Spoof Blockchain.com fraudsters to steal Cryptocurrency $27 million


The law enforcement agencies in Europe have arrested a group of 6 persons by creating a website that impersonates Blockchain.com for emptying cryptocurrency wallets for at least 4,000 victims.

The fraudsters used typosquatting for their own purpose-the technique used by an attacker to use a domain name and the interface sometimes similar to a popular website but it contains a typing error.

Spoofing Blockchain.com allows authors to track crypto-currency users ‘ login credentials and steal funds in their wallets on the platform.

An announcement from the U.K. South West Regional Cyber Crime Unit (SW RCCU) reports that this method has allowed fraudsters to steal cryptomonetary money from victims in 12 countries for over £ 22 million.

Bad links promoted by Adwords

“The investigation has grown from a single report of £17k worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than four thousand victims in at least 12 countries. We expect that number to grow,” reads the press release from the U.K. agency.

SW RCCU detective inspector Louise Boyce said that evidence indicated that the Crooks used Google Adwords to promote links to Blockchain.com’s fraudulent copy.

Five men and one woman were included in the criminal group and on Tuesday they were detained in Charlcombe, Lower Weston, Bath, Staverton, Wiltshire, Amsterdam and Rotterdam, the Netherlands, by SW RCCU and the Dutch police.

A large number of electronic devices and equipment have been seized by law enforcement agencies. Help with the U.K. search. Two dogs, computers and storage drives, were specially trained in sniffing electronic devices.

Europol also released information on the operation and said it resulted in a 14-month cryptocurrency theft investigation.

Cybercriminals rely on victims who click on links without analyzing them carefully. This is why phishing is still a problem.

By checking whether the domain name in the address bar is the correct one, or by typing in the URL itself, users can avoid the typefix trick instead of following links from potentially malicious sources.

This advice is especially recommended when accessing financial transactions online services.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.