Fake HitBTC Phishing Site Raked In $15 Million In Crypto
The scammer operates four wallets that have been identified so far. SlowMist also estimates that the phishing scammer has used these wallets since around June last year, stealing users’ funds in Bitcoin (BTC), Ether (ETH), Shina Inu (SHIB), and stablecoin USDT.
🚨MistTrack Scam Alert🚨
Fake site: hitbt2c[.]lol
Real site: hitbtc[.]com by @hitbtc
This scammer has stolen more than $15 million, including $BTC, $USDT, $ETH and other currencies. pic.twitter.com/i032uASW7y
Phishing Technique Clones HitBTC Exchange
The phishing process clones a decentralized app’s user interface – HitBTC in this case – and lures victims into connecting their wallets by clicking “Approve”. Approving here gives the phishing contract “unlimited authorization for your $USDT“.
Next, victims are directed to deposit assets like they would on an actual exchange. The crypto phishing scammer designed their cloned platform to only support deposits via the Bitcoin, Ethereum, and Tron networks.
Finally, the victim confirms the transaction thinking they’re trading on HitBTC’s actual platform. In the background, the phishers drain users’ wallets of their ETH and other crypto balances. This phisher’s scamming portfolio features several fake websites as well.
In addition, it has many similar phishing sites, which seems to be a big #ShaZhuPan. pic.twitter.com/fuHfzkC6tz
Millions Lost To Crypto Phishers
Phishers have raided unsuspecting victims since the internet evolved into a mainstream network used by millions. These illicit actors also target crypto users thanks to the liquidity coursing through decentralized finance and blockchain ecosystems.
The intersection between web2 marketing tools and web3 platforms also creates an opportunity for phishers to attack crypto users. Google ads were used to steal over $4 million from thousands of users. The data showed a surge in shady Google ads promoting fake websites.
Source: Read Full Article