Editor’s note: We do not promote or condone investment scams or fraudulent activities of any kind. This article is only for educational purposes and to raise awareness of the various schemes that exist in the crypto space.
Scams in the crypto world are all too common. They range from phishing attacks, Ponzi schemes, fraudulent ICOs, fake exchanges to novel ways of hacking into one’s personal computer. Of the various schemes, one of the most dangerous is a particularly insidious crypto scam investment spam.
These types of scams are designed to trap individuals who are looking to make quick money in the cryptocurrency market. In order to gain insights into this particular brand of scams, I had an interview with a crypto scam investment spammer (a pseudonym has been used to protect the identity of the interviewee).
Me: Can you tell me how crypto scam investment spam works?
Spammer: Sure. Our job is to send mass emails and messages to individuals who have expressed interest in investing in cryptocurrencies. We also use social media platforms to target those who search for keywords such as ‘investment’, ‘crypto’ and ‘earn quickly’.
Me: How do you convince people to invest with you?
Spammer: We use tried and tested language and tactics to make our pitch sound irresistible. We typically promise huge returns on investments with little to no risk. We also use fake testimonials to add credibility to our claims.
Me: What’s the catch?
Spammer: There’s always a catch. After individuals transfer funds to our wallet, we will either disappear into the abyss or we will continue to contact them asking for additional funds and more information about their identity, until they become suspicious and stop responding. Some victims may even give away their personal credentials for us to further use their identity to launder money.
Me: Can you give me an example?
Spammer: Sure, here’s one that we’ve used before. We would create an email that looks like it’s from a well-known crypto company.
Subject: Huge Crypto Investment Opportunity
Hi there,
I am John from Crypto Company XYZ. We are currently looking for a few investors to take part in our new program that will provide huge returns of up to 200% with no risks involved.
We have had a great year so far with multiple successful projects, and with your investment we are confident that 2021 will only get better. Your investment will be leveraged to invest in a variety of cryptocurrencies including Bitcoin, Ethereum, Ripple and many more.
To get started, please click on the link below and follow the steps to deposit your investment fund.
Many thanks,
John
Me: That sounds similar to a Ponzi scheme.
Spammer: Yes, they are structured similarly. Our goal is to create an illusion of returns from a legitimate investment by having new investors upfront ‘paying’ returns to existing investors. Then when the new tide slows down we make off with the funds.
Me: Have you ever felt guilty about what you do?
Spammer: To be honest, it’s like a game to me. I’m not taking money from an individual’s hands, I’m merely tricking them out of it. Plus, there are others who are far worse and ruthless than me.
Me: Like who?
Spammer: Those who hack into people’s computers, wallets, and social media accounts to obtain their cryptocurrency. They have the tools and time.
Me: Do you think people will continue to fall for these schemes?
Spammer: Unfortunately, yes. Especially during times of market hype and bullish movements. People get greedy and that’s when we thrive.
Me: Any tips for avoiding crypto scam investment spam?
Spammer: If it sounds too good to be true, it’s probably a scam. Research the company before investing, especially their background and returns they’ve previously made. But if someone clicks on our link for the promise of quick returns… game on.
In conclusion, always remember to do thorough research before investing in anything, regardless of how legitimate and professional it may seem. Crypto scams are rampant and often involve a lot of money being lost. While it may seem tempting to jump on the bandwagon and try to make a quick buck, always remember to exercise caution and be wary of investment scams in the crypto space.
Social networks are grappling with the problem of inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Recently, a Russian hacker responsible for a series of aggressive crypto spam campaigns shed light on the issue in an interview with KrebsOnSecurity. The hacker revealed that their spam software had been in private use until the last few weeks when it was released as open source code. The hacker admitted that their software had been used to advertise over 100 different crypto investment-themed domains and that they had earned $2,000 by sending 100,000 private mentions to users of different Mastodon communities in the past few weeks.
According to Renaud Chaput, a freelance programmer working on modernizing and scaling the Mastodon project infrastructure, on May 4, 2023, someone unleashed a spam torrent targeting users on Mastodon communities via “private mentions,” a kind of direct messaging on the platform. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade.com. The spammers used over 1,500 Internet addresses across 400 providers to register new accounts, which then followed popular accounts on Mastodon and sent private mentions to the followers of those accounts.
The volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new sign-ups at Mastodon.social, leading Chaput to disable new account registrations, making them vulnerable to cyber attacks in the form of a sustained distributed denial-of-service (DDoS) attack. “This was three hours non-stop, 200,000 to 400,000 requests per second,” he said of the DDoS attack. “At first, they were targeting one path, and when we blocked that, they started to randomize things. Over three hours, the attack evolved several times.”
The spam waves have died down since the servers were retrofitted with CAPTCHA, which stopped automated account creation tools. However, SPAM waves could still affect Mastodon instances that are not well-staffed, giving room for spammers who use hundreds of domains and thousands of Microsoft email addresses. While quoted and registries trace back to Krasnodar, Russia, and Vienna, Austria respectively, the origins of bot account spam attacks cannot be established because they may be perpetrated by individuals, software, or services sold to perpetrators.
In conclusion, the rise of cryptocurrency scams has impacted social networks, leading to the spamming of Mastodon users, among others. Cybercriminals are leveraging new tactics in the use of bot accounts to promote fraudulent investment schemes. Social networks need to remain vigilant and put measures to detect and fight against such spam messages, as the rate of financial losses from cryptocurrency scams increased fivefold in 2022.
