Heimdal
article featured image

Contents:

The past year has been a significant one for cryptocurrencies and blockchain. In the face of such extremity and economic meltdowns, cryptocurrencies have proven to be remarkably resilient. Fortunately, the rapid increase in accessibility of global high-speed Internet and digitization has created a ripe environment for digital currency.

On the other side, it started a new source of income for the scammers. Fraudsters target Social Media and Messaging platforms users with a scam centered on a fake cryptocurrency exchange and using the lure of free Bitcoin or Ethereum cryptocurrency to steal money and personal data.

We have previously warned our readers about cryptocurrency scams and advised them on how to safely invest in cryptocurrency from a security standpoint.

New Cryptocurrency Scam Campaign Detected

After successfully discovering a complex phishing cryptocurrency scam campaign last month, this time around Heimdal™ Security tracked down a cryptocurrency scam campaign that started 4 months ago. Since then, our algorithms and analysts have studied and found new infected domains from the same campaign.

cryptocurrency scam image heimdal security

The domains are hosted on the following IP addresses:

  • 111.174.155 – UA
  • 214.124.44 – RU
  • 121.14.70 – UA

Our team was able to track them in Seychelles, Iceland, Ukraine, and Russia.

How It Works

This type of cryptocurrency scam lures victims on Discord’s cryptocurrency servers by sending a private message that looks like an ad for a genuine up-and-coming trading platform giving away cryptocurrency. In reality, it deploys social engineering tactics to drive sign-ups.

Once you click on the phishing link they provide, you will be redirected to a website and asked to enter personal information, such as passwords, credit card numbers, or bank account details. In worse situations, malware will start to download as soon as the link is clicked.

cryptocurrency scam unique image heimdal security

Although these types of websites look genuine, and appear fully operational, in reality, scammers are buying already implemented templates from professional web designers. You can add the promo codes, transfer fake balances to other users, reset your password, etc.

The tricky part comes when you want to withdraw your money to your personal wallet. It would say that you need to deposit a certain amount of BTC/ETH to verify your account. The amount asked will be very little compared to the fake prize.

cryptocurrency scam image heimdal security

How to Stay Safe

Is your business running cryptocurrency transactions? Here’s some advice on how to improve overall security:

  1. Check data breach websites to see if your data has been leaked. You can do so at https://haveibeenpwned.com/
  2. Always keep your software updated;
  3. Don’t download files from unknown sources;
  4. Keep your seed phrase safe;
  5. Activate two-factor authentication (2FA).

While it’s always a good idea to beef up your online security, now more than ever you should take the time to review your cybersecurity habits. I know it’s convenient to trade or buy crypto on the fly, but sloppy practices usually result in compromised personal data.

To his end, I would advise you to conduct every transaction from a secured endpoint. Endpoint security solutions can help prevent data leaks associated with crypto-specific malware. Heimdal™ Security Threat Prevention Endpoint can sanitize your workstations, clear out malicious packets that may be hidden in DNS traffic, detect processes associated with crypto-mining operations, and much more.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

On that note, you should definitely consider running a quick scan of your system in order to root out lingering bitcoin miners.

Below you can find a list of all the scam URLs detected by Heimdal™:

• unexbit.com
• news.quicklybtc.com
• quicklybtc.com
• news.coinseon.com
• coinseon.com
• news.coinzetta.com
• coinzetta.com
• news.quckbit.com
• quckbit.com
• news.btchull.com
• btchull.com
• news.eoncoins.com
• eoncoins.com
• bomscoin.com
• news.bomscoin.com
• broskobit.com
• news.coinsfv.com
• news.broskobit.com
• coinsfv.com
• immortalex.com
• news.immortalex.com
• bitruner.com
• news.bitruner.com
• zirocoin.com
• news.zirocoin.com
• news.protradearea.com
• news.phemexbtc.com
• phemexbtc.com
• protradearea.com
• news.pencebit.com
• pencebit.com
• news.gparhgarden.com
• gparhgarden.com
• trustpoolex.com
• news.trustpoolex.com
• respacex.com
• news.respacex.com
• news.btctruck.com
• btctruck.com
• news.fvcoins.com
• fvcoins.com
• news.pickobit.com
• pickobit.com
• exhodl.com
• news.exhodl.com
• omexbit.com
• news.omexbit.com
• news.cryptoxfactory.com
• cryptoxfactory.com
• boracrypto.com
• news.essencebtc.com
• essencebtc.com
• news.bitxcub.com
• tupbit.com
• coinxhash.com
• news.saberbtc.com
• btcrune.com
• saberbtc.com
• news.btcrune.com
• news.tupbit.com
• news.cryptoroz.com
• coinupwallet.com
• ozoncrypto.com
• news.coinxhash.com
• bitxcub.com
• news.coinupwallet.com
• news.ozoncrypto.com
• cryptoroz.com
• coinrau.com
• news.coinrau.com
• binoix.com
• news.wortexbit.com
• wortexbit.com
• news.binoix.com
• news.unexbit.com
• news.cryptobora.com
• cryptobora.com
• news.cryptolau.com
• news.betradebit.com
• bitraced.com
• raucoin.com
• cryptolau.com
• betradebit.com
• news.rocketpoolex.com
• rocketpoolex.com
• news.bitraced.com
• news.raucoin.com
• news.jolobit.com
• jolobit.com
• news.wallet-coin.com
• wallet-coin.com
• news.thortrading.com
• thortrading.com
• news.cryptoxhash.com
• cryptoxhash.com
• news.cryptoholl.com
• news.glowexcoin.com
• glowexcoin.com
• cryptoholl.com
• zaucoin.com
• news.zaucoin.com
• zaucoin.com
• news.zaucoin.com
• news.cryptobora.com
• cryptobora.com
• binoix.com
• news.binoix.com
• unexbit.com
• news.unexbit.com
• coinupwallet.com
• news.coinupwallet.com
• news.cryptoxhash.com
• cryptoxhash.com
• news.glowexcoin.com
• glowexcoin.com
• betradebit.com
• ozoncrypto.com
• news.ozoncrypto.com
• news.jolobit.com
• jolobit.com
• news.cryptoroz.com
• cryptoroz.com
• wortexbit.com
• news.wortexbit.com
• thortrading.com
• news.bitxcub.com
• news.thortrading.com
• cryptoholl.com
• news.coinxhash.com
• coinxhash.com
• news.cryptoholl.com
• saberbtc.com
• news.saberbtc.com
• news.nexonbtc.com
• nexonbtc.com
• news.betradebit.com
• news.bitcoin-ltd.com
• bitcoin-ltd.com
• bitcoinxls.com
• news.bitcoinxls.com
• bitxcub.com
• news.tupbit.com
• tupbit.com
• news.coinrau.com
• coinrau.com
• bitraced.com
• news.bitraced.com
• wallet-coin.com
• news.wallet-coin.com
• cryptolau.com
• news.cryptolau.com
• news.rocketpoolex.com
• rocketpoolex.com
• btcrune.com
• news.btcrune.com
• capitalmarts.com
• news.capitalmarts.com
• raucoin.com
• news.raucoin.com
• news.cryptoholl.com
• cryptoholl.com
• news.bullschain.com
• bullschain.com
• thortrading.com
• news.thortrading.com
• news.coinxhash.com
• coinxhash.com
• news.saberbtc.com
• saberbtc.com
• news.nexonbtc.com
• nexonbtc.com
• news.bitcoinxls.com
• coinrau.com
• bitcoinxls.com
• news.coinrau.com
• news.betradebit.com
• betradebit.com
• royalebitex.com
• news.royalebitex.com
• bitcoin-ltd.com
• news.bitcoin-ltd.com
• news.wallet-coin.com
• wallet-coin.com
• synthetixcoin.com
• news.synthetixcoin.com
• glavebtc.com
• news.glavebtc.com
• oraclebtc.com
• news.oraclebtc.com
• news.rocketpoolex.com
• rocketpoolex.com
• news.frostbtc.com
• frostbtc.com
• tupbit.com
• news.tupbit.com
• news.jolobit.com
• jolobit.com
• moonlitex.com
• news.moonlitex.com
• news.bitfug.com
• bitfug.com
• cryptolau.com
• news.cryptolau.com
• news.bitfug.com
• bitfug.com
• cryptolau.com
• news.cryptolau.com
• news.bitpleiad.com
• bitpleiad.com
• news.bitpleiad.com
• bitpleiad.com
• news.btcrune.com
• btcrune.com
• news.btcrune.com
• btcrune.com
• news.capitalmarts.com
• capitalmarts.com
• news.capitalmarts.com
• capitalmarts.com
• bitraced.com
• news.bitraced.com
• foabit.com
• news.foabit.com
• news.cryptoroz.com
• cryptoroz.com
• gleefin.com
• news.gleefin.com
• buncebit.com
• news.buncebit.com
• news.geckcoin.com
• geckcoin.com
• news.mobitpro.com
• mobitpro.com
• wavebtc.com
• news.wavebtc.com
• news.cryptopye.com
• cryptopye.com
• cryptorozi.com
• news.cryptorozi.com
• 91-214-124-44.plesk.page
• amazing-lalande.91-214-124-44.plesk.page
• news.cosmochange.com
• cosmochange.com
• news.btclam.com
• btclam.com
• news.dogmabit.com
• dogmabit.com
• news.solanabit.com
• solanabit.com
• news.btcsam.com
• btcsam.com
• more-deals.com
• stchevuestas.net

Author Profile

Cezarina Dinu

Head of Marketing Communications & PR

linkedin icon

Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE