In the first half of 2022, there was a fivefold increase in domain names that are then used for cryptocurrency scams.
63% of fresh fraudulent domains were registered with Russian registrars, but almost all resources are aimed at international cryptoinvestors.
For the first time, a sharp increase in the number of fraudulent YouTube streams, allegedly involving such famous entrepreneurs as Vitalik Buterin, Ilon Musk, Michael Saylor and Catherine Wood, was seen in February of this year.
Researchers call this fraudulent scheme Fake Crypto Giveaway (“Fake Cryptocurrency Giveaway”).
As part of such scams, scammers masquerade as well-known personalities who supposedly promote crypto projects. Such YouTube streams are fabricated from some old recordings or even dipfakes, in which fake celebrities offer investors to go to a special promo site to double the invested sums. To get rich, you supposedly just need to transfer funds to the specified address (or report the seed phrase from a cryptocurrency wallet to get even better terms). Such sites, of course, belong to scammers, and as a result, victims lose some or all of their cryptocurrency wallets.
Experts emphasize that this scheme has seriously scaled over the past six months: during the first six months of 2022, experts found the registration of more than 2,000 domain names for fake promo sites. This is almost 5 times more than in the second half of last year, and 53 times more when comparing year to year.
Researchers explained the rapid growth of such domains by the fact that in February 2022 there were automated tools to run a fraudulent scheme that does not require special technical knowledge of cybercriminals. As a result, by July, experts were recording up to five fraudulent streams per day.
Among the new “bait” stars was even the president of El Salvador Nayib Bukele, and recently was spotted advertising promo sites with soccer player Cristiano Ronaldo.
The fact is that in 2021 El Salvador became the first state in the world, which declared bitcoin as a legitimate means of payment — largely at the initiative of the president of the country. Cristiano Ronaldo, in turn, became the first soccer player to receive an award in cryptocurrency (the Juventus club awarded the athlete tokens for the number of goals he scored during his career). And in June 2022, the exchange Binance announced its partnership with the footballer.
According to experts, more than 60% of scammer domain names were registered with Russian domain registrars, but mostly international domain zones were used, because the purpose of such resources is coins belonging to cryptocurrency holders from Europe and the United States. For the same reason, all descriptions to the videos and promotional websites were made in English.
The top 5 most popular domain zones for cryptocurrency scam sites are .com (31.65%), .net (23.86%), .org (22.94%) and .us (5.89%).
Although YouTube is the main channel for attracting traffic to fraudulent sites, there were also attempts to use Twitch for such streams. The average number of viewers of fake broadcasts is 10,000–20,000, including the “cheated” bots.
Cybercriminals either steal other people’s YouTube channels in order to stage fake streams or buy/rent them on the darknet using a percentage of theft (usually 10% to 50% of the streamer’s “earnings”).
When the account ends up in the hands of a cryptostreamer, they rename it, delete all previous videos, change the avatar, add new design elements, and upload videos about investments or celebrity projects.
By launching a live stream on such a channel, scammers are scamming the views in order to get the video to the top of YouTube and in recommendations for the target audience — “live” users who are interested in cryptocurrency investments. On shady forums, it costs about $100 to scoop up 1,000 viewers and $200 to scoop up 5,000 viewers.
“Recently, there has been some feedback on underground forums that cryptocurrency fraud has outlived its usefulness, but active domain name registration and ongoing daily streamers suggest otherwise.
The intensity of attacks on gullible cryptoinvestors is growing and the reach is increasing.
We see the reason in the simplicity of the scheme due to the automation of processes and cooperation in the cybercrime community.
The emergence and development of such a market shows that investments in crypto-affairs pay off and continue to bring criminals huge profits on the scale of Internet fraud.