FACCT experts have identified a new sophisticated deception scheme through Ethereum domains.
FACCT experts have discovered a new fraudulent scheme targeting crypto exchange employees and crypto enthusiasts using ENS domains (a domain name system running on the Ethereum blockchain).
From June 13, the Moscow Exchange suspended trading in the dollar and euro, as well as operations with instruments in these currencies. This could attract investors to the cryptocurrency market, which could be exploited by attackers.
The essence of the fraud consists of several stages:
FACCT experts advise carefully checking the terms of transactions, studying the experience of other crypto investors and being aware of new sophisticated fraudulent schemes. Checking ENS domains and cryptocurrency wallet addresses can help avoid falling into the trap of criminals.
FACCT experts have discovered a new fraudulent scheme targeting crypto exchange employees and crypto enthusiasts using ENS domains (a domain name system running on the Ethereum blockchain).
From June 13, the Moscow Exchange suspended trading in the dollar and euro, as well as operations with instruments in these currencies. This could attract investors to the cryptocurrency market, which could be exploited by attackers.
The essence of the fraud consists of several stages:
- Establishing contact: Attackers establish business contact with a potential victim, promising profitable investments in various projects. This stage is necessary to “warm up” the client, that is, scammers gain confidence, putting him in a dependent position.
- Gradual engagement: As the communication continues, scammers ask for help in finding trusted cryptocurrency sellers. They claim they need cryptocurrency to buy diamonds and gold in countries where cash transactions are supposedly difficult, such as India. In the context of sanctions and the suspension of trading on the Moscow Exchange, scammers can expand the geography of the legend to other countries.
- Video call and verification of cryptocurrency purity : On the day of the transaction, a few hours before the meeting, the attackers request a video call. On the video call, they explain that they need to make sure that the cryptocurrency is “clean” so that it is not associated with illegal transfers, as this could lead to the freezing of funds on the exchange.
- Verification through Funds Transfer: The verification process involves the seller having to transfer their funds from one address to another. Fraudsters claim that this is necessary to verify that the cryptocurrency is real and the seller’s wallets are not blacklisted. During this process, the sellers’ cryptocurrency is stolen.
- Using an ENS domain: During or after a video call, the victim is convinced under various pretexts (for example, to prove the purity of the origin of assets or the absence of his wallet on blacklists) to transfer cryptocurrency to his own unique address, adding “.eth” at the end. The seller, to verify the security of the request, sends a small amount (for example, 100 USDT, 10 USDT) to the ENS domain, which actually leads to another ETH address controlled by the scammers. The test amount actually arrives at the seller's original address, and after making sure it is secure, he transfers all remaining funds to the same ENS domain. Cryptocurrency ends up in the hands of criminals.
- Implementation of the scheme: After the first test transaction, the scammers immediately register an ENS domain identical to the seller’s address, with the addition of “.eth”. The owner of the domain is verified by his address in the blockchain. The registered ENS domain points to the address of the villain. The seller sends a test amount, and the attackers return it to the seller in less than a minute, gaining his trust. The seller then transfers the remaining amount to the ENS domain, which leads to the attacker’s wallet.
- Theft of funds: The seller notices that the transferred funds are missing, but the transaction can no longer be reversed. The attackers transfer the stolen cryptocurrency to their other wallets.
FACCT experts advise carefully checking the terms of transactions, studying the experience of other crypto investors and being aware of new sophisticated fraudulent schemes. Checking ENS domains and cryptocurrency wallet addresses can help avoid falling into the trap of criminals.
