Back to blog
By:
loadingSCORECHAIN
Date: May 25th 2022
Published on: Global News
Tags:
AML, Crypto Compliance, CryptoScam, phishing,
Beeple is a popular digital and non-fungible token (NFT) artist. The artist is known for having sold an NFT for $6 million at Christie’s auction house and creating 30 NFTs for Louis Vuitton’s NFT game, Louis the game. On Sunday, someone hacked Beeple’s Twitter account as part of a phishing scam. Phishing scams aim to access users’ sensitive information by posing as trustworthy entities or people. After obtaining the information, scammers can steal users’ funds.
A Twitter user was the first to report the phishing scam. The hacked Twitter account temporarily displayed a first link to a phishing website. This link would redirect to a raffle of Louis Vuitton and Beeple’s collection that would steal users’ assets if clicked. More specifically, after connecting their wallets, 1 ETH would be sent to the contract 0x7b69c4f2acf77300025e49dbdbb65b068b2fda7d.
In total, this phishing link allowed the scammer to steal 36 ETH worth around $70,000 stolen from users. The hacker then sent the stolen ETH to another intermediate address. The funds eventually reached the crypto mixer Tornado Cash so the scammer can launder the stolen funds.
Then, the hacker published a second link with the hacked account. The fake minting link was urging people to send ETH to this address 0xcad7fc974f61a08adef110d1ba446fa5b5b5bb27 allowing to steal 37 WETH and 63 ETH worth almost $200,000.
If we analyze the transactions we can see that the scammer performed a DEX trade to swap the WETH for ETH. All of the ETH funds ended up on Tornado Cash.
In addition to stealing users’ funds, the scammer has also been able to steal 45 NFTs for around $166,000.
For example, back in 2020, 130 Twitter accounts from celebrities including Barack Obama, Elon Musk, and Bill Gates were hacked as part of a Covid-19 giveaway scam. The scammers used the hacked accounts to trick people into sending crypto funds promising to send back double.
Last month, the Bored Ape Yacht Club, an NFT collection, also had its Instagram account hacked. In the same manner, the hacker posted a link to a fake BAYC website with a fraudulent airdrop. The phishing website urged users to sign a ‘safeTransferFrom’ transaction allowing scammers to drain users’ wallets. As a result, $3 million worth of NFTs was stolen from users’ wallets.
While there are still scams targeting crypto owners, several governments are taking action against them. For instance, yesterday the government of Uruguay announced launching a communication campaign to educate the population on the most common cryptocurrency scams.
As illicit funds represent higher risks in terms of money laundering, it is essential that crypto-related companies have all the necessary tools to monitor that they don’t have exposure to scams or hacked funds for instance.
Scorechain is providing best-in-class blockchain analytics tools with risk scoring and red flags allowing users to perform enhanced monitoring on their cryptocurrency transactions thus avoiding unnecessary risks. Would you like to see a live demo of the solution? Don’t hesitate to request a demo.
Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped more than 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.
Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.