Fake crypto giveaways steal millions reusing Elon Musk, Dorsey videos

Fake crypto giveaways reuse YouTube videos of Musk, Dorsey to make millions

Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube.

The scheme is the old “double your investment” ruse that promises to pay back twice the cryptocurrency amount the victim sends the scammer.

The fraudsters made more than $1.3 million after re-streaming an edited version of an old live panel discussion on cryptocurrency with Elon Musk, Jack Dorsey, and Cathie Wood at Ark Invest’s “The ₿ Word” conference.

Simple operation

At a quick search, BleepingComputer found that close to 10 YouTube channels have published the discussion, albeit in a smaller format edited to include additional elements that promoted the scam, including the link to the fraudulent crypto giveaway website.

Our findings are just a glimpse of the entire scheme, which we observed unfold since March. However, there are reports of it going as far back as January and bringing scammers $400,000 in just seven hours

Security researchers at cybersecurity firm McAfee were also monitoring the scam and published a report on Thursday in which they identified 11 fraudulent websites.

Fraudulent websites hosting crypto scam
source: McAfee

McAfee updated the post the next day saying that the number of these websites had increased to 26 in just 24 hours.

“The YouTube streams advertised several sites which shared a similar theme. They claim to send cryptocurrency worth double the value which they’ve received. For example, if you send 1BTC you will receive 2BTC in return” – McAfee

However, these websites appear every day and scammers generate new wallets to receive funds from gullible cryptocurrency users. Here’s some that BleepingComputer and McAfee found:

make2x[.]org arknow[.]org teslabtc22[.]com
musk-official[.]net arkinvest22[.]net tesla-eth[.]org
2x-musk[.]net elontoday[.]org teslaswell[.]com
2022ark-invest[.]net elonnew[.]org twittergive[.]net
22ark-invest[.]org elonnew[.]com doublecrypto22[.]com
22invest-ark[.]com 2xEther[.]com teslabitcoin[.]org

Some of the sites in the table above are still up and running. The list is far from being complete as scammers continue to set up new websites promoted in new streams playing a modified version of cryptocurrency talks.

The researchers said that the sites promoted in the videos tricked the visitors into thinking that others were sending cryptocurrency and had received double their “investment,” showing a table with recent transactions as proof.

To create the fake table, the scammers used JavaScript code that generated a list of random cryptocurrency wallets and paid amounts.

Fake table with cryptocurrency transactions
source: McAfee

The money

Below is a list of Ethereum and Bitcoin wallet addresses that scammers used for their Ark Invest cryptocurrency fraud:

BTC Wallet address Value ETH Wallet address     Received
bc1qz50pclcp7a7wl0au2m4rkleaxl7wryktmsy9sk 0 0xb8e257c18bbec93a596438171e7e1e77d18671e5 $25,209
1HBt1KrtWMSkjgGzuvTEPsePk24ChoQ33t $4,632 0x7007fa3e7db99686d337c87982a07baf165a3c1d $9.16
1A4GEKCKrRhjgsNCQfRaGmbZVPW8qsxfwW $29,706 0x436f1f89c00f546bfef42f8c8d964f1206140c64 $13,377
bc1qcawgs6gpmqyx35c0a0yldhak7ggagwxdpget7e $16,933 0x9b857c44c500eaf7fafe9ed1af31523d84cb5bb0 $70,602
bc1qc66cl4eap9d0r3fmydwxufa0yk6natdv72qe87 $19,439 0xbd73d147970bcbccdde3dd9340827b679e70d9d4 $57,573
bc1quu3ltey8vndcx6ma9zukazyffsw50hz8s4zhrw $20,983 0xac9275b867dab0650432429c73509a9d156922dd 0
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu 0 0x12357a8e2e6b36dd6d98a2aed874d39c960ec174 0
1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE $41,219 0x2605df183743587594a3dbc5d99f12bb4f19ac74 $11,468
17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9 $49,311 0x18e860308309f2ab23b5ab861087cbd0b65d250a $14,766
1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha $5,787 0x5081d1ec9a1624711061c75db9438f207823e694 $4,029
1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY 0 0x820a78d8e0518fce090a9d16297924db7941fd4f $63,301
1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu 0 0xcaaa38911bfe60933e39acbb59f0ba8dda491331 $18,929
bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5 $11,846 0xdbb8c934650bd1a88b4ba12f4acb042d9a8a0cbe $43,604
18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK $119,147 0x2d18a797b68a4f0bf15f21b55e76e2367a716942 $64,585
1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW $4,790 0x24310fb34afccbe29f80c46b4b5e17601bf11c56 $16,778
bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v 0 0x7a619530988a266fd39a4acccc5315d90c9544aa $36,449
1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T $95,974 0xa15ebabdda7b5401d642893b843cf94be2293172 $16,311
    0xac9275b867dab0650432429c73509a9d156922dd 0

The amounts received may not look like much but it’s good money considering that the entire operation requires little effort and technical skills. Once the video is edited and the site up and running, the fraudster just needs to wait for victims to transfer the digital coins.

McAfee says that the wallets listed on the malicious sites they found recorded a high number of transactions that amounted on May 5th to $280,000 worth of cryptocurrency.

The next day, that combined value surged to $1.3 million. The largest wallet had over $90,000 in Bitcoin from 13 transactions.

The YouTube channels

From BleepingComputer’s own research based only on a brief scan of all the scam videos currently running, the fraudsters stole an additional $100,000 today.

BleepingComputer has found nine YouTube channels luring cryptocurrency users to scam websites at the time of this writing. The name of almost all of them included the strings Tesla, Elon Musk, Ark Invest, or a combination of them.

Curiously, some of these channels promoting a cryptocurrency scam website have large followership, between 71,000 and 1.08 million subscribers.

In most cases, the number of subscribers for these channels appears to have been artificially blown to add credibility to the videos promoting the scam, since they have no other content available.

YouTube channels with lots of subscribers promoting cryptocurrency scam

At the time of writing, some channels removed the modified video from public access by either taking it down or restricting it to paying members.

This type of scams appear to be extremely common, with YouTube chasing them away every day but not quick enough. Based on what we’ve seen, there are at least 40 such videos up right now.

BleepingComputer has found that these live streams are running multiple times a day and they are taken down once they end.

Cryptocurrency users are a constant target of threat actors, who seek new ways to make victims fall into a trap. Although the promise to double the crypto assets is an old trick, it appears that it is still lucrative.

Source link

Leave a Reply

%d bloggers like this: