Home / Markets / Cryptocurrency /  Indian investors likely lose 1,000 crore to fake crypto exchanges. Beware of this scam
Listen to this article

Trading in cryptocurrencies is not as simple as buying and selling, the platform is currently complex with no backing from regulators. Yet, its nature is appealing and investors across the globe have taken a deep dive into this moneymaking market. And the market has been equally welcomed in India with new crypto exchanges taking birth and investors finding it seamless to trade on the platform. However, what happens when the crypto exchanges you trust your money with for trading in a cryptocurrency and managing your account, is the one to double-cross you and rob your hard-earned money. This case is a reality for many Indian investors.

Rahul Sasi, Founder & CEO of CloudSEK, brings attention to one such cryptocurrency-trading trap.

CloudSEK, which is a contextual AI company that predicts Cyber Threats even before they occur, estimates that fake crypto exchanges have defrauded victims of up to 1,000 crore.

CloudSEK has uncovered an ongoing operation involving several phishing domains and Android-based applications. As per the company, this large-scale campaign entices unwary individuals into a huge gambling scam. Many of these bogus websites impersonate "CoinEgg", a legitimate UK-based cryptocurrency trading platform.

Here's how the scam works, as per CloudSEK.

1. Creating a fake domain:

Fake domains are created by threat actors. These domains are look alike of legitimate crypto trading platforms.

The fake domains are developed in a way that they replicate the official website’s dashboard and user experience.

2. Fake Social Media Profile:

As per CloudSek, the attackers create a female profile on social media to approach the potential victim and establish a friendship.

Notably, social media platforms have become a popular medium for scammers to loot investors' money by providing alluring offers in cryptocurrencies by faking legitimate accounts.

3. Influencing the Victim:

Furthermore, the social media profile influences the victim to invest in Cryptocurrency and start trading. The profile also shares a $100-dollar credit, as a gift to a particular crypto exchange, which in this case is a duplicate of a legitimate crypto exchange.

Last month, a resident from the upscale residential area, of Malabar Hill in Mumbai was duped by more than 1.5 crore in fraudulent cryptocurrency investment. The 36-year-old resident accused a website of trapping him into investing in crypto mining schemes. The case has been registered at the Malabar Hill police. The resident had befriended the accused over the internet last year in October, and after a couple of days of knowing each other, the accused started to lure the victim with multiple schemes in the crypto market that could avail profit.

4. Successful Trading:

With the free credit, the victim signs up for the exchange and starts trading, based on the instruction of the threat actor. The victim initially makes a significant profit, which bolsters their trust in the platform and the threat actor.

5. Victims Invest their own Money:

After the victim seemingly makes a profit, the scammer convinces them to invest a higher amount, promising better returns.

6. Freezing the Victim’s Account:

Once the victim adds their own money to the fake exchange, the threat actor freezes their account, ensuring the victim can’t withdraw their investment. And the threat actor’s disappeared with the victim’s money.

7. The Account Retrieval Ruse:

When victims take to various platforms to complain about losing access to their accounts, the same, or new, threat actors reach out to them in the guise of investigators. To retrieve the frozen assets, they request victims to provide confidential information such as ID cards and bank details, via email. These details are then used to perpetrate other nefarious activities.

CloudSEK was approached by a victim who allegedly lost 50 lakhs (~ $64,000) to such a cryptocurrency scam, in addition to other costs such as deposit amount, tax, etc.

"We estimate that threat actors have defrauded victims of up to 10 Billion via such crypto scams," Sasi said.

Going forward, Sasi added, "As a method of mitigation, Rahul Sasi suggests that, in the short-term, crypto-related phishing domains should be identified and taken down at the earliest. However, in the long-term, it is imperative for the collaboration between crypto exchanges, ISPs, and cybercrime cells to raise awareness and take action against threat groups."

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.
Recommended For You
Edit Profile
Get alerts on WhatsApp
Set Preferences My ReadsFeedbackRedeem a Gift CardLogout