Group-IB: huge data leak associated with bitcoin scam

Justin Freeman
Group-IB: huge data leak associated with bitcoin scam

An intelligence firm based in Singapore has said that it has uncovered a large-scale bitcoin scam associated with the leak of personal data of thousands of people.

Group-IB, which describes itself as a “global threat hunting and intelligence company”, said that people from various countries around the world had been affected by the scam.

It said that people in Britain, South Africa, Australia and the US had all been targeted – as had users in Spain, Singapore, Malaysia and more.

It is understood that the data leak that followed the scam led to 248,926 “sets of personally identifiable information” being made available.

Most of those targeted were from the UK, with 147,610 victims there.

A significant number, 82,263, were in Australia.

In a press statement, Group-IB outlined how the problem unfolded and described the nature of the fake websites set up to trick traders.

It said that victims’ phone numbers, which often came with names and emails, were contained in personalised URLs that were used to redirect people to sites posing as local news outlets with fake comments by local personalities about a cryptocurrency investment platform that helped them to build a fortune.

“The source of the leak has not been established yet. The information has been provided to relevant authorities in the affected countries,” it added.

The first stage of the scam appeared to be based around SMS text messages.

“First, a victim receives a text message. Group-IB specialists managed to retrieve 4 samples of SMS. Scammers sometimes send out phishing messages using the name of a recognized media outlet as the sender,” it explained.

It was at this stage that the victims were then redirected to a fake webpage.

At that stage, the localisation would kick in as part of an attempt to beguile the user into investing in what they might think was a legitimate cryptocurrency scheme.

“The content a user would see often depends on their location,” Group-IB said.

“For example, users from the UK would be demonstrated a website disguised as the Sun or the Mirror, the Australians would likely see a fake ABC Australia website.”

One interesting aspect of the scheme was that the leaked data was already present when the user received the original text message.

The URL offered to the user would be customised using information such as the user’s phone number.

“Group-IB researchers have run the exposed info through data breach repositories and have analyzed several underground marketplaces for the presence of this data but have not found any traces of the exposed info,” it said.

“The experts believe that the personal information info could have been obtained by fraudsters through a separate fraudulent scheme or simply bought from a third party,” it added.

In what appeared to be an attempt to convince the user to invest, some of these details would then be transplanted to a pre-filled registration form.

“If a victim decides to click any link in the article, they are taken to a bitcoin investment platform website, where their data, contained in the URL, would already be pre-filled in the registration form without a user’s consent,” Group-IB said.


Justin Freeman

Latest news

China’s New Central Bank Digital Currency Dishes Out More Pain to The Dollar
The US dollar’s role as the world’s base currency is facing a new threat that could dramatically impact the broader financial markets. Read more
Russell 200 Index – US Jobs Report Could Signal a Good Week for Equity Markets
The positive US jobs report might have lit a fuse under equity markets, the Russell 2000 index in particular. Read more

Forex Fraud Certified Brokers

Forex.com Logo
BlackBull Markets Small Logo
OctaFX Logo
IC Markets Logo
IQ Option Logo
HYCM Logo
City Index Logo
XM Logo
FXTM Logo
LegacyFX Small Logo
Pepperstone
ATFX Logo
Plus500 Small Logo
skilling logo
Oanda Small Logo
Exness Small Logo