Authored by: Neil Tyagi
Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash.
Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets.
This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction.
It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX.
The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views)
Protection with McAfee+:
McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites.
The link present in this tweet redirects to space[-]launch[.]net, which is already marked as malicious by McAfee.
A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets.
A WHOIS lookup on the domain reveals redacted personal information. No surprises there
When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials.
For people who don’t have SpaceX credentials, they can use the signup link.
After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX
As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding.
In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site.
Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT.
Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount
Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets.
The crypto wallet addresses of scammers for the following currencies are.
- BTC bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee
- USDT 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1
- ETH 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9
Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account.
Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars
We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.
Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices.
IOC (Indicator of Compromise)
|Domain||Crypto Type||Wallet address|
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.