue to exploit the allure of cryptocurrency, which is often perceived as a shortcut to financial success with minimal effort.
It’s essential to understand that a crypto phishing scam operates by dubiously obtaining sensitive information, such as the private key to their wallet.
To achieve this, phishing scams utilize various baits to lure their targets, such as promising free cryptocurrency.
Fake crypto websites typically function as phishing pages, where all the details entered by the user, including the password and recovery phrase of their crypto wallet, end up in the hands of scammers.
Earlier on May 15, the National Cryptocurrency Enforcement Team (NCET), that’s under the United States Department of Justice (DoJ) said it will be going after exchanges that, though compliant, enable criminals to launder funds.