Category: Scams

Categories
Crypto News DeFi Illegal NFTs Scams

Suspicious Code Detected in ETH Smart Contract Putting NFT Projects at Risk

According to the famous DeFi detective who goes by “Zahcxbt” on Twitter, 31 NFT projects may be at risk due to what he calls “suspicious code”. He posted a lengthy thread on Twitter and raised the issue of NFT project Thestarlab, which he alleges was compromised for 197.175 Ether (ETH), worth about US$580,325.

Zachxbt quoted his fellow blockchain investigator “MouseDev” who came to the following conclusion after reviewing the code behind Thestarlab:

What this means is that the contract can never truly be renounced or transferred! Only an additional owner. The original deployer will always be considered the owner! You can also check the relinquish and transfer ownership functions to see they never overwrite _creator.

MouseDev

MouseDev supposes that when the developer of the project deployed the contract, they stored two variables as the owner. “Then they later changed one of them to the null address to appear as though they relinquished but kept another unchanged variable,” MouseDev claims.

According to this information, Zachxbt claims to have uncovered 31 NFT projects that all contracted the same Fiver developer to launch the problematic smart contract. Zachxbt also remarked: “Please do proper due diligence. Always review the contract beforehand, especially if outsourced. Luckily, since then a few of the projects were able to migrate contacts and confront the Fiver dev. After reviewing internally, a few found other red flags as well.”

Thank Goodness for DeFi Detectives

DeFi detectives have been many a project’s saviour. “Void-of-Silence” posted on Twitter: “Some old info I’ve posted along with some new info out today 💚 a readdressing of the situation would be awesome or a new post about it all 🔥”

Another fellow detective who goes by “Thats AOK” replied to MouseDev’s Tweet by saying: “RUG RUG RUG RUG RUG RUG RUG.”

Last month, an infamous “internet detective” who goes by “Coffeezilla” confronted YouTuber “Ice Poseidon” and got him to admit to stealing US$500,000 in a blatant crypto scam. Coffeezilla later in February managed to expose an NFT scam that would have cost its users US$20 million, had it actually come to pass.

Categories
Crypto News Scams Tokens

US Siblings Charged With $124 Million ‘Ormeus Coin’ Fraud

The US Securities and Exchange Commission (SEC) this week charged John and Tina Barksdale for running a cryptocurrency scam called “Ormeus Coin”, which allegedly defrauded at least 12,000 retail investors of US$124 million.

‘Modern-Day Snake-Oil Sellers’

As per a release by the Department of Justice (DOJ), the SEC alleged the sibling duo sold Ormeus Coin to investors as a legitimate project through in-person roadshows, social media, and even ran advertising on a jumbotron in Times Square.

We allege that the Barksdales acted as modern-day snake-oil salesmen, using social media, promotional websites, and in-person roadshows to mislead retail investors for their own personal benefit.

Melissa Hodgman, SEC’s Division of Enforcement
John and Tina Barksdale. Source: dailymail.co.uk

The Barksdales allegedly misled more than 12,000 investors with false statements, such as that Ormeus Coin had a US$250 million crypto mining operation that produced US$5-8 million in monthly revenues.

The project’s whitepaper, which claims the coin is an ERC-20 token, also included a picture of the mining facility that was supposedly owned by the Barksdales.

This picture of the mining facility, which is actually a data centre owned by a third party, was used throughout 2018 for their marketing campaigns.

Pair Faces up to 20 Years in Prison

The Omeus Coin’s website is still up and running and claims the coin is offered in several exchanges including HitBTC, PancakeSwap, and Uniswap. There’s also dubious claims about the project’s business model, such as being powered by “green energy” and being in possession of Bitcoin, Litecoin, and Dash mining rigs on its facility.

The complaint was filed in the US District Court for the Southern District of New York. The siblings now face up to 20 years’ prison for security and wire fraud.

Crypto Scams and Fraudulent ICOs

Ormeus Coin held an Initial Coin Offering (ICO) in 2017, at a time when the ICO bubble exploded as companies were raising incredible amounts of capital out of investors by just launching and marketing a cryptocurrency project.

Those were golden days for scammers who tried to take advantage of the hype and deceive investors with dubious crypto projects. Just two months ago, Aussie cryptocurrency entrepreneur Craig Sproule was charged by the SEC for defrauding investors in a fraudulent ICO.

He Qin, the Australian-born former crypto hedge fund manager who defrauded Aussie and US investors out of US$90 million, recently said he scammed them because he felt “inmense pressure” to succeed because of his Asian heritage.

Categories
NFTs Scams

Crypto Twitter Outraged by Tai Lopez’s NFT Collection, Described as ‘Ridiculous Cash Grab’

Entrepreneur, investor and internet personality Tai Lopez has come under fire this week over his latest NFT collection, which is accompanied by questionably expensive opportunities to meet Lopez. Twitter has uncovered some damning information about the project and has labelled it a “ridiculous cash grab”:

Crypto Influencers Arc Up Over Tai Lopez’s NFTs

Tai Lopez’s ‘OG (Original Garage) Social Club’ NFT collection is “personality-based”, meaning some of the options available to investors include opportunities such as watching a movie with Lopez or shadowing him in his office – for a fee. However, the extreme prices of the actual NFTs are drawing the most extreme reactions from a lot of crypto influencers.

Prominent crypto user @Ox_Beans accused Lopez of immediately siphoning funds to his team’s wallet once an investor mints:

Lopez’s reputation is also being called into question, with many suggesting he may have a inflated sense of his own importance. @EddyisKongz was one of the first to question the sky-high pricing of the OG NFTs and Lopez’s associated inducements:

OG Social Club has also been running several “giveaways”, yet concerns have been raised about their legitimacy with some of the “winners” failing to get a response from Lopez’s secretary. If you’d like to know more about the OG project, check out the video below:

NFT Scams and Rug Pulls

Unfortunately, the NFT industry is rife with dodgy behaviour and the community remains the primary defence. This was seen in mid-February when YouTuber “Coffeezilla” explained how he and a group of crypto users had prevented an alleged scam involving US$20 million.

Earlier this month, NFT project “Pixelmon” disappointed investors who had pooled US$70 million when the release failed to live up to pitch quality. The result was crashing floor prices, which led investors to label the project as “pretty much a rug pull”.

Categories
Airdrop Crypto News Russia Scams

Ukraine Update: Over $56 Million in Donations, Airdrop Cancelled and Scams Aplenty

Over US$56 million in crypto donations have now been sent to support Ukraine in its ongoing conflict with Russia. This milestone comes amid the cancellation of a planned airdrop from the Ukrainian government and a spate of scams looking to capitalise on the crypto community’s generosity.

Crypto Generosity Providing Crucial Aid

According to the blockchain analytics platform Elliptic, over 100,000 separate donations have been made to the Ukraine government and supporting NGOs since the start of the conflict, totalling just over US$56 million. This is over 50 percent up from the US$37 million figure reported by Crypto News Australia reported just a few days ago.

The donations are made up of a variety of cryptocurrencies. Elliptic lists the approximate breakdown as:

  • 31.2 percent Bitcoin;
  • 33.7 percent Ethereum;
  • 17 percent stablecoins;
  • 14.5 percent Polkadot; and
  • 3.6 percent other crypto.

In addition to crypto donations from individual users, UkraineDAO auctioned off a Ukrainian flag NFT for US$6.5 million worth of Ethereum, proceeds of which will go to the NGO Come Back Alive.

Government Airdrop Cancelled Amid Spoof

A planned Ukrainian government airdrop – designed to reward users who had donated to the Ukrainian cause – was cancelled after the Peaceful World token (WORLD) was identified as a spoof of the official Ukrainian government airdrop:

The Ukrainian government decided to abandon its airdrop to avoid exposing users to potential phishing scams and spam attacks:

Scammers Seek to Take Advantage

Amid the wave of generosity, scammers have sought to take advantage by duping well-intentioned users into donating crypto to addresses not associated with the Ukrainian government or any registered NGOs.

A range of Ukrainian crypto scams have been reported, including phishing emails purporting to be from the UN Office for the Coordination of Humanitarian Affairs, fake websites, and dodgy forum posts. 

Malware Hunter Team has reported a rapid increase in phishing websites with domains such as “Ukraine-donate” and “Ukraineglobalaid” since the start of the conflict.

To avoid falling victim to a donation scam and to ensure your funds go where you intend, it is recommended you only donate to wallet addresses released by officials from the Ukrainian government or supporting NGOs.

Categories
Crypto News NFTs Scams

Users Left Fuming After $70 Million Pixelmon NFT ‘Rug’ 

Non-fungible token (NFT) project Pixelmon has gravely disappointed investors who pooled US$70 million after releasing NFTs nowhere near the quality promised in their pitch images. This resulted in falling floor prices where some investors ended up calling it “pretty much a rug pull”.

Some Investors Paid up to $10k Per NFT

Pixelmon was a highly anticipated NFT project that had many investors pouring in money, some of them paying up to US$10,000 for their NFTs. The RPG adventure game uses creature NFTs for players to explore, battle and train with, but after introducing the project as “the first AAA quality game in the NFT space” and raising $70 million, the project under-delivered in a big way:

Pitch Images Paint a False Dawn

Pitch images used for advertising the project bore no relation to what was presented. After Pixelmon delivered its genesis NFT collection earlier in February – just two months after launching the project – the 8,079 NFTs were sold in a Dutch auction format with bidding opening at 3 ETH (US$9,489 at the time). With every NFT selling out within the hour, the project raised a staggering 23,055 ETH, worth US$61 million at current prices.

Twitter users have since openly shared their memes regarding the project after seeing the 3D NFTs that were minted. It wasn’t just the lack of quality that seemed to be a problem, some also looked unfinished while others were acting in peculiar ways:

Following the auction, the price of Pixelmon NFTs on the secondary market had dropped around 60 percent from the original 3 ETH mint price and is now at a 0.36 ETH floor price on OpenSea. This caused early investors who minted the NFTs and held them to lose a considerable amount of money.

Developers Admit They Messed Up

A message was shared with the Pixelmon Discord where the project founder Syber stated that “we made a horrible mistake”, referring to the botched reveal:

The Pixelmon team admits making “a horrible mistake”. Source: Syber

In the message, Syber also stated it would use US$2 million to fix the issues faced by the project. Various users remained disgruntled, since that amount is only 3 percent of what they had gathered and could actually be used to develop a AAA gaming title.

The importance of doing your own research is crucial, especially when investing in a project whose founders are undoxxed (they have not revealed any personal information about themselves). This Twitter user summed up the feelings of the majority:

Categories
Crime Cryptocurrencies Scams

Chainalysis Reveals ‘Criminal Whales’ Hold $25 Billion in Digital Assets

A new Chainalysis report has revealed that a total of 4,068 “criminal whales” across the globe are holding US$25 billion in digital assets.

‘Criminal Whales’ and Crypto Crime

Criminal whales are defined as private wallets holding over US$1 million worth of crypto, where 10 percent or more of these funds are obtained from illicit addresses associated with malware, scams and fraud. Chainalysis’ February 16 report contains data collected from 2017 to 2021 that shows just how drastically the figure has risen over that period.

https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-criminal-balances-criminal-whales/
Sources of illicit transactions. Source: Chainalysis

https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-criminal-balances-criminal-whales/
Shares of all illicit funds. Source: Chainalysis

Crypto’s double-edged sword of minimal regulation is causing the creation of various groups to counter illegal activity. One such example is the US Justice Department’s National Cryptocurrency Enforcement Team (NCET), the formation of which was announced last week.

Chainalysis Findings and Partnerships

Released in late 2021, another Chainalysis report found that scam revenue had risen by 81 percent in that year alone. A large portion of these scams were rugpulls, where a project’s team cuts and runs with investor funds.

In November last year, Chainalysis opened an office in Canberra after agreeing to a partnership with the Commonwealth Bank of Australia (CBA). This came in response to increased mainstream adoption of cryptocurrencies and demand for CBA’s crypto exchange and custody service.

By Lauren Claxton, Crypto News Guest Author

Categories
Crypto News NFTs Scams

Mintable Recovers NFTs Stolen in OpenSea Exploit

NFT marketplace Mintable has recovered three NFTs that were stolen in a recent phishing attack on the OpenSea platform. The company is now looking for the owners of the NFTs so as to return three Azuki NFTs that were among those stolen:

Azukis Found on LooksRare

According to a press release issued by Mintable, its team was acquiring Azuki NFTs on the LooksRare platform for its February Floor Buster flash sale when it found and bought Azukis #1178, #4176 and #1180, which had been lost in a February 19 exploit on OpenSea. The team at Mintable said in an announcement that it “would like to return them to their previous holders”.

The exploit on OpenSea saw about US$1.75 million worth of NFTs stolen via a phishing scam. Zach Burks, CEO and founder of Mintable, said: “This exploit was possible because of a bug on OpenSea, and if OpenSea isn’t going to make it right, someone has to.”

Burks added that “for some of these people, all their net worth is tied up in their NFTs and it’s horrible to have them stolen. We like the Azuki community and we want to help give back to the people who lost over $140,000 through the exploit.”

The attack was initially reported to be an exploit, but OpenSea CEO Devin Finzer subsequently stated that users had fallen victim to a phishing attack that “did not originate” on OpenSea itself. Finzer added that users had inadvertently “signed a malicious payload from an attacker, and some of their NFTs were stolen”:

OpenSea in Troubled Waters

OpenSea is undergoing difficult times as it continues to fall victim to exploits and other malicious activities. The platform is also being sued for US$1 million in damages after a user had his Bored Ape #3475 stolen from his crypto wallet.

Many users have taken to Twitter to express their concerns:

Categories
Coinbase Crypto News Hackers Scams Social media

Scam Alert: Beware of Telegram Bots Stealing Your Crypto with One-Time Passwords

Hackers are using Telegram bots to trick users into handing them access to their cryptocurrency accounts. One US citizen lost US$106,000 after a fake phone call from a bot pretending to be from crypto exchange Coinbase.

One-time password (OTP) bots are specifically made for hackers. The customer only needs to enter the victim’s phone number and name, and the bot uses these credentials to stage a phone call posing as a crypto exchange or bank.

Customers pay a monthly fee to use the authentication code to operate the bot. Some services cost US$300 per month and provide additional tools at fees ranging from $20 to $100 for more live phishing panels.

Screenshot of bot. Source: Intel471

The image above is an example of an OTP bot in action, named SMS Buster. According to intelligence firm Intel471, these bots are “remarkably easy to use” and relatively cheap considering the amount of money hackers can pull out:

SMS Buster requires a bit more effort from an actor in order to obtain account information. The bot provides options to disguise a call to make it appear as a legitimate contact from a specific bank while letting the attackers choose to dial from any phone number. From there, an attacker could follow a script to track a victim into providing sensitive details such as an ATM personal identification number (PIN), card verification value (CVV) and OTP, which could then be sent to an individual’s Telegram account. The bot, used by attackers targeting Canadian victims, gives users the chance to launch attacks in French and English.

Intel471 blog post

Obstetrician Loses $100k

As per a CNBC report, American obstetrician Dr Anders Apgar fell victim to one of these bots after receiving a phone call that seemed legitimate to him, along with a series of banner notifications on his phone informing him his Coinbase account was in jeopardy.

The bot tricked Apgar into thinking his account was in potential danger, prompting him to enter an OTP code generated by his phone’s mobile app. The code was then forwarded back to the bot’s customer, giving him access to Apgar’s funds, which contained US$106,000 in bitcoin.

A Coinbase representative told CNBC it would never make unsolicited calls to customers:

Coinbase will never make unsolicited calls to its customers, and we encourage everyone to be cautious when providing information over the phone. If you receive a call from someone claiming to be from a financial institution, do not disclose any of your account details or security codes. Instead, hang up and call them back at an official phone number listed on the organisation’s website.

Coinbase representative

Beware of OTP Bots

OTP bots have become popular among hackers as they’re easy to use and profitable. Profitable because most sites and online services use the 2FA (two-factor authentication) model, which requires the user to supply both a password and a verification code (the OTP).

The 2FA model was widely embraced by most websites to protect their users’ accounts. Even if hackers have a user’s password, they still need to enter the verification code sent to the mobile device in order to access the account.

We saw a similar threat two weeks ago, when Crypto News Australia reported about an information-stealing malware called “Mars Stealer”, targeting more than 40 crypto hot wallets, browsers and 2FA plug-ins. .

Categories
Crime Cryptocurrencies Cryptocurrency Law Ransomware Scams

FBI Announces Crypto Crime Division to Tackle Ongoing Ransomware Attacks

The US Department of Justice has announced the establishment of the National Cryptocurrency Enforcement Team (NCET). The unit, which will specialise in crypto-related crime, has also appointed its first director – long-time prosecutor Eun Young Choi.

The Federal Bureau of Intelligence (FBI) released a statement on February 17 detailing the announcement. NCET aims to counter the criminal misuse of digital assets, and the team will be composed of prosecutors with backgrounds in crypto, money laundering, forfeiture and cybercrime. The proliferation of ransomware will be a particular concern of the unit.

Director Choi, who has a decade’s experience as a cybersecurity prosecutor, has stated she is excited to lead the team:

https://www.pli.edu/faculty/eun-young---choi-28943

[As the world of] digital assets grows and evolves, the department, in turn, accelerates and expands its efforts to combat their illicit abuse by criminals of all kinds.

NCET director Eun Young Choi

The NCET announcement has stirred a lot of discussion on Twitter, with many questioning whether the US government has ulterior motives:

FBI’s Recent Crypto History

The US government has intervened in several crypto-related matters over recent years. Notably, the Justice Department impounded US$3.6 billion in bitcoin earlier this month. This was accompanied by the arrest of a would-be rapper and her husband on charges of conspiring to launder some of the funds, part of the proceeds of the notorious Bitfinex hack of 2016.

In late 2021, US law enforcement seized an impressive US$154 million in bitcoin that had been stolen from Sony Life Insurance Company Ltd. The money had been embezzled by a rogue employee using a business email compromise.

By Lauren Claxton, Crypto News Guest Author

Categories
Crypto News NFTs Scams

Crypto Detective Coffeezilla Exposes $20 Million ‘Squiggles’ NFT Scam

Self-appointed “internet detective” and YouTuber Coffeezilla has posted a new video explaining how he and members of the crypto community took down an alleged scam involving US$20 million in NFTs before it actually came to pass.

As Coffeezilla relates in the video (see below), serious hype had surrounded a new crypto project called “Squiggles”, which had an NFT drop scheduled for February 10. At the time, Squiggles had more than 230,000 followers on Twitter.

Hours before the anticipated drop, an anonymous user published a detailed dossier that alleged Squiggles’ founders were paid puppets. At the same time, the real people behind the project turned out to be a group of serial NFT scam artists operating under the umbrella name “NFT Factory LA”. As Coffeezilla explains:

[This dossier] documents allegations about NFT Factory LA, consisting of ‘Gavin, Gabe and Ali’, [three young men] behind not just Squiggles but several [other] NFT scams [which] include League of Sacred Devils, League of Divine Beings, Vault of Gyms, Sinful Souls, Dirty Dogs, Lucky Buddhas, and on and on.

Coffeezilla, YouTuber and ‘internet detective’

‘Stooges’ Impersonate ‘Original’ Three Stooges

The crypto community at large soon saw through these scams and the trio was quickly outed for orchestrating the alleged rug-pulls. To cover their tracks, they hired “stooges” to carry out the work of future projects, including Squiggles. However, before the project’s US$20 million NFT drop was due to take place, video footage was posted on Instagram allegedly showing Squiggles’ founder, Arsalan, and Gavin (one of the NFT Factory LA trio) together in the same Rolls-Royce.

Later, a photo surfaced showing all three members of the trio at the same location. “Pretty quickly, people put two and two together,” says Coffeezilla. Hours after launch, OpenSea delisted the project. “They were stopped from making the $20 million they could have made, and that’s good.”

Earlier this month, Coffeezilla posted a separate YouTube video in which he interviewed Paul Denino, aka livestreamer Ice Poseidon, who admitted to scamming fans out of US$500,000 in another crypto pump-and-dump scheme.