Serial Phishing Scammer Uses a Mix of Laundering Techniques, Including Coin Swaps and a Mysterious OTC
Scammers have targeted users of the cryptocurrency exchange HitBTC, stealing millions of dollars worth of digital assets. The cybercriminals set up a fraudulent website, hitbt2c.lol, which closely resembles the legitimate HitBTC website, hitbtc.com. They lured unsuspecting traders into connecting their wallets or depositing cryptocurrencies onto the fake exchange. Instead of being deposited into a legitimate exchange, the funds were sent to the scammers’ addresses, resulting in the loss of the deposited money.
The MistTrack team, part of cybersecurity firm SlowMist, discovered four blockchain addresses used by the scammers to receive funds from victims. These wallets accumulated over $15 million worth of cryptocurrencies. Similar phishing websites targeting crypto exchanges like Coinone and Ledger have also been identified.
Victims of the scam have reached out to MistTrack for assistance. The team believes that the scam began as early as June 2022, with one active address being the main address used by the scammer. The team has been able to track the movement of funds and identified one address as potentially belonging to an over-the-counter (OTC) trading service. This OTC address has been flagged multiple times in connection with various scams, suggesting that it may be used by multiple fraudsters for cashing out illicitly obtained cryptocurrencies.
The scammers have employed different methods to process the stolen bitcoin. They have used a service launched by BitGo, Kyber Network, and Ren in 2018 to swap bitcoin for wrapped bitcoin (wBTC) on the Ethereum network. The scammers have also interacted with Tokenlon DEX to exchange wrapped ether (WETH) for USDT, and they have sent USDT to addresses associated with the OKX centralized exchange.
The MistTrack team’s investigation indicates that the scammer behind these addresses may have been involved in multiple scams, utilizing phishing techniques and utilizing both decentralized finance (DeFi) tools and centralized exchanges and brokers to cover their tracks and cash out stolen cryptocurrencies.
HitBTC, which has a significant daily trading volume, has not yet responded to the discovery of the phishing threat. The exchange has not made any official announcements regarding the incident on its website, Twitter page, or Telegram channel. Similarly, OKX, the centralized exchange associated with the scam, has not provided a comment in response to inquiries.