The fake DeFi platform which will ‘protect you from crypto crime’
Recently I’ve had a series of similar looking emails all announcing the exciting news that I qualify for a free airdrop of an NFT or token. I’ve recently written about airdrops being this years hype term and their mirroring of the ICO scams that we saw across 2017 and 2018 — essentially the offer of free money.
And as with most cases where someone offers you something for free, there’s a catch, in this case they’re just trying to trick you into connecting your crypto wallet and then they’re going to steal all your crypto assets!
The emails all looked very similar and shared the same address info in the footer so it looked like the email distribution company for these businesses, or the inboxes for them, had been compromised.
I did some investigation into where the links were looking to send any potential victims and they shared the same URL structure which was directing people to various end website via referral links tracking click success rate.
After first checking the links for potential malware and other high risk click risks, I took a look at what sites the scammers had set up to direct users to. I got a huge big red warning screen for the fake Blur sight and a .ru domain which always peaks my crypto crime interests.
However it was the De.Fi Launchpad email that really caught my attention as the website that users were being directed to looked VERY professional — this was no small time quick scam website.
Although only registered on 26th Jan 2024, the website was boasting an impressive service list of being a DeFi platform that was airdropping tokens to initial users, with a full trading dapp, 36 protocol integrations, yield hunting information, NFT insights (although their description here didn’t match NFT functionality so was a slip up on their side “Gain unique insights by tracking your balance summaries, staked amounts, and the assets you hold in liquidity pools.”), and they audaciously touted their ‘protection’ services including a smart contract scanning feature to protect you from malicious contracts, what they claimed was the world’s first ‘audit database’ with over 4,000 audits and even their ‘REKT Database’ which detailed information about the latest scams and vulnerabilities.
They even had a whitepaper you could download, a book for sale which directed to Amazon and a security focussed newsletter you could sign up for. An impressive amount of scam touchpoints!
The website also had a roster of angel investors and testimonials from them, and from reverse image searches it appears that the profiles were all taken from the Consensus 2022 speaker list website. I most often see scammers using AI generated images for fake investors or team members, or using generic pictures from Google, so scraping conference websites is a new technique I’ve seen but a clever one!
All the footer links were dead links and I noticed a couple of typos throughout the website but all in all this was a very impressive scam website which would be sure to fool many people into thinking that this was a legitimate offering.
I then delved into who had set up the website and whilst the website registrar had decided not to spend extra to hide their details, the name appeared to be an Asian tweak on John Cena — Jhon Sina, and the registered address was to a lorry depot in Sarasota. The email also looked to be generic and fake admin@nenpepe.info , but at least they put a crypto twist in it.
All in all, it’s a very professional looking scam site and sure to trick some users into connecting their crypto wallets!
Be safe out there in cryptoland and always triple check the red flags before connecting your crypto wallet to a website.
Visit www.web6coins.com to learn more about this.
Originally published at https://www.linkedin.com.
