Saturday, 3 October 2020

Cryptopearl.net - part of a well-organized crypto scam ring

Hello reddit! I've done a bit of digging into a scam ring. This all started from a random stranger messaging me today to help them get their crypto off of cryptopearl.net. They say they want to get their crypto off an exchange because they need to help their sick father who's in Egypt and has Covid, but because they moved countries recently, they can't pull it off for 9 days due to "fraud protection rules" and because all their friends are in China, they can't talk with any of their friends. Their account is geo-locked and then they ask you to mule it for them... the only catch is that you have to pay 0.03 BTC to "verify" your account on the exchange and withdraw said sum for your new pal. Said scammer says they'll totally pay you back and not to worry.

Just to make sure it's obvious, anything you send to this exchange or it's ilk will be sent straight to the pocket of scammers.

I've seen this site and sites like it many times over the last couple of years. I've done some digging through their site and found some very interesting stuff.

  1. The images on their chat are all steam cdn profile pictures. And the element's class reads as "image for chat message" instead of profile picture or something a sane developer would use. It's just conjecture... but I feel like a very in-experienced developer put this together.
  2. The description for the site: "Founded in London in 2013, the leading..." was lifted directly from cex.io (a real crypto exchange)
  3. Whois lookup states their site was registered January 2020. A bit odd for something that exists entirely as an online-business... I guess they didn't have a site for 7 years? lol.
  4. Digging beyond the first page references another site called "expohills" (now offline) which is linked in this steemit article as a scam: https://steemit.com/steem/@summisimeon/expohills-com-a-new-scam-website-073bf1e0121f6. Surprise! The site looks nearly identical!
  5. csrf token changes when refreshed in a new browser session, so there is some kind of page generation going on instead of just a straight javascript/html/css site.

A search for a very specific text from the site "Your payment will be completed after confirmation by the network" came up with a long list of very interesting exchanges that all seem to be identical:

https://onebittrading.com/terms
https://bit-trading.online/bit-trading
https://ctyptocoin.com/bitcoin-trading
https://bitnexium.com/bitcoin-trading
https://cointradery.com/bitcoin-trading
https://betcrypt.net/bitcoin-trading
https://cex.services/bitcoin-trading
https://coinscash.org/bitcoin-trading
https://ixibtc.com/bitcoin-trading
https://bityoox.com/bitcoin-trading
https://futex.org/bitcoin-trading
https://ivibitpay.com/terms
https://hufscoin.com/terms
https://thecoinwallets.com/terms
https://marker-dao.com/terms
https://bitexios.com/bitcoin-trading
https://joycrypto.net/bitcoin-trading
https://wilbtc.com/terms
https://bitlexi.com/terms
https://tryton.exchange/terms
https://bittlyx.com/terms
https://ecryptopal.com/terms
https://bitcoinamo.com/bitcoin-trading
https://cryptojoin.net/terms
https://coinchase.biz/terms
https://vertbtc.com/terms
https://bitslash.net/terms
https://binomion.com/bitcoin-trading <--- registered August 15th 2019
https://bitfully.net/terms <--- registered on September 18th 2020

I checked about half of these... and each one was using cloudflare to hide the real server's location. I wonder how u/cloudflare feels about their services supporting scam rings?

Certainly also of interest, I found https://qna.habr.com/q/646554 where a chap going by dimavfox appears to be working on the source code for the above sites! The savvy reader can realize that the website is in Russian.

My Google search that gave the above sites said in total there were about 175 sites. (Many of which are now offline)

This appears to be a fairly large scam. They must be making decent money off of it because the sites are still up and new sites keep getting setup.

There appears to be some kind of central control, as all the sites get the same chat messages at the same time... but logging in and posting a chat message on one site does not propagate to the other sites.

Please be careful everyone! Do not implicitly trust any random site or sob story a stranger shares with you. Make sure you do the smell test. Does it seem like I might get something for doing very little? Do I have to put money or personal details on-the-line before I receive the alleged many-times-greater reward? Is the stranger saying they'll be "doing me a favor?" It's most likely not real.

submitted by /u/sokol815
[link] [comments]

source https://www.reddit.com/r/btc/comments/j498el/cryptopearlnet_part_of_a_wellorganized_crypto/

No comments:

Post a Comment